software system architecture software system architecture chapter 6:air traffic control: a case...
TRANSCRIPT
Software System Software System ArchitectureArchitecture
Chapter 6:Chapter 6:AirAir Traffic Control: A Case Traffic Control: A Case
Study in Designing for High Availability Study in Designing for High Availability ..
Prepared by : Azmi H. AlsaqqaPrepared by : Azmi H. Alsaqqa 420050007420050007
Supervised by: Eng. Tasnim DarwishSupervised by: Eng. Tasnim Darwish 20102010
11
22
CODE VIEWCODE VIEW
An Ada program is created from one An Ada program is created from one or more source files. or more source files.
It uses subprograms and packages. It uses subprograms and packages. The ISSS is composed of several The ISSS is composed of several
programs.programs. An Ada program may contain one or An Ada program may contain one or
more tasks.more tasks.
33
CODE VIEWCODE VIEW
Ada tasks are mapped onto UNIX Ada tasks are mapped onto UNIX (AIX) processes, which means that all (AIX) processes, which means that all of them are independent AIX of them are independent AIX processes.processes.
Applications (i.e., operational units Applications (i.e., operational units and functional groups) are and functional groups) are decomposed into Ada packages.decomposed into Ada packages.
It is carried out by an operational It is carried out by an operational unit's chief designer.unit's chief designer.
44
An overlay of layers and a An overlay of layers and a component-and-connector component-and-connector
viewview
55
Within the AIX kernel's address space.
Written in the C language.
Faults can potentially damage AIX.
66
Outside the AIX kernel's address space.
Operating system extensions.
Faults cannot directly damage AIX.
77
The applications.
88
FAULT TOLERANCEFAULT TOLERANCE
The fault-tolerant hierarchy is designed The fault-tolerant hierarchy is designed to trap and recover from errors.to trap and recover from errors.
Detects errors in self, peers, and lower Detects errors in self, peers, and lower levels.levels.
Handles exceptions from lower levels.Handles exceptions from lower levels. Diagnoses, recovers, reports, or raises Diagnoses, recovers, reports, or raises
exceptions.exceptions.
99Physic
al
Operating system
Runtime environme
nt
Application
Local availability
Group availability
Global availability
System monitor and
control
1010
ADAPTATION DATAADAPTATION DATA
Uses the modifiability tactic of Uses the modifiability tactic of configuration files called adaptation data.configuration files called adaptation data.
User-or center-specific preferences.User-or center-specific preferences. Configuration changes.Configuration changes. Requirements changes.Requirements changes. Complicated mechanism to maintainers.Complicated mechanism to maintainers. Increases the state space.Increases the state space.
1111
CODE TEMPLATESCODE TEMPLATES
The primary and secondary copies are The primary and secondary copies are never doing the same thing.never doing the same thing.
But they have the same source code.But they have the same source code. Continuous loop that services Continuous loop that services
incoming events.incoming events. Makes it simple to add new Makes it simple to add new
applications.applications. Coders and maintainers do not need to Coders and maintainers do not need to
know about message-handling.know about message-handling.
1212
TacticsTactics Code templates represent a refinement Code templates represent a refinement
of the "abstract common services" of the "abstract common services" tactic.tactic.
Gives the processes a "semantic Gives the processes a "semantic coherence” , because they all do the coherence” , because they all do the same thing when viewed abstractly.same thing when viewed abstractly.
The template leading to "generalizing The template leading to "generalizing the module”.the module”.
By making the interfaces and protocols By making the interfaces and protocols part of the template, they "maintain part of the template, they "maintain interface stability" and achieve interface stability" and achieve "adherence to defined protocols.""adherence to defined protocols."
