A Generic Policy-free Framework for Fault-tolerant Systems: - PowerPoint PPT Presentation

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs Delano M. Beder 1 o Ueyama 2 Marcos L. Chaim 2 J´ 1 Federal University of S˜ ao Carlos - Brazil 2 University of S˜ ao Paulo - Brazil delano@dc.ufscar.br, joueyama@icmc.usp.br, chaim@usp.br 2nd IEEE International Conference on Networked Embedded Systems for Enterprise Applications December 08 th , 2011

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs Outline Motivation 1 FlexFT approach 2 Case Study: Design Diversity 3 FlexFT Framework 4 Concluding remarks 5

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs Motivation Motivation Fault-tolerant systems are expected to run in a variety of devices ranging from standard PCs to embedded devices. The emergence of new software technologies has required these applications to meet the needs of heterogeneous software plat- forms. However, the existing approaches to build fault-tolerant sys- tems are often targeted at a particular platform and software technology.

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs Motivation Motivation: Heterogeneity We are concerned with examining two types of heterogeneity: Device heterogeneity. Fault-tolerant systems are often de- ployed on a heterogeneous device which can range from PCs to embedded devices. This heterogeneity is expected to be- come significantly worse with the emergence of new hardware platforms. Software language/middleware heterogeneity. There are now a large number of fault-tolerant policies each of which re- quires a particular procedure and strategy. They are normally based on a heterogeneous programming languages and technol- ogy (e.g. publish-subscribe systems, Web service applications, tuple spaces, message-oriented toolkits).

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs FlexFT approach FlexFT approach A generic tool for constructing reliable systems that can deal with both hardware and software heterogeneity; it consists of a minimal policy-free microkernel where fault tolerance policies are incremented as demanded. The policy is deployed in the form of component plugins, which are destroyed when no longer required.

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs FlexFT approach FlexFT research challenges FlexFT − unique tool for building applications based on a variety of technologies Java component Pub − Subscribe binding applications based on a Multithreaded component variety of technologies ... ... FlexFT ... developer

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs FlexFT approach FlexFT research challenges FlexFT − unique tool for building applications in multiple devices sensors mobile phones heterogeneous PDAs environments FlexFT ... etc. developer ...

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs FlexFT approach FlexFT benefits Flexibility. Fault-tolerant systems can be developed and de- ployed independently of target platforms. The kernel can plugin the targeted platforms implementation of a particular abstrac- tion or behaviour. Reusability/modularity. The developers can reuse existing components and processes employed for particular platforms. Skill transference. The employment of di ff erent technologies to build applications for each target device and applicability does not allow transfer of skills across di ff erent tools. Technology independent. FlexFT allows heterogeneous com- ponents to be reconfigured e.g. both COM and Java compo- nents.

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs FlexFT approach FlexFT Architecture Reliable Component − based System FlexFT Fault − Tolerant CFs Component run − time kernel Deployment enviroment (hardware and/or software)

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs Case Study: Design Diversity Design Diversity The construction of reliable systems is not a simple task; it requires the use of appropriate techniques during the whole software development cycle. In general, these techniques are based on the provision of redundancy (i.e. to make use of design diversity), both for error detection and error recovery. Design diversity means that multiple functionally equivalent software components are independently generated from the same initial specification. Two or more versions of the software com- ponent are independently developed from this specification, each by a group that does not interact with the others and, whenever possible, employs di ff erent algorithms.

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs Case Study: Design Diversity FlexFT Reliable Component

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs Case Study: Design Diversity FlexFT Reliable Component The Variant components consist of variants (multiple func- tionally equivalent software components that are independently generated from the same initial specifications). The component ReliableComponent is a controller that is re- sponsible for coordinating the execution of the variants and invoking the inherent operations (acceptance test, adjudication and so on) of di ff erent design diversity techniques. The Binding mechanism connects both the provided and re- quired interfaces. It is worth pointing out that the granularity of this connection is N provided interfaces (IReliable) to 1 required interface (IVariant).

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs Case Study: Design Diversity N-Version Programming In an N-version software system, each module is formed of up to N di ff erent implementations. Each variant accomplishes the same task, but it is hoped in a di ff erent way. Each version then submits its answer to a voter or decider which determines the correct answer (for example, the majority) and returns this as the result of the N-Version component system.

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs Case Study: Design Diversity N-Version Programming: FlexFT Realization

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs Case Study: Design Diversity Recovery Blocks In a system with Recovery Blocks, the system view is broken down into fault recoverable blocks/modules (i.e. reliable system components). For each critical system component should be independently de- veloped alternative variants (modules of di ff ering design aimed at a common specification) and one adjudicator to check (ac- ceptance test) on the results produced by the variants. On entry to a recovery block, the state of the reliable system component (or of the whole system) must be saved to permit backward error recovery, i.e., establish a checkpoint.

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs Case Study: Design Diversity Recovery Blocks: FlexFT Realization

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs FlexFT Framework FlexFT framework classes FlexFT prototype: it was based on the OpenCOMJ - the Open- COM implementation in Java. OpenCOM is a lightweight, ef- ficient and reflective component model.

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs FlexFT Framework FlexFT framework evaluation The N-Version programming technique (example discussed previously) was implemented (together with other design diversity techniques) and deployed in two di ff erent hardware platforms: Standard PC and Sun SPOT Table 1. Performance and Resource Consumption PC Sun SPOT load/instantiate NVComponent (ms) 6.2 110.1 load/instantiate NVComponent (bytes) 1472 1472 load/instantiate Variants (ms) 7.2 196.6 load/instantiate Variants (bytes) 3004 3004 redundant operation execution (ms) 1.3 10.8 runtime dynamic reconfiguration (ms) 1.2 30.1

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs Concluding remarks Concluding remarks FlexFT: a generic component-based framework for the con- struction of adaptive fault tolerant systems that can integrate and re-use technologies and deploy them across heterogeneous devices. Future work: Incorporate other fault-tolerant techniques into the FlexFT frame- work such as coordinated atomic action, concurrent exception handling, context-based exception handling and so on. Evaluate how the FlexFT framework can fit into the context of critical embedded systems development.

A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs Concluding remarks A Generic Policy-free Framework for Fault-tolerant Systems: Experiments on WSNs Delano M. Beder 1 o Ueyama 2 Marcos L. Chaim 2 J´ 1 Federal University of S˜ ao Carlos - Brazil 2 University of S˜ ao Paulo - Brazil delano@dc.ufscar.br, joueyama@icmc.usp.br, chaim@usp.br 2nd IEEE International Conference on Networked Embedded Systems for Enterprise Applications December 08 th , 2011