CMPSC 311, Reliable Systems

CMPSC 311, Introduction to Systems Programming

Reliable Systems

Some Engineering Education Philosophy

The standard pedagogical questions are,

Do we educate students, or train students?
Do we teach fundamentals, or current practice?
Do we encourage the students to experiment and learn for themselves?
Does learning end when the student finishes the course?

We want students to be immediately employable, and to have a successful 40-year career, so there needs to be elements of both fundamentals and current practice, with emphasis on the fundamentals for the long term.

In the computer business, you need to refresh your knowledge at least every five years.
If you can't learn something new, quickly and thoroughly, you'll have a short career.

The ability to apply fundamental knowledge to current practice, and to use both to create new practice, is our goal.

So, what are the fundamentals?

Some Engineering Design Philosophy

To design is to make decisions.
Decisions are always compromises.
There is more than one solution to a design problem.

But, you don't have to accept bad compromises.

The choices leading to a successful solution depend on the technologies available at the time, and the environment in which the product will be used.

Fundamentals of Engineering

Technologies and environments change, so the application of fundamentals, and consensus agreement about what is or is not fundamental, must change as well.
Traditional definitions

The fundamental technology common to all engineering curricula
The laws and theories of science which are basic to engineering practice
Basic and theoretical information that does not change

A working definition

The laws of nature as understood today, and the body of past practice that has not yet been discredited or outmoded

For Computer Engineering, the fundamentals include Physics, Chemistry, Materials Science, Electrical Engineering, etc.
For Software Engineering and Computer Science, the fundamentals also include Mathematics, Probability and Statistics, etc.
For Robotics, add in Mechanical Engineering, etc.
and so on ...

Design decisions are based on

comparative costs of feasible technology,
projected market,
time to delivery,
product lifetime,
customer retention,
customer satisfaction.

All these must be considered together.

When do we consider issues beyond the product and customer, such as ethics and public safety?

What does it mean for a system to be reliable?

Important metrics for components of a computer system, and for the whole system

Performance
Expandability, diversity / heterogeneity
Dependability
Cost, size, weight, power
Security

Dependability, Reliability, Availability

System states – actual behavior vs. specification

Service accomplishment – behavior as expected
Service interruption – behavior not as expected

Degraded – slower but still functional
Interrupted – not functional
Intermittent? Temporary? Short? Extended? Permanent?

Transition 1. to 2. is a failure of service
Transition 2. to 1. is a restoration of service

Reliability – a measure of continuous service accomplishment

time, actual or projected

Availability – a measure of service accomplishment, continuous or not

percentage

Dependability, Reliability, Availability

Reliability is measured by the mean time to failure (MTTF).
Service interruption is measured by mean time to repair (MTTR).
Availability is a measure of service accomplishment

Availability = MTTF / (MTTF + MTTR)

To increase MTTF, either improve the quality of the components or design the system to continue operating in the presence of faulty components.

Fault avoidance: preventing fault occurrence by construction
Fault detection: if faults occur, make note of it
Fault tolerance: fault detection plus fault correction

(software) use a workaround, a different method that succeeds
(hardware) use redundancy to correct or bypass faulty components
Permanent faults vs. transient faults?

Levels of Dependability

Failure rate

Does not fail
Rarely fails
Frequently fails
Remind me why I bought this PoC?

Failure recovery mechanism

Recovers from failure

Component failure does not lead to system failure or degradation

Adjusts to failure
Notices failure
Ignores failure
Refuses to acknowledge failure
Manual reboot

Real-time systems usually have multiple constraints

Example, from CS:APP, Sec. 11.3.3, Internet Connections, p. 899

"Internet clients and servers communicate by sending and receiving streams of bytes over connections. A connection is point-to-point in the sense that it connects a pair of processes. It is full-duplex in the sense that data can flow in both directions at the same time. And it is reliable in the sense that – barring some catastrophic failure such as a cable cut by the proverbial careless backhoe operator – the stream of bytes sent by the source process is eventually received by the destination process in the same order it was sent."

Example - open for discussion

GM and Segway unveil new two-wheeled urban vehicle (Associated Press news report, 7 Apr. 2009)

http://news.yahoo.com/s/ap/20090407/ap_on_bi_ge/general_motors_segway – expired; excerpts below
http://www.segway.com/puma/ (includes video)
http://fastlane.gmblogs.com/archives/2009/04/project_puma.html (expired)
http://blogs.motortrend.com/ (includes photos)
http://www.treehugger.com/ (includes video)

NEW YORK – A solution to the world's urban transportation problems could lie in two wheels not four, according to executives for General Motors Corp. and Segway Inc.

The companies announced Tuesday that they are working together to develop a two-wheeled, two-seat electric vehicle designed to be a fast, safe, inexpensive and clean alternative to traditional cars and trucks for cities across the world.

The Personal Urban Mobility and Accessibility, or PUMA, project also would involve a vast communications network that would allow vehicles to interact with each other, regulate the flow of traffic and prevent crashes from happening.

The 300-pound prototype runs on a lithium-ion battery and uses Segway's characteristic two-wheel balancing technology, along with dual electric motors. It's designed to reach speeds of up to 35 miles-per-hour and can run 35 miles on a single charge.

Ideally, the vehicles would also be part of a communications network that through the use of transponder and GPS technology would allow them to drive themselves. The vehicles would automatically avoid obstacles such as pedestrians and other cars and therefore never crash, Burns said. [Larry Burns was GM's vice president of research and development, and strategic planning; he retired in Oct. 2009 after 40 years with GM.]

As a result, the PUMA vehicles would not need air bags or other traditional safety devices and include safety belts for "comfort purposes" only, he said.

Though the technology and its goals may seem like something out of science fiction, Burns said nothing new needs to be invented for it to become a reality.

"At this point, it's merely a business decision," he said.

Burns said that while putting that kind of communications infrastructure in place may still be a ways off for many American cities, the automaker is looking for a place, such as a college campus, where the vehicles could be put to use and grab a foothold in the market.

Software Engineering Code of Ethics and Professional Practice

Software Engineering Code of Ethics and Professional Practice (Short Version)

PREAMBLE

The short version of the code summarizes aspirations at a high level of the abstraction; the clauses that are included in the full version give examples and details of how these aspirations change the way we act as software engineering professionals. Without the aspirations, the details can become legalistic and tedious; without the details, the aspirations can become high sounding but empty; together, the aspirations and the details form a cohesive code.

Software engineers shall commit themselves to making the analysis, specification, design, development, testing and maintenance of software a beneficial and respected profession. In accordance with their commitment to the health, safety and welfare of the public, software engineers shall adhere to the following Eight Principles:

1. PUBLIC - Software engineers shall act consistently with the public interest.

2. CLIENT AND EMPLOYER - Software engineers shall act in a manner that is in the best interests of their client and employer consistent with the public interest.

3. PRODUCT - Software engineers shall ensure that their products and related modifications meet the highest professional standards possible.

4. JUDGMENT - Software engineers shall maintain integrity and independence in their professional judgment.

5. MANAGEMENT - Software engineering managers and leaders shall subscribe to and promote an ethical approach to the management of software development and maintenance.

6. PROFESSION - Software engineers shall advance the integrity and reputation of the profession consistent with the public interest.

7. COLLEAGUES - Software engineers shall be fair to and supportive of their colleagues.

8. SELF - Software engineers shall participate in lifelong learning regarding the practice of their profession and shall promote an ethical approach to the practice of the profession.

Last revised, 4 Jan. 2013