An I dealized Fault-Tolerant Architectural Component Paulo Asterio - - PowerPoint PPT Presentation

▶

Dec 17, 2022 37 likes •358 views

Workshop on Architecting Dependable Systems Orlando, FL May, 25th 2002 An I dealized Fault-Tolerant Architectural Component Paulo Asterio de C. Guerra Ceclia Mary F. Rubira Insituto de Computao Universidade Estadual de Campinas,

SLIDE 1

An I dealized Fault-Tolerant Architectural Component

Paulo Asterio de C. Guerra Cecília Mary F. Rubira

Insituto de Computação Universidade Estadual de Campinas, Brazil

Rogério de Lemos

Computing Laboratory University of Kent at Canterbury, UK Workshop on Architecting Dependable Systems Orlando, FL – May, 25th 2002

SLIDE 2

Reliable System

Motivation

Reliable Component-Based Systems

Unreliable Components

Fault Tolerant Architecture

SLIDE 3

Objectives

To apply the concept of “idealized fault

tolerant component” for describing fault-tolerant component-based systems, at the architectural level.

C2 architectural style

Heterogeneous COTS Broadcasting of asynchronous messages

SLIDE 4

iFTC Abnormal Behaviour

The Idealized Fault-Tolerant Component

Normal Behaviour

Normal Response Request Normal Response Request Interface Exception Interface Exception Failure Exception Failure Exception

Internal Exception Return to Normal

SLIDE 5

The C2 Architectural Style

Component Connector Request Notification

SLIDE 6

Proposed Architecture

An idealized C2 component (iC2C)

Structure and behaviour as defined by the

idealized fault-tolerant component (iFTC).

Fully compliant with the C2 style rules.

SLIDE 7

Overall Structure

iC2C_top iC2C_internal iC2C_bottom

NormalActivity AbnormalActivity Normal behaviour & Error detection Normal behaviour & Error detection Error diagnosis & recovery Error diagnosis & recovery

SLIDE 8

Overall Structure

iC2C_top iC2C_internal iC2C_bottom

NormalActivity AbnormalActivity State based message routing State based message routing Serializes requests Serializes requests

SLIDE 9

Normal Message Flow

iC2C_top iC2C_internal iC2C_bottom

NormalActivity AbnormalActivity Service Request

SLIDE 10

Normal Message Flow

iC2C_top iC2C_internal iC2C_bottom

NormalActivity AbnormalActivity Normal Response

SLIDE 11

Normal Message Flow

iC2C_top iC2C_internal iC2C_bottom

NormalActivity AbnormalActivity

SLIDE 12

iC2C_top iC2C_internal iC2C_bottom

NormalActivity AbnormalActivity

Abnormal Message Flow

External Exception Internal Exception

iC2C_internal

SLIDE 13

iC2C_top iC2C_bottom

NormalActivity AbnormalActivity

iC2C_internal iC2C_internal

Abnormal Message Flow

Return to normal Failure Exception Normal Response

SLIDE 14

Collaborating Component

normal_top normal_bottom

The NormalActivity Component

BasicNormal Implements

perations

iC2C_top iC2C_internal iC2C_bottom NormalActivity AbnormalActivity

Coordinates error detection Coordinates error detection

Pre- and post-conditions checking

SLIDE 15

The NormalActivity Component

Collaborating Component

normal_top normal_bottom

BasicNormal Stores request Stores request Evaluates pre- condition Evaluates pre- condition

SLIDE 16

The NormalActivity Component

Collaborating Component

normal_top normal_bottom

BasicNormal Accepts the request Accepts the request Interface Exception Interface Exception (or)

SLIDE 17

C2 Integration

iC2C_top iC2C_internal iC2C_bottom NormalActivity AbnormalActivity

C2 Comp

iC2C_top iC2C_internal iC2C_bottom NormalActivity AbnormalActivity

C2 Comp

SLIDE 18

iC2C_top iC2C_internal iC2C_bottom

AbnormalActivity NormalActivity

C2 Integration

iC2C_top iC2C_internal iC2C_bottom NormalActivity AbnormalActivity

SLIDE 19

Example – Mine Pump Control System

Fault Model

Transient faults affecting pump

Error Detection

Test water flow sensor (reliable)

Error Recovery

Retry operation

SLIDE 20

Subsystem Configuration

conn1 conn2 conn3

PumpControl Station LowWater Sensor Ideal Pump Structured as an iC2C

SLIDE 21

Ideal Pump Structure

iP_top iP_internal iP_bottom

PumpAbnormal

Pump_Normal_top Pump_Normal_bottom

WaterFlow Sensor Pump

PumpNormal

Test Water Flow Sensor after pump

n / off operation.

Recover by retry.

SLIDE 22

Normal pumpOn

iP_top iP_internal iP_bottom

PumpAbnormal

Pump_Normal_top Pump_Normal_bottom

WaterFlow Sensor Pump pumpOn request pumpOn notification

SLIDE 23

Normal pumpOn

iP_top iP_internal iP_bottom

PumpAbnormal

Pump_Normal_top Pump_Normal_bottom

WaterFlow Sensor Pump test sensor status send notification

SLIDE 24

Error Detection

iP_top iP_internal iP_bottom

PumpAbnormal

Pump_Normal_top Pump_Normal_bottom

WaterFlow Sensor Pump test sensor status

iP_internal

raises internal exception

SLIDE 25

iP_internal iP_top iP_bottom

PumpAbnormal

Pump_Normal_top Pump_Normal_bottom

WaterFlow Sensor Pump

Error Recovery

iP_internal

send notification retry pumpOn successfull pumpOn notification return to normal

SLIDE 26

Main Results

Idealized fault-tolerant component

concept applied at the architectural level of C2 style systems

Results may be adapted for other

styles of the “interacting processes style category”

SLIDE 27

Work in Progress

Idealized C2 connector FTC2 java framework

SLIDE 28

Contact Information

Paulo Asterio de Castro Guerra asterio@ic.unicamp.br Cecília Mary F. Rubira cmrubira@ic.unicamp.br Rogério de Lemos r.delemos@ukc.ac.uk

SLIDE 29

Implementation Issues

Asynchronicity Implicit Invocation Multiple notifications

SLIDE 30

Asynchronicity

iC2C_top iC2C_internal iC2C_bottom

NormalActivity AbnormalActivity Service Request Synchronous channels with higher priority Synchronous channels with higher priority

SLIDE 31

Implicit Invocation

iC2C_top iC2C_internal iC2C_bottom

NormalActivity AbnormalActivity Service Request Mutual exclusion protocol Mutual exclusion protocol Notification with i.i.

SLIDE 32

Multiple Notifications

Collaborating Component

normal_top normal_bottom