DOCSLIB.ORG

The Complexity of Adding Failsafe Fault-Tolerance Sandeep S

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Complexity of Adding Failsafe Fault-Tolerance Sandeep S The Complexity of Adding Failsafe Fault-Tolerance Sandeep S. Kulkarni Ali Ebnenasir Department of Computer Science and Engineering Michigan State University East Lansing MI 48824 USA Abstract in simplifying the reuse of the techniques used in manually In this paper, we focus our attention on the problem of automating adding fault-tolerance. We expect that the same advantage the addition of failsafe fault-tolerance where fault-tolerance is will apply in the automated addition of fault-tolerance. added to an existing (fault-intolerant) program. A failsafe fault- The main difficulty in automating the addition of fault- tolerant program satisfies its specification (including safety and tolerance, however, is the complexity involved in this liveness) in the absence of faults. And, in the presence of faults, it process. In [2], Kulkarni and Arora showed that the problem satisfies its safety specification. We present a somewhat unexpected of adding masking fault-tolerance –where both safety and result that, in general, the problem of adding failsafe fault-tolerance liveness are satisfied in the presence of faults– is NP-hard. in distributed programs is NP-hard. Towards this end, we reduce We find that there are three possible options to deal with this the 3-SAT problem to the problem of adding failsafe fault-tolerance. complexity: (1) develop heuristics under which the synthesis We also identify a class of specifications, monotonic specifications and a class of programs, monotonic programs. Given a (positive) algorithm takes polynomial time, (2) consider a weaker form monotonic specification and a (negative) monotonic program, we of fault-tolerance such as failsafe –where only safety is show that failsafe fault-tolerance can be added in polynomial time. satisfied in the presence of faults, or nonmasking -where We note that the monotonicity restrictions are met for commonly safety may be violated temporarily if faults occur, or (3) encountered problems such as Byzantine agreement, distributed identify a class of specifications and programs for which the consensus, and atomic commitment. Finally, we argue that the addition of fault-tolerance can be performed in polynomial restrictions on the specifications and programs are necessary to add time. failsafe fault-tolerance in polynomial time; we prove that if only The first approach was used in [3], where Kulkarni, Arora and one of these conditions is satisfied, the addition of failsafe fault- Chippada presented heuristics that are applicable to several tolerance is still NP-hard. Keywords : Fault-tolerance, Formal methods, Program problems including byzantine agreement. In polynomial synthesis, Program transformation, Distributed time, their algorithm finds a fault-tolerant program or it programs declares that a fault-tolerant program cannot be synthesized. In this paper, we focus on the other two approaches. 1 Introduction Regarding the second approach, we focus our attention on We focus on the automation of failsafe fault-tolerant the design of failsafe fault-tolerance. By adding failsafe programs, i.e., programs that satisfy their safety specification fault-tolerance in an automated fashion, we can simplify – if faults occur. We begin with a fault-intolerant program and partly automate– the design of masking fault-tolerant and systematically add fault-tolerance to it. The resulting programs. More specifically, the algorithm that automates the program, thus, guarantees that if no faults occur then the addition of failsafe fault-tolerance and the stepwise method specification is satisfied. However, if faults do occur then for designing masking fault-tolerance [1] can be combined at least the safety specification is satisfied. to partially automate the design of masking fault-tolerant There are several advantages of such automation. For one, programs. The algorithm in [1] shows how a masking fault- the synthesized program is correct by construction and there tolerant program can be designed by first designing a failsafe is no need for its correctness proof. Second, since we begin (respectively, nonmasking) fault-tolerant program and then with an existing fault-intolerant program, the derived fault- adding nonmasking (respectively, failsafe) fault-tolerance to tolerant program reuses it. Therefore, it would be possible it. Thus, given an algorithm that automates the addition to add fault-tolerance