fault tolerance 101 joe armstrong
play

Fault tolerance 101 Joe Armstrong Monday, March 3, 2014 Fault - PowerPoint PPT Presentation

Jan 15, 2023 •20 likes •710 views

Fault tolerance 101 Joe Armstrong Monday, March 3, 2014 Fault behaves as per specification does not crash Monday, March 3, 2014 Many systems have no specification Monday, March 3, 2014 Programming is the act of turning

  1. Fault tolerance 101 Joe Armstrong Monday, March 3, 2014

  2. Fault • “behaves as per specification” • “does not crash” Monday, March 3, 2014

  3. Many systems have no specification Monday, March 3, 2014

  4. Programming is the act of turning an inexact description of something ( the specification ) into an exact description of the thing ( the program ) Monday, March 3, 2014

  5. A program is the most precise description of the problem that we have Monday, March 3, 2014

  6. What is fault tolerance? • The ability to behave in a sensible manner in the presence of failure. Consumer so f ware, w ebsites, ... • The ability to behave exactly as specified despite failures. Air tra ffi c control, nuclear power station control . “In a sensible manner” is rather wooly Exact specification is When there is no spec - extremely di ffi cul t “in a sensible manner” means - does not crash Monday, March 3, 2014

  7. • History • Hardware Fault Tolerance • Software Fault Tolerance • Specifications and code • Erlang FT • Demo Monday, March 3, 2014

  8. W e cannot prevent failures Monday, March 3, 2014

  9. Automata Studies ed. C. Shannon Princ. Univ. Press 1956 Monday, March 3, 2014

  10. Q: Can we make reliable systems that behave reasonably from unreliable components? A: Y es Monday, March 3, 2014

  11. The Cornerstones of FT • Detect Errors • Correct Errors • Stop Errors from Propagating Monday, March 3, 2014

  12. Needs > 1 computer Error detection must work across machine boundaries Computer 2 w atches computer 1 Computer 3 w atches computer 1 Computer 1 does the job Computer 3 w atches computer 1 Computer ... Must write distributed programs w atches computer 1 Decoupling and separation helps Programs run in para l el stop errors f om propagating Monday, March 3, 2014

  13. Things to ponder • Hardware can fail • Detecting or masking errors? • Software either complies with • Correcting errors a spec = works or does not do • Propagation of errors what the spec says = fails • Error firewalls • What should the software do when the system behaves in a • Self - repairing zones way that is not described in the spec? • Static/Dynamic error detection • What do we do when we don’t have a spec? • Can we make reliable systems that behave reasonably from unreliable components? Monday, March 3, 2014

  14. Hardware fault tolerance • System that mask ( hide ) errors and use redundancy to mask errors. Examples: RAID disks, error correcting bits in memory hardware etc. Monday, March 3, 2014

  15. Tandem nonstop II ( 1981 ) Monday, March 3, 2014

  16. Tandem ... Tandem Computers, Inc. was the Besides handling failures well, this "shared-nothing" dominant manufacturer of fault- messaging system design also scales extremely well tolerant computer systems for ATM to the largest commercial workloads. Each doubling of networks,banks, stock exchanges, the total number of processors would double system telephone switching centers, and throughput, up to the maximum configuration of 4000 other similar commercial transaction processors. In contrast, the performance of processing applications requiring conventional multiprocessor systems is limited by the maximum uptime and zero data loss. speed of some shared memory, bus, or switch. Adding more than 4–8 processors that way gives no further system speedup. NonStop systems have more often been bought to meet scaling requirements than for extreme fault tolerance. They compete well against To contain the scope of failures and of corrupted IBM's largest mainframes, despite being built from data, these multi-computer systems have no simpler minicomputer technology. shared central components, not even main memory. Conventional multi-computer systems all use shared memories and work directly on shared data objects. Instead, NonStop processors cooperate by exchanging messages across a reliable fabric, and software takes periodic A l quotes f om Wikipedia snapshots for possible rollback of program memory state. Monday, March 3, 2014