1313
terminate:= falseterminate:= falseinitialize application/application protocolsinitialize application/application protocols
ask for current state (image request)ask for current state (image request)LoopLoop Get_eventGet_event Case Event_Type isCase Event_Type is
-- "normal" (non-fault-tolerant-related) requests to perform actions;-- "normal" (non-fault-tolerant-related) requests to perform actions; -- only happens if this unit is the current primary address space-- only happens if this unit is the current primary address space when X=> Process Xwhen X=> Process X Send state data updates to other address spacesSend state data updates to other address spaces when Y=>Process Ywhen Y=>Process Y Send state data updates to other address spacesSend state data updates to other address spaces ...... when Terminate_Directive => clean up resources; terminate := when Terminate_Directive => clean up resources; terminate :=
true true
Code structure template for Code structure template for fault-tolerant ISSS fault-tolerant ISSS
applicationsapplications
1414
when State_Data_Update => apply to state datawhen State_Data_Update => apply to state data -- will only happen if this unit is a secondary address space, receiving-- will only happen if this unit is a secondary address space, receiving -- the update from the primary after it has completed a "normal" action-- the update from the primary after it has completed a "normal" action
-- sending, receiving state data-- sending, receiving state data when Image_Request => send current state data to new address when Image_Request => send current state data to new address
spacespace when State_Data_Image => Initialize state datawhen State_Data_Image => Initialize state data
when Switch_Directive => notify service packages of change in rankwhen Switch_Directive => notify service packages of change in rank
-- these are requests that come in after a PAS/SAS switchover; they-- these are requests that come in after a PAS/SAS switchover; they -- report services that they had requested from the old (failed) PAS-- report services that they had requested from the old (failed) PAS -- which this unit (now the PAS) must complete. A,B, etc. are the -- which this unit (now the PAS) must complete. A,B, etc. are the
namesnames -- of the clients.-- of the clients. when Recon_from_A=>reconstitute Awhen Recon_from_A=>reconstitute A when Recon_from_B=>reconstitute Bwhen Recon_from_B=>reconstitute B ...... when others=>log errorwhen others=>log error end caseend caseexit when terminateexit when terminateend loopend loop
1515
How the ATC System How the ATC System Achieves Its Quality GoalsAchieves Its Quality Goals
Goal: Goal: High AvailabilityHigh Availability How Achieved:How Achieved: Hardware Hardware
redundancy, software redundancyredundancy, software redundancy Tactic(s) Used: Tactic(s) Used: State State
resynchronization; shadowing; active resynchronization; shadowing; active redundancy; removal from service; redundancy; removal from service; limit exposure; ping/echo; heartbeat; limit exposure; ping/echo; heartbeat; exception; spareexception; spare
1616
How the ATC System How the ATC System Achieves Its Quality GoalsAchieves Its Quality Goals
Goal: Goal: High PerformanceHigh Performance How Achieved: How Achieved: Distributed Distributed
multiprocessors; front-end multiprocessors; front-end schedulability analysis, and network schedulability analysis, and network modelingmodeling
Tactic(s) Used: Tactic(s) Used: Introduce Introduce concurrencyconcurrency
1717
How the ATC System How the ATC System Achieves Its Quality GoalsAchieves Its Quality Goals
Goal: Goal: OpennessOpenness How Achieved: How Achieved: Interface wrapping Interface wrapping
and layeringand layering Tactic(s) Used:Tactic(s) Used: Abstract common Abstract common
services; maintain interface stabilityservices; maintain interface stability
1818
How the ATC System How the ATC System Achieves Its Quality GoalsAchieves Its Quality Goals
Goal:Goal: Modifiability Modifiability How Achieved: How Achieved: Templates and adaptation Templates and adaptation
data; module responsbilities; specified data; module responsbilities; specified interfacesinterfaces
Tactic(s) Used: Tactic(s) Used: Abstract common services; Abstract common services; semantic coherence; maintain interface semantic coherence; maintain interface stability; anticipate expected changes; stability; anticipate expected changes; generalize the module; component generalize the module; component replacement; adherence to defined procotols; replacement; adherence to defined procotols; configuration filesconfiguration files
1919
How the ATC System How the ATC System Achieves Its Quality GoalsAchieves Its Quality Goals
Goal:Goal: Ability to Field Subsets Ability to Field Subsets How Achieved: How Achieved: Appropriate Appropriate
separation of concernsseparation of concerns Tactic(s) Used: Tactic(s) Used: Abstract common Abstract common
servicesservices
2020
How the ATC System How the ATC System Achieves Its Quality GoalsAchieves Its Quality Goals
Goal:Goal: Interoperability Interoperability How Achieved: How Achieved: Client-server Client-server
division of functionality and division of functionality and message-based communicationsmessage-based communications
Tactic(s) Used: Tactic(s) Used: Adherence to Adherence to defined protocols; maintain interface defined protocols; maintain interface stabilitystability