even to programs for which the entire of failsafe fault-tolerance, we can automate one step of specification is not available or where the existing program designing masking fault-tolerance. is the de-facto specification. Third, in this approach, the In our investigation, we find that the design of distributed concerns of the functionality of a program and its fault- failsafe fault-tolerant programs is also NP-hard. To show this, tolerance are separated. This separation is known to help [1] we provide a reduction from 3-SAT to the problem of adding 1Email: [email protected], [email protected] failsafe fault-tolerance. Web: http://www.cse.msu.edu/˜{sandeep,ebnenasi} To deal with the complexity involved in automating the Tel: +1-517-355-2387, Fax: 1-517-432-1061 addition of failsafe fault-tolerance, we follow the third This work was partially sponsored by NSF CAREER CCR-0092724, approach considered above. Specifically, we identify the DARPA contract F33615-01-C-1901, ONR Grant N00014-01-1-0744, and a grant from Michigan State University. restrictions that can be imposed on specifications and fault- intolerant programs in order to ensure that failsafe fault- - 2 * tolerance can be added in polynomial time. Towards this , , that it can write. Also, process consists of a set of 0132¨¤4¢ 5 end, we identify a class of specifications, namely monotonic transitions ./, ; each transition is of the form where % ¤/ ' ¢ ( specifications, and a class of programs, namely monotonic 2 . We address the effect of read/write restrictions . ( programs. Given a (positive) monotonic specification and a on , in Section 2.2. The transitions of , , is the union of (negative) monotonic program, we show that failsafe fault- the transitions of its processes. tolerance can be added in polynomial time. Finally, we In this paper, in most situations we are interested in the state note that the class of monotonic specifications contains well- space of and all its transitions. Hence, unless we need to recognized [4–6] problems of distributed consensus, atomic talk about the transitions of a particular process or the values commitment, and byzantine agreement. of the particular variables, we simply let program be the '( .7( We also argue that the restrictions imposed on the tuple ')(6¤ ./(¨ where is a finite set of states and is a % ')(6? specification and the fault-intolerant program are necessary. subset of 890:2;¤4¢<5>=¨ 2;¤4¢ . ' More specifically, we show that if restrictions are imposed A state predicate of is any subset of ( . A state ' . only on the specification (respectively, the fault-intolerant predicate is closed in the program (respectively, ( ) iff % % % 0@A0: ¤/ 5BC01 ¤4 5 . 0: 'EDF 'G5 5 ¢ 2 ¢ ( 2 ¢ program) then the problem of adding failsafe fault-tolerance 2 . A sequence ¤4 ¤ © © ©H ¢ is still NP-hard. of states, 2 , is a computation of iff the following % .7( Organization of the paper. This paper is organized two conditions are satisfied: (1) 6*I¨*KJMLNO0:,@P¢¤/7,35 , 3Q as follows: In Section 2, we provide a few basic concepts and (2) if 32;¤/¢¤ © © ©H is finite and terminates in state then % 013QR¤45 .7( such as programs, computations, specifications, faults and there does not exist state such that . fault-tolerance. In Section 3, we state the problem of The projection of program on state predicate ' , denoted as % % ' '(¤<8£012¥¤4¢<5SO01 2£¤4¢ 5 .7(UTV2¨¤/¢ adding failsafe fault-tolerance. In Section 4, we prove the = , is the program = ' ' NP-completeness of the problem of adding failsafe fault- 'B? . I.e., consists of transitions of that start in ' 0XW ' ¤4. ¦5 ( tolerance. In Section 5, we precisely define the notion and end in . Given two programs, ( and )Y Y Y Y[Z Y Y Z 01W ' ¤4. ¦5 ' W\' . ( ( ( ( ( of monotonic specifications and monotonic programs, and ( , we say iff and . show their necessity and sufficiency for adding failsafe fault- Notation. When it is clear from context, we use and . ( tolerance in polynomial time. Finally, we make concluding interchangeably. Also, we say that a state predicate ' is true % ' remarks in Section 6. in a state iff . 