201309 130917200320-phpapp01

Teddy Chen

Sept. 14 2013

例外處理設計與重構實作班

Copyright@2013 Teddysoft

我是誰

• 2012年7月成立泰迪軟體，從事敏捷開發顧問、教育訓練、軟體工具導入等服務。

• 2012年6月，出版暢銷書「笑談軟體工程：敏捷方法的逆襲」。

• 2012年4月起，多次講授Scrum課程，與學員互動氣氛佳，滿意度高。

• 超過17年design pattern實務經驗，曾在pattern領域最著名的PLoP國際研討會發表論文。 – PLoP 2004：A Pattern Language for Personal Authoring

in E-Learning.

– Asia PLoP 2011：Emerging Patterns of Continuous Integration for Cross-Platform Software Development.

• 2009年取得Certified ScrumMaster。

• 2008年4月起迄今，5年以上Scrum業界導入經驗。

• 2008年取得台北科技大學資工博士。

• 2007年起經營「搞笑談軟工」部落格。

課程內容

• 例外處理基本觀念

• 例外處理的4+1觀點

• 建立例外處理中心思想—Staged Robustness Model

• EH Bad Smells and Refactoring's

例外處理基本觀念

一個軟體開發專案存在著很多互相競爭且衝突的非功能需求

robustness

(exception handling)

time-to-market, iterative & incremental design, maintainability, etc. 誰贏、誰輸?

Robustness輸了之後會造成系統不穩定

系統不穩定會有什麼問題?

輕則損失時間、金錢與商譽，重則可能危害生命安全。

SPECIFICATION Correctness

Robustness

提升軟體可靠度需同時考慮Correctness與Robustness這兩個因素

• Correctness –軟體產品可以執行規格中所規範的工作或行為

–可透過Contract Specification來達成

• Robustness –軟體系統應付異常狀況的能力

–可透過Exception Handling來達成

本課程介紹如何透過例外處理來增加系統的強健度

練習：請分享一個因為例外處理不良而造成金錢上、時間上、精神上損失的經驗

例外處理機制—Exception

Handling Mechanism (EHM)

問題: 請說出一個你熟知的程式語言的例外處理機制

例外處理機制(EHM)是程式語言用來支援例外處理的方法

• Representation

• Definition

• Signaling

• Propagation

• Resolution

• Continuation

1. Representation

• 程式語言表達例外的方法 – Symbol

• strings or numbers

– Data object • Used to hold error and failure information only.

• Raised by a language keyword.

– Full object • Encapsulate signaling, propagation, and continuation

behaviors of exceptions in the class definition.

2. Definition

• 程式設計師如何定義一個例外

– Symbols

• new exceptions are defined as strings or numbers.

–Data objects and full objects

• a class is used to define an exception.

3. Signaling

• 產生一個例外(的實例)，並且將例外傳給接收者的指令稱之為： – throwing, signaling, raising, or triggering

• 例外產生方式有兩種： – Synchronous exception

• A direct result of performing the instruction.

– Asynchronous exception • Produced by the runtime environment upon encountering

an internal error or by stopping or suspending a thread.

4. Propagation

• If an exception is signaled and not coped with locally, the exception can be propagated to the caller of the signaling method.

• Exception propagation can be explicit or implicit (or automatic). – Explicit: a receiver must explicitly re-throw an

unhandled received exception for further propagation

– Implicit: an unhandled exception is automatically propagated.

5. Resolution

• Exception resolution or handler binding is a process of finding a suitable handler in the target, which is resolved by static scoping at compiler-time, dynamic invocation chain at runtime, or both.

• There are two methods to dynamically find a handler: stack unwinding and stack cutting. – Stack unwinding pops the stack frames to search for the

matching exception handler – Stack cutting maintains a list of registered exception handlers

and looks up the list for a suitable exception handler.

6. Continuation

• An exception continuation or exception model specifies the execution flow after an exception handler returns its control.

