CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact
← Back to glossary

Error Recovery Patterns

General Intermediate
debt(d9/e7/b7/t7)
d9 Detectability Operational debt — how invisible misuse is to your safety net

Closest to 'silent in production until users hit it' (d9). The detection_hints explicitly state 'automated: no', and the code_pattern regex only catches the absence of finally blocks in catch clauses — it cannot detect missing compensation logic, non-idempotent retries, or absent circuit breakers. Missing recovery patterns produce no compiler or linter warnings; they surface only when transient failures cascade into corrupted state or outages that real users encounter.

e7 Effort Remediation debt — work required to fix once spotted

Closest to 'cross-cutting refactor across the codebase' (e7). The quick_fix requires identifying compensating actions for every step of every multi-step operation before going to production. The common_mistakes list spans idempotency design, exponential backoff, circuit breakers, and saga/compensation logic — each touching multiple layers (persistence, messaging, external calls). Retrofitting true recovery patterns into an existing system is not a single-file change; it requires redesigning operation boundaries and state management across services.

b7 Burden Structural debt — long-term weight of choosing wrong

Closest to 'strong gravitational pull' (e7, scored b7). The term applies_to web, cli, and queue-worker — all three major contexts. Tags include distributed-systems and fault-tolerance, indicating architectural reach. Once a recovery strategy (or lack thereof) is baked in, every new multi-step operation, every new external dependency, and every retry policy must conform to or work around the existing approach. The choice shapes how new features are built and how incidents are handled.

t7 Trap Cognitive debt — how counter-intuitive correct behaviour is

Closest to 'serious trap' (t7). The misconception field states explicitly that developers conflate 'catching exceptions and logging them' with true recovery. This is a well-documented but widely held wrong belief — the 'obvious' defensive coding (try/catch/log) feels like recovery but leaves the system in inconsistent state. This contradicts the intuition developers build from simpler error-handling patterns (e.g., returning error codes), making it a serious cognitive trap that contradicts expectations from adjacent concepts.

About DEBT scoring → scored by claude-sonnet-4-6 · 2026-05-07 · reviewed by human

Also Known As

fault recovery failure recovery strategies resilience patterns graceful degradation

TL;DR

Design strategies for gracefully handling failures and restoring system functionality without data loss or user disruption.

Explanation

Error recovery patterns are architectural and code-level strategies that allow systems to detect, handle, and recover from failures while preserving data integrity and user experience. Key patterns include retry with exponential backoff (retry transient failures with increasing delays), circuit breaker (stop calling failing services to prevent cascade), fallback (provide degraded functionality when primary fails), compensation (undo partial operations on failure), and checkpoint/restart (save progress to resume after crash). Recovery differs from error handling: handling catches the exception, recovery restores the system to a consistent state. Design for recovery from the start - retrofitting is expensive. Consider idempotency (safe to retry), observability (know when recovery happened), and graceful degradation (partial functionality beats total outage). Recovery patterns are especially critical in distributed systems where network partitions, service unavailability, and partial failures are routine rather than exceptional.

Common Misconception

Error recovery means catching all exceptions and logging them - true recovery restores the system to a consistent state where operations can continue, not just acknowledging that something went wrong.

Why It Matters

Systems without recovery patterns turn transient failures into permanent outages - a brief network hiccup becomes a corrupted database state or lost customer order that requires manual intervention to fix.

Common Mistakes

  • Retrying without exponential backoff - hammering a struggling service makes recovery harder for everyone.
  • No idempotency in retry logic - retrying a non-idempotent operation can duplicate side effects like payments or emails.
  • Swallowing exceptions without restoring state - the error is hidden but the system remains in an inconsistent state.
  • Missing compensation logic for multi-step operations - partial failure leaves data spread across services in conflicting states.
  • Infinite retry loops without circuit breakers - a permanently failed dependency exhausts resources retrying forever.

Avoid When

  • Simple CRUD operations where database transactions provide atomicity.
  • Fast-fail scenarios where immediate error feedback is more valuable than retry.
  • Operations where the cost of retry exceeds the cost of failure.

