let it crash except when you shouldn t
play

Let It Crash... Except When You Shouldn't Steve Vinoski Verivue, - PowerPoint PPT Presentation

Jan 26, 2023 •216 likes •793 views

Let It Crash... Except When You Shouldn't Steve Vinoski Verivue, Inc. Westford, MA USA vinoski@ieee.org QCon London 10 March 2011 1 About This Talk Explore Erlangs Let It Crash approach to failure handling I dont assume you

  1. Let It Crash... Except When You Shouldn't Steve Vinoski Verivue, Inc. Westford, MA USA vinoski@ieee.org QCon London 10 March 2011 1

  2. About This Talk Explore Erlang’s “Let It Crash” approach to failure handling I don’t assume you know Erlang, so there’ll be some explanation of some core Erlang concepts Focus on a couple problem areas that aren’t well documented and that you usually learn the hard way 2

  3. Fail Constantly Netflix “Chaos Monkey” Kills randomly kills things within Netflix’s AWS infrastructure to make sure things keep running even with failures “Best way to avoid failure is to fail constantly” http://techblog.netflix.com/2010/12/5-lessons- weve-learned-using-aws.html 3

  4. Defensive Programming Write code to solve the actual problem Then try to think of everything that can go wrong, especially with inputs And then write defensive code to catch and handle all possible errors and exceptions 4

  5. Defensive Holes The more code you have, the more bugs you have Obscures the business logic, making it hard to read, extend, and maintain Error handling code is often incomplete and inadequately tested It’s hard to defend against every possibility 5

  6. Let It Crash From Joe Armstrong’s doctoral thesis: Let some other process do the error recovery. If you can ʼ t do what you want to do, die. Let it crash. Do not program defensively. 6

  7. Erlang’s Better Way Provides features that let you address fault tolerance from the start Cheap lightweight processes Process linking and monitoring Workers and supervisors Hierarchical supervision Distribution/clustering (not covered) 7

  8. Cheap Processes It’s practical to have hundreds of thousands in a single Erlang VM Fast starting Small footprint Isolated, reachable by message passing 8

  9. Process Linking Erlang supports bidirectional links between processes If a process dies abnormally, linked processes receive an exit signal and by default also die Processes can trap exits to avoid dying when a linked process dies 9

  10. Workers & Supervisors Workers implement application logic Supervisors: start child workers and supervisors link to the children and trap exits take action when a child dies, typically restarting one or more children 10

  11. Startup Sequence Hierarchical sequence Application controller starts the app App starts supervisor Supervisor starts children Workers are typically instances of OTP “behaviors,” frameworks that support an “init” function called during startup 11

  12. Application, Supervisors, Workers Application Simple Core Supervisors Workers 12

  13. “Let It Crash” Gone Wrong 13

  14. “Let It Crash” Gone Wrong Production web video delivery system Tracking paid video subscriber usage During an interactive debug session, looked up a random subscriber several times When that subscriber logged out, the lookup crashed the whole data table. All usage data lost. Oops. 14

  15. Moral of the Story Failed to follow the “Principle of Least Surprise” Probably not what Joe Armstrong meant “Let It Crash” is not: a (long-term) design crutch an excuse for losing vital data 15

  16. Handle what you can, and let someone else handle the rest. 16

  17. Erlang Term Storage (ets) In-memory key-value storage for Erlang terms Concurrency safe, very fast Each ets table is owned by a process Not garbage collected, either deleted explicitly or destroyed when owner dies 17

  18. What Went Wrong? Subscriber data stored in ets table Subscriber tracking process did not handle a failed ets lookup Resulting exception took down the tracking process When the process died, it took the subscriber data table down with it 18

  19. Avoid Losing ets Data When you just “Let It Crash” you lose your ets tables by default If this isn’t what you want, the alternatives are straightforward 19

  20. Option: Name an Heir When creating the table, specify a process to inherit the table if the owner dies Heir process receives this message if owner dies: {'ETS-TRANSFER', TableId, Owner, HeirData} 20

  21. Option: Give It Away A process creating an ets table can give it away to another process New owner gets the message below: {'ETS-TRANSFER',Tab,Owner,GiftData} 21

