Performance Implications of Using Diverse Redundancy for Database Replication

Using diverse redundancy for database replication is the focus of this thesis. Traditionally, database replication solutions have been built on the fail-stop failure assumption, i.e. that crashes are believed to cause a majority of failures. However, recent findings refuted this common assumption, showing that many of the faults cause systematic non-crash failures. These findings demonstrate that the existing, non-diverse database replication solutions, which use the same database server products, are ineffective fault-tolerant mechanisms. At the same time, the findings motivated the use of diverse redundancy (when different database server products are used) as a promising way of improving dependability. It seems that using a fault-tolerant server, built with diverse database servers, would deliver improvements in availability and failure rates compared with the individual database servers or their replicated, non-diverse configurations. Besides the potential for improving dependability, one would like to evaluate the performance implications of using diverse redundancy in the context of database replication. This is the focal point of the research. The work performed to that end can be summarised as follows: - We conducted a substantial performance evaluation of database replication using diverse redundancy. We compared its performance to the ones of various non-diverse configurations as well as non-replicated databases. The experiments revealed systematic differences in behaviour of diverse servers. They point to the potential for performance improvement when diverse servers are used. Under particular workloads diverse servers performed better than both non-diverse and non-replicated configurations. - We devised a middleware-based database replication protocol, which provides dependability assurance and guarantees database consistency. It uses an eager update everywhere approach for replica control. Although we focus on the use of diverse database servers, the protocol can be used with the database servers from the same vendor too. We provide the correctness criteria of the protocol. Different regimes of operation of the protocol are defined, which would allow it to be dynamically optimised for either dependability or performance improvements. Additionally, it can be used in conjunction with high-performance replication solutions. - We developed an experimental test harness for performance evaluation of different database replication solutions. It enabled us to evaluate the performance of the diverse database replication protocol, e.g. by comparing it against known replication solutions. We show that, as expected, the improved dependability exhibited by our replication protocol carries a performance overhead. Nevertheless, when optimised for performance improvement our protocol shows good performance. - In order to minimise the performance penalty introduced by the replication we propose a scheme whereby the database server processes are prioritised to deliver performance improvements in cases of low to modest resource utilisation by the database servers. - We performed an uncertainty-explicit assessment of database server products. Using an integrated approach, where both performance and reliability are considered, we rank different database server products to aid selection of the components for the fault-tolerant server built out of diverse databases

Software dependability with off-the-shelf components

EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Software dependability with off-the-shelf components

When systems are built out of “off-the-shelf’ (OTS) products, fault tolerance is often the only viable way of obtaining the required system dependability. Due to low acquisition costs, even using multiple versions of software in a parallel architecture, a scheme formerly reserved for few and highly critical applications, may become viable for many other applications. A wide range of solutions for employing fault tolerance are known in the literature, but the difficulty remains in assessing the possible dependability gains that may be achieved. The research detailed in this thesis will aim to provide a new approach to assessing the dependability gains that may be achieved through software fault tolerance via modular redundancy with diversity in complex OTS software. OTS SQL database server products have been used in the studies: they are a very complex, widely-used category of off-the-shelf products meaning the results reported in this thesis may be of immediate interest to practitioners dealing with complex software systems. Bug reports of the servers were used as evidence in the assessment: they were the only direct dependability evidence that was found for these products. A sample of bug reports from four OTS SQL database server products and later releases of two of them have been studied to check whether they would cause coincident failures in more than one of the products. Very few bugs were found to affect more than one product, and none caused failures in more than two. Many of these faults caused systematic, non-crash failures, a category ignored by most studies and standard implementations of fault tolerance for databases. Use of different releases of the same product was also found to tolerate a significant fraction of the faults for one of the products used in the study. Therefore, a fault-tolerant server, built with diverse OTS servers products, seems to have a good chance of delivering improvements in availability and failure rates compared with the individual OTS server products or their replicated, non-diverse configurations. Data diversity in the form of “SQL rephrasing rules” was also found to be a very useful fault tolerance mechanism. Data diversity is possible with these products thanks to the redundancy that exists in the SQL language: a statement can be specified in multiple different but logically equivalent ways. The results of all these studies are reported in this thesis and their implications, the architectural options available for exploiting them, and the difficulties that they may present are discussed. Two reliability models developed previously by colleagues at the Centre for Software Reliability, City University have been extended to enable their use in assessing a fault-tolerant l-out-of-2 diverse server. The bug reports were used as evidence in the assessment with one of these models which enables an assessor to choose the pair of servers, from the possibly many pairs available, which will yield the highest reliability gains. The other model that was extended required additional data that was not available for the database servers. Therefore another approach was studied in which bug reports data alone can be used to derive estimates of possible reliability gains that may be expected from employing a l-out-of-2 diverse server in comparison to a non-diverse one