SlideShare a Scribd company logo

Joe armstrong erlanga_languageforprogrammingreliablesystems

Sentifi
Sentifi

10 nines reliability

TechnologyNews & Politics
1 of 47
Download to read offline
Systems that never stop (and Erlang) Joe Armstrong
How can we get 10 nines reliability?
SIX LAWS
ONE ISOLATION
ISOLATION  10 nines = 99.99999999% availability  P(fail) = 10-10  If P(fail | one computer) = 10-3 then P(fail | four computers) = 10-12  Fixed
TWO CONCURRENCY
Concurrency  World is concurrent  Need at least TWO computers to make a non-stop sytem  TWO computer is concurrent and distributed
“My first message is that concurrency is best regarded as a program structuring principle” Structured concurrent programming – Tony Hoare Redmond, July 2001
THREE MUST DETECT FAILURES
Failure detection  If you can’t detect a failure you can’t fix it  Must work across machine boundaries the entire machine might fail  Implies distributed error handling, no shared state, asynchronous messaging
FOUR FAULT IDENTIFICATION
Failure Identification  Fault detection is not enough - you must no why the failure occurred  Implies that you have sufficient information for post hock debugging
FIVE LIVE CODE UPGRADE
Live code upgrade  Must upgrade software while it is running  Want zero down time
SIX STABLE STORAGE
Stable storage  Must store stuff forever  No backup necessary - storage just works  Implies multiple copies, distribution, ...  Must keep crash reports
HISTORY Those who cannot learn from history are doomed to repeat it. George Santayana
GRAY As with hardware, the key to software fault-tolerance is to hierarchically decompose large systems into modules, each module being a unit of service and a unit of failure. A failure of a module does not propagate beyond the module. ... The process achieves fault containment by sharing no state with other processes; its only contact with other processes is via messages carried by a kernel message system - Jim Gray - Why do computers stop and what can be done about it - Technical Report, 85.7 - Tandem Computers,1985
SCHNEIDER Halt on failure in the event of an error a processor should halt instead of performing a possibly erroneous operation. Failure status property when a processor fails, other processors in the system must be informed. The reason for failure must be communicated. Stable Storage Property The storage of a processor should be partitioned into stable storage (which survives a processor crash) and volatile storage which is lost if a processor crashes. Schneider ACM Computing Surveys 22(4):229-319, 1990
GRAY  Fault containment through fail-fast software modules.  Process-pairs to tolerant hardware and transient software faults.  Transaction mechanisms to provide data and message integrity.  Transaction mechanisms combined with process-pairs to ease exception handling and tolerate software fault  Software modularity through processes and messages.
KAY Folks -- Just a gentle reminder that I took some pains at the last OOPSLA to try to remind everyone that Smalltalk is not only NOT its syntax or the class library, it is not even about classes. I'm sorry that I long ago coined the term "objects" for this topic because it gets many people to focus on the lesser idea. The big idea is "messaging" -- that is what the kernal of Smalltalk/ Squeak is all about (and it's something that was never quite completed in our Xerox PARC phase).... http://lists.squeakfoundation.org/pipermail/squeak-dev/1998-October/ 017019.html
GRAY Software modularity through processes and messages. As with hardware, the key to software fault-tolerance is to hierarchically decompose large systems into modules, each module being a unit of service and a unit of failure. A failure of a module does not propagate beyond the module.
