Fault-Tolerant Software: Basic Concepts and Terminology

Fault-Tolerant Software: Basic Concepts and Terminology

Vincenzo De Florio (PATS Research Group, University of Antwerp and iMinds, Belgium)
Copyright: © 2009 |Pages: 32
DOI: 10.4018/978-1-60566-182-7.ch002
OnDemand PDF Download:
$37.50

Abstract

After having described the main characteristics of dependability and fault-tolerance, it is analyzed here in more detail what it means that a program is fault-tolerant and what are the properties expected from a fault-tolerant program. The main objective of this chapter is introducing two sets of design assumptions that shape the way our fault-tolerant software is structured—the system and the fault models. Often misunderstood or underestimated, those models describe • what is expected from the execution environment in order to let our software system function correctly, and • what are the faults that our system is going to consider. Note that a fault-tolerant program shall (try to) tolerate only those faults stated in the fault model, and will be as defenseless against all other faults as any non fault-tolerant program. Together with the system specification, the fault and system models represent the foundation on top of which our computer services are built. It is not surprising that weak foundations often result in failing constructions. What is really surprising is that in so many cases, little or no attention had been given to those important factors in fault-tolerant software engineering. To give an idea of this, three wellknown accidents are described—the Ariane 5 flight 501, Mariner-1 disasters, and the Therac-25 accidents. In each case it is stressed what went wrong, what were the biggest mistakes, and how a careful understanding of fault models and system models would have helped highlighting the path to avoid catastrophic failures that cost considerable amounts of money and even the lives of innocent people. The other important objective of this chapter is introducing the core subject of this book: Software fault-tolerance situated at the level of the application layer. First of all, it is explained why targeting (also) the application layer is not an open option but a mandatory design choice for effective fault-tolerant software engineering. Secondly, given the peculiarities of the application layer, three properties to measure the quality of the methods to achieve fault-tolerant application software are introduced: 1. Separation of design concerns, that is, how good the method is in keeping the functional aspects and the fault-tolerance aspects separated from each other. 2. Syntactical adequacy, namely how versatile the employed method is in including the wider spectrum of fault-tolerance strategies. 3. Adaptability: How good the employed fault-tolerance method is in dealing with the inevitable changes characterizing the system and its run-time environment, including the dynamics of faults that manifest themselves at service time. Finally, this chapter also defines a few fundamental fault-tolerance services, namely watchdog timers, exception handling, transactions, and checkpointingand- rollback.
Chapter Preview
Top

Introduction And Objectives

After having described the main characteristics of dependability and fault-tolerance, it is analyzed here in more detail what it means that a program is fault-tolerant and what are the properties expected from a fault-tolerant program. The main objective of this chapter is introducing two sets of design assumptions that shape the way our fault-tolerant software is structured—the system and the fault models. Often misunderstood or underestimated, those models describe

  • what is expected from the execution environment in order to let our software system function correctly, and

  • what are the faults that our system is going to consider. Note that a fault-tolerant program shall (try to) tolerate only those faults stated in the fault model, and will be as defenseless against all other faults as any non fault-tolerant program.

Together with the system specification, the fault and system models represent the foundation on top of which our computer services are built. It is not surprising that weak foundations often result in failing constructions. What is really surprising is that in so many cases, little or no attention had been given to those important factors in fault-tolerant software engineering. To give an idea of this, three well-known accidents are described—the Ariane 5 flight 501, Mariner-1 disasters, and the Therac-25 accidents. In each case it is stressed what went wrong, what were the biggest mistakes, and how a careful understanding of fault models and system models would have helped highlighting the path to avoid catastrophic failures that cost considerable amounts of money and even the lives of innocent people.

The other important objective of this chapter is introducing the core subject of this book: Software fault-tolerance situated at the level of the application layer. First of all, it is explained why targeting (also) the application layer is not an open option but a mandatory design choice for effective fault-tolerant software engineering. Secondly, given the peculiarities of the application layer, three properties to measure the quality of the methods to achieve fault-tolerant application software are introduced:

  • 1.

    Separation of design concerns, that is, how good the method is in keeping the functional aspects and the fault-tolerance aspects separated from each other.

  • 2.

