As computers continue to proliferate and they are used in more demanding environments, data integrity and continuous availability are an increasingly important aspect of their designs. Since operating systems are common to all computers and it is at the operating system level where there is maximum system visibility and control, it is appropriate for the operating system to provide policies which detect, contain and tolerate faults. These policies and the mechanisms that support them form an operating system's "fault management." A fault management mechanism, the sentry mechanism, has been designed and implemented for a UNIX 4.3 BSD server running on the Mach 3.0 microkernel. Fault tolerant policies have been designed for a range of computer systems, from a single computer, to mirrored computers to distributed systems. The policies first addressed provide single computer applications with application-transparent fault tolerance with respect to transient faults and certain types of permanent faults. Contributions to this area include algorithms for concurrent process journaling, disk checkpointing and memory checkpointing. Formal proofs are made of the journal sequencing algorithm and the disk checkpointing algorithm. Performance measurements from an implementation of the single computer algorithms show an average performance overhead of less than 5% and a requirement of only 10 MB of dedicated disk stable storage. The system provides fault tolerance with no additional hardware other than a hard disk, and works with unmodified applications such as the X-window system. Sentry policies that provide software based fault tolerance for duplicated and triplicated computer systems as well as distributed systems have also been designed. Contributions related to these policies include mirrored system synchronization, fault detection and integration algorithms. In addition, a new n-fault tolerant distributed recovery algorithm is presented that is based on loosely synchronized checkpointing. The algorithm journals message order information, instead of using the message content based journaling of existing algorithms. Only saving information on the order of messages can potentially result in lower space and time overheads. Two variants of the algorithm are presented and formally proven. In all three system designs the sentry mechanism provides sufficient control for the fault tolerant policies.
[1]
Leslie Lamport,et al.
Distributed snapshots: determining global states of distributed systems
,
1985,
TOCS.
[2]
David B. Johnson,et al.
Recovery in Distributed Systems Using Optimistic Message Logging and Checkpointing
,
1988,
J. Algorithms.
[3]
James Gettys,et al.
The X window system
,
1986,
TOGS.
[4]
Yennun Huang,et al.
Software Implemented Fault Tolerance Technologies and Experience
,
1993,
FTCS.
[5]
David B. Johnson,et al.
Sender-Based Message Logging
,
1987
.
[6]
S. Venkatesan,et al.
Crash recovery with little overhead
,
1991,
[1991] Proceedings. 11th International Conference on Distributed Computing Systems.
[7]
D. Jewett,et al.
Integrity S2: A Fault-Tolerant Unix Platform
,
1991,
Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..
[8]
RICHARD KOO,et al.
Checkpointing and Rollback-Recovery for Distributed Systems
,
1986,
IEEE Transactions on Software Engineering.
[9]
Richard D. Schlichting,et al.
Preserving and using context information in interprocess communication
,
1989,
TOCS.
[10]
Leslie Lamport,et al.
Time, clocks, and the ordering of events in a distributed system
,
1978,
CACM.
[11]
Alessandro Forin,et al.
UNIX as an Application Program
,
1990,
USENIX Summer.
[12]
Tong-Ying Tony Juang,et al.
Efficient Algorithms for Crash Recovery in Distributed Systems
,
1990,
FSTTCS.
[13]
Edward J. McCluskey,et al.
Executable assertions and flight software
,
1984
.
[14]
Kenneth P. Birman,et al.
The process group approach to reliable distributed computing
,
1992,
CACM.
[15]
Willy Zwaenepoel,et al.
Manetho: Transparent Rollback-Recovery with Low Overhead, Limited Rollback, and Fast Output Commit
,
1992,
IEEE Trans. Computers.
[16]
Helen Custer,et al.
Inside Windows NT
,
1992
.
[17]
Robert S. Swarz,et al.
Reliable Computer Systems: Design and Evaluation
,
1992
.
[18]
Ashok K. Agrawala,et al.
The MARUTI system and its implementation
,
1991
.
[19]
Jeffrey F. Naughton,et al.
Checkpointing multicomputer applications
,
1991,
[1991] Proceedings Tenth Symposium on Reliable Distributed Systems.
[20]
Zary Segall,et al.
Visualizing performance debugging
,
1989,
Computer.
[21]
Wolfgang Graetsch,et al.
Fault tolerance under UNIX
,
1989,
TOCS.