Download presentation
Presentation is loading. Please wait.
1
Self-Stabilization as a Foundation for Autonomic Computing Olga Brukman, Shlomi Dolev, Yinnon A. Haviv, Reuven Yagel. Ben-Gurion University of the Negev, Beer-Sheva, Israel
2
FOFDC 2007, Vienna
3
Trends in Autonomic Computing Self-healing, Self-managing, Self-*. Recovery Oriented Computing [Berkeley, Stanford]. Autonomic Computing [IBM]. Robust infrastructure for achieving the above is missing. Processor. Operating systems do not stabilize. Nothing built on top of this platform can be fully robust.
4
FOFDC 2007, Vienna Self-Stabilization: Well Established Theory ! Self-Stabilization[Dijk’74]. Self-Stabilization [Dolev’2K]. Abstract, stand-alone algorithms. Self-stabilization was not fully deployed in real-life systems. Self-stabilizing protocols. Routing Information Protocol (RIP).
5
FOFDC 2007, Vienna Self-Stabilization Self-stabilization is achieved through algorithm fully exploring the system state space. Self-stabilizing algorithm is continuously executed, and its code is not corrupted.
6
FOFDC 2007, Vienna Self-Stabilization as a Base for True Autonomic Computing Well defined and provable property. Ability to deal with unpredicted failures. Automatic recovery from any state.
7
FOFDC 2007, Vienna Self-Stabilization Stack Self-Stabilizing Program Stabilization Preserving Compiler Self-Stabilizing Operating System Self-Stabilizing Processor
8
FOFDC 2007, Vienna Self-Stabilization Stack: Non Self- Stabilizing Programs Self-Stabilizing Operating System Self-Stabilizing Processor Recovery Oriented Program Self-Stabilizing Automatic Recoverer Eventually Byzantine Program Self-Stabilizing Program Recovery Oriented Software Stabilization Preserving Compiler
9
Self-Stabilizing Processor Shlomi Dolev, Yinnon A. Haviv
10
FOFDC 2007, Vienna Self Stabilizing Microprocessor Legal execution of a processor Every process starting from an arbitrary state reaches fetch-decode-execute sequence. What is a self-stabilizing processor? Every execution of the processor starting from an arbitrary state reaches a safe configuration, which implies legal execution after the safe state
11
FOFDC 2007, Vienna Self-Stabilizing Processor: How? Verifying self-stabilization in existing processor Each circle in the processor automata has a fetch-decode-execute loop. Adding self-stabilization to a processor Using a self-stabilizing watchdog
12
Self-Stabilizing Operating System Shlomi Dolev, Reuven Yagel
13
FOFDC 2007, Vienna Self-Stabilizing Operating System Black box Reloading OS code from ROM periodically. The reloading function is hardwired in ROM Tailored Solution Process scheduling Memory management Device drivers
14
FOFDC 2007, Vienna Tailored Solution: Scheduling Fairness and stabilization preservation Periodic execution non-maskable interrupts and watchdog Scheduler state (process table) correctness Bounded index to fix number of processes Enforcing separation through segmentation
15
FOFDC 2007, Vienna Tailored Solution: Memory Management Eventual consistency of memory hierarchy Stabilization preservation Processes do not affect other processes memory Solutions Allocate entire memory Fixed partitions with continuous monitoring Lease based dynamic schemes
16
FOFDC 2007, Vienna I/O Device Tailored Solution: Device Drivers OS Device Driver Ping-pong requirement Exchange requests and replies infinitely often Progress requirement Eventually every I/O request is executed according to specifications Self-stabilizing protocol Controller
17
FOFDC 2007, Vienna Tailored Solution: Device Drivers Self-stabilizing protocol 1. Lease based execution of the protocol OR 2. Assuming the device controller is self- stabilizing, enforces state consistency through snapshots.
18
FOFDC 2007, Vienna Tailored Solution: Implementation Prototype based on Intel Pentium processor Detailed proof of the assembly code correctness Our prototype shows that it is possible to design a self-stabilizing OS kernel.
19
Self-Stabilization Preserving Compiler Shlomi Dolev, Yinnon A. Haviv, Mooly Sagiv, Department of Computer Science Tel Aviv University, Israel
20
FOFDC 2007, Vienna Non-Stabilization Preserving Compiler S and T behave the same only when started in the initial state. Existing compilers are non-stabilization preserving T may reach an unexpected state due to soft-error experienced by microprocessor Compiler S high abstraction language T machine language
21
FOFDC 2007, Vienna Non-Stabilization Preserving Compiler: Example Compiled code: start with cx=12 inside the loop… Moreover: Any runtime mechanism can get stuck or become inconsistent. Stack, heap mov ax, 10 mov cx, 0 loop1: push cx call f inc cx cmp cx,ax jne loop for (int i=0; i<10; i++) f(i)
22
FOFDC 2007, Vienna Stabilization Preserving Compiler upon do Variable declarations upon do S.P. Compiler Enforce invariants Scheduler condition_1 … condition_n Statement_1 Statement_n
23
Recovery Oriented Software Olga Brukman, Shlomi Dolev
24
FOFDC 2007, Vienna Software Contains Bugs Writing self-stabilizing software is hard Correct and faultless SW is hard Long-lived running programs, e.g., OS Heisenbugs, corrupt states, leaked resources are common… Usually software is tested when starting from initial state and considering limited time scenarios.
25
FOFDC 2007, Vienna Fault Model Reflecting Reality Software packages can be trusted to work as required after restart. Eventual Byzantine software. System administrators and users use reboot to deal with faults. Contract between the client, project manager and programmers, that is checked on line! Additional (thin) monitoring and recovering layer is self-stabilizing.
26
FOFDC 2007, Vienna26 Parts in Contract Specifications Composer (Project Manager) Invariants and predicates important properties on program IO Recovery actions Programmer Best-effort implementation Using same IO variables as specifier Still: bugs and unexpected states
27
FOFDC 2007, Vienna Environment Long enough to do sufficient job Self-stabilizing processor + Self-stabilizing OS Processes exist and execute their code Infrastructure for robust monitoring and recovery Not immediately Byzantine eventual Byzantine program
28
Self-Stabilizing Recoverer for Eventual Byzantine Software Olga Brukman, Shlomi Dolev Hillel Kolodner, Haifa Research Labs IBM, Israel
29
FOFDC 2007, Vienna Middleware Architecture OS Kernel OMR 1 2 … n
30
Recovery Oriented Programming Olga Brukman and Shlomi Dolev
31
FOFDC 2007, Vienna31 Our Framework: Transforming Recovery Tuples into Code Code Recovery tuples Subsystems hierarchy event-driven monitoring event-driven monitoring External Monitor Subsystem External Monitor Pre-compiler event-driven monitoring event-driven monitoring External Monitor event-driven monitoring event-driven monitoring External Monitor
32
FOFDC 2007, Vienna Conclusions Self-Stabilization as an effective paradigm for creating robust systems. Rigorous approach for designing basic system components Microprocessor Operating system Compiler Recovery Oriented Software
33
FOFDC 2007, Vienna Stabilization Preserving Compiler [DHS05] Self-Stabilizing Operating System [DY04] Self-Stabilizing Processor [DH06] Recovery Oriented Software [BDK03, BD06] Faces Behind the Paper
34
Thank You! Questions?
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.