2.2 Issues of Distribution 2 Preliminaries Now, we present the issues that distribution introduces during In this section, we give formal definitions of programs, the addition of fault-tolerance. More specifically, we identify problem specifications, faults, and fault-tolerance. The how read/write restrictions on a process affect its transitions. programs are specified in terms of their state space and their Write restrictions. Given a transition 0:32;¤4¢<5 , it is transitions. The definition of specifications is adapted from straightforward to determine the variables that need to be ¢ Alpern and Schneider [7]. The definition of faults and fault- changed in order to modify the state from 32 to . Thus, tolerance is adapted from Arora and Gouda [8] and Kulkarni the write restrictions amount to ensuring that the transitions [1]. The issues of modeling distributed programs is adapted of a process only modify those variables that it can write. from [2]. A similar modeling of distributed programs in More specifically, if process * can only write the variables in - - , read/write atomicity was independently identified by Attie , and the value of a variable other than that in is changed 0: ¤/ 5 ¢ and Emerson [9]. in the transition 2 then that transition cannot be used * in obtaining the transitions of * . In other words, if can Most definitions in this section are straightforward, and are - * only write variables in , then cannot use the transitions in ! - included to make the paper self-contained. A reader who is - ,5 familiar with this area can skip this section if necessary.
Load more

Recommended publications
  • The Google File System (GFS)
    The Google File System (GFS), as described by Ghemwat, Gobioff, and Leung in 2003, provided the architecture for scalable, fault-tolerant data management within the context of Google. These architectural choices, however, resulted in sub-optimal performance in regard to data trustworthiness (security) and simplicity. Additionally, the application- specific nature of GFS limits the general scalability of the system outside of the specific design considerations within the context of Google. SYSTEM DESIGN: The authors enumerate their specific considerations as: (1) commodity components with high expectation of failure, (2) a system optimized to handle relatively large files, particularly multi-GB files, (3) most writes to the system are concurrent append operations, rather than internally modifying the extant files, and (4) a high rate of sustained bandwidth (Section 1, 2.1). Utilizing these considerations, this paper analyzes the success of GFS’s design in achieving a fault-tolerant, scalable system while also considering the faults of the system with regards to data-trustworthiness and simplicity. Data-trustworthiness: In designing the GFS system, the authors made the conscious decision not prioritize data trustworthiness by allowing applications to access ‘stale’, or not up-to-date, data. In particular, although the system does inform applications of the chunk-server version number, the designers of GFS encouraged user applications to cache chunkserver information, allowing stale data accesses (Section 2.7.2, 4.5). Although possibly troubling
    [Show full text]
  • Introspection-Based Verification and Validation
    Introspection-Based Verification and Validation Hans P. Zima Jet Propulsion Laboratory, California Institute of Technology, Pasadena, CA 91109 E-mail: [email protected] Abstract This paper describes an introspection-based approach to fault tolerance that provides support for run- time monitoring and analysis of program execution. Whereas introspection is mainly motivated by the need to deal with transient faults in embedded systems operating in hazardous environments, we show in this paper that it can also be seen as an extension of traditional V&V methods for dealing with program design faults. Introspection—a technology supporting runtime monitoring and analysis—is motivated primarily by dealing with faults caused by hardware malfunction or environmental influences such as radiation and thermal effects [4]. This paper argues that introspection can also be used to handle certain classes of faults caused by program design errors, complementing the classical approaches for dealing with design errors summarized under the term Verification and Validation (V&V). Consider a program, P , over a given input domain, and assume that the intended behavior of P is defined by a formal specification. Verification of P implies a static proof—performed before execution of the program—that for all legal inputs, the result of applying P to a legal input conforms to the specification. Thus, verification is a methodology that seeks to avoid faults. Model checking [5, 3] refers to a special verification technology that uses exploration of the full state space based on a simplified program model. Verification techniques have been highly successful when judiciously applied under the right conditions in well-defined, limited contexts.
