Instruction manuals

A customized communication subsystem for FT-Linda

Description
A customized communication subsystem for FT-Linda
Published
of 20
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
  ACustomizedCommunicationSubsystemfor FT-Linda    DorgivalO.Guedes  y DavidE.Bakken  z NinaT.BhattiMattiA.HiltunenRichardD.Schlichting  DepartmentofComputerScience UniversityofArizona Tucson,AZ85721,USA  E-mail: f  dorgival,bakken,nina,matti,rick  g  @cs.arizona.edu  Abstract Distributedfault-tolerantsystemsusuallyimposemuchstrongerrequirementsontheunderlyingcommunicationprotocolsthandoapplicationsdevelopedwithoutfault-toleranceinmind.Thatistrue,forexample,ofapplicationscomposedofprocessesreplicatedonmultiplehosts,whereallreplicasmustkeepthesameview ofthestateofthecommunication.Thispaperdescribeshowthecommunication substrateforaspecicapplicationwithstrongcommunicationrequirementswasdeveloped.Theapplication,theruntimesystemforafault-tolerantversionoftheLindalanguagecalledFT-Linda,requiresacommunicationsubstratecapableofprovidingorderedatomicmulticast,failuredetectionandmembershipservices.Theimplementationreliesonanewframeworkforthecompositionofevent-drivenmicro-protocolsthatisusedwiththe x  -kernel. Resumo  Sistemasdistribudostolerantesafalhasusualmenteimp~oemmaioresexig^enciassobreosprotocolosdecomunicac~aoutilizadosdoqueaplicac~oesdesenvolvidassemo  objetivodeseprovertoler^anciaafalhas.Talfatoocorreporexemplocomaplicac~oes desenvolvidasreplicando-seumprocessoemvariasmaquinas,ondetodasasreplicasdevemmanteramesmavis~aodoestadodosistema.Esteartigodescreveodesen-volvimentodeumprotocoloumaaplicac~aoespecca,oambientedeexecuc~aode FT-Linda,umavers~aotoleranteafalhasdalinguagemdecoordenac~aoLinda.O  sistemaexigeumprotocolodecomunicac~aocapazdeproverdetecc~aodefalhas,iden- ticac~aodeparticipanteseumservicode\multicast"conavel.Aimplementac~ao  sebaseaemumnovoambienteparacomposic~aodemicro-protocolosacionadosporeventosqueeutilizadoemcombinac~aocomo  x  -kernel.  ThisworksupportedinpartbytheOceofNavalResearchundergrantN00014-91-J-1015. y SponsoredbyConselhoNacionaldePesquisa(CNPq),Brazil,Processno.200861/93-0 z Currentaddress:DistributedSystemsDepartment,BBNSystemsandTechnologies,10Moulton StreetMS6/3D,Cambridge,MA02138USA   1Introduction  Distributedsystemsareusednowadaysinapplicationsthatrequiredependableservice,whichposesdicultproblemsfortheimplementorofsuchsystems.Althoughthegeneralissueoffault-tolerantdistributedsystemsisundoubtedlyahardone,techniqueshave beendevelopedthatcanbeusedbydeveloperstoimplementthosesystemsaccordingto well-knownparadigms.Amongthesetechniques,communicationprotocolsthatprovide elaborateserviceslikefailuredetection,membershipmanagementandatomicmulticastaresomeoftheimportantbuildingblocksavailable19,7,11].Duetothestrongrequirementsimposedonfault-tolerantsystems,suchprotocolsare usuallyextremelycomplexandconstrainedtoprovideonlyasinglesetofrigidlydened semantics,whichmakesthemverydiculttoconstructanduse.Anewapproachforaddressingtheseproblemshasbeendevelopedinwhichpropertiescanbeimplementedasseparate  micro-protocols  andthenconguredtogethertoconstructahigher-level composite protocol thatprovidesacustomizedservice.Eachpartoftheservicecanbeimplemented andtunedseparately,whiletheinteractionamongthepartscanbeexplicitlydened.Thisapproachmakesiteasiertodeveloptheservices,sinceeachmicro-protocolcan