  22. Option: Table Manager Have the supervisor create a process whose sole job is to manage the ets table Process is doing so little that failure is extremely unlikely Table can be public to allow other processes to read and write 22

  23. Or, a Combination Table manager links to the table user process, and traps exits creates the table and makes itself the heir gives it away to the user process If failure, manager gets the table back Rinse and repeat 23

  24. Combination Example 1> process_flag(trap_exit, true). false 24

  25. Combination Example 1> process_flag(trap_exit, true). false 2> T = ets:new(foo, [{heir, self(), undefined}]). 16400 25

  26. Combination Example 1> process_flag(trap_exit, true). false 2> T = ets:new(foo, [{heir, self(), undefined}]). 16400 3> P = spawn_link(fun() -> F = fun(Fn) -> receive exit -> ok; 3> M -> io:format("~p~n", [M]), Fn(Fn) end end, F(F) end). <0.36.0> 26

  27. Combination Example 1> process_flag(trap_exit, true). false 2> T = ets:new(foo, [{heir, self(), undefined}]). 16400 3> P = spawn_link(fun() -> F = fun(Fn) -> receive exit -> ok; 3> M -> io:format("~p~n", [M]), Fn(Fn) end end, F(F) end). <0.36.0> 4> ets:give_away(T, P, undefined). {'ETS-TRANSFER',16400,<0.31.0>,undefined} true 27

  28. Combination Example 1> process_flag(trap_exit, true). false 2> T = ets:new(foo, [{heir, self(), undefined}]). 16400 3> P = spawn_link(fun() -> F = fun(Fn) -> receive exit -> ok; 3> M -> io:format("~p~n", [M]), Fn(Fn) end end, F(F) end). <0.36.0> 4> ets:give_away(T, P, undefined). {'ETS-TRANSFER',16400,<0.31.0>,undefined} true 5> P ! exit. exit 28

  29. Combination Example 1> process_flag(trap_exit, true). false 2> T = ets:new(foo, [{heir, self(), undefined}]). 16400 3> P = spawn_link(fun() -> F = fun(Fn) -> receive exit -> ok; 3> M -> io:format("~p~n", [M]), Fn(Fn) end end, F(F) end). <0.36.0> 4> ets:give_away(T, P, undefined). {'ETS-TRANSFER',16400,<0.31.0>,undefined} true 5> P ! exit. exit 6> flush(). Shell got {'ETS-TRANSFER',16400,<0.36.0>,undefined} Shell got {'EXIT',<0.36.0>,normal} 29

  30. Combination Example 1> process_flag(trap_exit, true). false 2> T = ets:new(foo, [{heir, self(), undefined}]). 16400 3> P = spawn_link(fun() -> F = fun(Fn) -> receive exit -> ok; 3> M -> io:format("~p~n", [M]), Fn(Fn) end end, F(F) end). <0.36.0> 4> ets:give_away(T, P, undefined). {'ETS-TRANSFER',16400,<0.31.0>,undefined} true 5> P ! exit. exit 6> flush(). Shell got {'ETS-TRANSFER',16400,<0.36.0>,undefined} Shell got {'EXIT',<0.36.0>,normal} 30

  31. Another Example 31

  32. TCP Connections {ok, Socket} = gen_tcp:connect(...), Q: What happens if connect fails? A: It returns {error, Reason} 32

  33. Result {ok, Socket} = gen_tcp:connect(...) if failure, means {ok, Socket} = {error, Reason} In Erlang “assignment” is actually matching, so this assignment results in a badmatch exception The exception causes process death 33

  34. Is This Good Code? Networks can fail Remote hosts can fail Remote server apps can fail So, gen_tcp:connect must be expected to fail sometimes 34

  35. Crash or Not? If the process must connect now must connect to a particular server instance can’t operate at all without the connection Then maybe it’s OK to crash 35

  36. Crash or Not? If the process can defer the connection can try to connect to a di fg erent server instance can still o fg er other capabilities that don’t depend on the connection Then no, maybe it shouldn’t crash 36