  17. 1.10 on tuesday dec 10 Monday, March 3, 2014

  18. Monday, March 3, 2014

  19. Monday, March 3, 2014

  20. What do we do when we detect an error? • Mask it ( try again ) • Do nothing ( crash later - not a tota l y bri l ian t idea ) • Or ... Monday, March 3, 2014

  21. LET IT CRASH Monday, March 3, 2014

  22. Programming the Ericsson Diavox ( 1976 ) If you’re in a three - way call at any time you can press the # key then press 1 to talk to party 1 2 to talk to party 2 or * to enter a conference call Monday, March 3, 2014

  23. if(state == 3waycall && key == “#”){ key = get_next_key(); if(key==”1”){ park(2); connect([self,1]); } elseif(key==”2”){ Defensiv e park(1); programming connect([self,2]); } elseif (key==”*”){ connect([self,1,2]); } elseif(key=”onhook”){ /* Uuugh what do I do here */ } Monday, March 3, 2014

  24. Oh Dear • The Spec tells what to do when things happen • The Spec does not say what to do when the behavior goes “o ff- spec” • The number of ways we can go “o ff spec” is huge • Most specifications do not include failure analysis, and do not say what to do when you are “o ff spec” Monday, March 3, 2014

  25. Joe: “So what happens if we’re in a 3 - way conference, and the guy processes hash and then puts the hook down, and doesn’t press 1 2 or star?” Bernt: “So what you do is stop the conference, send the phone a ring tone and when they answer go back to the point where you were expecting them to enter 1 2 or star.” Joe: “But that’s not in the spec.” Bernt: “But everybody knows.” Joe: “I didn’t know.” Monday, March 3, 2014

  26. Calls are “files” • If a process crashes the OS closes all files opened by the process • If a call crashes the OS closes all calls opened by the process • The OS’s job is to “keep files safe” ( ie it maintains invariants ) Monday, March 3, 2014

  27. Let it crash philosophy • If a processes crashes the OS detects this • The OS protects the resources being used by the process • Programs should crash when going o ff spec Monday, March 3, 2014

  28. if(state == 3waycall && key == “#”){ key = get_next_key(); if(key==”1”){ park(2); connect([self,1]); } elseif(key==”2”){ park(1); connect([self,2]); } elseif (key==”*”){ connect([self,1,2]); Defensiv e } else{ programming exit(out_of_spec1); } } Monday, March 3, 2014

  29. Failed Patte n matching provides the exi t confcall(“#”) -> case get_next_key() of ”1” -> park(2); connect([self,1]); ”2” -> Non defensiv e programming - park(1); there is no error connect([self,2]); detection or correction cod e ”*” -> connect([self,1,2]) end. Monday, March 3, 2014

  30. Are hardware and software faults are fundamentally di ff erent? Monday, March 3, 2014

  31. Are there any pure functions? Monday, March 3, 2014

  32. Class ( a ) functions: If computing f ( X ) fails and f is a pure function computing f ( X ) will always fail. Class ( b ) functions: If computing f ( X ) fails and f is a non - pure function it might succeed if we call f ( X ) again. Monday, March 3, 2014

  33. Is this a pure function? function f(){ int a = 10, int b = 2, return a/b } Monday, March 3, 2014

  34. Cosmic ray hits the memory ce l where b is stored and changes the 2 into zero function f(){ int a = 10, int b = 2, return a/b } A heisenbug Monday, March 3, 2014

  35. Monday, March 3, 2014

  36. • Heisenbug - Bug that that seems to disappear or alter its behavior when one attempts to study it • Bohrbug - A "good, solid bug". Like the deterministic Bohr atom model, they do not change their behavior and are relatively easily detected. • Mandelbug - ( named after Benoît Mandelbrot's fractal ) is a bug whose causes are so complex it defies repair, or makes its behavior appear chaotic or even non - deterministic. • Schrödinbug ( named after Erwin Schrödinger and his thought experiment ) is a bug that manifests itself in running software after a programmer notices that the code should never have worked in the first place. • Hindenbug ( named after Hindenburg disaster ) is a bug with catastrophic behavior. Source: wikipedia Monday, March 3, 2014