beimplementedasaseparatelogicalunit,andeachunitcanbeadaptedtoacertaingiven application.Alteringthebehavioroftheprotocoltoadjusttochangesintherequired serviceiseasilydonebyreplacingoradjustingthemicro-protocolsresponsibleforacertain feature.Themodularityalsomakesitmuchsimplertodevelopanddebugthecomposite protocol,sincetheinterfacesamongthepartsarewelldened.Thispaperdescribesacasestudyinwhichacustomizedserviceisconstructedusing thisapproachforFT-Linda,aversionoftheLindacoordinationlanguagedesignedforwritingfault-tolerantparallelprograms2].Theservice,anatomicorderedmulticastprotocolthatisusedasthecommunicationsubstrateforthelanguageruntimesystem,hasproventobediculttoconstructinpractice.Thishasbeendemonstrated,forexample,byearlierexperiencewithConsul,theprotocolsuitepreviouslyusedbyFT-Linda14].WhencomparedtotheoriginaldesigndonewithConsul,thesystemconstructedusing micro-protocolsissimplerandbettertunedtothespecialcharacteristicsoftheFT-Linda runtimesystem.Italsoallowsvariousdierentaspectsoftheservicetobealteredin ordertodeterminethebestimplementationforthegivensystem.Theremainderofthispaperisorganizedasfollows.Section2describesFT-Linda,itsmotivation,thenewsyntaxandsemantics,andthecommunicationneedsoftheruntime system.Oncethoserequirementshavebeendened,Section3describestheevent-driven protocolcompositionmodelandthestructureoftheintendedcompositeprotocol.Section 4thenprovidesthedetailsoftheimplementation,withtheimportantdatastructuresand theoutlineofmicro-protocols.Finally,Section5oerssomeconcludingremarksand discussespossiblefuturework.ItshouldbenotedthatthedescriptionofFT-Lindapresentedherewasdeveloped asashortintroductiontoprovidejustthebackgroundnecessaryfortheanalysisofthe underlyingcommunicationsubstrate,therealfocusofthispaper.Adetaileddescription ofthesemanticsandimplementationcanbefoundin1].  2FT-Linda  1  Lindabasicconcepts. Lindaisalanguageforparallelprogrammingbasedon  tuple spaces  (TS),acommunicationabstractiondenedasabagthatcanholddataelementscalledtuples.Thesetuplesaredataaggregatesthathavealogicalnameandzeroormore values.Thetuplespacesare,inessence,aspecializedvirtualsharedmemory,inwhich thesharingofinformationisguaranteedbytheruntimesystem.ProcessescanuseTStocommunicateandsynchronizewithotherprocessesbyma-nipulatingtuples.SuchmanipulationisdonethroughasetofbasicoperationstodepositandwithdrawtuplesfromaTS.Theseoperationsare  out ,whichdepositsatuple,and  in  ,whichwithdrawsatuplewithspeciedcharacteristicsifavailableandblocksotherwise.Otheroperationsaredened,like  rd  , inp  and  rdp  ,butthesearebasicallyadaptationsof in  and  out .Figure1showshowLindacanbeusedtoimplementaworkerprocessunderthebag-of-tasksparadigm5]. process worker whiletruedo in( \  work  " ,?  subtaskargs )calc( subtaskargs; var  resultargs )for( allnewsubtaskscreatedbythissubtask  )out( \  work  " , newsubtaskargs )out( \  result " , resultargs )endwhile endproc  Figure1:Bag-of-TasksWorker Problemswithfailures. Thestandarddenitionofthelanguageanditsoperationsdoesnotaddresstheeectsofprocessorfailures,however.Thereareessentiallytwo decienciesinthemodelthatmakeitsusceptibletofailures: Lackoftuplestability: Thelanguagedoesnotdenehowtheruntimesystem