– Termination model

–Retry model

–Resumption model

容易搞混且重要的觀念：Fault, Error, Failure, Exception彼此的關係

fault error failure

exception

(1) design (2) component

cause of failure a state may lead to failure

service departs from specification

represented by

以下何者是design fault，何者是component

fault?

1. 除以零 (division by zero)

2. Index Out of Bound

3. 網路斷線

4. 硬碟空間已滿

5. 檔案不存在

24 Copyright@2013 Teddysoft

為什麼要區分design fault與component fault?

Exception Handling vs. Fault-Tolerant Programming

• Exception handling deals with component faults (anticipated exceptions)

• Fault-tolerant programming deals with both component and design faults (anticipated and unanticipated exceptions)

範圍不同、成本不同!

Java例外處理機制

Java Exception Handling: The try

Statement (before JDK 7)

Java Exception Handling: The try_multi_catch in JDK 7

Java Exception Handling: The try_with_resources in JDK 7

Java Exception Class Hierarchy

checked

unchecked

IOException

NullPointerException

Throwable

Exception

RuntimeException

IndexOutOfBoundsException

SQLException

Use checked exceptions for recoverable conditions and

run-time exceptions for programming errors

使用Checked Exception須遵循Handle-or-Declare Rule

handle

declare

程式如果違反Handle-or-Declare Rule將被Java Compiler

視為語法錯誤

例外處理的4+1觀點 Usage (用途)

Design (設計)

Handling (處理)

Tool-Support (工具支援)

Process (流程)

為什麼例外處理這麼難?

Usage View (例外用途觀點)

Exception, 真的只是用來代表「例外狀況」嗎?

練習：分組討論要如何處理EOFException與InterruptedException?

EOFException範例 public void readDataFromFile(String aFileName){

try (DataInputStream input = new DataInputStream

(new FileInputStream(aFileName))) {

while (true) {

System.out.print(input.readChar());

catch (EOFException e) {

// How to "handle" this exception?

catch (IOException e) {

e.printStackTrace();

InterruptedException範例

public void sleepMillisecond(int ms){

Thread.sleep(ms);

} catch (InterruptedException e) {

Usage View

• Failure

• Notification – EOFException

– InterruptedException

案情沒有那麼單純，請看另一個EOFException範例

public void fetchRawBytesAndSetupMessage(DataInputStream aIS)

throws IOException, InvalidPacketException {

int length = aIS.readInt();

setMessageLength(length);

byte[] messageBody = new byte[length];

aIS.readFully(messageBody);

} catch (EOFException e) {

throw new InvalidPacketException("Data Underflow");

setMessage(new String(messageBody)); }

Context 決定 exception的用途

Design View

(例外設計觀點)

Design View

• Declared: –例外有宣告在元件的介面規範中

–又稱為anticipated或expected例外

–代表component fault

• Undeclared: –例外沒有宣告在元件的介面規範中

–又稱為unanticipated或unexpected例外

–代表design fault

Declared Exception

Undeclared Exception (1/2)

public Hamburg createHamburger(String type) {

Hamburg ham = null;

switch (type) {

case "pork":

ham = new SweetPorkHamburger();

break;

case "beef":

ham = new SweetBeefHamburger();

break;

default:

throw new RuntimeException

("Unsupported hamburger type:" +

type);

return ham;

Undeclared Exception (2/2)

public void deposit(int value) {

if (value < 0 ) {

throw new IllegalArgumentException

("存款金額不得為負數.");

// doing normal deposit logic

你在做例外處理還是容錯設計? (1/2)

public void deposit(int value) throws

llegalArgumentException {

if (value < 0 ) {

public void deposit(int value) {

if (value < 0 ) {

你在做例外處理還是容錯設計? (2/2)

public String execute(String cmd) throws

IOException,

NullPointerException,

IllegalArgumentException;

Design View小結

撇開程式語言是否區分checked與unchecked例外，唯有將例外宣告在介面上(或以某種形式存在程式或文件中)，在設計階段程式設計師才有機會知道要如何來因應可能會遭遇到的異常狀況。

Handling View

(例外處理觀點)

Handling View

• Recoverability (可恢復性) – recoverable, unrecoverable(irrecoverable)