  37. • If a process fails restart it ( f ixes many heisenbugs, especia l y those due to subtle timing errors ) • If you have tried restarting a process more than N times in K seconds, then give up. T ry and do something simpler instead. • Build trees of processes, if low - level nodes fail and cannot be restarted fail higher up the tree Monday, March 3, 2014

  38. Supervision trees supervisors workers Don’t forget the manual backup : -) Monday, March 3, 2014

  39. The failure model is part of the specification ( especially for air - tra ffi c control software etc. ) The customer should understand the failure model Monday, March 3, 2014

  40. I want fault tolerant storage That’s impossible W e’ll make three copies of your data, on three di ff erent machines. W e’ll guarantee that if one machine crashes you’ll never lose any data what happens if 2 machines crash at the same time Y ou can still save data on the third machine, but it will be unsafe. Our guarantee will not apply. But I want more safety Monday, March 3, 2014

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Roadmap for Section 10.1 The Notion of Fault-Tolerance Fault-Tolerance Support in NTFS Volume

Roadmap for Section 10.1 The Notion of Fault-Tolerance Fault-Tolerance Support in NTFS Volume

Unit OS10: Fault Tolerance Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 10.1 The Notion of Fault-Tolerance Fault-Tolerance Support in NTFS Volume Management - Striped

394 views • 25 slides
Fault Tolerance in Message Passing Fault Tolerance in Message Passing and in Action and in

Fault Tolerance in Message Passing Fault Tolerance in Message Passing and in Action and in

Fault Tolerance in Message Passing Fault Tolerance in Message Passing and in Action and in Action Jack Dongarra, Innovative Computing Laboratory University of Tennessee and Computer Science and Mathematics Division Oak Ridge National

422 views • 14 slides
General Principles of Fault- Tolerance Daniel Gottesman Perimeter Institute Whats Left For

General Principles of Fault- Tolerance Daniel Gottesman Perimeter Institute Whats Left For

General Principles of Fault- Tolerance Daniel Gottesman Perimeter Institute Whats Left For Fault-Tolerance? Reduce the overhead (in space and in time) needed for fault-tolerance Better fault-tolerance in 1D? Better magic state

556 views • 22 slides
Rigorous fault-tolerance thresholds Ben Reichardt UC Berkeley N gate circuit 0/1 N gate

Rigorous fault-tolerance thresholds Ben Reichardt UC Berkeley N gate circuit 0/1 N gate

Rigorous fault-tolerance thresholds Ben Reichardt UC Berkeley N gate circuit 0/1 N gate circuit Need error 1/N 1/0 Quantum fault-tolerance problem Classical fault-tolerance: Von Neumann (1956) 0/1 Fault-tolerant, larger C High

846 views • 63 slides
Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault tolerant programming are: Fault Detection - Knowing that a fault exists Fault Recovery - having atomic instructions that can be rolled back in

361 views • 18 slides
CH NG 8: FAULT TOLERANCE TS. Tr n H i Anh Content 2 1. Introduction to fault

CH NG 8: FAULT TOLERANCE TS. Tr n H i Anh Content 2 1. Introduction to fault

1 Tr n H i Anh Distributed System CH NG 8: FAULT TOLERANCE TS. Tr n H i Anh Content 2 1. Introduction to fault tolerance 2. Process resilience 3. Reliable client-Server Communication 4. Reliable Group Communication 5.

