West University of Timiso ara, Romania [610334]

AUTONOMIC
COMPUTING
Recovery -Oriented Computing Facu lty of Mathematics and Computer Science
West University of Timiso ara, Romania
Master program: Artificial Intelligence and
Distributed Computing, year I.
Course: Mult i Agent Systems
Student: [anonimizat] : Lect. Univ. Dr. Gabriel Iuhasz

1 | P a g e

Abstract
In the evolution of human society , automation was always been a foundation of progress for fast
development . Computing systems have proven that automation produce complexity and are not
enough skilled IT engineers that can manage th is comp lexity and to support t he needs of corporates
fast growing challenge with their budget frame . The concept of Autonomic Computing was
introduced by IBM in 2001 to support the very fast growing of perform ing intelligent software
management in the IT s ector . Autonomic Computing Systems are systems developed to manage
themselves . According IBM the autonomic computing environment is self-configuring, self –
healing, self -optimizing and self -protecting.
Keywords : Autonomic Com puting Systems , Recovery -Oriente d Computing (ROC)

Introduction
Optimization s to increase p roductivity and eff iciency within the organizations and mostly big
corporations is a real need not only because of accelerate market t rend but also because big systems
infra structure s are becoming too complex and too hard to manage and the case of failure can have
a devastat ing impact . Allowing services to tolerate internal failure is also a m atter of quality , even
very well-trained employees make mistakes and serious e rror as 3.5% of the time ( J. Reason ,
1990 ).
Today are more t han 8000 papers for autonomic computi ng and more tha n 200 patents . Automatic
computing is about switching management of systems from humans to technologies that adapt and
hide the complexity from people, the self-recovery must be capable to discover , diagnose and
quick react to failures .
Recovery -Oriented Computing (ROC) with a design for fa st recovery , have the p erspective to
solve the fail ures of hardware , software and operator mistakes as the bes t philosoph y in case of
any failure is a fast recovery , and t he first reasons for focusing o n recovery are the facts that human
error is inevitable and unanticipated failures are ine vitable.
The lack of availability of this kind of ROC application is clai med to too much focus on avoiding
failures instead of finning solution to repair failures when they happen . Recovery can take many
forms from simple to very complex systems that toler ate error and failures during recovery but
guarantee that its repai r mechanism is trustworthy as is fully automated .
The undo function us a basi c recovery -oriented computing f eature tha t increase efficiency by
reducing repai r time and a useful undo -based recovery system must consider backup -restore by re-
executing from repaired system in order to be processed correctly . In this app roach undo is
implemented by the operation of restoring a previous state and after re -executing a recorded
sequence of user operation .

2 | P a g e
Definition of terms
The autonomic computing was inspired from autonomic nervous system that is found in human
body that is self-healing physical damages , self-developing, self-control , self-protecting without
external interventions . Corelating to human body, the ACS (autonomic computi ng system) is a
system that manage itself: design, development , predict problems and prevent failures , efficient
management of resource allocation and utilization .
According to IMB , a n autonomic system must have eight basic characterist ics: “know itself” ;
“must configure and reconfigure itself ”; “always looks for ways to optimize ”; “must be able to
recover from extraordinary events ” ; “must be an expert in self -protection ”; “knows its
environment and the context surrounding its activity ”; “cannot exist in a hermetic environment ”;
“will anticipate the optimized resources ne eded while keeping its complexity hidden ”.
Tests and comparati ons
Recovery -Oriented Computing (ROC) is a joint Berkeley/Stanford research project funded and co –
managed by IBM research and other units within IBM, that is a system build to provide undo
functionality in order to allow recovery for operators and administrators from human errors that
they make , the prototype software build have a generic undo manager that coordinate s the undo
process for e -mail st ore service sup porting IMAP and STMP mail protocols via an interposed
proxy and storage layer that is rewindable .
According to Osterman Research study report, up to 45% of critical business information is stored
in e-mail a nd loss of e-mail access can have a result of 35% decrease in producti vity.

Undoable E -mail Serv ice
Undo as a virtual time travel have a model defined by Threes -R’s
1. Rewind : roll back physically all system to previous state
2. Repair: make changes to a past timeline to prevent original issue
3. Replay: merging the original timeline with the repairs

The java protot ype analyzed as undoable e -mail store service have as ta rget to build a node in the
internet e -mail network accessed by IMAP and SMTP with proxy -based design that have und o
manager, timeline log, time -travel storage having undo logic execution and en code e -mail
interaction into verbs that will define e -mail semantics .

3 | P a g e
❖ Undo system architecture

USER
E-mail
proxy
E-mail
Service
Time –
travel
storage
UNDO
MANAGER
CONTROL
TIMELINE
LOG VERBS
CONTROL IMAP,
SMTP IMAP,
SMTP
To be able to roll back the system

4 | P a g e
❖ E-mail ove rview:

_incoming e -mail form internet
_sendmail: process that receive and de liver incoming mail
_mailboxes are text files
_imapd: process that provides remote access to e-mails
_users: reading emails
The most important element in undo architecture are verbs , they are acting as a fundamental data
structure that connects together the service specific proxy, generic undo manager , timeline log and
GUI. Verb inter faces provide the undo manager with a window that will allow undo manager to
execute the management tasks and generate a consistent timeline log as multiple verbs arrive from
different users and is needed to be executed many verbs possible in par allel and consider
serialization , ordering in case is missing a dependency between new ar riving interactions .
For the undoable e -mail store are defined 13 verbs in order to capture together interactions in the
protocols .

