200 likes | 370 Views
Software System Architecture. Chapter 6: Air Traffic Control: A Case Study in Designing for High Availability . Prepared by : Azmi H. Alsaqqa 420050007 Supervised by: Eng. Tasnim Darwish 2010. CODE VIEW. An Ada program is created from one or more source files.
E N D
Software System Architecture • Chapter 6:AirTraffic Control: A Case Study in Designing for High Availability . • Prepared by : Azmi H. Alsaqqa 420050007 • Supervised by: Eng. TasnimDarwish • 2010
CODE VIEW • An Ada program is created from one or more source files. • It uses subprograms and packages. • The ISSS is composed of several programs. • An Ada program may contain one or more tasks.
CODE VIEW • Ada tasks are mapped onto UNIX (AIX) processes, which means that all of them are independent AIX processes. • Applications (i.e., operational units and functional groups) are decomposed into Ada packages. • It is carried out by an operational unit's chief designer.
Within the AIX kernel's address space. • Written in the C language. • Faults can potentially damage AIX.
Outside the AIX kernel's address space. • Operating system extensions. • Faults cannot directly damage AIX.
FAULT TOLERANCE • The fault-tolerant hierarchy is designed to trap and recover from errors. • Detects errors in self, peers, and lower levels. • Handles exceptions from lower levels. • Diagnoses, recovers, reports, or raises exceptions.
System monitor and control Global availability Group availability Local availability Application Runtime environment Operating system Physical
ADAPTATION DATA • Uses the modifiability tactic of configuration files called adaptation data. • User-or center-specific preferences. • Configuration changes. • Requirements changes. • Complicated mechanism to maintainers. • Increases the state space.
CODE TEMPLATES • The primary and secondary copies are never doing the same thing. • But they have the same source code. • Continuous loop that services incoming events. • Makes it simple to add new applications. • Coders and maintainers do not need to know about message-handling.
Tactics • Code templates represent a refinement of the "abstract common services" tactic. • Gives the processes a "semantic coherence” , because they all do the same thing when viewed abstractly. • The template leading to "generalizing the module”. • By making the interfaces and protocols part of the template, they "maintain interface stability" and achieve "adherence to defined protocols."
Code structure template for fault-tolerant ISSS applications terminate:= false initialize application/application protocols ask for current state (image request) Loop Get_event Case Event_Type is -- "normal" (non-fault-tolerant-related) requests to perform actions; -- only happens if this unit is the current primary address space when X=> Process X Send state data updates to other address spaces when Y=>Process Y Send state data updates to other address spaces ... when Terminate_Directive => clean up resources; terminate := true
when State_Data_Update => apply to state data -- will only happen if this unit is a secondary address space, receiving -- the update from the primary after it has completed a "normal" action -- sending, receiving state data when Image_Request => send current state data to new address space when State_Data_Image => Initialize state data when Switch_Directive => notify service packages of change in rank -- these are requests that come in after a PAS/SAS switchover; they -- report services that they had requested from the old (failed) PAS -- which this unit (now the PAS) must complete. A,B, etc. are the names -- of the clients. when Recon_from_A=>reconstitute A when Recon_from_B=>reconstitute B ... when others=>log error end case exit when terminate end loop
How the ATC System Achieves Its Quality Goals • Goal: High Availability • How Achieved: Hardware redundancy, software redundancy • Tactic(s) Used: State resynchronization; shadowing; active redundancy; removal from service; limit exposure; ping/echo; heartbeat; exception; spare
How the ATC System Achieves Its Quality Goals • Goal: High Performance • How Achieved: Distributed multiprocessors; front-end schedulability analysis, and network modeling • Tactic(s) Used: Introduce concurrency
How the ATC System Achieves Its Quality Goals • Goal: Openness • How Achieved: Interface wrapping and layering • Tactic(s) Used: Abstract common services; maintain interface stability
How the ATC System Achieves Its Quality Goals • Goal: Modifiability • How Achieved: Templates and adaptation data; module responsbilities; specified interfaces • Tactic(s) Used: Abstract common services; semantic coherence; maintain interface stability; anticipate expected changes; generalize the module; component replacement; adherence to defined procotols; configuration files
How the ATC System Achieves Its Quality Goals • Goal: Ability to Field Subsets • How Achieved: Appropriate separation of concerns • Tactic(s) Used: Abstract common services
How the ATC System Achieves Its Quality Goals • Goal: Interoperability • How Achieved: Client-server division of functionality and message-based communications • Tactic(s) Used: Adherence to defined protocols; maintain interface stability