    [Show full text]
  • Fault-Tolerant Components on AWS
    Fault-Tolerant Components on AWS November 2019 This paper has been archived For the latest technical information, see the AWS Whitepapers & Guides page: Archivedhttps://aws.amazon.com/whitepapers Notices Customers are responsible for making their own independent assessment of the information in this document. This document: (a) is for informational purposes only, (b) represents current AWS product offerings and practices, which are subject to change without notice, and (c) does not create any commitments or assurances from AWS and its affiliates, suppliers or licensors. AWS products or services are provided “as is” without warranties, representations, or conditions of any kind, whether express or implied. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers. © 2019 Amazon Web Services, Inc. or its affiliates. All rights reserved. Archived Contents Introduction .......................................................................................................................... 1 Failures Shouldn’t Be THAT Interesting ............................................................................. 1 Amazon Elastic Compute Cloud ...................................................................................... 1 Elastic Block Store ........................................................................................................... 3 Auto Scaling ....................................................................................................................
    [Show full text]
  • Network Reliability and Fault Tolerance
    Network Reliability and Fault Tolerance Muriel Medard´ [email protected] Laboratory for Information and Decision Systems Room 35-212 Massachusetts Institute of Technology 77 Massachusetts Avenue, Cambridge, MA 02139 Steven S. Lumetta [email protected] Coordinated Science Laboratory University of Illinois Urbana-Champaign 1308 W. Main Street, Urbana, IL 61801 1 Introduction The majority of communications applications, from cellular telephone conversations to credit card transactions, assume the availability of a reliable network. At this level, data are expected to tra- verse the network and to arrive intact at their destination. The physical systems that compose a network, on the other hand, are subjected to a wide range of problems, ranging from signal distor- tion to component failures. Similarly, the software that supports the high-level semantic interface 1 often contains unknown bugs and other latent reliability problems. Redundancy underlies all ap- proaches to fault tolerance. Definitive definitions for all concepts and terms related to reliability, and, more broadly, dependability, can be found in [AAC+92]. Designing any system to tolerate faults first requires the selection of a fault model, a set of possible failure scenarios along with an understanding of the frequency, duration, and impact of each scenario. A simple fault model merely lists the set of faults to be considered; inclusion in the set is decided based on a combination of expected frequency, impact on the system, and feasibility or cost of providing protection. Most reliable network designs address the failure of any single component, and some designs tolerate multiple failures. In contrast, few attempt to handle the adversarial conditions that might occur in a terrorist attack, and cataclysmic events are almost never addressed at any scale larger than a city.
    [Show full text]
  • Fault Tolerance
    Distributed Systems Fault Tolerance Paul Krzyzanowski Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Page Faults • Deviation from expected behavior • Due to a variety of factors: – Hardware failure – Software bugs – Operator errors – Network errors/outages Page A fault in a system is some deviation from the expected behavior of the system -- a malfunction. Faults may be due to a variety of factors, including hardware, software, operator (user), and network errors. Faults • Three categories – transient faults – intermittent faults – permanent faults • Any fault may be – fail-silent (fail-stop) – Byzantine • synchronous system vs. asynchronous system – E.g., IP packet versus serial port transmission Page Faults can be classified into one of three categories: transient faults: these occur once and then disappear. For example, a network message transmission times out but works fine when attempted a second time. Intermittent faults: these are the most annoying of component faults. This fault is characterized by a fault occurring, then vanishing again, then occurring, … An example of this kind of fault is a loose connection. Permanent faults: this fault is persistent: it continues to exist until the faulty component is repaired or replaced. Examples of this fault are disk head crashes, software bugs, and burnt-out hardware. Any of these faults may be either a fail-silent failure (also known as fail-stop) or a Byzantine failure. A fail-silent fault is one where the faulty unit stops functioning and produces no ill output (it produces no output or produces output to indicate failure). A Byzantine fault is one where the faulty unit continues to run but produces incorrect results.