Fail Fast The process approach to fault isolation advocates that the process software be fail-fast, it should either function correctly or it should detect the fault, signal failure and stop operating. Processes are made fail-fast by defensive programming. They check all their inputs, intermediate results and data structures as a matter of course. If any error is detected, they signal a failure and stop. In the terminology of [Cristian], fail-fast software has small fault detection latency. Gray Why ...
Fail Early A fault in a software system can cause one or more errors. The latency time which is the interval between the existence of the fault and the occurrence of the error can be very high, which complicates the backwards analysis of an error ... For an effective error handling we must detect errors and failures as early as possible Renzel - Error Handling for Business Information Systems, Software Design and Management, GmbH & Co. KG, München, 2003
ARMSTRONG  Processes are the units of error encapsulation. Errors occurring in a process will not affect other processes in the system. We call this property strong isolation.  Processes do what they are supposed to do or fail as soon as possible.  Failure and the reason for failure can be detected by remote processes.  Processes share no state, but communicate by message passing. Armstrong Making reliable systems in the presence of software errors PhD Thesis, KTH, 2003
COMMERCIAL BREAK
Joe’s 2’nd theorem  Whatever Joe starts talking about, He will end up talking about Erlang
Erlang was designed to program fault-tolerant systems
Concurrent programming Functional programming Concurrency Oriented programming Erlang Fault Multicore tolerance
Erlang  Very light-weight processes  Very fast message passing  Total separation between processes  Automatic marshalling/demarshalling  Fast sequential code  Strict functional code  Dynamic typing  Transparent distribution  Compose sequential AND concurrent code
Properties  No sharing  Hot code replacement  Pure message passing  No locks  Lots of computers (= fault tolerant scalable ...)  Functional programming (no side effects)
What is COP? Machine Process Message ➡ Large numbers of processes ➡ Complete isolation between processes ➡ Location transparency ➡ No Sharing of data ➡ Pure message passing systems
Thread Safety Erlang programs are automatically thread safe if they don't use an external resource.
Functional If you call the same function twice with the same arguments it should return the same value “jolly good” Joe Armstrong
No Mutable State  Mutable state needs locks  No mutable state = no locks = programmers bliss
Multicore ready
The rise of the cores  2 cores won't hurt you  4 cores will hurt a little  8 cores will hurt a bit  16 will start hurting  32 cores will hurt a lot (2009)  ...  1 M cores ouch (2019)  (complete paradigm shift)  1997 1 Tflop = 850 KW  2007 1 Tflop = 24 W (factor 35,000)  2017 1 Tflop = ?
LAWS
ISOLATION CONCURRENCY Pid = spawn(.....) Pid = spawn(Node, ....) Pid ! Message receive Pattern1 -> Actions1; Pattern2 -> Actions2; ... end
FAULT IDENTIFICATION link(Pid), receive {Pid, ‘EXIT’, Why} -> ... end
LIVE CODE UPGRADE  Can upgrade code while its running  Existing processes continue to use original code, new processes run new code - no mixups of namespaces  Sophisticated roll-forward, roll-back, roll-back-on-error functions in OTP libraries  Properly designed systems can be rolled-forward and back with no loss of service. Not easy, but possible
STABLE STORAGE  Performed in libraries mnesia:transaction( fun() -> Val = mnesia:read(Key), mnesia:write({Key,Val}), ... end)
Projects  CouchDB  Amazon SimpleDB  Mochiweb (facebook chat)  Scalaris  Nitrogren  Ejabberd (xmpp)  Rabbit MQ (amqp)  ....
Companies  Ericsson  Amazon  Tail-f  Kreditor  Synapse  ...
Books
THE END

