book

Patterns for Fault Tolerant Software

Name: Patterns for Fault Tolerant Software
Author: Robert S. Hanmer
ISBN: 9780470319796

by Robert S. Hanmer

December 2007

Intermediate to advanced

309 pages

7h 20m

English

Wiley

Read now

Unlock full access

Copyright
Preface
Who this Book is ForHow to Use this BookPatternsPattern HistoryWhat is a Pattern?Reading a PatternA Pattern Language for Fault ToleranceA Word about ExamplesTelecommunications SystemsSpace Programs
Acknowledgements
Pattern Origins and Earlier Versions
Introduction
An Imperfect World
1. Introduction to Fault Tolerance
1.1. Fault -> Error -> Failure1.1.1. Examples of Fault -> Error -> Failure1.2. Failure Perception [Lap91][Kop97]1.3. Single Faults1.4. Examples of How Vocabulary Makes a Difference1.5. Coverage1.6. Reliability1.6.1. Reliability Examples1.6.1.1. Mars Landers1.6.1.2. Airplane Navigation System1.6.1.3. Measuring Reliability1.7. Availability1.7.1. Availability Examples1.8. Dependability1.9. Hardware Reliability1.10. Reliability Engineering and Analysis1.11. Performance
2. Fault Tolerant Mindset
2.1. Fault Tolerant Mindset2.2. Design Tradeoffs2.3. Quality v. Fault Tolerance2.4. Keep It Simple2.5. Incremental Additions of Reliability2.6. Defensive Programming Techniques2.6.1. Faults in Fault Tolerance Code2.6.2. Memory Corruption2.6.3. Data Structure Design2.6.4. Design for Maintainability2.6.5. Coding Standards2.6.6. Redundancy2.6.7. Static Analysis Tools2.6.8. N-Version Programming2.6.9. Redundant Disks [PGK88][MS00]2.7. The Role of Verification2.8. Fault Insertion Testing2.9. Fault Tolerant Design Methodology
3. Introduction to the Patterns
3.1. Shared Context for These Patterns3.1.1. Real-Time3.1.2. High Reliability3.1.2.1. High Availability3.1.2.2. Failure Rate Requirements3.1.3. State or Stateless3.1.4. External Observers3.1.5. Integrated Fault Tolerance3.1.6. Fault Tolerance is Not Free3.1.7. Long Lived Systems3.2. Terminology
4. Architectural Patterns
4.1. 1. Units of Mitigation4.2. 2. Correcting Audits4.3. 3. Redundancy4.4. 4. Recovery Blocks4.5. 5. Minimize Human Intervention4.6. 6. Maximize Human Participation4.7. 7. Maintenance Interface4.8. 8. Someone in Charge4.9. 9. Escalation4.10. 10. Fault Observer4.11. 11. Software Update
5. Detection Patterns
5.1. 12. Fault Correlation5.2. 13. Error Containment Barrier5.3. 14. Complete Parameter Checking5.4. 15. System Monitor5.5. 16. Heartbeat5.6. 17. Acknowledgement5.7. 18. Watchdog5.8. 19. Realistic Threshold5.9. 20. Existing Metrics5.10. 21. Voting5.11. 22. Routine Maintenance5.12. 23. Routine Exercises5.13. 24. Routine Audits5.14. 25. Checksum5.15. 26. Riding Over Transients5.16. 27. Leaky Bucket Counter
6. Error Recovery Patterns
6.1. 28. Quarantine6.2. 29. Concentrated Recovery6.3. 30. Error Handler6.4. 31. Restart6.5. 32. Rollback6.6. 33. Roll-Forward6.7. 34. Return to Reference Point6.8. 35. Limit Retries6.9. 36. Failover6.10. 37. Checkpoint6.11. 38. What to Save6.12. 39. Remote Storage6.13. 40. Individuals Decide Timing6.14. 41. Data Reset

7. Error Mitigation Patterns
7.1. 42. Overload Toolboxes7.2. 43. Deferrable Work7.3. 44. Reassess Overload Decision7.4. 45. Equitable Resource Allocation7.5. 46. Queue for Resources7.6. 47. Expansive Automatic Controls7.7. 48. Protective Automatic Controls7.8. 49. Shed Load7.9. 50. Final Handling7.10. 51. Share the Load7.11. 52. Shed Work at Periphery7.12. 53. Slow it Down7.13. 54. Finish Work in Progress7.14. 55. Fresh Work Before Stale7.15. 56. Marked Data7.16. 57. Error Correcting Code
8. Fault Treatment Patterns
8.1. 58. Let Sleeping Dogs Lie8.2. 59. Reintegration8.3. 60. Reproducible Error8.4. 61. Small Patches8.5. 62. Root Cause Analysis8.6. 63. Revise Procedure
Conclusion
A Pattern Language for Fault Tolerant SoftwareA Presence Server ExampleNon-functional RequirementsImplementation ChoicesDesigning for Fault ToleranceStep 1: Assess the Things that can go WrongStep 2: Decide how to Mitigate the RisksApplying the LanguageStep 3: Identifying RedundancyStep 4: Architectural Design DecisionsStep 5: Risk Mitigation CapabilitiesStep 6: Human Computer InteractionsSoftware Structure
References and Bibliography
A. Appendices
A.1. Patterns for Fault Tolerant Software ThumbnailsA.2. External Pattern Thumbnails

Content preview from Patterns for Fault Tolerant Software

Chapter 5. Detection Patterns

The first phase of fault tolerance is detection. Faults and the errors that they cause must be detected. Detection must occur before any recovery or mitigating actions can be taken to tolerate their presence in the system. Waiting and letting unknown latent faults activate and cause that result in failures is not fault tolerant.

The patterns in this chapter help detect the presence of errors or failures and the faults that caused them. They provide a number of mechanisms to monitor the system and to detect if it is behaving erroneously. Two pairs of concepts drive detection at execution time. These are errors versus failures and a priori knowledge versus comparison of redundant elements, see Figure 27.

A priori detection uses constraints that are known in advance about the system to determine if some deviation from the normal situation of correctness exists. The range of results to be considered includes system states, results, and any side effects. If nothing is known about the range of results this method will obviously not work.

Much of the fault tolerant programming literature has focused on the second method, that of comparing redundant results. Redundancy (3) in Chapter 4 discussed introducing redundant elements into the system. Many purpose-built systems with custom hardware use redundant hardware to execute the same program and the results. The comparison might be done in real time by hardware matchers that look at internal, partial computation ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780470319796Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Patterns for Fault Tolerant Software

by Robert S. Hanmer

Chapter 5. Detection Patterns

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.