  37. Handle It Elsewhere? If we choose to crash when we can’t connect, then who will deal with the crash? what will they do to handle it? is it worth logging? what if the alternative doesn’t work? 37

  38. Startup Sequence Hierarchical sequence Application controller starts the app App starts supervisor Supervisor starts children Workers are typically instances of OTP “behaviors” 38

  39. OTP Behaviors Erlang frameworks that support storage of state in a tail-recursive loop handling of system messages for status code upgrades e.g., gen_server and gen_fsm are behaviors Developers write behavior impls that fulfill certain callbacks One such callback is the “init” function called during behavior process startup 39

  40. Behavior Init Function init([]) -> {ok, Sock} = gen_tcp:connect(...), {ok, #state{socket = Sock}}. Call connect Store returned socket in our behavior loop state 40

  41. Problems in App Startup If a child process blocks in init, the supervisor, app, and app controller are blocked as well gen_tcp:connect can take a long time to timeout on error What happens if connect returns {error, Reason} instead? 41

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Why you shouldn't write cryptographic algorithms yourself Experience why writing your own crypto

Why you shouldn't write cryptographic algorithms yourself Experience why writing your own crypto

Why you shouldn't write cryptographic algorithms yourself Experience why writing your own crypto is harder than it seems at frst. Simo Sorce Sr. Principal Sw. Engineer RHEL Crypto Team 2019-01-26 Everyone tells you that you shouldnt

348 views • 30 slides
Arizona Crash Report Presentation by Glen Robison State Custodian of Crash Records Prepared

Arizona Crash Report Presentation by Glen Robison State Custodian of Crash Records Prepared

Arizona Crash Report Presentation by Glen Robison State Custodian of Crash Records Prepared 6/3/2020 1- Crash Identification Block The month, day and hour should be when the crash occurred Not when reported Not when you arrived 2- General

561 views • 15 slides
Managing Localizations: What you should and shouldn't do Park Shinjo 2010. 7. 4. | T ampere,

Managing Localizations: What you should and shouldn't do Park Shinjo 2010. 7. 4. | T ampere,

Managing Localizations: What you should and shouldn't do Park Shinjo 2010. 7. 4. | T ampere, Finland | Akademy 2010 Contents 5W1H About localization Who When Where What Why How Who Musa is using KDE; he wants to

357 views • 33 slides
PUEBLO MS2 - CRASH http://pueblo.ms2soft.com/ By: Hannah Haunert TCDS Traffic Crash Location

PUEBLO MS2 - CRASH http://pueblo.ms2soft.com/ By: Hannah Haunert TCDS Traffic Crash Location

PUEBLO MS2 - CRASH http://pueblo.ms2soft.com/ By: Hannah Haunert TCDS Traffic Crash Location System Website Address: http://pueblo.ms2soft.com Quick Search By: Study Location Location Crash Data Crash ID Date Crash Type LOG

555 views • 31 slides
A Crash Course on A Crash Course on Temporal Specifications Temporal Specifications [Kansas

A Crash Course on A Crash Course on Temporal Specifications Temporal Specifications [Kansas

A Crash Course on A Crash Course on Temporal Specifications Temporal Specifications [Kansas State] John Hatcliff Work on specification patterns by Matthew Dwyer, Jay Corbett, and George Avrunin http://www.cis.ksu.edu/santos/bandera

303 views • 29 slides
A Crash Course in Genetics A Crash Course in Genetics General Overview: DNA Structure

A Crash Course in Genetics A Crash Course in Genetics General Overview: DNA Structure

A Crash Course in Genetics A Crash Course in Genetics General Overview: DNA Structure RNA DNA Replication Encoding Proteins Protein Folding Types of DNA Manipulating DNA PCR Biological Computation CPSC

378 views • 36 slides
Crash Course into the New Finnish Government and HQ Communication Crash Course into the New

Crash Course into the New Finnish Government and HQ Communication Crash Course into the New

@amchamwatch| @HofstedeInsight @RudPedersenFIN Country Manager Network Breakfast: Crash Course into the New Finnish Government and HQ Communication Crash Course into the New Finnish Government and HQ Communication Esa Suominen Managing