• Exception handling constructs in languages and utilities – Roles, responsibilities, and collaborations (e.g., try,

catch, finally in Java)

Handling View之 Recoverability

Recoverability：爽到你，艱苦到我

Thanks Linda

Recoverability：Callee與Caller都要負責任

Thanks Linda

public void sleepMillisecond(int ms){

Thread.sleep(ms);

} catch (InterruptedException e) {

Recoverability思考練習1

Callee

Caller: InterruptedException是一個可以被修復的例外狀況嗎?

public void readDataFromFile(String aFileName){

try (DataInputStream input = new DataInputStream

(new FileInputStream(aFileName))) {

while (true) {

System.out.print(input.readChar());

catch (EOFException e) {

catch (IOException e) {

e.printStackTrace();

Callee

Caller: EOFException與IOException的recoverability?

Callee

Caller: EOFException與IOException的recoverability?

Handling View之 Exception Handling Constructs

and Utilities

不同的程式語言有不同的例外處理構件

• Java/C# – try-catch-finally

• C++ – try-catch

– destructor

• Eiffel – Exception handlers in Eiffel are attached at the method

level and all exceptions are caught by one handler.

重新思考try-catch-finally的責任與分工

• Try – Implement requirements (can have alternatives) – Prepare state recovery (e.g., make a check point)

• Catch – Perform error and fault handling – Report exceptional conditions – Control retry flow

• Finally – Release resources – Drop check points if any

例外處理也是一種程式設計，需要程式設計能力與軟體元件支援

• 設計技巧 – Memento、Smart pointer、Check point、etc.

– Exception hierarchy

– EH best practices and patterns

• 工具 – Logging (e.g., Log4j)

– Common error formats and dialogs

– EH smell detection

– Marker & resolution

Handling View小結

要判斷一個例外是否為一個可修復的狀況，是例外處理「設計」的第一個步驟，但這個判斷依據並不是一件容易的事。

確定了例外的recoverability之後，接著可利用程式語言構件與軟體元件的協助

來實作例外處理程式碼。

Tool-Support View

(例外工具支援觀點)

Tool-Support View

• Java語言的tool-support –區分Checked與unchecked例外

Java與C#程式比較

Java語言的Tool-Support所造成的後遺症

• Interface evolution problem

• Ignored checked exception

Tool-Support View小結

為了提高軟體的強健度，開發人員需要一個提醒機制，告知那些操作有可能產生例外，否則開發人員更容易忽略例外處理，只能等runtime

發生錯誤時再回頭修補。

Process View

(開發流程觀點)

Process View

• Waterfall VS. IID (iterative and incremental development)

• 如何在IID流程中規劃例外處理? – I will handle this exception when I have time.

Never happens!

以Scrum為例

• Story – Normal scenarios

– Failure scenarios

• 這個sprint先做normal scenarios，下個sprint再做failure scenarios

敏捷開發讓例外處理變得好簡單啊! 才怪

「先做normal scenarios，再做failure scenarios」實務上有何問題?

做normal scenarios的時候遇到例外怎麼辦?

Process View小結

IID或敏捷開發法不會讓例外處理變得更簡單。若團隊沒有一套例外處理設計規範，則很有可能反而會降

低系統的強健度。

例外處理的4+1種觀點結論

例外處理…好難…Orz

建立例外處理中心思想—

Staged Robustness Model

例外處理的目標

Robustness Levels (強健度等級)

