This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: 408 Message-Passing Concurrency Messages will still ping-pong indefinitely, but how? Which messages will be sent and how will the object executions be interleaved? Will the interleaving be in lock-step (alternating between objects strictly), looser (subject to fluctuations due to thread scheduling), or something in between? 2. Lift control system . Section 5.4.4 gives the design of a simple lift control system. Let us explore it: • The current design has one controller object per lift. To economize on costs, the developer decides to change this to keep just one controller for the whole system. Each lift then communicates with this controller. The controller’s internal definition stays the same. Is this a good idea? How does it change the behavior of the lift control system? • In the current design, the controller steps up or down one floor at a time. It stops at all floors that it passes, even if the floor was not requested. Change the lift and controller objects to avoid this jumpy behavior by stopping only at requested floors. 3. Fault tolerance for the lift control system . There are two kinds of faults that can happen: components can be blocked temporarily or they can be permanently out of order. Let us see how to handle each case: • A lift is blocked. Extend the system to continue working when a lift is temporarily blocked at a floor by a malicious user. First extend the floor to reset the door timer when the floor is called while the doors are open. Then the lift’s schedule should be given to other lifts and the floors should no longer call that particular lift. When the lift works again, floors should again be able to call the lift. This can be done with time-outs. • A lift is out of order. The first step is to add generic primitives for failure detection. We might need both synchronous and asynchronous detection. In synchronous detection, when a component goes down, we assume that any message sent to it gets the immediate reply down(Id) , where Id identifies the component. In asynchronous detection, we “link” a component to another when they are both still working. Then, when the second component crashes, the down message is sent to the first one immediately. Now extend the system to continue working when a lift is out of order. The system should reconfigure itself to continue working for a building with one less lift. • A floor is out of order. Extend the system to continue working when a floor is out of order. The system should reconfigure itself to continue working for a building with one less floor. • Lift maintenance. Extend the system so that a lift can be brought down for maintenance and brought back up again later. Copyright c 2001-3 by P. Van Roy and S. Haridi. All rights reserved. 5.8 Exercises 409 • Interactions. What happens if several floors and lifts become out of order simultaneously? Does your system handle this properly?...
View Full Document
This document was uploaded on 08/10/2011.
- Spring '11