Recommended

Keynote joearmstrong
Keynote joearmstrongKeynote joearmstrong
Keynote joearmstrong
Sentifi
 
Back end analytics_platform_2013_v1.0
Back end analytics_platform_2013_v1.0Back end analytics_platform_2013_v1.0
Back end analytics_platform_2013_v1.0
Sentifi
 
Japan palaces
Japan palacesJapan palaces
Japan palaces
Sentifi
 
Gnt Flurry
Gnt FlurryGnt Flurry
Gnt Flurry
Sentifi
 
Introduce play
Introduce playIntroduce play
Introduce play
Sentifi
 
SOCIAM: The Theory and Practice of Social Machines
SOCIAM: The Theory and Practice of Social MachinesSOCIAM: The Theory and Practice of Social Machines
SOCIAM: The Theory and Practice of Social Machines
SOCIAM Project
 
Erlang
ErlangErlang
Erlang
ESUG
 
An introduction to erlang
An introduction to erlangAn introduction to erlang
An introduction to erlang
Mirko Bonadei
 

Recommended

Keynote joearmstrong
Keynote joearmstrongKeynote joearmstrong
Keynote joearmstrong
Sentifi
 
Back end analytics_platform_2013_v1.0
Back end analytics_platform_2013_v1.0Back end analytics_platform_2013_v1.0
Back end analytics_platform_2013_v1.0
Sentifi
 
Japan palaces
Japan palacesJapan palaces
Japan palaces
Sentifi
 
Gnt Flurry
Gnt FlurryGnt Flurry
Gnt Flurry
Sentifi
 
Introduce play
Introduce playIntroduce play
Introduce play
Sentifi
 
SOCIAM: The Theory and Practice of Social Machines
SOCIAM: The Theory and Practice of Social MachinesSOCIAM: The Theory and Practice of Social Machines
SOCIAM: The Theory and Practice of Social Machines
SOCIAM Project
 
Erlang
ErlangErlang
Erlang
ESUG
 
An introduction to erlang
An introduction to erlangAn introduction to erlang
An introduction to erlang
Mirko Bonadei
 
Sioux Hot-or-Not: Functional programming: unlocking the real power of multi-c...
Sioux Hot-or-Not: Functional programming: unlocking the real power of multi-c...Sioux Hot-or-Not: Functional programming: unlocking the real power of multi-c...
Sioux Hot-or-Not: Functional programming: unlocking the real power of multi-c...
siouxhotornot
 
Networking and Computer Troubleshooting
Networking and Computer TroubleshootingNetworking and Computer Troubleshooting
Networking and Computer Troubleshooting
Rence Montanes
 
NDC London 2014: Erlang Patterns Matching Business Needs
NDC London 2014: Erlang Patterns Matching Business NeedsNDC London 2014: Erlang Patterns Matching Business Needs
NDC London 2014: Erlang Patterns Matching Business Needs
Torben Hoffmann
 
Erlang OTP
Erlang OTPErlang OTP
Erlang OTP
Zvi Avraham
 
Fault tolerance
Fault toleranceFault tolerance
Fault tolerance
Aman Balutia
 
RTOS - Real Time Operating Systems
RTOS - Real Time Operating SystemsRTOS - Real Time Operating Systems
RTOS - Real Time Operating Systems
Emertxe Information Technologies Pvt Ltd
 
Nt1330 Unit 1 Problem Analysis Paper
Nt1330 Unit 1 Problem Analysis PaperNt1330 Unit 1 Problem Analysis Paper
Nt1330 Unit 1 Problem Analysis Paper
Joanna Paulsen
 
Writing and testing high frequency trading engines in java
Writing and testing high frequency trading engines in javaWriting and testing high frequency trading engines in java
Writing and testing high frequency trading engines in java
Peter Lawrey
 
Let it crash! The Erlang Approach to Building Reliable Services
Let it crash! The Erlang Approach to Building Reliable ServicesLet it crash! The Erlang Approach to Building Reliable Services
Let it crash! The Erlang Approach to Building Reliable Services
Brian Troutwine
 
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON
 
Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0
Emertxe Information Technologies Pvt Ltd
 
Peyton jones-2011-parallel haskell-the_future
Peyton jones-2011-parallel haskell-the_futurePeyton jones-2011-parallel haskell-the_future
Peyton jones-2011-parallel haskell-the_future
Takayuki Muranushi
 
Simon Peyton Jones: Managing parallelism
Simon Peyton Jones: Managing parallelismSimon Peyton Jones: Managing parallelism
Simon Peyton Jones: Managing parallelism
Skills Matter
 
Techno-Fest-15nov16
Techno-Fest-15nov16Techno-Fest-15nov16
Techno-Fest-15nov16
Satish Navkar
 
Osdc 2011 michael_neale
Osdc 2011 michael_nealeOsdc 2011 michael_neale
Osdc 2011 michael_neale
Michael Neale
 
KEY CONCEPTS FOR SCALABLE STATEFUL SERVICES
KEY CONCEPTS FOR SCALABLE STATEFUL SERVICESKEY CONCEPTS FOR SCALABLE STATEFUL SERVICES
KEY CONCEPTS FOR SCALABLE STATEFUL SERVICES
Mykola Novik
 