262 views • 25 slides
CRASH COURSE OR COURSE CRASH: Gaming, VR and a Pedagogical Approach Dr. Brent Chamberlain

CRASH COURSE OR COURSE CRASH: Gaming, VR and a Pedagogical Approach Dr. Brent Chamberlain

CRASH COURSE OR COURSE CRASH: Gaming, VR and a Pedagogical Approach Dr. Brent Chamberlain Landscape Architecture &amp; Regional and Community Planning Kansas State University DLA Conference 2015 June 6, 2015 BACKGROUND AND CONTEXT

702 views • 31 slides
Crash and Burn: Learning from Failure SOA 2020 June 17, 2020 Crash and Burn Collette N.

Crash and Burn: Learning from Failure SOA 2020 June 17, 2020 Crash and Burn Collette N.

Crash and Burn: Learning from Failure SOA 2020 June 17, 2020 Crash and Burn Collette N. McDonough Archivist and Library Manager at the Kettering Foundation Owned by one cat Crash and Burn One fails toward success.

434 views • 7 slides
Taint Nobody Got Time for Crash Analysis Crash Analysis Triage Goals Execution Path What

Taint Nobody Got Time for Crash Analysis Crash Analysis Triage Goals Execution Path What

Taint Nobody Got Time for Crash Analysis Crash Analysis Triage Goals Execution Path What code paths were executed What parts of the execution interacted with external data Input Determination Which input bytes influence the crash

583 views • 45 slides
Crash Course Entrepreneurship Crash Course Escape from Corporate [Case Study] Who wants

Crash Course Entrepreneurship Crash Course Escape from Corporate [Case Study] Who wants

Entrepreneurship Crash Course Entrepreneurship Crash Course Escape from Corporate [Case Study] Who wants to become your own boss, set your own schedule, work from anywhere in the world, make a lot of money, love what you do, AND

1.06k views • 79 slides
MATLAB crash course Cesar E. Tamayo Economics - Rutgers September 27th, 2013 1/27 MATLAB crash

MATLAB crash course Cesar E. Tamayo Economics - Rutgers September 27th, 2013 1/27 MATLAB crash

MATLAB crash course 1 / 27 MATLAB crash course Cesar E. Tamayo Economics - Rutgers September 27th, 2013 1/27 MATLAB crash course 2 / 27 Program Program I Interface: layout, menus, help, etc.. I Vectors and matrices I Graphics: I Plots,

2k views • 27 slides
Previous Studies Crash Reports Reviewed 2005-2013 crash reports 91% of crashes were

Previous Studies Crash Reports Reviewed 2005-2013 crash reports 91% of crashes were

Previous Studies Crash Reports Reviewed 2005-2013 crash reports 91% of crashes were motor vehicles vs. bikes resulting in injury to at least one person Mostly St. Augustine residents, not tourists Most people involved in

193 views • 6 slides
PAHOKEE ELEMENTARY CRASH SCENE INVESTIGATION TUES., MAY 15, 2018 The Crash--Kikis Silver Car

PAHOKEE ELEMENTARY CRASH SCENE INVESTIGATION TUES., MAY 15, 2018 The Crash--Kikis Silver Car

PAHOKEE ELEMENTARY CRASH SCENE INVESTIGATION TUES., MAY 15, 2018 The Crash--Kikis Silver Car 1. Silver Mazda License Plate: 879RYZ Car hit by front right bumper near headlight 2. Driver KIKI 3. Passengers BRITTNEY

530 views • 15 slides
Carleton University Crash Dummy Crash-Test Dummy Mainly used to improve automotive safety

Carleton University Crash Dummy Crash-Test Dummy Mainly used to improve automotive safety

Carleton University Crash Dummy Crash-Test Dummy Mainly used to improve automotive safety No dummies available for cycling accidents Load Cell Accelerometer http://blog.al.com/living-

236 views • 7 slides
You Only Live Multiple Times Black box re-use of Crash-Stop Algorithms In Realistic Crash-Recovery

You Only Live Multiple Times Black box re-use of Crash-Stop Algorithms In Realistic Crash-Recovery

