Multiparty interactions in dependable distributed systems

PhD ThesisWith the expansion of computer networks, activities involving computer communication are becoming more and more distributed. Such distribution can include processing, control, data, network management, and security. Although distribution can improve the reliability of a system by replicating components, sometimes an increase in distribution can introduce some undesirable faults. To reduce the risks of introducing, and to improve the chances of removing and tolerating faults when distributing applications, it is important that distributed systems are implemented in an organized way. As in sequential programming, complexity in distributed, in particular parallel, program development can be managed by providing appropriate programming language constructs. Language constructs can help both by supporting encapsulation so as to prevent unwanted interactions between program components and by providing higher-level abstractions that reduce programmer effort by allowing compilers to handle mundane, error-prone aspects of parallel program implementation. A language construct that supports encapsulation of interactions between multiple parties (objects or processes) is referred in the literature as multiparty interaction. In a multiparty interaction, several parties somehow "come together" to produce an intermediate and temporary combined state, use this state to execute some activity, and then leave the interaction and continue their normal execution. There has been a lot of work in the past years on multiparty interaction, but most of it has been concerned with synchronisation, or handshaking, between parties rather than the encapsulation of several activities executed in parallel by the interaction participants. The programmer is therefore left responsible for ensuring that the processes involved in a cooperative activity do not interfere with, or suffer interference from, other processes not involved in the activity. Furthermore, none of this work has discussed the provision of features that would facilitate the design of multiparty interactions that are expected to cope with faults - whether in the environment that the computer system has to deal with, in the operation of the underlying computer hardware or software, or in the design of the processes that are involved in the interaction. In this thesis the concept of multiparty interaction is integrated with the concept of exception handling in concurrent activities. The final result is a language in which the concept of multiparty interaction is extended by providing it with a mechanism to handle concurrent exceptions. This extended concept is called dependable multiparty interaction. The features and requirements for multiparty interaction and exception handling provided in a set of languages surveyed in this thesis, are integrated to describe the new dependable multiparty interaction construct. Additionally, object-oriented architectures for dependable multiparty interactions are described, and a full implementation of one of the architectures is provided. This implementation is then applied to a set of case studies. The case studies show how dependable multiparty interactions can be used to design and implement a safety-critical system, a multiparty programming abstraction, and a parallel computation model.Brazilian Research Agency CNPq

Benchmarking tests on recovery oriented computing

textBenchmarks have played a very important role in guiding the progress of computer science systems in various ways. Specifically, in Autonomous environments it has a major role to play. System crashes and software failures are a basic part of a software system’s life-cycle and to overcome or rather make it as less vulnerable as possible is the main purpose of recovery oriented computing. This is usually done by trying to reduce the downtime by automatically and efficiently recovering from a broad class of transient software failures without having to modify applications. There have been various types of benchmarks for recovering from a failure, but in this paper we intend to create a benchmark framework called the warning benchmarks to measure and evaluate the recovery oriented systems. It consists of the known and the unknown failures and few benchmark techniques which the warning benchmarks handle with the help of various other techniques in software fault analysis.Electrical and Computer Engineerin

Constraint integration and violation handling for BPEL processes

Autonomic, i.e. dynamic and fault-tolerant Web service composition is a requirement resulting from recent developments such as on-demand services. In the context of planning-based service composition, multi-agent planning and dynamic error handling are still unresolved problems. Recently, business rule and constraint management has been looked at for enterprise SOA to add business flexibility. This paper proposes a constraint integration and violation handling technique for dynamic service composition. Higher degrees of reliability and fault-tolerance, but also performance for autonomously composed WS-BPEL processes are the objectives

Exception handling in the development of fault-tolerant component-based systems

Orientador: Cecilia Mary Fischer RubiraTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Mecanismos de tratamento de exceções foram concebidos com o intuito de facilitar o gerenciamento da complexidade de sistemas de software tolerantes a falhas. Eles promovem uma separação textual explícita entre o código normal e o código que lida com situações anormais, afim de dar suporte a construção de programas que são mais concisos fáceis de evoluir e confáveis. Diversas linguagens de programação modernas e a maioria dos modelos de componentes implementam mecanismos de tratamento de exceções. Apesar de seus muitos benefícios, tratamento de exceções pode ser a fonte de diversas falhas de projeto se usado de maneira indisciplinada. Estudos recentes mostram que desenvolvedores de sistemas de grande escala baseados em infra-estruturas de componentes têm hábitos, no tocante ao uso de tratamento de exceções, que tornam suas aplicações vulneráveis a falhas e difíceis de se manter. Componentes de software criam novos desafios com os quais mecanismos de tratamento de exceções tradicionais não lidam, o que aumenta a probabilidade de que problemas ocorram. Alguns exemplos são indisponibilidade de código fonte e incompatibilidades arquiteturais. Neste trabalho propomos duas técnicas complementares centradas em tratamento de exceções para a construção de sistemas tolerantes a falhas baseados em componentes. Ambas têm ênfase na estrutura do sistema como um meio para se reduzir o impacto de mecanismos de tolerância a falhas em sua complexidade total e o número de falhas de projeto decorrentes dessa complexidade. A primeira é uma abordagem para o projeto arquitetural dos mecanismos de recuperação de erros de um sistema. Ela trata do problema de verificar se uma arquitetura de software satisfaz certas propriedades relativas ao fluxo de exceções entre componentes arquiteturais, por exemplo, se todas as exceções lançadas no nível arquitetural são tratadas. A abordagem proposta lança de diversas ferramentas existentes para automatizar ao máximo esse processo. A segunda consiste em aplicar programação orientada a aspectos (AOP) afim de melhorar a modularização de código de tratamento de exceções. Conduzimos um estudo aprofundado com o objetivo de melhorar o entendimento geral sobre o efeitos de AOP no código de tratamento de exceções e identificar as situações onde seu uso é vantajoso e onde não éAbstract: Exception handling mechanisms were conceived as a means to help managing the complexity of fault-tolerant software. They promote an explicit textual separation between normal code and the code that deals with abnormal situations, in order to support the construction of programs that are more concise, evolvable, and reliable. Several mainstream programming languages and most of the existing component models implement exception handling mechanisms. In spite of its many bene?ts, exception handling can be a source of many design faults if used in an ad hoc fashion. Recent studies show that developers of large-scale software systems based on component infrastructures have habits concerning the use of exception handling that make applications vulnerable to faults and hard to maintain. Software components introduce new challenges which are not addressed by traditional exception handling mechanisms and increase the chances of problems occurring. Examples include unavailability of source code and architectural mismatches. In this work, we propose two complementary techniques centered on exception handling for the construction of fault-tolerant component-based systems. Both of them emphasize system structure as a means to reduce the impactof fault tolerance mechanisms on the overall complexity of a software system and the number of design faults that stem from complexity. The ?rst one is an approach for the architectural design of a system?s error handling capabilities. It addresses the problem of verifying whether a software architecture satis?es certain properties of interest pertaining the ?ow of exceptions between architectural components, e.g., if all the exceptions signaled at the architectural level are eventually handled. The proposed approach is based on a set of existing tools that automate this process as much as possible. The second one consists in applying aspect-oriented programming (AOP) to better modularize exception handling code. We have conducted a through study aimed at improving our understanding of the efects of AOP on exception handling code and identifying the situations where its use is advantageous and the ones where it is notDoutoradoDoutor em Ciência da Computaçã

