@techreport{TR-IC-06-10,
  number = {IC-06-10},
  author = {Fernando Castor Filho and Patrick Henrique da S. Brito and
            Cec{\'{\i}}lia Mary F. Rubira},
  title = {Reasoning About Exception Flow at the Architectural Level},
  month = {May},
  year = {2006}, 
  institution = {Institute of Computing, University of Campinas},
  note = {In English, 21 pages.
    \par\selectlanguage{english}\textbf{Abstract}
       An important challenge faced by the developers of
       fault-tolerant systems is to build fault tolerance mechanisms
       that are reliable. To achieve the desired levels of
       reliability, mechanisms for detecting and handling errors
       should be designed since the early phases of software
       development, preferably using a rigorous or formal
       methodology. In recent years, many authors have been advocating
       the idea that exception handling-related issues should be
       addressed at the architectural level, as a complement to
       implementation-level exception handling.  However, few works in
       the literature have addressed the problem of describing how
       exceptions flow amongst architectural elements.  A solution to
       this problem would enable the early detection of mismatches
       between architectural elements due to exceptions. Moreover, it
       would make it possible to validate whether the architecture
       satisfies some properties of interest regarding exception flow
       before the system is actually built.  We believe that a model
       for describing the flow of exceptions between architectural
       elements should be: (i) precise; and (ii) analyzable,
       preferably automatically.  In this paper, we present a rigorous
       model for reasoning about exception flow in software
       architectures that satisfies these requirements.
  }
}