Subsystems : Provably Safe Exception Handling ( Status Report ) Bart

The primary goal of exception mechanisms is to help ensure that when an operation fails, code that depends on the operation’s successful completion is not executed (a property we call dependency safety). However, current exception mechanisms make it hard to achieve dependency safety, in particular when objects manipulated inside a try block outlive the try block. To remedy this, we propose a language mechanism called subsystems. Programmers may create subsystems dynamically and execute blocks of code in them. Once any such block fails, all subsequent attempts to execute code in the subsystem will fail. To achieve dependency safety, programmers simply need to ensure that if an operation B depends on an operation A, then A and B are executed in the same subsystem. Furthermore, subsystems help fix the unsafe interaction between locks and exceptions and they enable safe cancellation and robust resource cleanup. We have implemented the mechanism as a C# library, and we show that the constructs have low performance overhead.