3 Software Fault Tolerance

replication checks

compare outputs of matching modules

Timing checks

use of timers to check timing constraints

Reversal checks

reverse output and check against inputs

Coding checks

parity, Hamming codes, etc

Reasonable checks

use semantic properties of data

Structural checks

redundancy in data structures

Validity checks

divide by 0, check array bounds, overflow

Interface exception

Invalid service request detected by interface detectors and corrected by service requestor

Local / internal exception

Problems with own internal operations detected by local detectors and corrected by local correctors

Failure exception

When internal errors propagate to interface, and detected by interface detectors. Global correction may be needed, e.g., look for another server

Forward error recovery

Upon detection of error, program attempts to get into a state which is no longer erroneous (we will see how recovery blocks enable this)

Backward error recovery

Upon detection of error, program rolls back to a previously “recorded” good point (we will see how checkpoints enable this) from which it can restart executing

Recovery Line

A recovery line is a set of checkpoints across all processes to which the programs can be rolled back, in the event of failure, to ensure consistent error-free state of the system

OK to checkpoint after a message send
Not ok to checkpoint prior to a message receive (need to process pending messages first)

A recovery line is said to be consistent if

there are no messages that originate (temporally speaking) after the line and terminate before it

In other words, along the recovery line, there can not be a receive without a corresponding send the reverse is allowed, because temporally speaking, receive will occur after send