Audit
AuditAudit
Audit
Mark Ellzey Thomas
 
How smartly Erlang uses Distributed Computing
How smartly Erlang uses Distributed ComputingHow smartly Erlang uses Distributed Computing
How smartly Erlang uses Distributed Computing
Mandeep Singh
 
The pragmatic programmer
The pragmatic programmerThe pragmatic programmer
The pragmatic programmer
LeylimYaln
 
Embedded Systems
Embedded SystemsEmbedded Systems
Embedded Systems
Benjim Thomas Mathew
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
hans926745
 

More Related Content

Similar to Joe armstrong erlanga_languageforprogrammingreliablesystems

Networking and Computer Troubleshooting
Networking and Computer TroubleshootingNetworking and Computer Troubleshooting
Networking and Computer Troubleshooting
Rence Montanes
 
Nt1330 Unit 1 Problem Analysis Paper
Nt1330 Unit 1 Problem Analysis PaperNt1330 Unit 1 Problem Analysis Paper
Nt1330 Unit 1 Problem Analysis Paper
Joanna Paulsen
 
Let it crash! The Erlang Approach to Building Reliable Services
Let it crash! The Erlang Approach to Building Reliable ServicesLet it crash! The Erlang Approach to Building Reliable Services
Let it crash! The Erlang Approach to Building Reliable Services
Brian Troutwine
 
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON
 
Simon Peyton Jones: Managing parallelism
Simon Peyton Jones: Managing parallelismSimon Peyton Jones: Managing parallelism
Simon Peyton Jones: Managing parallelism
Skills Matter
 
KEY CONCEPTS FOR SCALABLE STATEFUL SERVICES
KEY CONCEPTS FOR SCALABLE STATEFUL SERVICESKEY CONCEPTS FOR SCALABLE STATEFUL SERVICES
KEY CONCEPTS FOR SCALABLE STATEFUL SERVICES
Mykola Novik
 

Similar to Joe armstrong erlanga_languageforprogrammingreliablesystems (20)

Sioux Hot-or-Not: Functional programming: unlocking the real power of multi-c...
Sioux Hot-or-Not: Functional programming: unlocking the real power of multi-c...Sioux Hot-or-Not: Functional programming: unlocking the real power of multi-c...
Sioux Hot-or-Not: Functional programming: unlocking the real power of multi-c...
 
Networking and Computer Troubleshooting
Networking and Computer TroubleshootingNetworking and Computer Troubleshooting
Networking and Computer Troubleshooting
 
NDC London 2014: Erlang Patterns Matching Business Needs
NDC London 2014: Erlang Patterns Matching Business NeedsNDC London 2014: Erlang Patterns Matching Business Needs
NDC London 2014: Erlang Patterns Matching Business Needs
 
Erlang OTP
Erlang OTPErlang OTP
Erlang OTP
 
Fault tolerance
Fault toleranceFault tolerance
Fault tolerance
 
RTOS - Real Time Operating Systems
RTOS - Real Time Operating SystemsRTOS - Real Time Operating Systems
RTOS - Real Time Operating Systems
 
Nt1330 Unit 1 Problem Analysis Paper
Nt1330 Unit 1 Problem Analysis PaperNt1330 Unit 1 Problem Analysis Paper
Nt1330 Unit 1 Problem Analysis Paper
 
Writing and testing high frequency trading engines in java
Writing and testing high frequency trading engines in javaWriting and testing high frequency trading engines in java
Writing and testing high frequency trading engines in java
 
Let it crash! The Erlang Approach to Building Reliable Services
Let it crash! The Erlang Approach to Building Reliable ServicesLet it crash! The Erlang Approach to Building Reliable Services
Let it crash! The Erlang Approach to Building Reliable Services
 
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
 
Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0
 
Peyton jones-2011-parallel haskell-the_future
Peyton jones-2011-parallel haskell-the_futurePeyton jones-2011-parallel haskell-the_future
Peyton jones-2011-parallel haskell-the_future
 
Simon Peyton Jones: Managing parallelism
Simon Peyton Jones: Managing parallelismSimon Peyton Jones: Managing parallelism
Simon Peyton Jones: Managing parallelism
 