966 views • 50 slides
Distributed Systems 5. Fault Tolerant Systems Fault-Tolerance - 1 Lszl Bszrmnyi

Distributed Systems 5. Fault Tolerant Systems Fault-Tolerance - 1 Lszl Bszrmnyi

Distributed Systems 5. Fault Tolerant Systems Fault-Tolerance - 1 Lszl Bszrmnyi Distributed Systems Fault tolerance A system or a component fails due to a fault Fault tolerance means that the system continues to provide its

428 views • 40 slides
CSci 5105 Introduction to Distributed Systems Fault Tolerance Last Time Replication and

CSci 5105 Introduction to Distributed Systems Fault Tolerance Last Time Replication and

CSci 5105 Introduction to Distributed Systems Fault Tolerance Last Time Replication and Consistency Today Fault tolerance Chapter 8 TVS Fault Tolerance Basics Availability short time horizon e.g down 1 msec every hour

292 views • 27 slides
Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats

Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats

Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats Fault Tolerance Fault Injection for Fault Tolerance Assessment Basic and classic techniques Decision Mechanisms Implementation

962 views • 61 slides
Distributed Systems (ICE 601) Fault Tolerance Dongman Lee ICU Class Overview Introduction

Distributed Systems (ICE 601) Fault Tolerance Dongman Lee ICU Class Overview Introduction

Distributed Systems (ICE 601) Fault Tolerance Dongman Lee ICU Class Overview Introduction Failure Model Fault Tolerance Models state machine primary-backup Distributed Systems - Fault Tolerance Introduction

146 views • 12 slides
Fibre bundle framework for unitary quantum fault tolerance Lucy Liuxuan Zhang University of

Fibre bundle framework for unitary quantum fault tolerance Lucy Liuxuan Zhang University of

Motivations and main idea Basics of quantum fault tolerance Geometric picture of QECCs and unitary fault tolerance Conclusion Fibre bundle framework for unitary quantum fault tolerance Lucy Liuxuan Zhang University of Toronto December 18,

795 views • 16 slides
Hypervisor-Based Fault-Tolerance Thomas C. Bressoud, Isis

Hypervisor-Based Fault-Tolerance Thomas C. Bressoud, Isis

Hypervisor-Based Fault-Tolerance Thomas C. Bressoud, Isis Distributed Systems Fred B. Schneider, Cornell University SOSP, 1995 Problem Fault tolerance

2.97k views • 8 slides
Adaptability and Fault Tolerance Adaptability and Fault Tolerance Rog rio rio de Lemos de

Adaptability and Fault Tolerance Adaptability and Fault Tolerance Rog rio rio de Lemos de

Adaptability and Fault Tolerance Adaptability and Fault Tolerance Rog rio rio de Lemos de Lemos Rog University of Kent, UK University of Kent, UK Context: self-* and dependability; Focus: adaptability and fault tolerance;

640 views • 19 slides
Towards an Efficient Fault-Tolerance Scheme for GLB Claudia Fohry, Marco Bungart and Jonas Posner

Towards an Efficient Fault-Tolerance Scheme for GLB Claudia Fohry, Marco Bungart and Jonas Posner

GLB Fault Tolerance Scheme Experimental Results Towards an Efficient Fault-Tolerance Scheme for GLB Claudia Fohry, Marco Bungart and Jonas Posner Programming Languages / Methodologies June 14, 2015 1 / 18 GLB Fault Tolerance Scheme

744 views • 18 slides
iQIM 5 December 2011 Quantum fault tolerance Error correction and fault tolerance will be

iQIM 5 December 2011 Quantum fault tolerance Error correction and fault tolerance will be

Protected gates for superconducting qubits V( ) John Preskill with Peter Brooks and Alexei Kitaev

511 views • 33 slides
Fault Tolerance For Sparse Linear Algebra Computations Implemented In A Grid Environment

Fault Tolerance For Sparse Linear Algebra Computations Implemented In A Grid Environment

Fault Tolerance For Sparse Linear Algebra Computations Implemented In A Grid Environment Experiments with Fault Tolerant Linear Algebra Algorithms Jack Dongarra Jeffery Chen Zhiao Shi Asim YarKhan University of Tennessee Fault Tolerance:

412 views • 22 slides
Recent Anthropogenic Increases in Sulfur Dioxide from Asia Have Minimal Impact on Stratospheric

Recent Anthropogenic Increases in Sulfur Dioxide from Asia Have Minimal Impact on Stratospheric

