Implementación de estrategia para manejo de excepciones basada en componentes: las fachadas de seguridad

Los mecanismos de manejo de excepciones fueron concebidos como un marco de trabajo para implementar tolerancia a fallos en sistemas de software. Más de dos tercios del código de una aplicación, está dedicado a la detección y manejo de errores y excepciones. A menudo, los mecanismos de manejo de excepciones, son mal empleados o se abusa de ellos; el diseño de una estrategia efectiva se considera una tarea difícil puesto que: aumenta considerablemente la complejidad de los sistemas, plantea conflictos con algunos de los principios del diseño orientado a objetos, no existen pautas eficientes, entre otras causas. Por tanto, el manejo de errores y excepciones, es uno de los temas más importantes de la arquitectura del software y, uno de los aspectos más cruciales pero menos tenido en cuenta, en el análisis y diseño de sistemas críticos. Aplicando el concepto de proxies dinámicos, se investigan los detalles de implementación de una simple aunque interesante, estrategia basada en componentes para el manejo de excepciones, disponible en la literatura: las fachadas de seguridad; cuya descripción original carece de información pormenorizada. Las fachadas de seguridad constituyen un nuevo enfoque, que introduce una arquitectura y directrices, estableciendo un framework para el manejo de excepcionesException handling mechanisms were conceived as a means for incorporating fault tolerance into software systems. More than two thirds of the application’s code is dedicated to detecting and handling errors and exceptions. These exception handling systems are often misuse and (or) abused. The design of exception handling in an application is seen as a difficult task because: introduce significant complexity, may conflict with many of the goals of object oriented design, suffers from lack of guidelines, among other things. For these reasons the handling of exceptions and errors is one of the major subject of the software architecture and one of the most critical, but overlooked aspect of critical system design and analysis. I will apply the concept of dynamic proxy to implement a simple but interesting exception handling design approach called safety facades, available in the software architecture literature. The article describing security façades is light on details. The security façade form a new approach that introduce and architecture and best practices to build a viable framework for systems with exception handling.Workshop de Ingeniería de Software y Bases de Datos (WISBD)Red de Universidades con Carreras en Informática (RedUNCI

Implementación de estrategia para manejo de excepciones basada en componentes: las fachadas de seguridad

Los mecanismos de manejo de excepciones fueron concebidos como un marco de trabajo para implementar tolerancia a fallos en sistemas de software. Más de dos tercios del código de una aplicación, está dedicado a la detección y manejo de errores y excepciones. A menudo, los mecanismos de manejo de excepciones, son mal empleados o se abusa de ellos; el diseño de una estrategia efectiva se considera una tarea difícil puesto que: aumenta considerablemente la complejidad de los sistemas, plantea conflictos con algunos de los principios del diseño orientado a objetos, no existen pautas eficientes, entre otras causas. Por tanto, el manejo de errores y excepciones, es uno de los temas más importantes de la arquitectura del software y, uno de los aspectos más cruciales pero menos tenido en cuenta, en el análisis y diseño de sistemas críticos. Aplicando el concepto de proxies dinámicos, se investigan los detalles de implementación de una simple aunque interesante, estrategia basada en componentes para el manejo de excepciones, disponible en la literatura: las fachadas de seguridad; cuya descripción original carece de información pormenorizada. Las fachadas de seguridad constituyen un nuevo enfoque, que introduce una arquitectura y directrices, estableciendo un framework para el manejo de excepcionesException handling mechanisms were conceived as a means for incorporating fault tolerance into software systems. More than two thirds of the application’s code is dedicated to detecting and handling errors and exceptions. These exception handling systems are often misuse and (or) abused. The design of exception handling in an application is seen as a difficult task because: introduce significant complexity, may conflict with many of the goals of object oriented design, suffers from lack of guidelines, among other things. For these reasons the handling of exceptions and errors is one of the major subject of the software architecture and one of the most critical, but overlooked aspect of critical system design and analysis. I will apply the concept of dynamic proxy to implement a simple but interesting exception handling design approach called safety facades, available in the software architecture literature. The article describing security façades is light on details. The security façade form a new approach that introduce and architecture and best practices to build a viable framework for systems with exception handling.Workshop de Ingeniería de Software y Bases de Datos (WISBD)Red de Universidades con Carreras en Informática (RedUNCI