Techno-Fest-15nov16
Techno-Fest-15nov16Techno-Fest-15nov16
Techno-Fest-15nov16
 
Osdc 2011 michael_neale
Osdc 2011 michael_nealeOsdc 2011 michael_neale
Osdc 2011 michael_neale
 
KEY CONCEPTS FOR SCALABLE STATEFUL SERVICES
KEY CONCEPTS FOR SCALABLE STATEFUL SERVICESKEY CONCEPTS FOR SCALABLE STATEFUL SERVICES
KEY CONCEPTS FOR SCALABLE STATEFUL SERVICES
 
Audit
AuditAudit
Audit
 
How smartly Erlang uses Distributed Computing
How smartly Erlang uses Distributed ComputingHow smartly Erlang uses Distributed Computing
How smartly Erlang uses Distributed Computing
 
The pragmatic programmer
The pragmatic programmerThe pragmatic programmer
The pragmatic programmer
 
Embedded Systems
Embedded SystemsEmbedded Systems
Embedded Systems
 

Recently uploaded

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Recently uploaded (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Joe armstrong erlanga_languageforprogrammingreliablesystems

  • 1. Systems that never stop (and Erlang) Joe Armstrong
  • 2. How can we get 10 nines reliability?
  • 5. ISOLATION  10 nines = 99.99999999% availability  P(fail) = 10-10  If P(fail | one computer) = 10-3 then P(fail | four computers) = 10-12  Fixed
  • 7. Concurrency  World is concurrent  Need at least TWO computers to make a non-stop sytem  TWO computer is concurrent and distributed
  • 8. “My first message is that concurrency is best regarded as a program structuring principle” Structured concurrent programming – Tony Hoare Redmond, July 2001
  • 9. THREE MUST DETECT FAILURES
  • 10. Failure detection  If you can’t detect a failure you can’t fix it  Must work across machine boundaries the entire machine might fail  Implies distributed error handling, no shared state, asynchronous messaging
  • 11. FOUR FAULT IDENTIFICATION
  • 12. Failure Identification  Fault detection is not enough - you must no why the failure occurred  Implies that you have sufficient information for post hock debugging
  • 13. FIVE LIVE CODE UPGRADE
  • 14. Live code upgrade  Must upgrade software while it is running  Want zero down time
  • 16. Stable storage  Must store stuff forever  No backup necessary - storage just works  Implies multiple copies, distribution, ...  Must keep crash reports
  • 17. HISTORY Those who cannot learn from history are doomed to repeat it. George Santayana
  • 18. GRAY As with hardware, the key to software fault-tolerance is to hierarchically decompose large systems into modules, each module being a unit of service and a unit of failure. A failure of a module does not propagate beyond the module. ... The process achieves fault containment by sharing no state with other processes; its only contact with other processes is via messages carried by a kernel message system - Jim Gray - Why do computers stop and what can be done about it - Technical Report, 85.7 - Tandem Computers,1985
  • 19. SCHNEIDER Halt on failure in the event of an error a processor should halt instead of performing a possibly erroneous operation. Failure status property when a processor fails, other processors in the system must be informed. The reason for failure must be communicated. Stable Storage Property The storage of a processor should be partitioned into stable storage (which survives a processor crash) and volatile storage which is lost if a processor crashes. Schneider ACM Computing Surveys 22(4):229-319, 1990
  • 20. GRAY  Fault containment through fail-fast software modules.  Process-pairs to tolerant hardware and transient software faults.  Transaction mechanisms to provide data and message integrity.  Transaction mechanisms combined with process-pairs to ease exception handling and tolerate software fault  Software modularity through processes and messages.
  • 21. KAY Folks -- Just a gentle reminder that I took some pains at the last OOPSLA to try to remind everyone that Smalltalk is not only NOT its syntax or the class library, it is not even about classes. I'm sorry that I long ago coined the term "objects" for this topic because it gets many people to focus on the lesser idea. The big idea is "messaging" -- that is what the kernal of Smalltalk/ Squeak is all about (and it's something that was never quite completed in our Xerox PARC phase).... http://lists.squeakfoundation.org/pipermail/squeak-dev/1998-October/ 017019.html