Undefined

Error-

Reporting

State-

Recovery

Behavior-

Recovery

Robustness

unpredictable

All exceptions are

reported

State is correct under the

presence of exceptions

Service is delivered under the

presence of exceptions

Robustness levels of components Element RL G0 RL G1 RL G2 RL G3

name undefined error-reporting state-recovery behavior-recovery

service failing implicitly or

explicitly failing explicitly failing explicitly delivered

state unknown or incorrect unknown or

incorrect correct correct

lifetime terminated or

continued terminated continued continued

achieved NA

(1) propagating all

unhandled

exceptions, and

(2) catching and

reporting them in

the main program

(1) error

recovery

(2) cleanup

(1) retry, and/or

(2) design

diversity, data

diversity, and

functional diversity

also known

as NA failing-fast

weakly tolerant

and organized

strongly tolerant,

self-repair, self-

healing, resilience,

Upgrading and degrading exception handling goals

fail-fast; keep

user informed

G0 G1 G2

restore state, clean up,

and keep programs alive

attempt retries

all retries failstate restoration

or cleanup fail

Applicability for the robustness levels

RL Applicability

In the early stage of system development

Prototyping

Applying an evolutionary development methodology

Time-to-market

Outsourcing

Designing utility components used in different application domains

Behavior-recovery actions should be administered by the user

Developing mission critical systems

Designing components having sufficient application context to

recover from behavioral failures, e.g., application controllers

Behavior-recovery actions are inappropriate to be administered by

the user

強健度等級小結

Consequences

• Robustness without costly up-front design

• Guiding exception handling implementation

• Independent of languages

Bad Smells and Refactorings

Refactoring基本觀念

Bad Smells and Refactorings

Refactoring基本觀念

What is Refactoring

• Improving the internal structure of a

software system without altering its

external behavior [fowler]

• Steps to perform refactoring:

– Identifying code smells

– Applying refactorings to remove the smells

– Verifying satisfaction

Refactoring and EH Refactoring

Normal

Behavior

Exceptional

Behavior

Refactoring EH Refactoring

Behavior

EH Smells, Refactorings, and RL

EH smell Refactoring RL

Return code Replace Error Code with Exception G1

Ignored checked

exception

Replace Ignored Checked Exception with

Unchecked Exception G1

Unprotected main

program

Avoid Unexpected Termination with Big

Outer Try Block G1

Dummy handler Replace Dummy Handler with Rethrow G1

Nested try block Replace Nested Try Block with Method G2

Careless Cleanup Replace Careless Cleanup with Guaranteed

Cleanup G2

Ignored checked

exception

Dummy handler

Introduce Checkpoint Class G2

Smell: Return Code

public int withdraw(int amount) { if (amount > this.balance) return -1; else { this.balance = this.balance – amount; return this.balance; } }

Refactoring: Replace Error Code with Exception

public int withdraw(int amount) throws NotEnoughMoneyException { if (amount > this.balance) throw new NotEnoughMoneyException (); this.balance = this.balance – amount; }

Smell: Ignored Checked Exception

public void writeFile(String fileName, String data) { Writer writer = null; try { writer = new FileWriter(fileName); // may throw IOException writer.write(data); // may throw IOException } catch (IOException e) { // ignoring the exception } finally { // code for cleanup } }

Replace Ignored Checked Exception with Unchecked Exception

public void writeFile(String fileName, String data) { Writer writer = null; try { writer = new FileWriter(fileName); /* may throw an IOException */ writer.write(data); /* may throw an IOException */ } catch (IOException e) { /* ignoring the exception */ } } ↓ public void writeFile(String fileName, String data) { Writer writer = null; try { writer = new FileWriter(fileName); /* may throw an IOException */ writer.write(data); /* may throw an IOException */ } catch (IOException e) { throw new UnhandledException(e, “message”); } }

Smell: Unprotected Main Program

static public void main(String[] args) { MyApp myapp = new MyApp(); myapp.start(); }

Avoid Unexpected Termination with Big Outer Try Block

static public void main(String[] args) { MyApp myapp = new MyApp(); myapp.start(); } ↓ static public void main(String[] args) { try { MyApp myapp = new MyApp(); myapp.start(); } catch (Throwable e) { /* displaying and/or logging the exception */ } }

Smell: Dummy Handler

public void m(String aFileName) { try{ FileInputStream fis = new FileInputStream(new File(aFileName)); } catch(IOException e){ e.printStackTrace(); } finally{ // cleanup } }

Replace Dummy Handler with Rethrow

public void m(String aFileName) { try{ FileInputStream fis = new FileInputStream(new File(aFileName)); } catch(IOException e){ e.printStackTrace(); } finally{ // cleanup } }

public void m(String aFileName) { try{ FileInputStream fis = new FileInputStream(new File(aFileName)); } catch(IOException e){

throw new UnhandledException (e, “message”);

