ken@cs.cornell.edu (Ken Birman) (06/26/91)
Here's a simple problem to think about, which would be easy to solve using ISIS and quite useful. Lots of people ask us about the Deceit file system, but actually need something less elaborate. The question is how to design a process group whose members manage replicas of an "append-only" file. Operations would be to: create the file write a record to the end of the file read the file (normal UNIX-style random-access read) truncate the file Note that random-access writes can easily be modelled using this sort of a log; Rosenblum and Ousterhout in fact built a whole file system using logs to represent everything. The goal of our tool should be to support recovery from crashes. If copy "a" crashes and recovers, the problem is to transfer the changed portion of the file to "a". Because the file access patterns are so simple, this just involves a fairly simple state transfer. If "a" comes up and no other copies are running, you have a problem of determining which copy was last to fail. ISIS actually has a mechanism for this, as part of the news tool, but a simple alternative would be to have a process group that tracks this and make the rule that "a" cannot recover without contacting either the group or this witness group, and that when a copy fails no new writes can be done before the witness group is told. Barbara Liskov uses this in some of her work. If you come up with something nice, I suggest that you consider posting it... we do plan to extend ISIS to include a tool of this sort sometime in the not very distant future. -- Kenneth P. Birman E-mail: ken@cs.cornell.edu 4105 Upson Hall, Dept. of Computer Science TEL: 607 255-9199 (office) Cornell University Ithaca, NY 14853 (USA) FAX: 607 255-4428