Étude de l'invocation entre objets dupliqués dans un système réparti tolérant aux fautes

This dissertation studies the problems to solve in order to use the invocation paradigm to express replicated object communication in fault-tolerant distributed systems. The ultimate goal is to define abstractions which achieve replication encapsulation, ie which give the illusion that replication is an internal property of objects. Thus, object communication could be always expressed using the invocation paradigm, whether objects are replicated or not. Background The invocation paradigm defines a "request-reply" communication model which matches exactly the client-server model. The latter is generally used to express service interactions in distributed systems. For this reason, the object-oriented approach is well suited to the design of distributed system services. A service can be implemented as a set of objects, located on remote computers (or nodes). Service fault-tolerance is achieved by replicating the objects which implement the service. Most of the previous works about replicated objects consider only server object replication. This study is more general: both client and server can be replicated. Furthermore, replication policies of objects can be different. Four replication policies had been studied: active replication, passive replication, semi-active replication, and coordinator-cohort replication. Replication encapsulation Replication encapsulation means both plurality encapsulation and replication policy encapsulation. Plurality encapsulation consists in hiding from other objects, that a replicated object is actually a set of replicas located on several nodes. Replication policy encapsulation consists in hiding from other objects, the communication protocol to use in order to interact with object replicas without breaking their consistency. The symmetric invocation model Most of the related works are based on an asymmetric invocation model. In this model, the invocation reply follows exactly the reverse of the request communication path. The asymmetric invocation model can not be used to achieve replication encapsulation of client objects. This dissertation proposes a symmetric invocation model which solves this problem. The symmetric invocation model considers the request transmission and the reply transmission as two instances of the same problem: the transmission of a message to a replicated object. Both the analysis of the replication encapsulation problem and the symmetric invocation model were used to define a specification of replicated object invocation. This specification is a set of generic formal properties based on parameters which values depend on replication policies. The properties include object failure semantics which is expressed using the group paradigm and the view-synchronous communication paradigm. Every replicated object is built using an object group which membership changes whenever object replicas fail or restart. The N2M invocation service The main result of this study is the design1 of N2M, an invocation service which supports replicated objects. Objects using N2M are called application objects whereas objects implementing N2M are called communication objects. Communication objects take care of every aspect related to application object replication. Thus, replicated application objects communicate using regular invocations, just as if they were not replicated. There are actually two kinds of communication objects: encapsulators and mailers. Each replicated application object is built using an encapsulator group. Each application object replica is associated with a private encapsulator which acts as an invocation filter for this replica. To communicate with a replicated application object O, every object must interact with O's local mailer. On every node, a replicated application object is represented by a mailer which is responsible for transmitting requests and replies to the application object replicas. The originality of this model is its symmetry: there are both mailers of the server on the client nodes, and mailers of the client on the server nodes. This symmetry is directly inherited from the symmetric invocation model. Each replication policy is implemented using an encapsulator class and a mailer class. These classes replicate objects according to a specific replication policy, while respecting the invocation paradigm. In other words, communication object classes achieve replication encapsulation. The GARF-v2 programming environment The N2M service has been implemented in the context of the GARF project2. The GARF project aimed to provide a programming environment which faciltates the design of fault-tolerant distributed applications. The environment prototype was implemented in Smalltalk. It is based on the group communication layer provided by ISIS toolkit. ---------------------------------------   1this logo refers to the n to m expression which usually names the interaction between n client replicas and m server replicas.   2GARF is the french acronym for automatic generation of fault-tolerant applications

Implementing fault tolerant applications using reflective object-oriented programming

Abstract: Shows how reflection and object-oriented programming can be used to ease the implementation of classical fault tolerance mechanisms in distributed applications. When the underlying runtime system does not provide fault tolerance transparently, classical approaches to implementing fault tolerance mechanisms often imply mixing functional programming with non-functional programming (e.g. error processing mechanisms). The use of reflection improves the transparency of fault tolerance mechanisms to the programmer and more generally provides a clearer separation between functional and non-functional programming. The implementations of some classical replication techniques using a reflective approach are presented in detail and illustrated by several examples, which have been prototyped on a network of Unix workstations. Lessons learnt from our experiments are drawn and future work is discussed