} finally{ // cleanup } }

Smell: Nested Try Statement

FileInputStream in = null; try { in = new FileInputStream(…); } finally { try { if (in != null) in.close (); } catch (IOException e) { /* log the exception */ } }

Replace Nested Try Statement with Method

FileInputStream in = null; try { in = new FileInputStream(…); } finally { try { if (in != null) in.close (); } catch (IOException e) { /* log the exception */ } }

FileInputStream in = null; try { in = new FileInputStream(…); } finally { closeIO (in); } private void closeIO (Closeable c) { try { if (c != null) c.close (); } catch (IOException e) { /* log the exception */ } }

Smell: Careless Cleanup

public void cleanup String aFileName) { try{ FileInputStream fis = new FileInputStream(new File(aFileName)); fis.close(); } catch(IOException e){ throw new RuntimeException(e); } }

Replace Careless Cleanup with Guaranteed Cleanup

public void cleanup String aFileName) { try{ FileInputStream fis = new FileInputStream(new File(aFileName)); fis.close(); } catch(IOException e){ throw new RuntimeException(e); } }

public void cleanup String aFileName) { FileInputStream fis = null; try{ fis = new FileInputStream(new File(aFileName)); } catch(IOException e){ throw new RuntimeException(e); } finally { closeIO(fis); } }

練習：尋找 Smells

練習：EH Refactoring

Advanced Refactoring

Introduce Checkpoint Class

public void foo () throws FailureException { try { /* code that may change the state of the object */ } catch (AnException e) { throw new FailureException(e); } finally {/* code for cleanup */} } ↓ public void foo () throws FailureException { Checkpoint cp = new Checkpoint (/* parameters */); try { cp. establish (); /* establish a checkpoint */ /* code that may change the state of the object */ } catch (AnException e) { cp.restore (); /* restore the checkpoint */ throw new FailureException(e); } finally { cp.drop(); } } Copyright@2013 Teddysoft

Smell: Spare handler

try { /* primary */ } catch (SomeException e) { try {/* alternative */} catch(AnotherException e) { throw new FailureException(e); } }

Introduce Resourceful Try Clause

try { /* primary */ } catch (SomeException e) { try {/* alternative */} catch(AnotherException e) { throw new FailureException(e); } } ↓ int attempt = 0; int maxAttempt = 2; boolean retry = false; do { try { retry = false; if (attempt == 0) { /* primary */ } else { /* alternative */ } } catch (SomeException e) { attempt++; retry = true; if (attempt > maxAttempt) throw new FailureException (e); } } while (attempt<= maxAttempt && retry)

參考資料

複習

• 例外處理基本觀念

– EHM、fault、error、failure、exception

• 例外處理的4+1觀點

• 建立例外處理中心思想—Staged Robustness Model

• EH Bad Smells and Refactorings

泰迪軟體敏捷開發訓練藍圖

謝謝，再見 XD

201309 130917200320-phpapp01

public void

ioexception

log

exception

recovery actions

checked exception

big outer

amount gt

Technology

201309 pl pl

tods policyimplementation 201309

preparaoparaacrisefinal 120124083836 phpapp01 140827185151...

5perc angol magazin 201309

ugif 09 2013 friug 201309 axional web studio

201309 mercado mayorista de electricidad. som energía

practicadeword 111017205627-phpapp01-111019095249-phpapp01

world hosts report 201309 de

thewith 201309

201309 superlatives - cs2c a.docx

qumicaorgnica...

presentationgeneral 13105775258558 phpapp01 110713122344...

br artes 201309 ger - sf6 chile

presentacindefinitivachileslideshare...

201309 aeres- collège - global

201309 “Наша сім'я” Газета...

dermatitiskontakiritanpadapetugaslaundryrumahsakit...

soalprediksiunipasmptahun2014paket3 140317073721 phpapp01...

fine pattern...

blog...