Avelino F. Zorzo

A distributed object-oriented framework for dependable multiparty interactions

In programming distributed object-oriented systems, there are several approaches for achieving binary interactions in a multiprocess environment. Usually these approaches take care only of synchronisation or communication. In this paper we describe a way of designing and implementing a more general concept: multiparty interactions. In a multiparty interaction, several parties (objects or processes) somehow “come together” to produce an intermediate and temporary combined state, use this state to execute some activity, and then leave this interaction and continue their normal execution. The concept of multiparty interactions has been investigated by several researchers, but to the best of our knowledge none have considered how failures in one or more participants of the multiparty interaction can be dealt with. In this paper, we propose a general scheme for constructing dependable multiparty interactions in a distributed object-oriented system, and describe its implementation in Java. In particular, we extend the notion of multiparty interaction to include facilities for handling exceptions. To show how our scheme can be used, we use our framework to build an abstraction mechanism that supports cooperative and competitive concurrency in distributed systems. This mechanism is then applied to program a system in which multiparty interactions are more than simple synchronisations or communications.

Propositional planning in BDI agents

This paper aims to describe the relationship between propositional planning systems and the process of means-end reasoning used by BDI agents. To show such relationship, we define a mapping from BDI mental states to propositional planning problems and from propositional plans back to mental states. In order to test the viability of such mapping, we have implemented it in an extension of a BDI agent model through the use of Graphplan as the propositional planning algorithm. The implementation was applied to model a case study of an agent controlled production cell.

Structuring integrated Web applications for fault tolerance

This paper shows how modern structuring techniques can be employed in integrating complex web applications such as travel agency systems. The main challenges the developers of such systems face are dealing with legacy web services and incorporating means for tolerating errors. Because of the very nature of such systems, exception handling is the main recovery technique to be applied in their development. We employ coordinated atomic actions to allow disciplined handling of such abnormal situations by recursively structuring the integrated system and by associating handlers with such actions. We use protective wrappers in such a way that each operation on legacy components is transformed into an atomic action with a well-defined interface. To accommodate a combined use of several ready-made environments (such as communication packages, services and run-time supports), we employ a multilevel exception handling. We believe that these techniques are generally applicable for both: structuring integrated web applications and providing their fault tolerance.

Using coordinated atomic actions to design safety-critical systems: a production cell case study

Coordinated Atomic actions (CA actions) are a unified approach to structuring complex concurrent activities and supporting error recovery between multiple interacting objects in object‐oriented systems. This paper explains how we have used the CA action concept to design and implement a safety‐critical application. We have used the Production Cell model that was developed in the Forschungszentrum Informatik (FZI), Karlsruhe, Germany, to present a realistic industry‐oriented problem, where safety requirements play a significant role. Our design consists of two levels: the first level deals with the scheduling of CA actions, and the second level deals with the interactions between devices. Both the scheduling mechanism and the device interactions are enclosed by CA actions. Exception handling and error recovery are incorporated into CA actions in order to satisfy high safety and fault tolerance requirements. A controlling program based on our design was developed in the Java language and used to drive a graphical simulator provided by the FZI. Copyright

Analytical Modeling for Operating System Schedulers on NUMA Systems

Performance evaluation by benchmarking is one of the main approaches for measuring performance of a computer system. However, it is important to measure parts of a system before they are even implemented. This can be achieved through an analytical description of the system, allowing the analysis of the system performance. Additionally, the analytical model can be extended to consider also reliability issues. This paper presents a generic model for an Operating System (OS) scheduler using the Stochastic Automata Networks (SAN) formalism. SAN are used to describe processes and processors in the OS and their behavior when processes have to be migrated. Moreover, processor failures are also modeled in order to provide reliability indices. The proposed model uses actual benchmarks results obtained from a 4-processor Itanium2 SMP machine and a 12-processor Itanium2 NUMA machine.