A metaobject architecture for fault-tolerant distributed systems : the FRIENDS approach

The FRIENDS system developed at LAAS-CNRS is a metalevel architecture providing libraries of metaobjects for fault tolerance, secure communication, and group-based distributed applications. The use of metaobjects provides a nice separation of concerns between mechanisms and applications. Metaobjects can be used transparently by applications and can be composed according to the needs of a given application, a given architecture, and its underlying properties. In FRIENDS, metaobjects are used recursively to add new properties to applications. They are designed using an object oriented design method and implemented on top of basic system services. This paper describes the FRIENDS software-based architecture, the object-oriented development of metaobjects, the experiments that we have done, and summarizes the advantages and drawbacks of a metaobject approach for building fault-tolerant system

FRIENDS - A flexible architecture for implementing fault tolerant and secure distributed applications

FRIENDS is a software-based architecture for implementing fault-tolerant and, to some extent, secure applications. This architecture is composed of sub-systems and libraries of metaobjects. Transparency and separation of concerns is provided not only to the application programmer but also to the programmers implementing metaobjects for fault tolerance, secure communication and distribution. Common services required for implementing metaobjects are provided by the sub-systems. Metaobjects are implemented using object-oriented techniques and can be reused and customised according to the application needs, the operational environment and its related fault assumptions. Flexibility is increased by a recursive use of metaobjects. Examples and experiments are also described

Simplified Distributed Programming with Micro Objects

Developing large-scale distributed applications can be a daunting task. object-based environments have attempted to alleviate problems by providing distributed objects that look like local objects. We advocate that this approach has actually only made matters worse, as the developer needs to be aware of many intricate internal details in order to adequately handle partial failures. The result is an increase of application complexity. We present an alternative in which distribution transparency is lessened in favor of clearer semantics. In particular, we argue that a developer should always be offered the unambiguous semantics of local objects, and that distribution comes from copying those objects to where they are needed. We claim that it is often sufficient to provide only small, immutable objects, along with facilities to group objects into clusters.Comment: In Proceedings FOCLASA 2010, arXiv:1007.499

Asynchronously Replicated Shared Workspaces for a Multi-Media Annotation Service over Internet

This paper describes a world wide collaboration system through multimedia Post-its (user generated annotations). DIANE is a service to create multimedia annotations to every application output on the computer, as well as to existing multimedia annotations. Users collaborate by registering multimedia documents and user generated annotation in shared workspaces. However, DIANE only allows effective participation in a shared workspace over a high performance network (ATM, fast Ethernet) since it deals with large multimedia object. When only slow or unreliable connections are available between a DIANE terminal and server, useful work becomes impossible. To overcome these restrictions we need to replicate DIANE servers so that users do not suffer degradation in the quality of service. We use the asynchronous replication service ODIN to replicate the shared workspaces to every interested site in a transparent way to users. ODIN provides a cost-effective object replication by building a dynamic virtual network over Internet. The topology of this virtual network optimizes the use of network resources while it satisfies the changing requirements of the users

Programming with process groups: Group and multicast semantics

Process groups are a natural tool for distributed programming and are increasingly important in distributed computing environments. Discussed here is a new architecture that arose from an effort to simplify Isis process group semantics. The findings include a refined notion of how the clients of a group should be treated, what the properties of a multicast primitive should be when systems contain large numbers of overlapping groups, and a new construct called the causality domain. A system based on this architecture is now being implemented in collaboration with the Chorus and Mach projects

Fragmentation of confidential objects for data processing security in distributed systems

This paper discusses how object orientation in application design enables confidentiality aspects to be handled more easily than in conventional approaches. The idea, based on object fragmentation at design time, is to reduce processing in confidential objects; the more non confidential objects can be produced at design-time, the more application objects can be processed on untrusted shared computers. Still confidential objects must be processed on non shared trusted workstations. Rules and limits of object fragmentation are discussed together with some criteria evaluating trade-offs between fragmentation and performance