• We present a testing framework tailor-made for testing how multi-threaded Java programs handle asynchronous exceptions. • We explain how failboxes can be used in practice to produce multi-threaded Java programs that guarantee dependency safety. • We present a number of possible implementations of the failbox concept, in order of their robustness. • For each implementation, we discuss its weaknesses, and demonstrate these via tests performed with our testing framework. • Our final implementation is robust w.r.t. asynchronous exceptions. It is the first one that provides this guarantee. Exception mechanisms help to ensure that a program satisfies the important robustness criterion of dependency safety: if an operation fails in an execution sequence, any code depending on the successful completion of this operation should also fail in a controlled way. However, the exception handling mechanisms available in languages like Java do not provide a structured way to achieve dependency safety. The language extension failbox provides dependency safety in a compositional manner. Asynchronous exceptions occurring inside the failbox code are a serious challenge in achieving dependency safety. In this article we present a Java implementation which deals with this challenge by developing failboxes incrementally, through four increasingly robust iterations. For each incremental implementation step we analyze the vulnerabilities and argue the remedies in the next implementation. We also present a testing approach to investigate whether the vulnerabilities are realistic and the remedies proposed are effective. This testing approach enables us to generate asynchronous exceptions in a controlled manner for concurrent programs and the tests are repeatable in that they give the same results for runs that may differ in scheduling, even on different platforms.
Read full abstract