Coordinated atomic actions as a technique for implementing distributed gamma computation

The intentions of this paper are to discuss Coordinated Atomic (CA) actions and to demonstrate how they can be used in a very new application area. We apply this concept to designing a particular case of the Gamma computational paradigm, i.e. distributed Gamma computation. Within our approach, each Gamma reaction is an action. We demonstrate how Gamma computation can be effectively implemented in conventional distributed message passing systems using CA actions. The paper discusses our design and the benefits we gain by applying CA actions: allowing as much concurrency as possible, together with guaranteeing data consistency, a better system structuring, clear separation of different system levels, and additional flexibility. This experimental design and the Java implementation allow us to conclude that CA actions are a very powerful paradigm which can be used for implementing many complex systems and, in particular, software to support some parallel computational models and paradigms.

Implementation of blocking coordinated atomic actions based on forward error recovery

Abstract The coordinated atomic action concept was proposed as a means for providing fault tolerance in complex objectoriented systems that incorporate both cooperative and competitive concurrency. This paper has two purposes: to discuss a particular implementation of this concept and to address a number of the implementation issues that are common to any experiments with this concept. Our implementation relies on a detailed set of programming conventions for the standard Ada 95 language and uses a scheme of forward error recovery incorporating concurrent exception handling and resolution. Ada 95 has a number of unique features which make it a particularly good choice for our experiments. We believe that our approach is practical and useful for many critical applications with high dependability requirements.

Operating system multilevel load balancing

This paper describes an algorithm that allows Linux to perform multilevel load balancing in NUMA computers. The Linux scheduler implements a load balancing algorithm that uses structures called sched domains to build a hierarchy that represents the machines topology. Although sched domains implementation allows Linux to build a multilevel hierarchy to represent multilevel machines, the generic code of the current kernel version builds no more than two levels in the sched domains hierarchy. Thus, for NUMA systems with three or more memory access levels, the constructed hierarchy does not represent correctly the machines topology. When Linux load balancing algorithm uses an incorrect sched domains hierarchy, process execution time can increase, because processes can be moved to nodes that are distant from their memory areas. In order to solve this problem, we have implemented an algorithm to build multilevel sched domains hierarchies for NUMA computers. Our proposed algorithm uses ACPI SLIT table data to recognize how many memory access levels a machine contains. Then, it builds an n-level sched domains hierarchy, where n is the number of memory access levels. Through benchmarking and simulation results we demonstrate that the Linux load balancing performance when the sched domains hierarchy is built using our proposed algorithm is better than using the current Linux algorithm.

Deleting Secret Data with Public Verifiability

Existing software-based data erasure programs can be summarized as following the same one-bit-return protocol: the deletion program performs data erasure and returns either success or failure. However, such a one-bit-return protocol turns the data deletion system into a black box-the user has to trust the outcome but cannot easily verify it. This is especially problematic when the deletion program is encapsulated within a Trusted Platform Module (TPM), and the user has no access to the code inside. In this paper, we present a cryptographic solution that aims to make the data deletion process more transparent and verifiable. In contrast to the conventional black/white assumptions about TPM (i.e., either completely trust or distrust), we introduce a third assumption that sits in between: namely, “trust-but-verify”. Our solution enables a user to verify the correct implementation of two important operations inside a TPM without accessing its source code: i.e., the correct encryption of data and the faithful deletion of the key. Finally, we present a proof-of-concept implementation of the SSE system on a resource-constrained Java card to demonstrate its practical feasibility. To our knowledge, this is the first systematic solution to the secure data deletion problem based on a “trust-but-verify” paradigm, together with a concrete prototype implementation.

Formal development and validation of Java dependable distributed systems

The rapid expansion of Java programs into the software market is often not supported by a proper development methodology. We present a formal development methodology, well suited for Java dependable distributed applications. It is based on the stepwise refinement of model oriented formal specifications, and enables validation of the obtained system wrt the clients requirements. Three refinement steps have been identified in the case of fault tolerant distributed applications: first, starting from informal requirements, an initial formal specification is derived. It does not depend on implementation constraints and provides a centralized solution; second, dependability and distribution constraints are integrated; third, the Java implementation is realised. The CO-OPN/2 language is used to express specifications formally; and the dependability and distribution design as based on the Coordinated Atomic action concept. The methodology and the three refinement steps are presented through a very simple fault tolerant distributed Java application.