    [Show full text]
  • Detecting and Tolerating Byzantine Faults in Database Systems Benjamin Mead Vandiver
    Computer Science and Artificial Intelligence Laboratory Technical Report MIT-CSAIL-TR-2008-040 June 30, 2008 Detecting and Tolerating Byzantine Faults in Database Systems Benjamin Mead Vandiver massachusetts institute of technology, cambridge, ma 02139 usa — www.csail.mit.edu Detecting and Tolerating Byzantine Faults in Database Systems by Benjamin Mead Vandiver Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY June 2008 c Massachusetts Institute of Technology 2008. All rights reserved. Author.............................................................. Department of Electrical Engineering and Computer Science May 23, 2008 Certified by.......................................................... Barbara Liskov Ford Professor of Engineering Thesis Supervisor Accepted by......................................................... Terry P. Orlando Chairman, Department Committee on Graduate Students 2 Detecting and Tolerating Byzantine Faults in Database Systems by Benjamin Mead Vandiver Submitted to the Department of Electrical Engineering and Computer Science on May 23, 2008, in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Abstract This thesis describes the design, implementation, and evaluation of a replication scheme to handle Byzantine faults in transaction processing database systems. The scheme compares answers from queries and updates on multiple replicas which are off-the-shelf database systems, to provide a single database that is Byzantine fault tolerant. The scheme works when the replicas are homogeneous, but it also allows heterogeneous replication in which replicas come from different vendors. Heteroge- neous replicas reduce the impact of bugs and security compromises because they are implemented independently and are thus less likely to suffer correlated failures.
    [Show full text]
  • Fault Tolerance Techniques for Scalable Computing∗
    Fault Tolerance Techniques for Scalable Computing∗ Pavan Balaji, Darius Buntinas, and Dries Kimpe Mathematics and Computer Science Division Argonne National Laboratory fbalaji, buntinas, [email protected] Abstract The largest systems in the world today already scale to hundreds of thousands of cores. With plans under way for exascale systems to emerge within the next decade, we will soon have systems comprising more than a million processing elements. As researchers work toward architecting these enormous systems, it is becoming increas- ingly clear that, at such scales, resilience to hardware faults is going to be a prominent issue that needs to be addressed. This chapter discusses techniques being used for fault tolerance on such systems, including checkpoint-restart techniques (system-level and application-level; complete, partial, and hybrid checkpoints), application-based fault- tolerance techniques, and hardware features for resilience. 1 Introduction and Trends in Large-Scale Computing Sys- tems The largest systems in the world already use close to a million cores. With upcoming systems expected to use tens to hundreds of millions of cores, and exascale systems going up to a billion cores, the number of hardware components these systems would comprise would be staggering. Unfortunately, the reliability of each hardware component is not improving at ∗This work was supported by the Office of Advanced Scientific Computing Research, Office of Science, U.S. Department of Energy, under Contract DE-AC02-06CH11357. 1 the same rate as the number of components in the system is growing. Consequently, faults are increasingly becoming common. For the largest supercomputers that will be available over the next decade, faults will become a norm rather than an exception.