You Only Live Multiple Times Black box re-use of Crash-Stop Algorithms In Realistic Crash-Recovery Settings DAVID KOZHAYA 1 , OGNJEN MARIC 2 , AND YVONNE-ANNE PIGNOLET 1 1 ABB CORPORATE RESEARCH SWITZERLAND , 2 DIGITAL ASSET SWITZERLAND A

555 views • 19 slides
G2-1 Two Key Features Further details: void 1. The name of the function and The keyword void has

G2-1 Two Key Features Further details: void 1. The name of the function and The keyword void has

Big Idea for Code: Functions Deceptively Simple Big Idea One idea One definition, many uses One idea One definition, many uses One idea Identify a sub-problem that has to be solved in your One idea One definition, many uses

380 views • 6 slides
Metrics-Driven Design In Gods we trust, all others bring data. by Joshua Porter Dustin Curtis

Metrics-Driven Design In Gods we trust, all others bring data. by Joshua Porter Dustin Curtis

Metrics-Driven Design In Gods we trust, all others bring data. by Joshua Porter Dustin Curtis Twitter copy test was hugely popular, showing widespread interest in testing. @bokardo Small changes in copy can have large effects.

738 views • 52 slides
Free Webinar Preview of The No B.S. Class On Freelance Writing Hosted by Jacob Jans Featuring

Free Webinar Preview of The No B.S. Class On Freelance Writing Hosted by Jacob Jans Featuring

Free Webinar Preview of The No B.S. Class On Freelance Writing Hosted by Jacob Jans Featuring Ian Chandler Todays Agenda Overcoming the fears of getting started Building a portfolio of real world samples Finding work that pays

310 views • 19 slides
Launching Decentralized Autonomous Organizations On Aragon Table of Contents Overview Road

Launching Decentralized Autonomous Organizations On Aragon Table of Contents Overview Road

Launching Decentralized Autonomous Organizations On Aragon Table of Contents Overview Road to release Understanding the problems Project objective Target audience Introducing: Aragon Colonies Evolutionary feedback loop of DAMits

306 views • 18 slides
D Programming Language: The Sudden Andrei Alexandrescu, Ph.D. Research Scientist, Facebook

D Programming Language: The Sudden Andrei Alexandrescu, Ph.D. Research Scientist, Facebook

D Programming Language: The Sudden Andrei Alexandrescu, Ph.D. Research Scientist, Facebook aa@fb.com YOW 2014 1 / 44 2014 Andrei Alexandrescu. c Introduction 2 / 44 2014 Andrei Alexandrescu. c Introduction 3 / 44 2014

972 views • 57 slides
Model Theoretic Phonology James Rogers (Earlham) Jeffrey Heinz (Delaware) Course administration

Model Theoretic Phonology James Rogers (Earlham) Jeffrey Heinz (Delaware) Course administration

ESSLLI 2014 1 Model Theoretic Phonology James Rogers (Earlham) Jeffrey Heinz (Delaware) Course administration Slide 1 Slides with notes are posted on the ESSLLI WIKI: http://esslli2014.info/wiki/ topics-in-model-theoretic-phonology/ and

1.45k views • 133 slides
A thematic linear algebra course focused on four problems of the form T ( x ) = b David M.

A thematic linear algebra course focused on four problems of the form T ( x ) = b David M.

A thematic linear algebra course focused on four problems of the form T ( x ) = b David M. McClendon mcclend2@ferris.edu Ferris State University Big Rapids, MI, USA AMS-MAA Joint Meetings January 11, 2018 David McClendon mcclend2@ferris.edu

431 views • 15 slides
Semifinite Generalized Quadrangles G. Eric Moorhouse Department of Mathematics University of

Semifinite Generalized Quadrangles G. Eric Moorhouse Department of Mathematics University of

Semifinite Generalized Quadrangles G. Eric Moorhouse Department of Mathematics University of Wyoming RMAC Seminar10 October 2014 G. Eric Moorhouse Semifinite Generalized Quadrangles Generalized Quadrangles A generalized quadrangle (GQ) is

636 views • 49 slides

More recommend