the ansa project
Download
Skip this Video
Download Presentation
The ANSA project

Loading in 2 Seconds...

play fullscreen
1 / 18

The ANSA project - PowerPoint PPT Presentation


  • 87 Views
  • Uploaded on

The ANSA project. Failures and Dependability in ANSA. System structure. Component based: component behaviour can be observed by other components Independent components: own observations and reasoning about events No global observer No global ordering of events No global time.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'The ANSA project' - thimba


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
the ansa project

The ANSA project

Failures and Dependability in ANSA

system structure
System structure
  • Component based: component behaviour can be observed by other components
  • Independent components: own observations and reasoning about events
  • No global observer
  • No global ordering of events
  • No global time
expectations i
Expectations – I

V

An event with value v0 is expectedin time interval t0 and t1

v0

t0

t1

T

expectations ii
Expectations – II

V

An event with a value between v0 and v1

is expected in time interval t0 and t1

v1

v0

t0

t1

T

expectations iii
Expectations – III

V

An event with a value between v0 and v1

is expected in time interval t0 and t1

The event value is time dependent

v0

E  V x T

v0

t0

t1

T

occurrences
Occurrences

V

An event can occur exactly once

in the ANSA model

v0

O0

v0

t0

t1

T

occurrences1
Occurrences

V

An event can occur exactly once

in the ANSA model

v0

O1

O  V x T

|O| = {0,1}

v0

t0

t1

T

correctness
Correctness
  • Correct occurrence of an eventO  E  
  • Correct non-occurrence of an eventO  E = 
  • Formal definition of correctness(O  E  )  (O  E = )
failures
Failures
  • Negation of correct event(O  E  )  (O  E = )
  • Simplified(O  E  )  (O  E = )
  • Unexpected occurrenceO    E = 
  • Omission failureE    O = 
  • Incorrect occurrenceO    E    (O  E = )
consistency between multiple events
Consistency between multiple events
  • Events constrain the expectation of future events
  • Local events: Observation by local mechanisms of a component
  • Distributed events: Distributed consensus problem, collaboration of components required
  • Consistency enforcement instead of distributed deviation detection
  • Express global properties as a set of local ones
computability of next expectation
Computability of next expectation
  • Research questions:
  • Does a function f(O) exist to compute the next expectation?
  • How many such functions are need for a simple protocol?

V

V

v1

O0

v0

v3

v2

t1

T

t3

T

t0

TO

TO

t2

computability of next expectation1
Computability of next expectation
  • Research question:
  • Does a function g(O) exist to compute the next expectation in case of a failure?

V

V

v1

v0

v3

O0

v2

t1

T

t3

T

t0

TO

TO

t2

dependability principles i
Dependability Principles – I
  • Separation: More (distributed) components reduce dependability
  • Diversity: Designers need to be prepared and mechanisms need to allow for diversity
  • Scaling: Mechanisms must be exchangeable to suit different scenarios
dependability principles ii
Dependability Principles – II
  • Federation: heterogeneous authorities and dependability contracts
  • Transparency: hide dependability mechanisms from the programmer
  • Concurrency: conflicting, inconsistent changes to data
  • Configuration: add and update parts of the system; adapt failure detectors
management model i
Management Model – I
  • Fault confinement: limitation of propagation to other parts of the system
  • Fault detection: compare time/value observation with expectation
  • Fault diagnosis: if fault detection can not identify the faulty component
  • Reconfiguration: isolate faulty component or replace with spare
  • Recovery: remove effect of fault
management model ii
Management Model – II
  • Restart: after all damaged state has been removed
  • Repair: restores the faulty component to an undamaged state
  • Reintegration: reconfiguration of the system to reintroduce the repaired component
open questions
Open questions
  • Is our list of principles complete?
    • Separation, Diversity, Scaling, Federation, Transparency, Concurrency, Configuration
  • Is our D2R3 strategy complete?
    • Fault confinement, Fault detection, Fault diagnosis, Reconfiguration, Recovery, Restart, Repair, Reintegration
  • Is our CFEF diagram correct?
    • Do we detect faults, errors of failures?
ad