Structuring fault-tolerant object-oriented systems using inheritance and delegation

PhD ThesisMany entities in the real world that a software system has to interact with, e.g., for controlling or monitoring purposes, exhibit different behaviour phases in their lifetime, in particular depending on whether or not they are functioning correctly. That is, these entities exhibit not only a normal behaviour phase but also one or more abnormal behaviour phases associated with the various faults which occur in the environment. These faults are referred to as environmental faults. In the object-oriented software, real-world entities are modeled as objects. In a classbased object-oriented language, such as C++, all objects of a given class must follow the same external behaviour, i.e., they have the same interface and associated implementation. However this requires that each object permanently belong to a particular class, imposing constraints on the mutability of the behaviour for an individual object. This thesis proposes solutions to the problem of finding means whereby objects representing real-world entities which exhibit various behaviour phases can make corresponding changes in their own behaviour in a clear and explicit way, rather than through status-checking code which is normally embedded in the implementation of various methods. Our proposed solution is (i) to define a hierarchy of different subclasses related to an object which corresponds to an external entity, each subclass implementing a different behaviour phase that the external entity can exhibit, and (ii) to arrange that each object forward the execution of its operations to the currently appropriate instance of this hierarchy of subclasses. We thus propose an object-oriented approach for the provision of environmental fault tolerance, which encapsulates the abnormal behaviour of "faulty" entities as objects (instances of the above mentioned subclasses). These abnormal behaviour variants are defined statically, and runtime access to them is implemented through a delegation mechanism which depends on the current phase of behaviour. Thus specific reconfiguration changes at the level of objects can be easily incorporated to a software system for tolerating environmental faults

Implementación de estrategia para manejo de excepciones basada en componentes: las fachadas de seguridad

Los mecanismos de manejo de excepciones fueron concebidos como un marco de trabajo para implementar tolerancia a fallos en sistemas de software. Más de dos tercios del código de una aplicación, está dedicado a la detección y manejo de errores y excepciones. A menudo, los mecanismos de manejo de excepciones, son mal empleados o se abusa de ellos; el diseño de una estrategia efectiva se considera una tarea difícil puesto que: aumenta considerablemente la complejidad de los sistemas, plantea conflictos con algunos de los principios del diseño orientado a objetos, no existen pautas eficientes, entre otras causas. Por tanto, el manejo de errores y excepciones, es uno de los temas más importantes de la arquitectura del software y, uno de los aspectos más cruciales pero menos tenido en cuenta, en el análisis y diseño de sistemas críticos. Aplicando el concepto de proxies dinámicos, se investigan los detalles de implementación de una simple aunque interesante, estrategia basada en componentes para el manejo de excepciones, disponible en la literatura: las fachadas de seguridad; cuya descripción original carece de información pormenorizada. Las fachadas de seguridad constituyen un nuevo enfoque, que introduce una arquitectura y directrices, estableciendo un framework para el manejo de excepcionesException handling mechanisms were conceived as a means for incorporating fault tolerance into software systems. More than two thirds of the application’s code is dedicated to detecting and handling errors and exceptions. These exception handling systems are often misuse and (or) abused. The design of exception handling in an application is seen as a difficult task because: introduce significant complexity, may conflict with many of the goals of object oriented design, suffers from lack of guidelines, among other things. For these reasons the handling of exceptions and errors is one of the major subject of the software architecture and one of the most critical, but overlooked aspect of critical system design and analysis. I will apply the concept of dynamic proxy to implement a simple but interesting exception handling design approach called safety facades, available in the software architecture literature. The article describing security façades is light on details. The security façade form a new approach that introduce and architecture and best practices to build a viable framework for systems with exception handling.Workshop de Ingeniería de Software y Bases de Datos (WISBD)Red de Universidades con Carreras en Informática (RedUNCI