9/2/2015 | 1 neil b. harrison paris avgeriou university of groningen groningen, the netherlands...
TRANSCRIPT
04/19/23 | 1
Neil B. HarrisonParis AvgeriouUniversity of GroningenGroningen, The Netherlands
Incorporating Fault Tolerance Tactics in Software Architecture
Patterns
04/19/23 | 2
Background: Architecture Patterns
› Commonly used system-level designs› Well-known, use common names:• Layers• Pipes and Filters• Model-View Controller
› Most systems have architecture patterns• Even if they weren’t intentionally used
04/19/23 | 3
Fault Tolerance Tactics
› Tactics – ways to implement aspects of fault tolerance
› Fault Tolerance Tactic categories (as defined by SEI):• Fault Detection• Fault Recovery: Preparation and Repair• Fault Recovery: Reintroduction• Prevention
› Tactics and Architecture Patterns:• Tactics are implemented within the
architecture pattern structure
04/19/23 | 4
Implementing FT Tactics
› Implementing a tactic affects the system’s architecture• A little or a lot!• Making it easy or hard to implement fault
tolerance correctly› Therefore, we studied the impact of tactics on
architecture patterns• In detail!• So we can make better architecture
decisions, e.g.:•Which patterns to use•Which tactics to use
04/19/23 | 5
Details: Why and What?
› Why:• Patterns often indicate high level suitability
for fault tolerance• But impact is different, depending on the
tactic• So more granularity is needed
› What kind of details?• Focus on how much must the pattern
change•Structure and behavior
04/19/23 | 6
Changes to Pattern Components
Type of change Description Impact on Pattern
Implemented in Tactic at least partly implemented in existing component
No change to pattern structure
Replicates Duplicates a component
Small changes; easy to implement
Add, In Pattern Add component without changing basic pattern structure
Moderately easy to implement
Add, Not in Pattern
Add component that changes pattern form
Major changes; much work
Modify Behavior of component changes
Impact varies; easy to hard
04/19/23 | 7
Changes to Pattern Connectors
Change to a Component Corresponding change to connectors
Implemented in No change
Replicates Add connectors to/from replicated components
Add, in the pattern Add connectors, similar to existing connectors
Add, out of the pattern New connectors, outside existing pattern structure
Modify May add new or change existing connectors
04/19/23 | 8
Quantifying Impact on Patterns
› Create a relative scale of difficulty
› Every Pattern/Tactic implementation must be considered individually, but guidelines are:
+ +
None or very minor modifications needed; implemented in
+ Small structural or behavioral changes
~ Pattern and tactic basically independent
- Substantial behavioral or structural changes
- - Pattern may become hard to recognize
04/19/23 | 9
Ease of Tactic Implementation (Sample)
Recovery – Reintroduction Tactics
+ + + ~ - - -
Voting 2 5 4 0 0
Active Redundancy 4 5 1 1 0
Passive Redundancy 2 5 2 2 0
Spare 1 2 5 2 1
04/19/23 | 10
Patterns and Implementing Tactics
Pattern + + + ~ - - -
Broker 10 2 1 0 0
State Transition 8 2 3 0 0
Layers 3 7 3 0 0
Client-Server 2 8 3 0 0
Shared Repository 6 0 6 1 0
Microkernel 4 2 7 0 0
Model-View Controller 0 2 9 2 0
Presentation-Abstraction C.
0 2 9 2 0
Blackboard 0 3 6 2 2
Reflection 0 1 8 3 1
Pipes and Filters 2 2 1 3 5
04/19/23 | 11
Tactic Groups, Best Case
Pattern Fault Detection
Recovery: preparation
Recovery: reintroduction
Prevention
Broker + + + + + + + +
State Transition + + + + + + + +
Layers + + + + + + +
Client-Server + + + + + +
Shared Repository + + + + + + + +
Microkernel + + + + ~ + +
MVC ~ + + ~
PAC ~ + + +
Blackboard + + + -
Reflection ~ - ~ +
Pipes and Filters - - + + + ~
04/19/23 | 12
Using the Data
› Deciding which architecture pattern to use• Consider alternatives (e.g., Broker vs.
Client-Server)• Only one of many factors
› Deciding which tactics to implement• Consider alternative tactics
› Understand implementation implications• For tradeoffs (above)• For implementing the tactics
04/19/23 | 13
Sample Tactic Implementation Details
› Tactic: Ping/Echo (Fault Detection)› Pipes and Filters: (rating: - -)• A central monitoring process must be
added to communicate with each filter.• Each filter must be modified to respond
quickly to the ping messages.• Affects the structure of the pattern and
may conflict with realtime performance.• (summary) Add out of the Pattern, along
with moderate changes to each filter component
04/19/23 | 14
Future Work
› More patterns and tactics• Other Architecture patterns• Other Fault Tolerance tactics
› Interactions of combinations of:• Multiple Tactics • Multiple Patterns• Multiple Quality Attributes
› Investigate behavior in more depth• E.g., Ping-echo has time-sensitive messages