非表示:
キーワード:
-
要旨:
Database recovery does not mask failures to applications and users. Recovery is
needed that considers data, messages, and application components. Special cases
have been studied, but clear principles for recovery guarantees in general
multi-tier applications such as web-based e-services are missing. We develop a
framework for recovery guarantees that masks almost all failures. The main
concept is an interaction contract between two components, a pledge as to
message and state persistence, and contract release. Contracts are composed
into system-wide agreements so that a set of components is provably recoverable
with exactly-once message delivery and execution, except perhaps for crash
interrupted user input or output. Our implementation techniques reduce logging
cost, allow effective log truncation, and provide independent recovery for
critical server components. Interaction contracts form the basis for our
Phoenix/{COM} project on persistent components. Our framework's utility is
demonstrated with a case study of a web-based e-service.
