Journal of Computer Science and Technology

, Volume 24, Issue 2, pp 212–237 | Cite as

Architecting Fault Tolerance with Exception Handling: Verification and Validation

  • Patrick H. S. Brito
  • Rogério de Lemos
  • Cecília M. F. Rubira
  • Eliane Martins
Regular Paper


When building dependable systems by integrating untrusted software components that were not originally designed to interact with each other, it is likely the occurrence of architectural mismatches related to assumptions in their failure behaviour. These mismatches, if not prevented during system design, have to be tolerated during runtime. This paper presents an architectural abstraction based on exception handling for structuring fault-tolerant software systems. This abstraction comprises several components and connectors that promote an existing untrusted software element into an idealised fault-tolerant architectural element. Moreover, it is considered in the context of a rigorous software development approach based on formal methods for representing the structure and behaviour of the software architecture. The proposed approach relies on a formal specification and verification for analysing exception propagation, and verifying important dependability properties, such as deadlock freedom, and scenarios of architectural reconfiguration. The formal models are automatically generated using model transformation from UML diagrams: component diagram representing the system structure, and sequence diagrams representing the system behaviour. Finally, the formal models are also used for generating unit and integration test cases that are used for assessing the correctness of the source code. The feasibility of the proposed architectural approach was evaluated on an embedded critical case study.


