Issues for Fault Tolerance FTF Mailing List

To comment on any of these issues, send email to ft-ftf@omg.org. (Please include the issue number in the Subject: header, thusly: [Issue ###].) To submit a new issue, send email to issues@omg.org.

List of issues (green=resolved, yellow=pending Board vote, red=unresolved)

List options: All ; Open Issues only; or Closed Issues only

Issue 3516: following question regarding modifications to CORBA core
Issue 3747: define the State as typedef any State
Issue 3778: Issue with 'factory'
Issue 3856: Propose Remove use of Filter
Issue 3908: Encoding of Service Contexts in Fault Tolerant CORBA specification missing
Issue 3910: typedef issue
Issue 3976: Harmful deprecation of LOCATE_FORWARD_PERM for Faut Tolerant CORBA
Issue 4066: term "method" used wrongly
Issue 4109: On page 27-9 of the FT CORBA spec, under "Application-Controlled Membership

Issue 3516: following question regarding modifications to CORBA core (ft-ftf)

Click here for this issue's archive.
Source: Sun Microsystems (Dr. Anita Jindal, anita.jindal@sun.com)
Nature: Clarification
Severity:
Summary:

Basically, the Failure OBJ_ADAPTER is considered a failover condition in the 
document that was sent out.  In most cases OBJ_ADAPTER exception may be thrown 
when there is an internal ORB error.  In case of an internal ORB error, the 
retry on the TAG_ALTERNATE_IIOP_ADDRESS may still yield the same exception. This 
may be inefficient.  Do you see situations where doing a failover on this 
particular exception is useful.

Resolution: Remove OBJ_ADAPTER from this list.
Revised Text:
Actions taken:
March 29, 2000: received issue
May 24, 2001: closed issue

Issue 3747: define the State as typedef any State (ft-ftf)

Click here for this issue's archive.
Source: Eternal Systems (Dr. Louise E. Moser, moser@eternal-systems.com)
Nature: Uncategorized Issue
Severity:
Summary:

The Fault Tolerant CORBA specification defines the State used by the
get_state(), set_state(), get_update(), set_update() methods, as

   typedef sequence<octet> State

Those methods must be implemented by the application programmers.  
They will find their task easier if we define the State as:

   typedef any State

Resolution: rejected
Revised Text: Replace the definition of State in Section 27.5.4 on pages 27-84 and 27-85 and in Appendix A Consolidated IDL on page 27-102 by: any State;
Actions taken:
July 18, 2000: received issue
May 24, 2001: closed sse,

Issue 3778: Issue with 'factory' (ft-ftf)

Click here for this issue's archive.
Source: Eternal Systems (Dr. Louise E. Moser, moser@eternal-systems.com)
Nature: Uncategorized Issue
Severity:
Summary:

The Fault Tolerant CORBA specification contains the following struct.

  struct FactoryInfo 
  {
       GenericFactory factory;
       Location the_location;
       Criteria the_criteria;
  };

This causes a problem for the IDL compilers of some vendors, because
"factory" is a keyword in CORBA V2.3.  See CORBA V2.3, page 3-8, Lexical
Conventions, June 1999.

We need to change "factory" in this struct to "fact", "fctry",
"generic_factory", or whatever.  What is your preference?

Resolution: see below
Revised Text: Replace the FactoryInfo in Section 27.3.5 on page 27-37 and page 27-39, and in Appendix A on p. 27-98, with the following and modify the description accordingly: struct FactoryInfo { GenericFactory the_factory; Location the_location; Criteria the_criteria; };
Actions taken:
August 21, 2000: received issue
May 24, 2001: closed issue

Issue 3856: Propose Remove use of Filter (ft-ftf)

Click here for this issue's archive.
Source: AT&T (Mr. Robert E. Gruber, gruber@research.att.com)
Nature: Uncategorized Issue
Severity:
Summary:

Motivation: The Notifier will be easier to replicate if it is a single
object.  At present, all Filters created by the Notifier must also be
replicated.  Furthermore, there is no requirement that a Filter be destroyed
by the client that created it (once it is done using it), raising a garbage
collection issue.  FOr a connected consumer, if the consumer no longer
exists the Notifier can discard the connection.  There is no analagous test
for Filters.

The Notifier interface is already a collapsed version of multiple
CosNotification APIs to get rid of the channel/admin/proxy objects in favor
of one object, so I am just proposing we carry through on that approach.


Óne proposal:

First, remove method create_subscription_filter.

