CS 552 Spring 2006 Architecture1 Architecture part 1 CS 552 Spring ‘06.

CS 552 Spring 2006 Architecture 1

Architecturepart 1

CS 552 Spring ‘06


Software Architecture Conceptually

PERFORMANCE

ERROR RECOVERY

OAM&P

Features

PROBLEM

Functions


Perspective

• 1960’s: Safeguard’s “On-Interrupt” Code

• 1970’s: Store and Forward Recovery Subsystem

• 1980’s: Congestion Management

• 1990’s: Distributed Computing

• 2000’s: Web Based Applications

• State-of-the-Practice: Scenario Testing

• State-of-the-Art: Software Fault Tolerance


REQUIREMENTSSPECIFICATIONS

ALGORITHMS

TRAFFICPROJECTIONS

FEATUREENGINEERING

ARCHITECTURE ENGINEERING

TRAFFICENGINEERING

PERFORMANCEENGINNERINGREPORTS

SUPPORT AND OPERATIONS - COMPUTER CENTER - DEVELOPMENT MACHINE - TEST MACHINE

SOFTWAREDEVELOPMENT

HUMAN FACTORS

DEVELOPMENT

SOFTWAREMANUFACTURING INTEGRATION

TO SITES



Kruchten’s “4 + 1”Model for Developing Software Architecture

+ 1 Use Cases

+ 1 BusinessScenario

+

View 1

Logical--

End Users

View 2

Process--

System Integrators

View 3

Physical--

Engineers

View 4

Development--

Programmers

This is an innovative andcomprehensive integrationof the abstractions needed forsoftware system design


Software Engineering

Tailored OO Application

Software

Reusable Software

Vendor Software

User Programs

Client Personal Computer

Client Workstation

Application Server

Large Data Server


Mars Rovers:Spirit and Opportunity


Search for traces of water on Mars.

• Two identical rovers: Spirit & Opportunity

• Sent to opposite sides of the planet

• Spirit was launched on June 10, 2003 and landed on January 3, 2004

• Opportunity launched July 7, 2003, and landed on January 24, 2004


The Problem Timeline

• June 10, ’03 – Spirit launched

• January 3, ‘04 – Spirit rover lands

• January 21, ‘04 –Spirit acknowledges communications, but sends no data. First sign of problems

• January 23, ’04 – Spirit stops responding to requests.


More Timeline

• January 23, ’04 – Spirit sends 73Mb of ‘debug’ information

• January 29, ’04 – Engineers find way to communicate with Spirit

• Febuary 1, ’04 – Spirit restored


What Went Wrong?

• Thousands of extra files present in the rover’s memory

• Files left over from the 7-month flight

• Onboard software was having trouble managing the files

• Rover began to reset itself every hour


The Cause

• Files flooded the onboard flash memory

• System was not programmed to handle the thousands of files generated during the 7-month flight

• Case of ‘ thousands of files’ unspecified and untested.


The Cure

• Remove the thousands of extra files

• Reformat the flash memory and start from a clean slate


Loss

• Mission lost almost 10 days of data collection

• When Spirit was fixed, the same fix was applied to Opportunity before it became a problem.


Software Engineering Lessons• Check past assumed boundaries

– If the system is only supposed to handle a few hundred files, test it an order of magnitude larger.

• Allow for remote debugging

• Watchdog timers are good

• Beware of Deadlocks


Sensors

Computer

Antenna

Shared Bus

Physical View


Development ViewSource Code

Modules

Add Debug Traces

Complier

Loader

Executables


Task 1 RebootTask 2 Gather data

-Camera Control-Filter and Compress…

Task 3 Send images- Transmitter/Receiver Control- ARQ for Image Files

Logical View


Task

CPU

Bus

Time

1

232 2

23212

Conflict

Deadlock

Process View


Deadlocks occur when• Processes are granted exclusive access to

devices

• Processes may have multiple copies


Priorities Should Be

Task 1 RebootTask 3 Send imagesTask 2 Gather data


There was a mismatch between priorities set in:

• The extended machine

• The software application

• The software that controls the bus


Design Steps

• Object Oriented Modules

• CRC Design:– C: Class Name– R: Responsibility– C: Collaboration

• Refactor & Minimize Classes– Inheritance less than 3

• Honor Component Constraints


Parnas

• Modules hide their design decisions form all other modules. Interface technology reveals ‘nothing’ about the inner workings of the module.

• Components:– Reliable Modules– Single Entry and Exit points.– Normalized data at interfaces.


Interfaces

N

AContractorMgt

Heath

Check


N

AContractorMgt

Heath

Check

Security

Check


N

AContractorMgt

Heath

Check

Security Check

S


Name = N

Age = A, integerContractorMgt

Heath

Check

Security Check

Sex = M/F

Tag = Value Interface

Encapsulation

Class


Atomicity:Two-Phase Commit• Middleware lock records for update• Phase One

– process tries to lock all records it needs, one at a time– if needed record found locked, start over– (no real work done in phase one)

• If phase one succeeds, it starts second phase, – performing updates– releasing locks


Case Study: Buffer Failure Analysis

• Latent Fault in Buffer Flow Control.

• Software does not return ‘buffer full’ signal.

• Messages written to full buffers.

• Messages accepted and partially dropped.

• Application waits for complete message.


Case Study: Solution

• Fix the bug by returning appropriate indicator, or

• Re-launch message handler and avoid the problem:

• When buffers are half full.• Periodically (rejuvenation)• When a hang is detected.


Resources• Get Resource requires

1. request the resource

2. use the resource

3. release the resource

• Must wait if request is denied– requesting process may be blocked– may fail with error code


Definition of Deadlock

• Processes are deadlocked when every process waits for an event that only another process in the set can cause

• One thread, no interrupts• None of the processes can …

– run– release resources– be awakened


Four Conditions for Deadlock1. Mutual exclusion condition

• each resource assigned to 1 process or is available

2. Hold and wait condition• process holding resources can request additional

3. No preemption condition• previously granted resources cannot forcibly taken

away

4. Circular wait condition• must be a circular chain of 2 or more processes• each is waiting for resource held by next member of

the chain

CS 552 Spring 2006 Architecture1 Architecture part 1 CS 552 Spring ‘06.

Documents

spirit opportunity

spirit launchedjanuary

spirit restoredcs

thousands of files

spirit rover landsjanuary

architecture search

architecture lossmission

system integratorsview