Idealised Fault Tolerant Idealised Fault Tolerant Architectural - - PowerPoint PPT Presentation

idealised fault tolerant idealised fault tolerant
SMART_READER_LITE
LIVE PREVIEW

Idealised Fault Tolerant Idealised Fault Tolerant Architectural - - PowerPoint PPT Presentation

Mar 23, 2024 180 likes •350 views

Idealised Fault Tolerant Idealised Fault Tolerant Architectural Element Architectural Element Rog rio rio de Lemos de Lemos Rog University of Kent, UK University of Kent, UK Motivation architectural fault tolerance; iFTE

slide-1
SLIDE 1

Rogério de Lemos DSN 2006 WADS – June 2006 – 1

Idealised Fault Tolerant Idealised Fault Tolerant Architectural Element Architectural Element

Rog Rogé ério rio de Lemos de Lemos University of Kent, UK University of Kent, UK

Motivation – architectural fault tolerance; iFTE & propagation of exceptions; Case study – mining control system; Conclusions & future work;

slide-2
SLIDE 2

Rogério de Lemos DSN 2006 WADS – June 2006 – 2

Motivation Motivation

Architectures are about structures:

unstructured approaches can reduce system

dependability by introducing more faults;

a good architecture should promote error confinement;

Architectural fault tolerance:

avoid the failure of systems

error detection and handling; fault handling;

components need to collaborate for handling certain

failure scenarios;

slide-3
SLIDE 3

Rogério de Lemos DSN 2006 WADS – June 2006 – 3

Idealised Idealised Fault Tolerant Component Fault Tolerant Component

An architectural solution based on exception handling:

  • idealised fault tolerant component

idealised fault tolerant component enables fault tolerance to be built into the system [Anderson & Lee 81]:

separation between normal and abnormal behaviour; provided and required services; local, interface and failure exceptions;

slide-4
SLIDE 4

Rogério de Lemos DSN 2006 WADS – June 2006 – 4

Idealised Idealised Fault Tolerant Component Fault Tolerant Component

Exception handlers provides mechanisms for:

handling exceptional conditions so that the exception

can be masked;

backward recovery – roll back to a previous state; forward recovery – perform actions to correct the state by

  • ther means;

signalling exceptions;

Handlers are provided for anticipated exceptions:

default handlers are provided for unanticipated

exceptions;

slide-5
SLIDE 5

Rogério de Lemos DSN 2006 WADS – June 2006 – 5

Idealised Idealised Fault Tolerant C2 Component (iC2C) Fault Tolerant C2 Component (iC2C)

iC2C_internal iC2C_internal iC2C_bottom iC2C_bottom

upper_detector upper_detector lower_detector lower_detector

COTS

NormalActivity AbormalActivity

iC2C_top iC2C_top

detector_top detector_top detector_bottom detector_bottom

upper_detector

Error Detector (1) Error Detector (1) Error Detector (n) Error Detector (n)

  • • •

abnormal_internal abnormal_internal abnormal_bottom abnormal_bottom

AbnormalActivity

Error Diagnosis Error Diagnosis Error Handler (n) Error Handler (n) Error Handler (1) Error Handler (1) abnormal_top abnormal_top

  • • •
slide-6
SLIDE 6

Rogério de Lemos DSN 2006 WADS – June 2006 – 6

Idealised Fault Tolerant Idealised Fault Tolerant Architectural Element ( Architectural Element (iFTE iFTE) )

Idealised fault tolerant architectural element ( Idealised fault tolerant architectural element (iFTE iFTE) );

  • fault

fault-

  • tolerant software component:

tolerant software component:

preventing the propagation of internal errors by constraining

its exceptional behaviour;

  • fault

fault-

  • tolerant software connector:

tolerant software connector:

coordinating exceptional behaviour among components; resolving potential mismatches; preventing the propagation of errors by handling them as

exceptions;

slide-7
SLIDE 7

Rogério de Lemos DSN 2006 WADS – June 2006 – 7

Idealised Fault Tolerant Idealised Fault Tolerant Architectural Element ( Architectural Element (iFTE iFTE) )

Architectural solution/pattern:

peer-to-peer style; request/reply interaction;

<<component>> Provided IP_iFTE_S IP_iFTE_E <<component>> Normal <<component>> Abnormal IR_iFTE_S IR_iFTE_E <<component>> Required I_AC_E I_NC_S I_AC_S I_NC_E I_PC_E I_PC_S <<connector>> Coordinator I_CN_S I_CR_S I_CR_E I_CA_E <<element>> idealised fault-tolerant architectural element

slide-8
SLIDE 8

Rogério de Lemos DSN 2006 WADS – June 2006 – 8

iFTE iFTE: Propagation Scenarios : Propagation Scenarios

Normal behaviour: Normal behaviour:

  • internal services with no

exceptions;

  • internal services with

exceptions:

  • masked by internal handlers;
  • masked by external handlers;
  • requests external services with

no exceptions;

  • requests external services with

exceptions;

  • masked by internal handlers;
  • masked by external handlers;

Exceptional behaviour: Exceptional behaviour:

  • internal services with

exceptions:

  • not masked by internal

handlers;

  • not masked by external

handlers;

  • requests external services with

exceptions;

  • not masked by internal

handlers;

  • not masked by external

handlers;

slide-9
SLIDE 9

Rogério de Lemos DSN 2006 WADS – June 2006 – 9

iFTE iFTE: Propagation Scenarios : Propagation Scenarios

normal behaviour when requesting external services with no

exceptions;

slide-10
SLIDE 10

Rogério de Lemos DSN 2006 WADS – June 2006 – 10

iFTE iFTE: Exception Propagation : Exception Propagation

Propagation of exceptions:

from components to

connectors;

from connectors to

components;

contexts for handling exceptions:

  • component, roles and connectors;

exceptions meaningful for components and connectors;

  • translation on the types of exceptions;
slide-11
SLIDE 11

Rogério de Lemos DSN 2006 WADS – June 2006 – 11

iFTE iFTE: Exception Propagation : Exception Propagation

Propagation of exceptions:

from connectors to

connectors;

slide-12
SLIDE 12

Rogério de Lemos DSN 2006 WADS – June 2006 – 12

Embedded System: Embedded System: Mining Control System Mining Control System

1 2 3 4 5 6 Mining environment Dump 1- Control system 2- Pump 3- Exhaustor 4- Water sensor (low level) 5- Water sensor (high level) 6- Methan sensor

slide-13
SLIDE 13

Rogério de Lemos DSN 2006 WADS – June 2006 – 13

Embedded System: Embedded System: Mining Control System Mining Control System

slide-14
SLIDE 14

Rogério de Lemos DSN 2006 WADS – June 2006 – 14

Embedded System: Embedded System: Mining Control System Mining Control System

Exception propagation when AirExtractor fails exception is propagated to OperatorInterface:

the whole system shuts down;

slide-15
SLIDE 15

Rogério de Lemos DSN 2006 WADS – June 2006 – 15

Conclusions Conclusions

Fault tolerance at the architectural level:

error detection and handling:

application dependent; idealised Fault Tolerant Architectural Elements (iFTE);

  • architectural solution/pattern based on exception handling;

fault handling:

not application dependent; reconfiguration support by CA action;

slide-16
SLIDE 16

Rogério de Lemos DSN 2006 WADS – June 2006 – 16

Future Work Future Work

model the iFTE with AADL – Error Model; iFTE is application dependent and requires additional

assurances:

model iFTE with B and CSP for analysing the propagation of

exceptions;

identification of iFTE properties that can be applied to

architectures;

identification of iFTE test cases; automatic generation of Provided and Required components;