When To Use

  • Multi-step operations where partial failure leaves inconsistent state.
  • External service calls that may fail transiently due to network or load.
  • Long-running processes that should survive restarts.
  • Financial or order processing where correctness is more important than availability.

Code Examples

✗ Vulnerable 
// No recovery - partial failure leaves inconsistent state
function processOrder($order) {
    $this->inventory->reserve($order->items);  // Step 1: succeeds
    $this->payment->charge($order->total);      // Step 2: fails!
    // Inventory is reserved but payment failed
    // No cleanup, no retry, customer stuck, stock locked
    $this->shipping->schedule($order);          // Never reached
}

// Retry without backoff - makes outage worse
function callExternalApi($data) {
    while (true) {
        try {
            return $this->api->send($data);
        } catch (Exception $e) {
            // Immediate retry - floods struggling service
            continue;
        }
    }
}
✓ Fixed 
// Recovery pattern: compensation on failure
function processOrder($order): OrderResult {
    $reservationId = null;
    $paymentId = null;
    
    try {
        $reservationId = $this->inventory->reserve($order->items);
        $paymentId = $this->payment->charge($order->total);
        $this->shipping->schedule($order);
        return OrderResult::success($order->id);
    } catch (PaymentException $e) {
        // Compensate: release inventory reservation
        if ($reservationId) {
            $this->inventory->release($reservationId);
        }
        return OrderResult::failed('Payment declined');
    } catch (ShippingException $e) {
        // Compensate: refund payment and release inventory
        if ($paymentId) {
            $this->payment->refund($paymentId);
        }
        if ($reservationId) {
            $this->inventory->release($reservationId);
        }
        return OrderResult::failed('Shipping unavailable');
    }
}

// Retry with exponential backoff and circuit breaker
function callWithRecovery($operation, $maxRetries = 3): mixed {
    if ($this->circuitBreaker->isOpen()) {
        return $this->fallback->execute();
    }
    
    $attempt = 0;
    while ($attempt < $maxRetries) {
        try {
            $result = $operation();
            $this->circuitBreaker->recordSuccess();
            return $result;
        } catch (TransientException $e) {
            $attempt++;
            $delay = min(100 * pow(2, $attempt), 10000); // 200ms, 400ms, 800ms... max 10s
            usleep($delay * 1000);
        }
    }
    
    $this->circuitBreaker->recordFailure();
    return $this->fallback->execute();
}
Added 2 May 2026
Views 51

Curated in Warsaw under one editorial standard. 1,506 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
1 ping T 0 pings W 0 pings T 1 ping F 0 pings S 0 pings S 1 ping M 0 pings T 0 pings W 0 pings T 1 ping F 0 pings S 2 pings S 1 ping M 0 pings T 0 pings W 0 pings T 0 pings F 1 ping S 0 pings S 0 pings M 1 ping T 0 pings W 0 pings T 1 ping F 0 pings S 0 pings S 0 pings M 0 pings T 0 pings W
Agents 0
No pings yet today
No pings yesterday
Perplexity 6 SEMrush 4 Ahrefs 3 ChatGPT 2 Claude 2 Bing 2 Scrapy 2 Google 1 Meta AI 1 Majestic 1 Sogou 1
Also referenced
Defence in Depth 63 Three Pillars of Observability 54 Idempotency 48
How they use it
crawler 23 crawler_json 2
Related categories
general 3k devops 2.2k
DEV INTEL Tools & Severity
🟠 High ⚙ Fix effort: Medium
⚡ Quick Fix
For any multi-step operation, identify what compensating actions are needed if each step fails and implement them before the operation goes to production
📦 Applies To
any web cli queue-worker
🔗 Prerequisites
🔍 Detection Hints
catch.*Exception.*\{\s*(log|return|throw)\s*[^}]*\}(?!.*finally)
Auto-detectable: ✗ No
⚠ Related Problems
🤖 AI Agent
Confidence: Medium False Positives: Medium ✗ Manual fix Fix: High Context: Function Tests: Regenerate
✓ schema.org compliant