Exception handling in the development of fault-tolerant component-based systems

Orientador: Cecilia Mary Fischer RubiraTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Mecanismos de tratamento de exceções foram concebidos com o intuito de facilitar o gerenciamento da complexidade de sistemas de software tolerantes a falhas. Eles promovem uma separação textual explícita entre o código normal e o código que lida com situações anormais, afim de dar suporte a construção de programas que são mais concisos fáceis de evoluir e confáveis. Diversas linguagens de programação modernas e a maioria dos modelos de componentes implementam mecanismos de tratamento de exceções. Apesar de seus muitos benefícios, tratamento de exceções pode ser a fonte de diversas falhas de projeto se usado de maneira indisciplinada. Estudos recentes mostram que desenvolvedores de sistemas de grande escala baseados em infra-estruturas de componentes têm hábitos, no tocante ao uso de tratamento de exceções, que tornam suas aplicações vulneráveis a falhas e difíceis de se manter. Componentes de software criam novos desafios com os quais mecanismos de tratamento de exceções tradicionais não lidam, o que aumenta a probabilidade de que problemas ocorram. Alguns exemplos são indisponibilidade de código fonte e incompatibilidades arquiteturais. Neste trabalho propomos duas técnicas complementares centradas em tratamento de exceções para a construção de sistemas tolerantes a falhas baseados em componentes. Ambas têm ênfase na estrutura do sistema como um meio para se reduzir o impacto de mecanismos de tolerância a falhas em sua complexidade total e o número de falhas de projeto decorrentes dessa complexidade. A primeira é uma abordagem para o projeto arquitetural dos mecanismos de recuperação de erros de um sistema. Ela trata do problema de verificar se uma arquitetura de software satisfaz certas propriedades relativas ao fluxo de exceções entre componentes arquiteturais, por exemplo, se todas as exceções lançadas no nível arquitetural são tratadas. A abordagem proposta lança de diversas ferramentas existentes para automatizar ao máximo esse processo. A segunda consiste em aplicar programação orientada a aspectos (AOP) afim de melhorar a modularização de código de tratamento de exceções. Conduzimos um estudo aprofundado com o objetivo de melhorar o entendimento geral sobre o efeitos de AOP no código de tratamento de exceções e identificar as situações onde seu uso é vantajoso e onde não éAbstract: Exception handling mechanisms were conceived as a means to help managing the complexity of fault-tolerant software. They promote an explicit textual separation between normal code and the code that deals with abnormal situations, in order to support the construction of programs that are more concise, evolvable, and reliable. Several mainstream programming languages and most of the existing component models implement exception handling mechanisms. In spite of its many bene?ts, exception handling can be a source of many design faults if used in an ad hoc fashion. Recent studies show that developers of large-scale software systems based on component infrastructures have habits concerning the use of exception handling that make applications vulnerable to faults and hard to maintain. Software components introduce new challenges which are not addressed by traditional exception handling mechanisms and increase the chances of problems occurring. Examples include unavailability of source code and architectural mismatches. In this work, we propose two complementary techniques centered on exception handling for the construction of fault-tolerant component-based systems. Both of them emphasize system structure as a means to reduce the impactof fault tolerance mechanisms on the overall complexity of a software system and the number of design faults that stem from complexity. The ?rst one is an approach for the architectural design of a system?s error handling capabilities. It addresses the problem of verifying whether a software architecture satis?es certain properties of interest pertaining the ?ow of exceptions between architectural components, e.g., if all the exceptions signaled at the architectural level are eventually handled. The proposed approach is based on a set of existing tools that automate this process as much as possible. The second one consists in applying aspect-oriented programming (AOP) to better modularize exception handling code. We have conducted a through study aimed at improving our understanding of the efects of AOP on exception handling code and identifying the situations where its use is advantageous and the ones where it is notDoutoradoDoutor em Ciência da Computaçã

OFFBEAT : una extensión de PRISM para el análisis de sistemas temporizados tolerantes a fallas

Tesis (Lic. en Ciencias de la Computación)--Universidad Nacional de Córdoba. Facultad de Matemática, Astronomía y Física, 2011.Los sistemas tolerantes a fallas son aquellos que son capaces de seguir operando luego de la ocurrencia de una o más fallas. Una falla puede provocar cambios no deseados en el estado interno del sistema, y para que el sistema tolere la falla, deberá ser capaz de soportar estos cambios y continuar operando de la manera esperada. Los sistemas tolerantes a fallas son comunes en casos donde una falla no es aceptable, ya que la misma puede derivar grandes pérdidas, tanto económicas como de vidas humanas. Otra técnica para garantizar que un sistema funcione de la manera que corresponde es el model checking, una técnica de verificación automática que permite determinar se el modelo de un sistema cumple una propiedad determinada. En caso de que el sistema no satisfaga la propiedad, el model checker generalmente proporciona un contraejemplo de ayuda para determinar la fuente del error. En el presente trabajo se detallan los modelos e ideas usadas para la construcción de un model checker probabilista temporizado, pensado para la verificación de sistemas tolerantes a fallas. Se describirá el proceso de inyección de fallas en los modelos formales, la sintaxis del lenguaje de la herramienta, el proceso de traducción del mismo al lenguaje de PRISM (el model checker sobre el cual se provee la capa de abstracción), y la aplicación de la herramienta desarrollada a dos casos de estudio.Manual de OFFBEAT -- Sintaxis formal de OFFBEAT -- Ejemplo de traducción de PRISM