    [Show full text]
  • Fault-Tolerant Operating System for Many-Core Processors
    Fault-Tolerant Operating System for Many-core Processors Amit Fuchs Technion - Computer Science Department - M.Sc. Thesis MSC-2018-28 - 2018 Technion - Computer Science Department - M.Sc. Thesis MSC-2018-28 - 2018 Fault-Tolerant Operating System for Many-core Processors Research Thesis In partial fulfillment of the requirements for the degree of Master of Science in Computer Science Amit Fuchs Submitted to the Senate of the Technion — Israel Institute of Technology Tevet 5778 Haifa December 2017 Technion - Computer Science Department - M.Sc. Thesis MSC-2018-28 - 2018 Technion - Computer Science Department - M.Sc. Thesis MSC-2018-28 - 2018 The research thesis was carried out under the supervision of prof. Avi Mendelson, in the Faculty of Computer Science. Technion - Computer Science Department - M.Sc. Thesis MSC-2018-28 - 2018 Technion - Computer Science Department - M.Sc. Thesis MSC-2018-28 - 2018 Contents List of Figures xi List of Listings xiii Abstract1 Glossary3 Abreviations5 1 Introduction7 1.1 Achievements.......................... 10 1.2 Related Work.......................... 12 1.2.1 Distributed Operating Systems ............ 12 1.2.2 Parallelization Techniques............... 13 1.2.2.1 Hardware Parallelism ............ 13 1.2.2.2 Native Multi-threading Libraries . 14 1.2.2.3 Message Passing............... 14 1.2.2.4 Transactional Memory............ 14 2 Architecture Model 17 2.1 Clustered Architecture..................... 17 2.2 Distributed Memory ...................... 19 2.2.1 Local Memories..................... 20 2.2.2 Globally Shared Memory................ 20 2.2.2.1 Scalable Consistency Model......... 21 2.2.2.2 No Hardware-based Coherency . 21 2.2.2.3 Distance Dependent Latency (NUMA) . 22 2.2.2.4 Address Translation ............
    [Show full text]
  • Fault Tolerance in Tandem Computer Systems
    1'TANDEM Fault Tolerance in Tandem Computer Systems Joel Bartlett * Wendy Bartlett Richard Carr Dave Garcia Jim Gray Robert Horst Robert Jardine Dan Lenoski DixMcGuire • Preselll address: Digital Equipmelll CorporQlioll Western Regional Laboralory. Palo Alto. California Technical Report 90.5 May 1990 Part Number: 40666 ~ TANDEM COMPUTERS Fault Tolerance in Tandem Computer Systems Joel Bartlett* Wendy Bartlett Richard Carr Dave Garcia Jim Gray Robert Horst Robert Jardine Dan Lenoski Dix McGuire * Present address: Digital Equipment Corporation Western Regional Laboratory, Palo Alto, California Technical Report 90.5 May 1990 Part Nurnber: 40666 Fault Tolerance in Tandem Computer Systems! Wendy Bartlett, Richard Carr, Dave Garcia, Jim Gray, Robert Horst, Robert Jardine, Dan Lenoski, Dix McGuire Tandem Computers Incorporated Cupertino, California Joel Bartlett Digital Equipment Corporation, Western Regional Laboratory Palo Alto, California Tandem Technical Report 90.5, Tandem Part Number 40666 March 1990 ABSTRACT Tandem produces high-availability, general-purpose computers that provide fault tolerance through fail­ fast hardware modules and fault-tolerant software2. This chapter presents a historical perspective of the Tandem systems' evolution and provides a synopsis of the company's current approach to implementing these systems. The article does not cover products announced since January 1990. At the hardware level, a Tandem system is a loosely-coupled multiprocessor with fail-fast modules connected with dual paths. A system can include a range of processors, interconnected through a hierarchical fault-tolerant local network. A system can also include a variety of peripherals, attached with dual-ported controllers. A novel disk subsystem allows a choice between low cost-per-byte and low cost-per-access.