muststoretuplesinordertocreatetheillusionofsharedmemory.Manycur-rentimplementationsusesomekindofsignaturetopartitiontuplesamongthe participatinghosts.Onthesesystems,thefailureofahostmaycausethelossofanunpredictablesubsetoftuplesintheTS8]. Lackofsucientatomicity: Onlythebasicoperationsaredenedtobeatomic inLinda,whatmeansintermediatestatesduringtheexecutionofaseriesofoperationscanbeseenbyotherprocesses.Iftheprocessoronwhichtheoper-ationsarebeingexecutedfailsbeforethecompletionofthetask,theTSmay beleftinanindeterminatestate.Forexample,ingure1,noresultwouldbe outputtoTSiftheprocessorhostingtheworkerfailswhileexecuting  calc  .FT-LindaextendstheoriginalLindamodelwithstabletuplespacesandatomicexe-cutionofsequencesofoperationstoprovideimprovedsupportforbuildingfault-tolerantapplications.Themodelassumesthatprocessorssueronlyfail-stopfailures18],where theruntimesystemprovidefailurenoticationbydepositingadistinguished   failuretu-ple  intoTS.Currentlyitassumesthatprocessorsremainfailedforthedurationofthe computationandarenotreintegratedbackintothesystem. 1 Adetaileddescriptionofthelanguageanditsimplementationcanbefoundin1]  2.1Syntaxandsemantics  Toaddressthedecienciesmentionedabove,FT-Lindaincludesprovisionsfordening  stableTSs  andanewsyntaxthatallowsaseriesofTSoperationstobedenedasatomic. Stabletuplespaces. TheoriginalLindalanguagedenedonlyonegloballyvisible TSthatissharedbyallapplications.Afterthat,manydierentstudieshavesuggested variousfeaturestoallowmultipleTSstobedenedunderthecontroloftheapplication 8,6].ThatfeatureisincorporatedinFT-Linda,andisfurtherextendedwithattributes.Tuplespacesmaybeassignedspecialattributesthatdenehowtheybehaveinthe presenceoffailures,amongotherissues.Currentlytheseattributesare  resilience  and  scope  .ResiliencespeciesthebehavioroftheTSinthepresenceoffailures,andcanbe setas stable  or volatile  :TherstguaranteesthattheTSwillsurviveprocessorfailures,whilethesecondmakesnosuchguarantee.ThescopeattributeindicateswhichprocessescanaccesstheTS,andcanbe  shared  (allprocessesmayaccessit),or private  (onlyone processhasaccess).Stabilityisachievedbyreplicatingtuplesonmultiplemachines,whichisalsousedto implementasharedTSsinceprocessesonanyhostmayrequireaccesstoitstuples.On theotherhand,volatileprivateTSsmaybeimplementedlocallytotheowningprocess,providingafasteraccesstoalocalworkareawheretemporaryresultsmaybestored.Asdescribedbelow,newatomicoperationsareprovidedtomovethecontentsofalocalTS toashared/stableonewhenacomplexseriesofoperationsisnished,providingoneofthewaystoensureatomicity.OnemoresemanticextensionprovidedbyFT-Lindaisthattuplespacespreservethe orderofinsertion.Thatis,tuplesinagivenTSarealwaysorderedinthiswaybythe runtimesystem,aguaranteethatcanbeexploitedtogoodeectbymanyapplications. Failuredetectionandnotication  Whenthesystemdetectsahostfailure,itau-tomaticallycreatesa   failure  tupleinasharedstableTSavailabletoallprocessesinthe application.Eachapplicationmustdeneaprocessresponsibleforwatchingforthose tuplesandstartingtheadequaterecoveryprocedure. Atomicguardedstatements(AGS). AnAGSisanewconstructinthelanguage thatallowsaprogrammertospecifythatagroupoftuplespaceoperationsbeexecuted atomically,potentiallyafterblockingtowaitforaconditiontohold.Thisprovidesall-or-noneexecutionsemanticsdespitefailuresorconcurrentaccesstoTSbyotherprocesses.ThesimplestcaseoftheAGSis <guard  =  )  body>  wheretheanglebracketsdenoteatomicexecution.The  guard  canbeanyblockingLindaoperationor true  ,and the  body  isaseriesof in  , rd  , out , move  or copy  operations,oranullbodydenotedby  skip  .AprocessexecutinganAGSisblockeduntiltheguardsucceeds,atwhichpointthe guardandbodyareexecutedasasingleatomicstep.Onlytheguardexpressioncan block:ifthebodyhasany  in  or rd  operationthatwouldblock,anerrorisreported.Adisjunctivecaseisalsodenedinwhichmorethanoneguard/tuplepaircanbe specied.Aprocessexecutingsuchastatementblocksuntilatleastoneoftheguardssucceeds,atwhichpointoneofthepairsischosentobeexecutedatomically. Atomictupletransfer. FT-Lindaprovidesprimitivesthatallowtuplestobemoved ( move  )orcopied( copy  )atomicallybetweenTSs.  Anexample. Asmentionedabove,thesenewFT-Lindafeaturescanbeusedto guaranteethatotherprocessesseeagiventaskasatomic.Forexample,considerthebag-of-tasksapplication.Afterwithdrawinga  work  tuple,aworkercangenerateavariable numberofnewtasksbycreatingnew  work  tuples,followedbycreationofa  result tuple.Inordertomaketheseactionsatomic,thedescriptionofthetaskcanberemovedfrom theTSonlyinanoperationthatatomicallydepositsanynew  work  tuplesandthe  result tuple.Inthisway,afailurewhiletheworkeriscomputingtheresultdoesnotcausethe TStobeinaninconsistentstate.Apossiblesolutionisshowningure2,wherethe workerusesalocalTStocreatethenewtasksandresult,andthenmovesallthetuplesatomicallytothesharedTSwhendone.Duetotheatomicnatureofthemoveoperation,eitheralltuplesappearintheTSatthesametime,or,iftheworker'sprocessorfailsbeforethelastAGScanbeexecuted,nonedo. process worker () TSscratch  :=  tscreate (volatile,private, mylpid  ())whiletruedo  h in( TSmain  , \  subtask  " , ? subtaskargs ) =  )  out( TSmain  , \  inprogress " , myhostid  , subtaskargs ) i calc( subtaskargs ,var  resargs )for( allnewsubtaskscreatedbythissubtask  )out( TSscratch  , \  subtask  " , newsubtaskargs )out( TSscratch  , \  result " , resargs ) h in( TSmain  , \  inprogress " , myhostid  , subtaskargs ) =  )  move( TSscratch  , TSmain  ) i endwhile endworker  Figure2:DynamicFault-TolerantBag-of-TasksAnotherimportantaspectofthisimplementationisthereplacementoftheinitial work  tuplebyan  inprogress  tuple.This inprogress  tuplecanbeusedbya  monitorprocess  to recreatethe  work  tupleincasetheworkerfailsbeforecompletion.Suchamonitorwould executeinaloopwaitingfor  failure  tuplescreatedbytheruntimesystemwhenahostisdetectedtohavefailed.Whensuchatupleisfound,itprovidesthe  id  ofthefailedhost,sothemonitorcanremoveany  inprogress  tuplesfromthathostandreplacethembythe original work  tuples.Inthisway,allinterruptedtaskscanbeprocessedlaterbyotherworkers.Moredetailsonthisandotherexamplescanbefoundin1,2]. 2.2FT-Lindaimplementation  Giventhesemanticsjustdescribed,thechallengeistoprovideareasonableimplemen-tationofatomicexecutionandstableTSs.Thechoicesforthesecondrangefromusing hardwareassistancetoapproximatethefailure-freebehaviorofstablestoragetoreplicat-ingthevalues(tuples)involatilememoryacrossmultipleprocessors,sothatfailureofsomeofthemcanbetoleratedwithoutlossofinformation.Sincethesituationathandalso requiresthattuplesbesharedamongdierentprocessors,replicationisabetterchoice.
Search
Similar documents
View more...
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks