Information Technology Reference
In-Depth Information
to guide a transformation that rewrites all the critical accesses to use the
replication options." \And we do that marking throughout the computational
view?" \Better still, mark the key types in the information view, if you can,"
said Alex. \That way there will be less scope for error, as long as the same
requirements apply whenever a sensitive type is used; and that's often the
case."
As if to punctuate the discussion, the buildings smart lighting system chose
this moment to respond to the gathering dusk by fading up the concealed
ceiling spots.
9.1 What Is a Transparency?
Distributed systems are inherently more complex and unpredictable than
monolithic ones. As Leslie Lamport is widely reported to have said, \A dis-
tributed system is a system in which I can't do my work because some com-
puter that I've never even heard of has failed." Distributed systems are subject
to all sorts of problems, from clock skew to uncoordinated change manage-
ment. There are well-known solutions to many of these problems, but some
of them are subtle and easy to get wrong, and all of them make the designer's
life more dicult. There are just a lot more potential kinds of error to be
considered when distribution is present.
It would be nice if we could hide
some of this complexity.
But there is no magic bullet. We can hide transmission errors by using ac-
knowledgements and repeating lost material, but the result is a less predictable
transit delay. We can safeguard against local power failures by keeping non-
volatile copies of data, but this slows the system down, and is unlikely to be
effective against flood or earthquake.
However, we can still make things simpler by reducing the number of kinds
of error, hiding some errors completely if we accept the potential costs, and
acknowledge that there will still be some rarer but more serious errors that
get through. We express this by using the idea of a transparency . When
designers request a transparency, they are stating that they wish to work in an
environment where a corresponding class of problem will not be seen. Either
the problem will be fixed by the infrastructure or, if this process fails, a single
more serious kind of error will be reported. More formally, this simplified
view of the infrastructure is requested by declaring a transparency schema
that says what language features used to express the design (or, equivalently,
the virtual machine supporting it) should hide selected exceptions from the
designer. Figure 9.1 illustrates how this hiding takes place.
The infrastructure then configures itself based on this request for the
transparency. What it actually does depends on the environment in which
it operates. Consider a request from an application designer that migration