    Syntactical adequacy, namely how versatile the employed method is in including the wider spectrum of fault-tolerance strategies.

  • 3.

    Adaptability: How good the employed fault-tolerance method is in dealing with the inevitable changes characterizing the system and its run-time environment, including the dynamics of faults that manifest themselves at service time.

Finally, this chapter also defines a few fundamental fault-tolerance services, namely watchdog timers, exception handling, transactions, and checkpointing-and-rollback.

Top

What Is A Fault-Tolerant Program?

So what makes a program fault-tolerant? In order to answer this key question, let us further detail what a service is: In the following a service is considered as a set of manifestations of external events that, if compliant to what agreed upon in a formal specification, can be considered by a watcher as being “correct”. This said, a program can be defined as a physical entity, stored for instance as voltage values in a set of memory cells, which is supposed to drive the production of a service. One of the main goals of software engineering is being able to set up of a robust link (in mathematical terms, a homomorphism) between a service’s high-level specification and a low-level computer design (the program).

More formally, for some functions f and g it is true that

Service = f (program), program = g(specification).

A first (obvious) conclusion is the hard link between the service and its specification:

Service = g • f (specification).

Building robust versions of f and g is well known as being a difficult, non trivial job.

Now let us concentrate on the range of g (the software set). For any two systems a and b, if a relies on b to provide its service, then the expression “a depends on b” will be used. We shall represent this through the following notation:

a→b

Complete Chapter List

Search this Book:
Reset
Table of Contents
Acknowledgment
Chapter 1
Vincenzo De Florio
The general objective of this chapter is to introduce the basic concepts and terminology of the domain of dependability. Concepts such as... Sample PDF
Dependability and Fault-Tolerance: Basic Concepts and Terminology
$37.50
Chapter 2
Vincenzo De Florio
After having described the main characteristics of dependability and fault-tolerance, it is analyzed here in more detail what it means that a... Sample PDF
Fault-Tolerant Software: Basic Concepts and Terminology
$37.50
Chapter 3
Vincenzo De Florio
This chapter discusses two large classes of fault-tolerance protocols: • Single-version protocols, that is, methods that use a non-distributed... Sample PDF
Fault-Tolerant Protocols Using Single- and Multiple-Version Software Fault-Tolerance
$37.50
Chapter 4
Vincenzo De Florio
In this chapter our survey of methods and structures for application-level fault-tolerance continues, getting closer to the programming language... Sample PDF
Fault-Tolerant Protocols Using Compilers and Translators
$37.50
Chapter 5
Vincenzo De Florio
The programming language itself is the focus of this chapter: Fault-tolerance is not embedded in the program (as it is the case e.g. for... Sample PDF
Fault-Tolerant Protocols Using Fault-Tolerance Programming Languages
$37.50
Chapter 6
Vincenzo De Florio
After having discussed the general approach of fault-tolerance languages and their main features, the focus is now set on one particular case: The... Sample PDF
The Recovery Language Approach
$37.50
Chapter 7
Vincenzo De Florio
This chapter resumes our survey of application-level fault-tolerance protocols considering approaches based on aspect-oriented programming.... Sample PDF
Fault-Tolerant Protocols Using Aspect Orientation
$37.50
Chapter 8
Vincenzo De Florio
Failure detection is a fundamental building block to develop fault-tolerant distributed systems. Accurate failure detection in asynchronous systems... Sample PDF
Failure Detection Protocols in the Application Layer
$37.50
Chapter 9
Hybrid Approaches  (pages 275-300)
Vincenzo De Florio
This chapter describes some hybrid approaches for application-level software fault-tolerance. All the approaches reported in the rest of this... Sample PDF
Hybrid Approaches
$37.50
Chapter 10
Vincenzo De Florio
As mentioned in Chapter I, a service’s dependability must be justified in a quantitative way and proved through extensive on-field testing and fault... Sample PDF
Measuring and Assessing Tools
$37.50
Chapter 11
Conclusion  (pages 326-349)
Vincenzo De Florio
We have reached the end of our discussion about application-level fault-tolerance protocols, which were defined as the methods, architectures, and... Sample PDF
Conclusion
$37.50
About the Author