by David Lorge Parnas - Computer and Information Science

advertisement
“Response to Undesired Events in Software Systems” by David Lorge Parnas
Response to Undesired Events in
Software Systems
by Dr. David Lorge Parnas
[1]
City University of New York /GC – Spring 2004
CSc 79000 - Software Engineering
Class summary - Submission
Professor Dr. D. Kopec
Prepared by Ellen Pesochin
03/05/04
Presentation Summary by Ellen Pesochin
page 1
“Response to Undesired Events in Software Systems” by David Lorge Parnas
A Little Bit of History:
Dr. David L. Parnas wrote several papers in the 1970’s and 1980’s that are now
considered classics. The concepts he advocated such as information hiding and use of
abstract interfaces are generally accepted as the appropriate way to design nontrivial
software systems. However, not all of what he proposed has been full appreciated and
assimilated into our practices. Many of his simple, elegant ideas have been lost amongst
the hype surrounding the technologies and methods that have arisen in the past two
decades.
State of practice at the time of this papers writing is such that programs should be
designed and implemented correctly, therefore there should be little need to handle
unexpected events. Dr. Parnas argues that it is foolhardy to assume program correctness
We observe that the ideas in this paper sound a lot like the structured exception handling
mechanisms used in modern day languages. Even with programs proven to be correct we
should expect errors at run-time because incorrect data or inconsistent data may be
supplied to the system, hardware may fail and cause system inconsistency, programs are
changed from time to time and new errors may appear
Undesired Events (UE) in Software System:
Undesired doesn’t mean Unexpected
An Undesired Event is any event that results in a deviation from normal behavior. It’s not
an “error”, which should be corrected. This paper recognizes an essentially undependable
nature of a real world execution environment. Its main contribution was in recognition of
constantly existing aspect of program’s execution environment that do not behave as well
as we all wish. A simple fact of life: Things go wrong, things fail, things change and/or
we make incorrect assumptions. Problems that are arise not from programming, but are
unavoidable consequences of execution in the real time and real world environment.
Authors of the paper focus on detecting, responding and handling UEs. They propose an
approach to handling UEs based on the concept of hardware “traps” for error detection
and recovery. Dr. Parnas extends this notion to software detected events by viewing UEs
as the trap mechanism for an abstract machine. The approach inherits key feature of
hardware traps: the ability to separate the code handling undesired events and treat it as a
distinct concept and the ability to invoke different event handling routines depending on
the error context. Main idea is to detect UEs at lower levels of the program and handle
them at higher program levels.
Propagation of UE:
Idea is to handle the UE at the highest level that makes sense, i.e. detect UE at the lower
levels of program execution, but propagate the UE to higher program levels for servicing.
Any level from the level detecting the UE on up can handle the UE –if the UE cannot be
03/05/04
Presentation Summary by Ellen Pesochin
page 2
“Response to Undesired Events in Software Systems” by David Lorge Parnas
handled at the current level it should be propagated upward. As a last resort the UE
should be reported to the user –typically results in the process being aborted.
Specification of Indicators:
A program built with UE in mind will be better insulated from errors. The constraints
which “trigger” UE will be checked multiple times (each transition from a higher to a
lower level). Redundancy promotes reliability. But when a module is designed and
specified, there are many things especially limitations need to be considered and here are
the main ones:










Limitations on the Values of Parameters
Capacity Limitations
Requests for Undefined Information
Restrictions on the Order of Operations
Detection of Actions Which are Likely to be Unintentional
Sufficiency
UE should be Prioritized
The number of UE
Program State Management
Reporting UE
Degrees of UE and Their Handling:
UE mechanisms must provide some context for the UE. Not all UE can be handled
abstractly –specific information about the UE may be required to facilitate proper
recovery from it. This implication is somewhat less abstract than desired (information
hiding), but it is an appropriate compromise.
When it comes to the degrees of UEs there is a basic model of the system that recognizes
two different types of incidents:
 Incidents which result in crashes (no recovery)
 Incidents which can be fully recovered
The UE model can be designed with greater granularity. When it is not a binary outcome
(fail, continue as if no error has occurred) the programmer must specify what they mean
by “correct UE handling” and priority of handling:
 Orders of degree
 Orders of aims
 Orders of action
03/05/04
Presentation Summary by Ellen Pesochin
page 3
“Response to Undesired Events in Software Systems” by David Lorge Parnas
Conclusion:
Main ideas that are conveyed by the authors are:
1. UE are developed in response to events generated by the abstract machine
2. UE detection, UE correction, and the normal program code should be separated
and be able to be modified independently
3. A system can evolve from a version with very little recovery to one that has
advanced recovery mechanisms without changing the structure of the system
4. Locating modules that trigger UE should be fast and efficient
5. The cost of implementing a program with UE should be low but the cost of
handling individual UE may vary
This paper almost predicts verbatim how UE (exceptions) are handled in modern day
programming languages and programming techniques
 Exceptions can be compartmentalized and/or flexibly propagated upward
 Exceptions are based on “stock” objects, “custom” objects, or objects customized
from “stock” objects
 Exceptions are managed as objects, enabling simple extension
 Some languages (Visual Basic) still retain a “trap like” interface for UE –The "on
error" go to statement.
In today's infrastructure centric software development model, handling UE properly is a
paramount requirement
Reference:
1. D. L. Parnas H. Würges. “Response to Undesired Events in Software Systems ",
IEEE Computer Society Press, Proceedings of the 2nd International conference on
Software Engineering San Francisco, California, (1976) Pages:437-446
03/05/04
Presentation Summary by Ellen Pesochin
page 4
Download