exception handling fault-tolerant software architecture model-based test model checking software verification and validation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Cristian F. Exception Handling. Dependability of Resilient Computers, Anderson T (ed.), Blackwell Scientific Publications, 1989, pp.68–97.Google Scholar
  2. [2]
    Gray J, Reuter A. Transaction Processing: Concepts and Techniques. Morgan Kaufmann, 1993.Google Scholar
  3. [3]
    Parnas D L, Würges H. Response to undesired events in software systems. In Proc. the 2nd Int. Conf. Software Engineering, San Francisco, USA, October 1976, pp.437–446.Google Scholar
  4. [4]
    Castor Filho F, Cacho N, Figueiredo E, Ferreira R, Garcia A, Rubira C M F. Exceptions and aspects: The devil is in the details. In Proc. the 14th ACM SIGSOFT FSE, Portland, Oregon, USA, November 5–11, 2006, pp.152–162.Google Scholar
  5. [5]
    Reimer D, Srinivasan H. Analyzing exception usage in large Java applications. In Proc. Workshop on Exception Handling in Object-Oriented Systems (ECOOP’2003), Darmstadt, Germany, July 21–25, 2003, pp.10–19.Google Scholar
  6. [6]
    Rubira CMF, de Lemos R, Ferreira G, Castor Filho F. Exception handling in the development of dependable component-based systems. Software — Practice and Experience, March 2005, 35(5): 195–236.CrossRefGoogle Scholar
  7. [7]
    Bass L, Clements P, Kazman R. Software Architecture in Practice. 2nd Edition, Addison Wesley, 1999.Google Scholar
  8. [8]
    Bradbury J S. Organizing definitions and formalisms for dynamic software architectures. Technical Report 2004–477, School of Computing, Queen’s University, March 2004.Google Scholar
  9. [9]
    de Castro Guerra P A, Rubira C M F, de Lemos R. A Fault-Tolerant Software Architecture for Component-Based Systems. Architecting Dependable Systems, LNCS 2677, Berlin, Germany: Springer, 2003, pp.129–149.Google Scholar
  10. [10]
    de Lemos R, de Castro Guerra P A, Rubira C M F. A fault-tolerant architectural approach for dependable systems. IEEE Software, 2006, 23(2): 80–87.CrossRefGoogle Scholar
  11. [11]
    Castor Filho F, Brito P H S, Rubira C M F. Specification of exception flow in software architectures. Journal of Systems and Software, 2006, 79(10): 1397–1418.CrossRefGoogle Scholar
  12. [12]
    Castor Filho F, Brito P H S, Rubira C M F. A Framework for analyzing exception flow in software architectures. SIGSOFT Software Engineering Notes, 2005, 30(4): 1–7.CrossRefGoogle Scholar
  13. [13]
    Abrial J R, Lee M K O, Neilson D, Scharbach P N, Sorensen I. The b-method. In Proc. the 4th Int. Symp. VDM Europe on Formal Software Development (VDM’91), Noordwijkerhout, the Netherlands, Oct. 21–25, 1991, Vol.2, pp.398–405.Google Scholar
  14. [14]
    Brookes S D, Hoare C A R, Roscoe A W. A theory of communicating sequential processes. J. ACM, 1984, 31(3): 560–599.zbMATHCrossRefMathSciNetGoogle Scholar
  15. [15]
    Leuschel M, Butler M J. Prob: A model checker for b. In Proc. Int. Conf. Formal Methods (FME’2003), LNCS 2805, Pisa, Italy, Sept. 8–13, 2004, pp.855–874.Google Scholar
  16. [16]
    Patrick H S Brito, Camila Ribeiro Rocha, Fernando Castor Filho, Eliane Martins, C M F Rubira. A method for modeling and testing exceptions in component-based software development. In Proc. the 2nd Latin American Symposium on Dependable Computing (LADC 2005), LNCS 3747, Salvador, Bahia, Brazil, Oct. 25–28, 2005, pp.61–79.Google Scholar
  17. [17]
    F Castor Filho, P A de C Guerra, V A Pagano, C M F Rubira. A systematic approach for structuring exception handling in robust component-based software. Journal of the Brazilian Computer Society, April 2005, 10(3): 5–19.Google Scholar
  18. [18]
    Randell B. Turing memorial lecture facing up to faults. Comput. J., 2000, 43(2): 95–106.CrossRefGoogle Scholar
  19. [19]
    Laprie J C, Arlat J, Béounes C, Kanoun K. Definition and analysis of hardware- and software-fault-tolerant architectures. IEEE Computer, 1990, 23(7): 39–51.Google Scholar
  20. [20]
    Anderson T, Lee P A. Fault Tolerance: Principles and Practice. Prentice-Hall, 1981.Google Scholar
  21. [21]
    Taylor R N, Medvidovic N, Anderson K, Whitehead J E J, Robbins J. A component-and message-based architectural style for GUI software. In Proc. the 17th Int. Conf. Software Engineering, Seattle, Washington, USA, April 1995, pp.295–304.Google Scholar
  22. [22]
    F Castor Filho, Guerra P A de C, C M F Rubira. An architectural-level exception-handling system for component-based applications. In Proc. the 1st Latin-American Symposium on Dependable Computing, LNCS 2847, Sâo Paulo, Brazil, Oct. 21–24, 2003, pp.321–340.Google Scholar
  23. [23]
    Clements P et al. Documenting Software Architectures: Views and Beyond. Addison-Wesley, 2003.Google Scholar
  24. [24]
    Kevin Simons, Judith A Stafford. Cmeh: Container managed exception handling for increased assembly robustness. In Proc. the 7th Int. Symp. Component-Based Software Engineering (CBSE’04), LNCS 3054, Edinburgh, Scotland, May 24–25, 2004, pp.122–129.Google Scholar
  25. [25]
    Chang B M, Jo J W, Yi K, Choe K M. Interprocedural exception analysis for Java. In Proc. the 2001 ACM Symp. Applied Computing (SAC’01), Las Vegas, USA, March 11–14, 2001, pp.620–625.Google Scholar
  26. [26]
    Schaefer C F, Bundy G N. Static analysis of exception handling in ada. Softw. Pract. Exper., 1993, 23(10): 1157–1174.CrossRefGoogle Scholar
  27. [27]
    Siau K, Halpin T A (eds.). Unified Modeling Language: Systems Analysis, Design and Development Issues. Idea Group, 2001.Google Scholar
  28. [28]
    Bertolino A, Inverardi P, Muccini H, Rosetti A. An approach to integration testing based on architectural descriptions. In Proc. the Third IEEE Int. Conf. Engineering of Complex Computer Systems (ICECCS’97), Washington DC, USA, IEEE Computer Society, 1997, pp.77–85.Google Scholar
  29. [29]
    Muccini H, Bertolino A, Inverardi P. Using software architecture for code testing. IEEE Trans. Softw. Eng., 2004, 30(3): 160–171.CrossRefGoogle Scholar
  30. [30]
    Richardson D J, Wolf A L. Software testing at the architectural level. In Proc. Int. Workshop on Multiple Perspectives in Software Development (Viewpoints’96) on SIGSOFT’96 Workshops, New York, NY, USA, ACM, 1996, pp.68–71.Google Scholar
  31. [31]
    Sloman M, Kramer J. Distributed Systems and Computer Networks. Hertfordshire: Prentice Hall International (UK) Ltd., UK, 1987.Google Scholar
  32. [32]
    de Lemos R. Architectural Fault Tolerance using Exception Handling. Architecting Dependable Systems IV, LNCS 4615, Springer, 2007, pp.142–162.Google Scholar
  33. [33]
    Binder R V. Testing Object-Oriented Systems: Models, Patterns, and Tools. Boston: Addison-Wesley Longman Publishing Co., Inc., MA, USA, 1999.Google Scholar
  34. [34]
    Bertolino A, Marchetti E, Muccini H. Introducing a reasonably complete and coherent approach for model-based testing. Electr. Notes Theor. Comput. Sci., 2005, 116: 85–97.CrossRefGoogle Scholar
  35. [35]
    Perez I, Martins E, Viégas J. Using UML models for component test. In Proc. the 8th Brazilian Workshop on Test and Fault Tolerance (WTF 2007), Belém, Pará, Brazil, 2007, pp.99–102. (in Portuguese)Google Scholar
  36. [36]
    Stafford J A, Wolf A L. Architecture-level dependence analysis for software systems. International Journal of Software Engineering and Knowledge Engineering, 2001, 11(4): 431–451.CrossRefGoogle Scholar
  37. [37]
    Lima G M P S, Travassos G H. Integration testing applied to object-oriented software: Heuristics for class ordering. Tech. Rep. ES-632/04, COPPE/UFRJ, 2004. (in Portuguese)Google Scholar
  38. [38]
    Abreu B, Martins E, Sousa F. Generalized extremal optimization: A competitive algorithm for test data generation. In Proc. the 21st Brazilian Symposium on Software Engineering (SBES 2007), Joâo Pessoa, Paraíba, Brazil, Oct. 15–19, 2007, pp.342–358.Google Scholar

Copyright information

© Springer 2009

Authors and Affiliations

  • Patrick H. S. Brito
    • 1
  • Rogério de Lemos
    • 2
  • Cecília M. F. Rubira
    • 1
  • Eliane Martins
    • 1
  1. 1.Institute of ComputingState University of CampinasCampinasBrazil
  2. 2.Computing LaboratoryUniversity of KentKentU.K.

Personalised recommendations