DT4BP: a Business Process Modelling Language for Dependable Time-Constrained Business Processes

Today, numerous organisations rely on information software systems to run their businesses. The effectiveness of the information software system then, depends largely on the degree to which the organisation's business is accurately captured in the business model. The business model is an abstract description of the way an organisation's functions. Thus, the more precise the business model, the more accurate the requirement definition of the information software system to be engineered.There are an abundance of tools and notations available today to support the development of many types of business process. Many of these artifacts rely on the concept of a business process to describe a business model. A business process is commonly known as a set of one or more linked procedures or activities which collectively realise a business objective or policy goal, normally within the context of an organisational structure defining functional roles and relationships". This thesis is concerned with modelling business processes as a means to accurately capture an organisation's activities and thus, the requirements of the software system that supports these activities.Among the infinite set of possible business processes, this thesis targets only those characterized by the qualities of dependability, collaboration and time. Business processes having these specific dimensions are referred to as Dependable, Collaborative and Time-Constrained (DCTC) business processes. A dependable business process is one whose failures or the number of occurrences in which business process misses its goal are not unacceptably frequent or severe (from certain viewpoint). A collaborative business process is one that requires the interaction of multiple participants to attain its goal. A time-constrained business process is one that owns at least one property expressed in terms of an upper or lower time bound. This thesis investigates how DCTC business processes can be described such that the resulting model captures all the relevant aspects of each dimension of interest. In addition, the business model must be comprehensible to the stakeholders involved not only in its definition, but also in its further use throughout the software development life cycle.A revision and analysis of notations that exist for modelling business processes conducted in this thesis have revealed that today there does not exist any modelling language that provides comprehensible, suitable and sufficiently expressive support for the characteristics of dependability, collaboration and time in an integrated manner. Hence, a significant part of this thesis is devoted to the definition of a new business process modelling language named DT4BP. The aim of this new modelling language is to be comprehensible, suitable and expressive enough to describe DCTC business processes. The definition of this new modelling language implies that a concrete syntax, an abstract syntax, a semantic domain and a semantic mapping is provided. The definition of this new modelling language is given following the Model-Driven Engineering (MDE) approach, and in particular the metamodelling principles. Thus, meta-models and model transformations are used to precisely specify the abstract syntax and semantic mapping elements of the language definition, respectively. Since DT4BP is a textual modelling language, its concrete syntax is specified by a context-free grammar. The Coordinated Atomic Actions conceptual framework with real-time extensions (Timed-CaaFWrk) is used as the semantic domain as it covers a large part of the abstractions included in dependable collaborative time-constrained business processes. The formalisation of this semantic domain according to the metamodelling principles is also part of the material presented in this thesis. Since the business model is considered as a representation of the requirement document the software system to be developed, it is crucial to validate whether it captures the requirements as intended by the stakeholder before going further in the software development process. Hence, besides the comprehensibility, suitability and expressiveness of the modelling language with respect to the domain of interest, it is of special interest to provide a mechanism that allows modellers to ensure that the business model is correct with respect to the stakeholder's expectations. One way of achieving this goal is to provide the modelling language with an executable semantics. In this manner, any business model can be executed on sample input data, and its dynamic behaviour observed. The observation of the dynamic behaviour of the model may be considered as a simulation of the model based on the sample input data. By performing several simulations of the model, the modeller, in cooperation with the stakeholder, can judge whether the business model is correct. This thesis provides an executable semantics for Timed-CaaFWrk that, used in combination with the model transformation that defines the semantic mapping element of the language definition, allows DT4BP models to be validated by simulation. In this manner, the dynamic behaviour of a particular DT4BP model for a given sample input data can be observed by transforming it into a Timed-CaaFWrk model, which is then run thanks to the given executable semantics

The Fault-Tolerant Insulin Pump Therapy

The “Fault-Tolerant Insulin Pump Therapy” is based on the Continuous Subcutaneous Insulin Injection technique which combines devices (a sensor and a pump) and software in order to make glucose sensing and insulin delivery automatic. These devices are not physically connected together and they come with the necessary features to detect malfunctions which they may have. As the patient’s health is the most important, the therapy has to be able to work despite the fact that hardware and/or software faults have or may occur. This paper presents the development cycle for the Insulin Pump Therapy Control System case study, starting from requirements and reaching the implementation following a top-down approach. It will show how the Coordinated Atomic Actions (CAAs) structuring mechanism can be used for modelling Faul-Tolerant (FT) systems and how CAA-DRIP development environment is used to implement it