Scope of exception transitions

[treiher]

Context and Problem Statement

Exception transitions are intended for critical (potentially non-recoverable) errors (cf. #544):

• Insufficient memory for setting a field of a message
• Insufficient memory for appending an element to a sequence or extending a sequence by another sequence

(Exception transitions are currently also used for other errors, but this will change in the future (cf. #569).)

The affected actions can be related to session global or state local objects. In a state, multiple actions can lead to critical errors. As exception transitions are defined on a per-state basis, all critical errors must be handled in the same way. I'm wondering if a per-state granularity is the best option to handle such errors.

Considered Options

O1 Per-statement exception transition (most fine-grained)

Each statement that could be affected must be annotated by an exception transition.

+ Enables individual handling + Makes clear which actions could be affected − Probable repetition of same exception transition, as individual handling unnecessary in many cases (even more than in O1)

O2 Per-state exception transitions (current solution)

Each state that contains actions that could be affected must be annotated by an exception transition.

+ Enables individual handling − Probable repetition of same exception transition, as individual handling unnecessary in many cases − Obscures which actions inside a state could be affected

O3 Per-session exception transition (most coarse-grained)

A session must be annotated with an exception transition (if it contains an action that could be affected).

+ Prevents unnecessary repetition of the same exception transition − No individual handling possible − Obscures which actions could be affected

O4 No exception transition (transition to final state)

All critical errors lead to a transition to the final state.

+ Prevents unnecessary repetition of the same exception transition − No error handling possible at all − Obscures which actions could be affected

O5 Optional definition of exception transition

Multiple combinations with O1-O4 conceivable, e.g.:

Critical errors lead to a transition to the final state (O4) by default. The behavior can be overridden by exception transitions (O1-O3). If an exception transition is defined on a per-session basis (O3), exception transitions need not be defined for individual states (O2) or statements (O1), but exception transitions on states and statements could be used to override the per-session exception transition.

+ Very flexible + Prevents unnecessary repetition of the same exception transition − Obscures which actions could be affected, as it is not enforced that individual actions are annotated

Decision Outcome

TBD

[sttaft]

The notion of exception handlers at multiple levels is common in languages that support exception handling, so I don't see a significant source of confusion arising from supporting multiple levels of granularity.