Structuring fault-tolerant object-oriented systems using inheritance and delegation

PhD ThesisMany entities in the real world that a software system has to interact with, e.g., for controlling or monitoring purposes, exhibit different behaviour phases in their lifetime, in particular depending on whether or not they are functioning correctly. That is, these entities exhibit not only a normal behaviour phase but also one or more abnormal behaviour phases associated with the various faults which occur in the environment. These faults are referred to as environmental faults. In the object-oriented software, real-world entities are modeled as objects. In a classbased object-oriented language, such as C++, all objects of a given class must follow the same external behaviour, i.e., they have the same interface and associated implementation. However this requires that each object permanently belong to a particular class, imposing constraints on the mutability of the behaviour for an individual object. This thesis proposes solutions to the problem of finding means whereby objects representing real-world entities which exhibit various behaviour phases can make corresponding changes in their own behaviour in a clear and explicit way, rather than through status-checking code which is normally embedded in the implementation of various methods. Our proposed solution is (i) to define a hierarchy of different subclasses related to an object which corresponds to an external entity, each subclass implementing a different behaviour phase that the external entity can exhibit, and (ii) to arrange that each object forward the execution of its operations to the currently appropriate instance of this hierarchy of subclasses. We thus propose an object-oriented approach for the provision of environmental fault tolerance, which encapsulates the abnormal behaviour of "faulty" entities as objects (instances of the above mentioned subclasses). These abnormal behaviour variants are defined statically, and runtime access to them is implemented through a delegation mechanism which depends on the current phase of behaviour. Thus specific reconfiguration changes at the level of objects can be easily incorporated to a software system for tolerating environmental faults

A metaobject architecture for fault-tolerant distributed systems : the FRIENDS approach

The FRIENDS system developed at LAAS-CNRS is a metalevel architecture providing libraries of metaobjects for fault tolerance, secure communication, and group-based distributed applications. The use of metaobjects provides a nice separation of concerns between mechanisms and applications. Metaobjects can be used transparently by applications and can be composed according to the needs of a given application, a given architecture, and its underlying properties. In FRIENDS, metaobjects are used recursively to add new properties to applications. They are designed using an object oriented design method and implemented on top of basic system services. This paper describes the FRIENDS software-based architecture, the object-oriented development of metaobjects, the experiments that we have done, and summarizes the advantages and drawbacks of a metaobject approach for building fault-tolerant system

On stacks and russian dolls: mobile objects in configurable communication protocols

This paper introduces Groupz, a novel development framework for group communication protocol. Groupz merges advantages of traditional communication protocol support environments with object mobility, proposing multiple nested mobile objects as the natural evolution of layered protocols. By shifting the focus of protocol development from data messages to mobile objects, it makes possible to build configurable and adaptable system software, suited for problematic environments such as world-wide networks and mobile computers, without overlooking efficiency

An Object-Oriented Model for Extensible Concurrent Systems: the Composition-Filters Approach

Applying the object-oriented paradigm for the development of large and complex software systems offers several advantages, of which increased extensibility and reusability are the most prominent ones. The object-oriented model is also quite suitable for modeling concurrent systems. However, it appears that extensibility and reusability of concurrent applications is far from trivial. The problems that arise, the so-called inheritance anomalies are analyzed and presented in this paper. A set of requirements for extensible concurrent languages is formulated. As a solution to the identified problems, an extension to the object-oriented model is presented; composition filters. Composition filters capture messages and can express certain constraints and operations on these messages, for example buffering. In this paper we explain the composition filters approach, demonstrate its expressive power through a number of examples and show that composition filters do not suffer from the inheritance anomalies and fulfill the requirements that were established

Um framework orientado a objetos para controladores de trens tolerantes a falhas

Orientador: Cecilia Mary Fischer RubiraDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Este trabalho baseia-se nos conceitos de orientação a objetos, frameworks, estilos de arquitetura, padrões de projeto e metapadrões, para o projeto e implementação de um framework orientado a objetos para controladores de trens tolerantes a falhas e distribuídos. O principal objetivo é a obtenção de reutilização de software em larga escala, com reutilização tanto de código quanto de todo o projeto de software. No desenvolvimento do framework, nós utilizamos estilos de arquitetura para o projeto da sua parte fixa, e padrões de projeto e metapadrões para a documentação da sua parte adaptável. Nosso objetivo é avaliar as vantagens e desvantagens obtidas na aplicação destas técnicas na construção de frameworks. Este trabalho apresenta também propostas de novos padrões de projeto e estilos de arquitetura, que foram utilizados para resolver problemas do domínio do framework. A principal contribuição dos padrões e estilos é a utilização de reflexão computacional na implementação de tolerância a falhas, com o objetivo de obter estruturas de projeto mais flexíveis, o que é uma característica essencial para obtenção de frameworks realmente reutilizáveis.Abstract: This work is based on the concepts of object-orientation, frameworks, architectural styles, design pattems and metapattems to the design and implementation of an object-oriented framework for fault-tolerant train controlers. The main goal is to obtain large-scale reuse, reusing not only the code but also the whole software design. In the framework development, we have applied architectural styles in the design of its fixed parts, and design pattems and metapattems in the design of its adaptable parts. Our goal is to evaluate the advantages and disadvantages of applying these tecniques in the framework construction. This work also presents new design pattems and architectural styles that have been used to solve problems in the framework domain. The main contribution of the pattems and styles is the use of computational reflection in the fault tolerance implementation in order to achieve more adaptable design structure, which is an essential feature of frameworks.MestradoMestre em Ciência da Computaçã

