We present an abstraction called guardian for exception handling in distributed systems. The guardian can solve several limitations with existing distributed exception handling techniques. To understand these limitations, this paper analyzes distributed exception handling with respect to sequential exception handling and identifies the significant differences between them. This leads to the fundamental problem with distributed exception handling, which is invoking the semantically correct exception handlers in all the distributed processes that are required to participate in the recovery. The guardian model addresses this problem. It introduces a set of programming primitives and a global exception handler. Finally, using a primary-backup example we illustrate how the guardian model is used for global exception handling in a distributed system.
|Original language||English (US)|
|Number of pages||10|
|Journal||Proceedings of the IEEE Symposium on Reliable Distributed Systems|
|State||Published - Jan 1 2002|