idealised fault tolerant idealised fault tolerant
play

Idealised Fault Tolerant Idealised Fault Tolerant Architectural - PowerPoint PPT Presentation

Idealised Fault Tolerant Idealised Fault Tolerant Architectural Element Architectural Element Rog rio rio de Lemos de Lemos Rog University of Kent, UK University of Kent, UK Motivation architectural fault tolerance; iFTE


  1. Idealised Fault Tolerant Idealised Fault Tolerant Architectural Element Architectural Element Rogé ério rio de Lemos de Lemos Rog University of Kent, UK University of Kent, UK � Motivation – architectural fault tolerance; � iFTE & propagation of exceptions; � Case study – mining control system; � Conclusions & future work; Rogério de Lemos DSN 2006 WADS – June 2006 – 1

  2. Motivation Motivation Architectures are about structures: � unstructured approaches can reduce system dependability by introducing more faults; � a good architecture should promote error confinement; Architectural fault tolerance: � avoid the failure of systems � error detection and handling; � fault handling; � components need to collaborate for handling certain failure scenarios; Rogério de Lemos DSN 2006 WADS – June 2006 – 2

  3. Idealised Idealised Fault Tolerant Component Fault Tolerant Component An architectural solution based on exception handling: � idealised fault tolerant component idealised fault tolerant component enables fault � tolerance to be built into the system [Anderson & Lee 81]: � separation between normal and abnormal behaviour; � provided and required services; � local, interface and failure exceptions; Rogério de Lemos DSN 2006 WADS – June 2006 – 3

  4. Idealised Idealised Fault Tolerant Component Fault Tolerant Component Exception handlers provides mechanisms for: � handling exceptional conditions so that the exception can be masked; � backward recovery – roll back to a previous state; � forward recovery – perform actions to correct the state by other means; � signalling exceptions; Handlers are provided for anticipated exceptions: � default handlers are provided for unanticipated exceptions; Rogério de Lemos DSN 2006 WADS – June 2006 – 4

  5. Idealised Idealised Fault Tolerant C2 Component (iC2C) Fault Tolerant C2 Component (iC2C) upper_detector iC2C_top detector_top iC2C_top detector_top Error Error NormalActivity Error Error • • • Detector (1) Detector (n) Detector (1) Detector (n) upper_detector upper_detector detector_bottom detector_bottom COTS AbnormalActivity lower_detector abnormal_top lower_detector abnormal_top Error Error iC2C_internal Diagnosis iC2C_internal Diagnosis abnormal_internal abnormal_internal AbormalActivity Error Error Error Error • • • Handler (1) Handler (n) Handler (1) Handler (n) iC2C_bottom iC2C_bottom abnormal_bottom abnormal_bottom Rogério de Lemos DSN 2006 WADS – June 2006 – 5

  6. Idealised Fault Tolerant Idealised Fault Tolerant Architectural Element (iFTE iFTE) ) Architectural Element ( Idealised fault tolerant architectural element (iFTE iFTE) ) ; Idealised fault tolerant architectural element ( � fault fault- -tolerant software component: tolerant software component: � � preventing the propagation of internal errors by constraining its exceptional behaviour; � fault fault- -tolerant software connector: tolerant software connector: � � coordinating exceptional behaviour among components; � resolving potential mismatches; � preventing the propagation of errors by handling them as exceptions; Rogério de Lemos DSN 2006 WADS – June 2006 – 6

  7. Idealised Fault Tolerant Idealised Fault Tolerant Architectural Element (iFTE iFTE) ) Architectural Element ( Architectural solution/pattern: � peer-to-peer style; � request/reply interaction; <<element>> idealised fault-tolerant architectural element IR_iFTE_S <<component>> IP_iFTE_S Normal I_CN_S I_NC_S I_NC_E I_PC_S I_CR_S <<component>> <<connector>> <<component>> Provided Coordinator Required I_CR_E I_PC_E I_AC_S I_AC_E I_CA_E IP_iFTE_E IR_iFTE_E <<component>> Abnormal Rogério de Lemos DSN 2006 WADS – June 2006 – 7

  8. iFTE: Propagation Scenarios : Propagation Scenarios iFTE Normal behaviour: Exceptional behaviour: Normal behaviour: Exceptional behaviour: internal services with no internal services with � � exceptions; exceptions: not masked by internal internal services with � � handlers; exceptions: not masked by external masked by internal handlers; � � handlers; masked by external handlers; � requests external services with � requests external services with � exceptions; no exceptions; not masked by internal � requests external services with handlers; � exceptions; not masked by external � handlers; masked by internal handlers; � masked by external handlers; � Rogério de Lemos DSN 2006 WADS – June 2006 – 8

  9. iFTE: Propagation Scenarios : Propagation Scenarios iFTE � normal behaviour when requesting external services with no exceptions; Rogério de Lemos DSN 2006 WADS – June 2006 – 9

  10. iFTE: Exception Propagation : Exception Propagation iFTE � contexts for handling exceptions: component, roles and connectors; � � exceptions meaningful for components and connectors; translation on the types of exceptions; � Propagation of exceptions: � from components to connectors; � from connectors to components; Rogério de Lemos DSN 2006 WADS – June 2006 – 10

  11. iFTE: Exception Propagation : Exception Propagation iFTE Propagation of exceptions: � from connectors to connectors; Rogério de Lemos DSN 2006 WADS – June 2006 – 11

  12. Embedded System: Embedded System: Mining Control System Mining Control System 3 1 6 1- Control system 2- Pump 3- Exhaustor 4- Water sensor (low level) Mining environment 5- Water sensor (high level) 2 6- Methan sensor 5 Dump 4 Rogério de Lemos DSN 2006 WADS – June 2006 – 12

  13. Embedded System: Embedded System: Mining Control System Mining Control System Rogério de Lemos DSN 2006 WADS – June 2006 – 13

  14. Embedded System: Embedded System: Mining Control System Mining Control System Exception propagation when AirExtractor fails exception is propagated to OperatorInterface : � the whole system shuts down; Rogério de Lemos DSN 2006 WADS – June 2006 – 14

  15. Conclusions Conclusions Fault tolerance at the architectural level: � error detection and handling: � application dependent; � idealised Fault Tolerant Architectural Elements (iFTE); architectural solution/pattern based on exception handling; � � fault handling: � not application dependent; � reconfiguration support by CA action; Rogério de Lemos DSN 2006 WADS – June 2006 – 15

  16. Future Work Future Work � model the iFTE with AADL – Error Model; � iFTE is application dependent and requires additional assurances: � model iFTE with B and CSP for analysing the propagation of exceptions; � identification of iFTE properties that can be applied to architectures; � identification of iFTE test cases; � automatic generation of Provided and Required components; Rogério de Lemos DSN 2006 WADS – June 2006 – 16

Recommend


More recommend