A Metaobject Architecture for Fault Tolerant Distributed Systems

The objective of this presentation is to illustrate the use of a metaobject approach in the design and the implementation of distributed fault tolerant systems and applications. Indeed, a flexible implementation of dependable applications requires the following properties: transparency of the mechanisms for the application programmer; independence of the mechanisms with respect to each other; composability of mechanisms on a case-bycase basis; reusability of existing mechanisms to derive new ones. None of the solutions traditionally used manages to ensure all these properties at the same time. When fault tolerance mechanisms are embedded in the underlying runtime system, as in the Delta-4 system [1], they are (almost) transparent to the application programmer. This approach inherently lacks flexibility and reusability in particular concerning the replication protocols which are embedded within the system. The composition of various mechanisms dealing with different fault classes is also difficult. Pre-defined libraries of basic mechanisms enable more flexibility to be obtained in the sense that users can tailor their own fault tolerance mechanisms to suit their needs by using constructs and primitives from some library, as in Isis [2]. In this approach it is the programmer's responsibility to use library functions at appropriate places to implement a given fault tolerance mechanism, which may require a good knowledge of fault tolerance techniques. The objectoriented development of such libraries provides the user with classes rather than functions [3]. Inheritance then makes it easier to adapt fault tolerance mechanisms to specific needs or to add new features, but fails to provide transparency as in the previous case. The architecture that we have developed aims at providing a good balance among the properties identified above. It is based on object-orientation, metaobject protocols and also, to some extent, micro-kernel technology. The notions of reflection and metaobject protocols [4] in object-oriented languages emerged recently and proved to be both efficient and elegant for the integration of application-orthogonal concerns in a highly flexible way. Among many other examples, PCLOS implements persistent objects [4], R2 allows inclusion of soft real-time constraints in object-oriented applications [5], Object Communities provides distribution transparency [6]. Recently these ideas have been considered for dependable systems [7,8,9]. FRIENDS [10] is a software-based architecture for implementing distributed fault-tolerant and, to some extent, secure applications. This architecture is composed of sub-systems and libraries of metaobjects. Transparency and separation of concerns is provided not only to the application programmer but also to the programmers implementing metaobjects for fault tolerance, secure communication and distribution. Common services required for implementing metaobjects are provided by the sub-systems. Metaobjects are implemented using objectoriented techniques and can be reused and customised according to the application needs, the operational environment and its related fault assumptions. Flexibility is increased by a recursive use of metaobjects. This architecture (see Fig. 1.) is composed of several layers: (i) the kernel layer which can be either a Unix kernel or better a micro-kernel, such as Chorus [11], (ii) the system layer composed of several dedicated subsystems, one for each abstraction (fault tolerance –FTS–, security –SCS–, group communication –GDS–), and finally (iii) the user layer dedicated to the implementation of applications.