04/19/23 | 1

Neil B. HarrisonParis AvgeriouUniversity of GroningenGroningen, The Netherlands

Incorporating Fault Tolerance Tactics in Software Architecture

Patterns

04/19/23 | 2

Background: Architecture Patterns

› Commonly used system-level designs› Well-known, use common names:• Layers• Pipes and Filters• Model-View Controller

› Most systems have architecture patterns• Even if they weren’t intentionally used

04/19/23 | 3

Fault Tolerance Tactics

› Tactics – ways to implement aspects of fault tolerance

› Fault Tolerance Tactic categories (as defined by SEI):• Fault Detection• Fault Recovery: Preparation and Repair• Fault Recovery: Reintroduction• Prevention

› Tactics and Architecture Patterns:• Tactics are implemented within the

architecture pattern structure

04/19/23 | 4

Implementing FT Tactics

› Implementing a tactic affects the system’s architecture• A little or a lot!• Making it easy or hard to implement fault

tolerance correctly› Therefore, we studied the impact of tactics on

architecture patterns• In detail!• So we can make better architecture

decisions, e.g.:•Which patterns to use•Which tactics to use

04/19/23 | 5

Details: Why and What?

› Why:• Patterns often indicate high level suitability

for fault tolerance• But impact is different, depending on the

tactic• So more granularity is needed

› What kind of details?• Focus on how much must the pattern

change•Structure and behavior

04/19/23 | 6

Changes to Pattern Components

Type of change Description Impact on Pattern

Implemented in Tactic at least partly implemented in existing component

No change to pattern structure

Replicates Duplicates a component

Small changes; easy to implement

Add, In Pattern Add component without changing basic pattern structure

Moderately easy to implement

Add, Not in Pattern

Add component that changes pattern form

Major changes; much work

Modify Behavior of component changes

Impact varies; easy to hard

04/19/23 | 7

Changes to Pattern Connectors

Change to a Component Corresponding change to connectors

Implemented in No change

Replicates Add connectors to/from replicated components

Add, in the pattern Add connectors, similar to existing connectors

Add, out of the pattern New connectors, outside existing pattern structure

Modify May add new or change existing connectors

04/19/23 | 8

Quantifying Impact on Patterns

› Create a relative scale of difficulty

› Every Pattern/Tactic implementation must be considered individually, but guidelines are:

+ +

None or very minor modifications needed; implemented in

+ Small structural or behavioral changes

~ Pattern and tactic basically independent

- Substantial behavioral or structural changes

- - Pattern may become hard to recognize

04/19/23 | 9

Ease of Tactic Implementation (Sample)

Recovery – Reintroduction Tactics

+ + + ~ - - -

Voting 2 5 4 0 0

Active Redundancy 4 5 1 1 0

Passive Redundancy 2 5 2 2 0

Spare 1 2 5 2 1

04/19/23 | 10

Patterns and Implementing Tactics

Pattern + + + ~ - - -

Broker 10 2 1 0 0

State Transition 8 2 3 0 0

Layers 3 7 3 0 0

Client-Server 2 8 3 0 0

Shared Repository 6 0 6 1 0

Microkernel 4 2 7 0 0

Model-View Controller 0 2 9 2 0

Presentation-Abstraction C.

0 2 9 2 0

Blackboard 0 3 6 2 2

Reflection 0 1 8 3 1

Pipes and Filters 2 2 1 3 5

04/19/23 | 11

Tactic Groups, Best Case

Pattern Fault Detection

Recovery: preparation

Recovery: reintroduction

Prevention

Broker + + + + + + + +

State Transition + + + + + + + +

Layers + + + + + + +

Client-Server + + + + + +

Shared Repository + + + + + + + +

Microkernel + + + + ~ + +

MVC ~ + + ~

PAC ~ + + +

Blackboard + + + -

Reflection ~ - ~ +

Pipes and Filters - - + + + ~

04/19/23 | 12

Using the Data

› Deciding which architecture pattern to use• Consider alternatives (e.g., Broker vs.

Client-Server)• Only one of many factors

› Deciding which tactics to implement• Consider alternative tactics

› Understand implementation implications• For tradeoffs (above)• For implementing the tactics

04/19/23 | 13

Sample Tactic Implementation Details

› Tactic: Ping/Echo (Fault Detection)› Pipes and Filters: (rating: - -)• A central monitoring process must be

added to communicate with each filter.• Each filter must be modified to respond

quickly to the ping messages.• Affects the structure of the pattern and

may conflict with realtime performance.• (summary) Add out of the Pattern, along

with moderate changes to each filter component

04/19/23 | 14

Future Work

› More patterns and tactics• Other Architecture patterns• Other Fault Tolerance tactics

› Interactions of combinations of:• Multiple Tactics • Multiple Patterns• Multiple Quality Attributes

› Investigate behavior in more depth• E.g., Ping-echo has time-sensitive messages

04/19/23 | 15

Thank you for your attention