    [Show full text]
  • Reliability and Fault-Tolerance by Choreographic Design∗
    Reliability and Fault-Tolerance by Choreographic Design∗ Ian Cassary Adrian Francalanza Claudio Antares Mezzina Reykjavik University University of Malta IMT School for Advanced Studies Lucca, Italy [email protected] [email protected] [email protected] Emilio Tuosto University of Leicester, UK [email protected] Distributed programs are hard to get right because they are required to be open, scalable, long-running, and tolerant to faults. In particular, the recent approaches to distributed software based on (micro- )services where different services are developed independently by disparate teams exacerbate the problem. In fact, services are meant to be composed together and run in open context where unpre- dictable behaviours can emerge. This makes it necessary to adopt suitable strategies for monitoring the execution and incorporate recovery and adaptation mechanisms so to make distributed programs more flexible and robust. The typical approach that is currently adopted is to embed such mechanisms in the program logic, which makes it hard to extract, compare and debug. We propose an approach that employs formal abstractions for specifying failure recovery and adaptation strategies. Although implementation agnostic, these abstractions would be amenable to algorithmic synthesis of code, monitoring and tests. We consider message-passing programs (a la Erlang, Go, or MPI) that are gaining momentum both in academia and industry. Our research agenda consists of (1) the definition of formal behavioural models encompassing failures, (2) the specification of the relevant properties of adaptation and recovery strategy, (3) the automatic generation of monitoring, recovery, and adaptation logic in target languages of interest. 1 Introduction Distributed applications are notoriously complex and guaranteeing their correctness, robustness, and resilience is particularly challenging.
    [Show full text]
  • Milesight-Troubleshooting RAID
    Milesight-Troubleshooting RAID 1 NVR Version XX.9.0.2 Update 2018.12.5 1.What is RAID? RAID (Redundant Array of Independent Disks) is a storage technology that combines multiple disk drive components into a logical unit. A RAID setup stores data over multiple hard disk drives to provide enough redundancy so that data can be recovered if one disk fails. 2.Different kinds of RAID RAID 0 It's also known as "disk striping." With RAID 0, data is written across multiple disks. Advantage: The work that the NVR is doing is handled by multiple disks rather than just one. It increases the performance because multiple drives read and write data at the same time, and improves disk I/O. Disadvantage: There is no fault tolerance. It will affect the entire array and increase the possibility of data loss or corruption if one disk is failed. The minimum quantity of disks required is two. RAID 1 A fault-tolerance configuration known as "disk mirroring." With RAID 1, data is copied 2 seamlessly and simultaneously from one disk to another, creating a replica or mirror. The other disks would keep working if one disk is dead. Advantage: It's the simplest way to implement fault tolerance and it's relatively low cost. Disadvantage: The downside is that RAID 1 causes a slight drag on performance. Also, it cuts half of the total disk capacity: For example, the total storage capacity of a server would be 1 TB but not 2TB if it features two 1TB drives and is configured with RAID 1.
    [Show full text]
  • Scalable Design of Fault-Tolerance for Wireless Sensor Networks
    SCALABLE DESIGN OF FAULT-TOLERANCE FOR WIRELESS SENSOR NETWORKS DISSERTATION Presented in Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in the Graduate School of The Ohio State University By Murat Demirbas, M.S., B.S. * * * * * The Ohio State University 2004 Dissertation Committee: Approved by Anish Arora, Adviser Neelam Soundarajan Adviser Paolo Sivilotti Computer & Information Science c Copyright by Murat Demirbas 2004 ABSTRACT Since wireless sensor networks are inherently fault-prone and since their on-site maintenance is infeasible, scalable self-healing is crucial for enabling the deployment of large-scale sensor network applications. To achieve scalability of self-healing, in this dissertation we focus on addressing (1) the scalability of the cost-overhead of self-healing with respect to the size of the network, and (2) the scalability of the design effort for self-healing with respect to the size of the application software. Our research on fault-containment addresses the first problem: By confining the contamination of faults within a small area, this approach achieves healing within work and time proportional to the size of the perturbation, independent of the size of the network. Our research on specification-based design of self-healing addresses the second problem: Since specifications are more succinct than implementations, this approach yields efficient design of self-healing even for large implementations. These two research directions are complementary, and together enable a scalable design of local self-healing for large-scale sensor network applications. ii To my family. iii ACKNOWLEDGMENTS I am indebted to several people for their help and support throughout my Ph.D.
    [Show full text]