Second, change the 2 connect_foo_fault_consumer methods
(connect_structured_fault_consumer + connect_sequence_fault_consumer) to
take just a consumer and a grammar:
  ConsumerId connect_foo_fault_consumer (in CosNotifyComm::FooPushConsumer,
                                         in string constraint_grammar)
 raises (ÏnvalidGrammar, AlreadyConnected)

One or more event forwarding constraints is associated with each connected
consumer, with the default being a constraint that matches all events.  The
ConsumerID  returned from a  call can be passed into methods that modify
these constraints.  When a consumer is disconnected, the associated
constraints are discarded.

Third add methods for manipulating constraints associated with a ConsumeID:

  string constraint_grammar(in ConsumerID)
  void add_constraints(in ConsumerID, ...)
  void remove_constraints(in ConsumerID, ...)
  void remove_all_constraints(in ConsumerID)
  void modify_constraints(in ConsumerID, ...)
  ConstraintExpSeq get_constraints(in ConsumerID)

where ... means the normal arguments that are in the corresponding methods
in the Filter spec.

The above methods correspond to the Filter methdos that are required in the
current version of the spec, except I left out 2 of them, match_structured
and destroy.  I do not think we need to support match_structured -- only the
Notifier needs to be able to do matching.  destroy is not needed because
there is no filter object to be destroyed.  (disconnect is sufficient.)

ALTERNATE PROPOSAL

A simpler scheme is to associate a single constraint with each consumer.
This is not very restrictive, especially when you consider that there is
currently only one event type in use in the FT spec.  The default would
still be a constraint that matched all events.  In this case the only method
needed to modify this constraint is:

void replace_constraint(in ConsumerID,
                        in EventTypeSeq event_types,
                        in string constraint_expression)

Further, if we are willing to stick to the default constraint grammar, no
grammar needs to be specified, which simplifies connect_foo_consumer -- not
only by removing the constraint_grammar argument but also by removing the
InvalidGrammar exception, which comes from CosNotifyFilter.  I believe one
could simplify things enough to get rid of any dependencies on
CosNotifyFilter.  It is not clear how important this is, but I thought I
should mention the possibility.

Resolution: see below
Revised Text: A. Associate a single contraint with each consumer. The default would be a contraint that matched all events. B. Use the default constraint grammar, which eliminates the need to specify a grammar and results in simplification of the specification. Revised Text: Replace the text in Section 27.4.6 on page 27-73 by: The Fault Notifier propagates all events of a given format to all consumers that accept that format. While a consumer is connected to the Fault Notifier, it may use the method replace_constraint() to replace a constraint for a given sequence of event types. module FT{ interface FaultNotifier { typedef unsigned long long ConsumerId; void push_structured_fault( in CosNotification::StructuredEvent event); void push_sequence_fault( in CosNotification::EventBatch events); ConsumerId connect_structured_fault_consumer( in CosNotifyComm:StructurePushCOnsumer push_consumer); ConsumerId connect_sequence_fault_consumer( in CosNotifyComm:StructurePushCOnsumer push_consumer); void disconnect_consumer(in ConsumerId connection) raises(CosEventComm::Disconnected); void replace_constraint(in ConsumerId connection, in CosNotification::EventTypeSeq event_types, in string constr_expr); }; }; Pages 27-74 and 27-75: Remove "create_subscription_filter ... grammar identified by the in parameter." Page 27-75: Remove "The consumer may tailor ... modify_constraints() methods of the CosNotifyFilter::Filter interface." Remove from connect_structured_fault_consumer "in CosNotifyFilter::Filter filter" Remove from table "filter The reference to the filter that the Fault Notifier must use to restrict the set of events that are to be delivered to the consumer." Page 27-76: Remove "The consumer may tailor ... modify_constraints() methods of the CosNotifyFilter::Filter interface." Remove from connect_sequence_fault_consumer "in CosNotifyFilter::Filter filter" Remove from table "filter The reference to the filter that the Fault Notifier must use to restrict the set of events that are to be delivered to the consumer." Page 27-77: Replace first paragraph of Section 27.3.6.3 by "Filtering is done by the Fault Notifier based on the constraints provided by the consumer." Page 27-78: Replace the last paragraph by "Consumer, such as the Replication Manager or a consumer object created by the Replication Manager, connect to the Fault Notifier through the connect_structured_fault_consumer() and connect_sequence_fault_consumer() methods. The consumer sets the contraints for a given sequence of event types using the replace_constraint() method." Page 27-79: Remove item 4. Page 27-80: Replace item 2 by item 5 with the following rewording: "The Replication Manager invokes connect_structured_fault_consumer() with a push consumer reference as an in parameter. The Fault Notifier returns a consumer identifier to the Replication Manager." Replace the first four lines of item 3 by "The Replication Manager creates a sequence of event types and their corresponding constraint expressions, as follows: CosNotification::EventTypeSeq event_types; event_types.length(1); event_types[0].domain_name = "FT_CORBA"; event_types[0].type_name = "ObjectCrashFault"; const CORBA::string constraint_expr; constraint_expr = "$FTDomainId = 'acme.com' and $ObjectGroupId == 1 and $Location[0].id == 'myhost.acme.com'"; " Replace the first line of item 4 by "The Replication Manager invokes replace_constraint( consumer_id, event_types, constraint_expr). Make item 6 item 5 and replace modify_constraints() by "replace_constraints()" Make item 7 item 6.
Actions taken:
September 13, 2000: received issue
May 24, 2001: closed ssue

Issue 3908: Encoding of Service Contexts in Fault Tolerant CORBA specification missing (ft-ftf)

Click here for this issue's archive.
Source: Objective Interface Systems (Mr. Victor Giddings, victor.giddings@mail.ois.com victor.giddings@ois.com)
Nature: Uncategorized Issue
Severity:
Summary:

13.6.7 of the CORBA 2.3 specification states: "The context data for a particular service will be encoded as specified for its service-specific OMG IDL definition, and that encoded representation will be encapsulated in the context_data member of IOP::ServiceContext. (See Section 15.3.3, Encapsulation, on page 15-13)."

The descriptions of service contexts in the FT spec are missing an explicit statement of the encoding of the service context data.

Proposed Resolution:

Add the following sentence in all appropriate sections: "When encoded in a request or reply message header, the <code>context_data</code> component of the <code>ServiceContext</code> struct will contain a CDR encapsulation of the xxxxxx struct."

Resolution: see below
Revised Text: Replace the first sentence of Section 27.2.7.1 on page 27-22 by the following two sentences: "The FTGroupVersionServiceContext struct contains the version of the object group reference for the server object group, which allows the server to determine whether the client is using an obsolete object group reference. When encoded in a request or reply message header, the context_data component of the ServiceContext struct shall contain a CDR encapsulation of the FTGroupVersionServiceContext struct, which is defined below." Replace the first sentence of Section 27.2.8.1 on page 27-24 by the following two sentences: "The FTRequestServiceContext is used to ensure that a request is not executed more than once under fault conditions. When encoded in a request or reply message header, the context_data component of the ServiceContext struct shall contain a CDR encapsulation of the FTRequestServiceContext struct, which is defined below."
Actions taken:
September 25, 2000: received issue
May 24, 2001: closed issue

Discussion:

Issue 3910: typedef issue (ft-ftf)

Click here for this issue's archive.
Source: Eternal Systems (Dr. Louise E. Moser, moser@eternal-systems.com)
Nature: Uncategorized Issue
Severity:
Summary:

One additional issue I have is that the
ReplicationStyleValue, MembershipStyleValue, ConsistencyStyleValue,
FaultMonitoringStyleValue, FaultMonitoringGranularityValue 
are typedefed to long, whereas the 
InitialNumberReplicasValue and MinimumNumberReplicasValue 
are typedefed to unsigned short.  It might be more appropriate
to typedef all of these to unsigned short.

Resolution: see below
Revised Text: For consistency, change the typedefed long property values in Section 27.3.5 to unsigned short. Revised Text: In Section 27.3.5 on pages 27-37 and 27-40 and in Appendix A on page 27-99, the revised text would be: unsigned short ReplicationStyleValue unsigned short MembershipStyleValue unsigned short ConsistencyStyleValue unsigned short FaultMonitoringStyleValue unsigned short FaultMonitoringGranularityValue
Actions taken:
September 25, 2000: received issue
May 24, 2001: closed issue

Discussion:

Issue 3976: Harmful deprecation of LOCATE_FORWARD_PERM for Faut Tolerant CORBA (ft-ftf)

Click here for this issue's archive.
Source: Alcatel-Lucent (Dr. Julien Maisonneuve, Ph.D., julien.maisonneuve@alcatel-lucent.com)
Nature: Uncategorized Issue
Severity:
Summary:

Earlier this year, the interop FTF deprecated the LOCATE_FORWARD_PERM
exception because of several reasons :
- it was badly specified
- it made the implementation of hash() difficult, and broke most of the
  existing ones.

It turns out that the Fault Tolerance specification published a little
earlier crucially requires a similar mechanism.
In normal life, most applications can rely on plain LOCATE_FORWARD because
there is no reason to expect the death of the originally pointed component.
In the case of Fault Tolerant CORBA, this is entirely different: it is
precisely when we issue a LOCATE_FORWARD_PERM that we know for sure that
the original component is dead, and might never return. If all the backup
profiles of an IOR enjoy the same death, all hope is gone.

This means that without a mechanism similar to LOCATE_FORWARD_PERM, the
Fault Tolerant CORBA spec cannot address the requirements of real
fault-tolerant systems.