  • 22. GRAY Software modularity through processes and messages. As with hardware, the key to software fault-tolerance is to hierarchically decompose large systems into modules, each module being a unit of service and a unit of failure. A failure of a module does not propagate beyond the module.
  • 23. Fail Fast The process approach to fault isolation advocates that the process software be fail-fast, it should either function correctly or it should detect the fault, signal failure and stop operating. Processes are made fail-fast by defensive programming. They check all their inputs, intermediate results and data structures as a matter of course. If any error is detected, they signal a failure and stop. In the terminology of [Cristian], fail-fast software has small fault detection latency. Gray Why ...
  • 24. Fail Early A fault in a software system can cause one or more errors. The latency time which is the interval between the existence of the fault and the occurrence of the error can be very high, which complicates the backwards analysis of an error ... For an effective error handling we must detect errors and failures as early as possible Renzel - Error Handling for Business Information Systems, Software Design and Management, GmbH & Co. KG, München, 2003
  • 25. ARMSTRONG  Processes are the units of error encapsulation. Errors occurring in a process will not affect other processes in the system. We call this property strong isolation.  Processes do what they are supposed to do or fail as soon as possible.  Failure and the reason for failure can be detected by remote processes.  Processes share no state, but communicate by message passing. Armstrong Making reliable systems in the presence of software errors PhD Thesis, KTH, 2003
  • 27.
  • 28. Joe’s 2’nd theorem  Whatever Joe starts talking about, He will end up talking about Erlang
  • 29. Erlang was designed to program fault-tolerant systems
  • 30. Concurrent programming Functional programming Concurrency Oriented programming Erlang Fault Multicore tolerance
  • 31. Erlang  Very light-weight processes  Very fast message passing  Total separation between processes  Automatic marshalling/demarshalling  Fast sequential code  Strict functional code  Dynamic typing  Transparent distribution  Compose sequential AND concurrent code
  • 32. Properties  No sharing  Hot code replacement  Pure message passing  No locks  Lots of computers (= fault tolerant scalable ...)  Functional programming (no side effects)
  • 33. What is COP? Machine Process Message ➡ Large numbers of processes ➡ Complete isolation between processes ➡ Location transparency ➡ No Sharing of data ➡ Pure message passing systems
  • 34. Thread Safety Erlang programs are automatically thread safe if they don't use an external resource.
  • 35. Functional If you call the same function twice with the same arguments it should return the same value “jolly good” Joe Armstrong
  • 36. No Mutable State  Mutable state needs locks  No mutable state = no locks = programmers bliss
  • 38. The rise of the cores  2 cores won't hurt you  4 cores will hurt a little  8 cores will hurt a bit  16 will start hurting  32 cores will hurt a lot (2009)  ...  1 M cores ouch (2019)  (complete paradigm shift)  1997 1 Tflop = 850 KW  2007 1 Tflop = 24 W (factor 35,000)  2017 1 Tflop = ?
  • 39. LAWS
  • 40. ISOLATION CONCURRENCY Pid = spawn(.....) Pid = spawn(Node, ....) Pid ! Message receive Pattern1 -> Actions1; Pattern2 -> Actions2; ... end
  • 41. FAULT IDENTIFICATION link(Pid), receive {Pid, ‘EXIT’, Why} -> ... end
  • 42. LIVE CODE UPGRADE  Can upgrade code while its running  Existing processes continue to use original code, new processes run new code - no mixups of namespaces  Sophisticated roll-forward, roll-back, roll-back-on-error functions in OTP libraries  Properly designed systems can be rolled-forward and back with no loss of service. Not easy, but possible
  • 43. STABLE STORAGE  Performed in libraries mnesia:transaction( fun() -> Val = mnesia:read(Key), mnesia:write({Key,Val}), ... end)
  • 44. Projects  CouchDB  Amazon SimpleDB  Mochiweb (facebook chat)  Scalaris  Nitrogren  Ejabberd (xmpp)  Rabbit MQ (amqp)  ....
  • 45. Companies  Ericsson  Amazon  Tail-f  Kreditor  Synapse  ...
  • 46. Books