1 Recent Anthropogenic Increases in Sulfur Dioxide from Asia Have Minimal Impact on Stratospheric Aerosol Ryan R. Neely III, O. Brian Toon, Susan Solomon, J. P . Vernier, C. Alvarez, J. M. English, K. H. Rosenlof, M. J. Mills,C. G. Bardeen,

556 views • 39 slides
Industrial REIT C E N T U R I A I N D U S T R I A L R E I T A S X : C I P 1 69 STUDLEY COURT,

Industrial REIT C E N T U R I A I N D U S T R I A L R E I T A S X : C I P 1 69 STUDLEY COURT,

ASX CEO Connect ASX:CIP 5 May 2020 Centuria Industrial REIT C E N T U R I A I N D U S T R I A L R E I T A S X : C I P 1 69 STUDLEY COURT, DERRIMUT, VIC CENTURIA CAPITAL GROUP A leading ASX-listed funds manager $7.3bn Group AUM 1 ASX:CNI

621 views • 12 slides
LOBBY 10 1 PAINLESS ADVOCACY: The Art of Successfully Engaging with Your Elected officials

LOBBY 10 1 PAINLESS ADVOCACY: The Art of Successfully Engaging with Your Elected officials

LOBBY 10 1 PAINLESS ADVOCACY: The Art of Successfully Engaging with Your Elected officials PRESENTED BY Ellen Teller, Food Research and Action Center Carrie Calvert, Feeding America February 21, 2017, 4:00 PM EST Local Voices Matter!

436 views • 19 slides
Charm++ as an Energy Efficient Runtime 1 4/18/17 BILGE ACUN - CHARM++ WORKSHOP 2017 Interaction

Charm++ as an Energy Efficient Runtime 1 4/18/17 BILGE ACUN - CHARM++ WORKSHOP 2017 Interaction

Charm++ as an Energy Efficient Runtime 1 4/18/17 BILGE ACUN - CHARM++ WORKSHOP 2017 Interaction Between the Runtime System and the Resource Manager Allows dynamic interaction between the system resource manager or scheduler and the job

523 views • 25 slides
Parallelised Bayesian Optimisation via Thompson Sampling Kirthevasan Kandasamy Akshay Jeff

Parallelised Bayesian Optimisation via Thompson Sampling Kirthevasan Kandasamy Akshay Jeff

Parallelised Bayesian Optimisation via Thompson Sampling Kirthevasan Kandasamy Akshay Jeff Barnab as Krishnamurthy Schneider P oczos AISTATS 2018 Black-box Optimisation Expensive Blackbox Function Examples: - Hyper-parameter T

594 views • 58 slides
Predic've Modeling in a Polyhedral Op'miza'on Space Eunjung

Predic've Modeling in a Polyhedral Op'miza'on Space Eunjung

Predic've Modeling in a Polyhedral Op'miza'on Space Eunjung EJ Park 1 , Louis-Nol Pouchet 2 , John Cavazos 1 , Albert Cohen 3 , and P. Sadayappan 2

531 views • 30 slides
February 13, 2013, 1:30pm 3pm Central THANK YOU FOR JOINING US Please stay tuned and the

February 13, 2013, 1:30pm 3pm Central THANK YOU FOR JOINING US Please stay tuned and the

Turning Data into Information, Part 1 February 13, 2013, 1:30pm 3pm Central THANK YOU FOR JOINING US Please stay tuned and the webinar will begin on time. Please note that you will be placed on mute for some of this session. You may use the

1.3k views • 86 slides
Study of Neutron Structure with Spectator Tagging via eD e NX in MEIC Kijun Park 1 1 Old

Study of Neutron Structure with Spectator Tagging via eD e NX in MEIC Kijun Park 1 1 Old

Study of Neutron Structure with Spectator Tagging via eD e NX in MEIC Kijun Park 1 1 Old Dominion University/Jefferson Lab March 9, 2015 K.Park (ODU/JLAB) High Energy Physics with Spectator Tagging March 9, 2015 1 / 33 Electron Ion

645 views • 33 slides

More recommend