Fault-tolerant software: dependability/performance trade-offs, concurrency and system support

PhD ThesisAs the use of computer systems becomes more and more widespread in applications that demand high levels of dependability, these applications themselves are growing in complexity in a rapid rate, especially in the areas that require concurrent and distributed computing. Such complex systems are very prone to faults and errors. No matter how rigorously fault avoidance and fault removal techniques are applied, software design faults often remain in systems when they are delivered to the customers. In fact, residual software faults are becoming the significant underlying cause of system failures and the lack of dependability. There is tremendous need for systematic techniques for building dependable software, including the fault tolerance techniques that ensure software-based systems to operate dependably even when potential faults are present. However, although there has been a large amount of research in the area of fault-tolerant software, existing techniques are not yet sufficiently mature as a practical engineering discipline for realistic applications. In particular, they are often inadequate when applied to highly concurrent and distributed software. This thesis develops new techniques for building fault-tolerant software, addresses the problem of achieving high levels of dependability in concurrent and distributed object systems, and studies system-level support for implementing dependable software. Two schemes are developed - the t/(n-l)-VP approach is aimed at increasing software reliability and controlling additional complexity, while the SCOP approach presents an adaptive way of dynamically adjusting software reliability and efficiency aspects. As a more general framework for constructing dependable concurrent and distributed software, the Coordinated Atomic (CA) Action scheme is examined thoroughly. Key properties of CA actions are formalized, conceptual model and mechanisms for handling application level exceptions are devised, and object-based diversity techniques are introduced to cope with potential software faults. These three schemes are evaluated analytically and validated by controlled experiments. System-level support is also addressed with a multi-level system architecture. An architectural pattern for implementing fault-tolerant objects is documented in detail to capture existing solutions and our previous experience. An industrial safety-critical application, the Fault-Tolerant Production Cell, is used as a case study to examine most of the concepts and techniques developed in this research.ESPRIT

Management of object-oriented action-based distributed programs

Phd ThesisThis thesis addresses the problem of managing the runtime behaviour of distributed programs. The thesis of this work is that management is fundamentally an information processing activity and that the object model, as applied to actionbased distributed systems and database systems, is an appropriate representation of the management information. In this approach, the basic concepts of classes, objects, relationships, and atomic transition systems are used to form object models of distributed programs. Distributed programs are collections of objects whose methods are structured using atomic actions, i.e., atomic transactions. Object models are formed of two submodels, each representing a fundamental aspect of a distributed program. The structural submodel represents a static perspective of the distributed program, and the control submodel represents a dynamic perspective of it. Structural models represent the program's objects, classes and their relationships. Control models represent the program's object states, events, guards and actions-a transition system. Resolution of queries on the distributed program's object model enable the management system to control certain activities of distributed programs. At a different level of abstraction, the distributed program can be seen as a reactive system where two subprograms interact: an application program and a management program; they interact only through sensors and actuators. Sensors are methods used to probe an object's state and actuators are methods used to change an object's state. The management program is capable to prod the application program into action by activating sensors and actuators available at the interface of the application program. Actions are determined by management policies that are encoded in the management program. This way of structuring the management system encourages a clear modularization of application and management distributed programs, allowing better separation of concerns. Managemental concerns can be dealt with by the management program, functional concerns can be assigned to the application program. The object-oriented action-based computational model adopted by the management system provides a natural framework for the implementation of faulttolerant distributed programs. Object orientation provides modularity and extensibility through object encapsulation. Atomic actions guarantee the consistency of the objects of the distributed program despite concurrency and failures. Replication of the distributed program provides increased fault-tolerance by guaranteeing the consistent progress of the computation, even though some of the replicated objects can fail. A prototype management system based on the management theory proposed above has been implemented atop Arjuna; an object-oriented programming system which provides a set of tools for constructing fault-tolerant distributed programs. The management system is composed of two subsystems: Stabilis, a management system for structural information, and Vigil, a management system for control information. Example applications have been implemented to illustrate the use of the management system and gather experimental evidence to give support to the thesis.CNPq (Consellho Nacional de Desenvolvimento Cientifico e Tecnol6gico, Brazil): BROADCAST (Basic Research On Advanced Distributed Computing: from Algorithms to SysTems)

Reliability issues in the design of distributed object-based architectures

PhD ThesisThis thesis is aimed at enhancing the existing set of techniques for building distributed systems, specifically from the point of view of fault-tolerant com- puting. Reliability is of fundamental importance in the design and operation of dis- tributed systems, as an increasing number of computers are employed in the automation of various essential services. In the past decade, much research effort has been concerned with the object-based methodology for the design and implementation of reliable distributed systems. This thesis describes three contributions to this effort. First, it is shown that object-based programming features can in fact be introduced into pro- cedural languages provided that these languages are endowed with certain facilities. Then, work is discussed which illustrates the relationship between distributed object-based architectures and an apparently different form of distributed architectures based on processes. This work puts the notion of object-based architectures into a new perspective, which shows that the object-based philosophy and the process-based philosophy are the dual of each other. Finally, an important aspect of the design of an object-based distributed architecture is investigated, that of automatic garbage collection. A distri- buted garbage collection scheme is described that handles fault tolerance by an extension of the technique commonly employed to detect unwanted com- putations in distributed architectures. The scheme proposed can also be seen as yet a further illustration of the link between object-based and process-based architectures.Royal Signals and Radar Establishment of the U.K. Ministry of Defence. Italian Consiglio Nazionale delle Ricerch