marzullo@grimnir.cs.cornell.edu (Keith Marzullo) (11/03/90)
Three additional technical reports have been placed on the anonymous directory on cu_arpa.cs.cornell.edu. Each is stored in compressed postscript, and is named with the TR number (e.g., TR90-1141.ps.Z). TR90-1141: MTP: An Atomic Multicast Transport Protocol Alan O. Freier and Keith Marzullo This paper describes MTP: a reliable transport protocol that utilizes the multicast strategy of applicable lower layer network architectures. In addition to transporting data reliably and efficiently, MTP provides the client synchronization necessary for agreement on the receipt of data and the joining of the group of communicants. TR90-1155: Making Real-Time Reactive Systems Reliable Keith Marzullo and Mark Wood (Position paper from the Fourth European SIGOPS Workshop, September 3-5 1990, Bologna). A reactive system is characterized by a control program that interacts with an environment}. The control program monitors the environment and reacts to significant events by sending commands to the environment. This structure is quite general. Not only are most embedded real-time systems reactive systems, but so are monitoring and debugging systems and distributed application management systems. Since reactive systems are usually long-running and may control physical equipment, fault-tolerance is vital. Our research tries to understand the principal issues of fault-tolerance in real-time reactive systems and to build tools that allow a programmer to design reliable, real-time reactive systems. TR90-1156: Tolerating Failures of Continuous-Valued Sensors Keith Marzullo One aspect of fault-tolerance in process control programs is the ability to tolerate sensor failure. This paper presents a methodology for transforming a process control program that cannot tolerate sensor failures into one that can. Issues addressed include modifying specifications in order to accommodate uncertainty in sensor values and averaging sensor values in a fault-tolerant manner. In addition, a hierarchy of sensor failure models is identified, and both the attainable accuracy and the run-time complexity of sensor averaging with respect to this hierarchy is discussed.