This is why the Fault-Tolerant CORBA FTF would like to see LOCATE_FORWARD_PERM
re-introduced in some way. Here are a few ideas that might help :

Issue of scope:
The scope of LOCATE_FORWARD_PERM is ORB lifetime.

Issue of hash() :
Let us be reminded that the Fault-Tolerant CORBA spec defines teh concept of
an Interoperable Object Group Reference (IOGR). The IOGR contains a specific
profile that contains a group identifier.
- When an ORB receives and IOGR, it should compute the value of hash() based
  on the GroupID contained in the IOGR, and performs LOCATE_FORWARD_PERMs if
  requested.
- When an ORB receives a normal IOR (i.e. an IOR lacking a group profile) it
  computes hash() in the customary way, and doesn't have to respond to
  LOCATE_FORWARD_PERMs.

Resolution: see below
Revised Text: The use of the LOCATE_FORWARD_PERM exception is not deprecated when it is used to return an IOGR. The use of the LOCATE_FORWARD_PERM exception to return a reference that is not an IOGR continues to be deprecated. Issue of scope: The temporal scope of the replacement reference provided by LOCATE_FORWARD_PERM is ORB lifetime or the next LOCATE_FORWARD_PERM. It is safe, and appropriate, for an ORB to replace any reference that contains the same fault tolerance domain identifier, the same object group identifier and a smaller value of the object group version. Issue of hash(): The IOGR contains an object group identifier that is unique and immutable over the lifetime of the object group. For IOGRs, the value of hash() shall be derived from the object group identifier. For references that are not IOGRs, the value of hash() will continue to be derived as at present. Revised Text: In Section 27.2.5, immediately before 27.2.5.1, insert the following paragraph: "The first of these three options, access directly to a member of a server object group, requires the use of the LOCATION_FORWARD_PERM exception. As object replicas fail and are replaced by new replicas, a stage may be reached at which all of the original replicas, cited in the original interoperable object group reference for the object, are inaccessible. Continued use of the original reference will cause system failure. The LOCATION_FORWARD_PERM exception allows such a reference to be replaced by an updated reference that contains profiles for the new replacement replicas. Thus, the LOCATION_FORWARD_PERM exception is not deprecated when it is used to return an interoperable object group reference. The use of the LOCATION_FORWARD_PERM exception to return a reference that is not an interoperable object group reference continues to be deprecated." In Section 27.2.6, after the first paragraph on page 27-21, insert the following paragraph: "The temporal scope of the replacement reference provided by LOCATION_FORWARD_PERM is ORB lifetime or the next LOCATION_FORWARD_PERM. It is safe, and appropriate, for an ORB to replace any reference that contains the same fault tolerance domain identifier, the same object group identifier and a smaller value of the version of the object group reference." In Section 27.2.3.6 on page 27-18, replace "Follows the semantics above." By: "Follows the semantics for is_equivalent(). An interoperable object group reference contains an object group identifier that is unique and immutable over the lifetime of the object group. For such a reference, the value of hash() shall be derived from the object group identifier. For references that are not interoperable object group references, the value of hash() continues to be derived as at present."
Actions taken:
October 19, 2000: received issue
October 24, 2000: moved from interop to the Fault Tolerance FTF
May 24, 2001: closed issue

Issue 4066: term "method" used wrongly (ft-ftf)

Click here for this issue's archive.
Source: IONA (Dr. Wolfgang Schulze, wolfgang.schulze@iona.com)
Nature: Uncategorized Issue
Severity:
Summary:

Throughout the document, the authors use the term "method" several times where they should be talking about "operations" instead. This violates the general understanding of the OMG terminology, where IDL interfaces contain "operations", not "methods". The term "method" is usually reserved as a concept of oo programming languages. 

I recommend that for the next revision, the authors run a global search&replace and identify where they want to talk about methods and where of operations.

Resolution:
Revised Text: Run a global search and replace, and replace "method" by "operation" where appropriate.
Actions taken:
November 20, 2000: received issue
May 24, 2001: closed issue

Issue 4109: On page 27-9 of the FT CORBA spec, under "Application-Controlled Membership (ft-ftf)

Click here for this issue's archive.
Source: Eternal Systems (Dr. Louise E. Moser, moser@eternal-systems.com)
Nature: Uncategorized Issue
Severity:
Summary:

On page 27-9 of the FT CORBA spec, under "Application-Controlled Membership",

"The application-controlled (MEMB_INF_CTRL) Membership Style"

should be corrected to read

"The application-controlled (MEMB_APP_CTRL) Membership Style"

Resolution: Correct the above statement with the revised text given below.
Revised Text: Change the text to read: "The application-controlled (MEMB_APP_CTRL) Membership Style"
Actions taken:
November 30, 2000: received issue
May 24, 2001: closed issue