Table 1: Verbs defi ned for undoable e -mail service
INTERNET

SMTP
SERVER
PROCESS
IMAP
SERVER
PROCESS
MAILBOXES
USERS

5 | P a g e
Each e -mail verb is implemented as java class , the verb interface is de fined by the undo manager .
All verbs have a tag as data structure with information needed to execute the verb and check if
execution is successfully or failed.
The setup test is done on four machines connected receiving e-mail from lo cal users via SMTP
and making it available for reading via IMAP . The e -mail proxy is responsibl e for intercepting
SMTP and IMAP traffic and direct it to the e -mail server while converting the verbs as described ,
the worker will decode the SMTP or IMA P interaction , pack it as a verb and call undo manager to
execute and recor d the verb.
The time -travel storage provides stable storage for the e -mail and the ability to physically restore
to a previous state ver sion, for this is needed a java wrapper that hides console -based lines interface
and tracks the active snapshots providing to AP I for creating, deleting, restoring . The wrapper
will copy old snapshot and forward it to the present overwriting current data of the system with an
older snapshot state, the undo manager is designed in this way to implement Re wind by restoring
nearest snapshot prior to rewind target and after using Replay cod e to roll the system forward to
the exact target point. The undo manager stores linear time log of verbs , where each verb has
assigned a sequence as representation of time for undo manager .
Undoable Self-Contained Services Guidelines
Step 1: ensure that state pf the architecture is self -contained , making it possible to re wind the entire
service to a pr ior point in history .
Step 2: the system must have the possibility to interpose the undo system proxy between server
and their clients in order that the proxy collect every information, then ge nerate the time log of the
verbs to later reply .
Step 3: Building and undo -compatible protocol , with a complet e set of commands , that are
transparent in their param eters and also protocols command need to be name d unique in the request
or response. The commands should be short in terms of running time to avoid issues with long –
running verbs.
Step 4: For undo perfo rmance is needed an optimized replay interface that bypass the client
authentication protocols
Step 5: Recovery, undo system can undo administrative changes to the e -mails as : changes to
configurat ion files, software upgrades, deleted o r altered mails . The service must be also able for
a fast restart into the new state.
Step 6: Service protocol must have individual commands to manage o bject state and report if
execution is successfully or is failed.

6 | P a g e
Java application code structure :
E-mail proxy
• Main class for email undo proxy. Contains main() function that instantiates the storage
and undo manager, traps undo hooks, and mediates the IMAP and SMTP proxies.
• Worker function: adds an explanatory message to a user's mailbox
• Returns true if successfully left message, false otherwise
• Worker function: store text indicating reason for system maintenance, su pplied to users in
explanatory messages.
• Only persists for one undo cycle: cleared on undo cycle commit/cancel.
• Main function for undoable email proxy system -> Create the storage manager -> Create
the undo manager -> Create the IMAP and SMTP proxies

IMAP Proxy :
• Class implementing an IMAP proxy. It intercepts IMAP commands and turns them into
verbs for the undo system.
• Runs as a daemon in its own thread, and gets a new thread from a thread pool for each
connection
• Request that the proxy thread shut down , tries to stop the listening thread, but does not
interrupt any active workers
• Get a connection to the server for use during replay. Each new user gets a new connection,
but then that connection is retained and reused by tha t user while not timed -out
• Return a replay connection
• Close all open replay connections
• Internal worker class for handling an individual IMAP connection
• Main method: opens a connection to remote IMAP server and proxy’s client requests,
intercepting them as necessary
• Worker class that implements a thread that handles server responses in parallel with the
main worker thread.
• Constructor: sets up data structure and starts the thread
• Tells the server -receiver to treat untagged responses as part of a client command, not
unsolicited results.

IMAP Verbs
• Base class for IMAP verbs, defining data st ructures and common routines
▪ The verb's tag
▪ The user that initiated the verb
▪ The verb's replay date

7 | P a g e
• Imap verbs are all synchronous , anything that doesn't commute shouldn't be executed in
parallel.
• Allow reordering across different users ‘request streams, but prevent it within them , excep t
for deliveries.
• Check if 2 textual IMAP message specs overlap
• Set the User associated with this verb instance.
• Set the tag associated with this verb
• Get the estimated replay time for this verb -> update the estimated replay time for this verb
• Print out an IMAP verb in a useful form, indicating where in execution

SMT P deliver ver b
• Class defines the Verb used to encapsulate SMTP mail delivery
• Set the User associated with this verb instance.
• Get and set the tag associated with this verb.
• Schedule a b ounce message to be sent to this verb's sender at some point in the future.
• Print out the verb in a useful form, indicating where in execution it is.

SMTP Proxy
• Class implementing an SMTP proxy. It intercepts SMTP commands and turns them into
verbs for the undo system.
• Runs as a daemon in its own thread
• Request that the proxy thread shut down.
• Internal worker class for handling an individual SMTP connection
• Constructor, accepting a socket for this connection
• Main method: opens a connection to remote SMTP server and proxi es
• Get a new connection to the server
• Close a connection
• Constructor. Create/open the underlying uidDB. Start the deferred bounce sender thread.
• Initialize the bounce table: must be called to correctly restore bounce table state following
a non -current shutdown, and to start background processing
• Shut down the bounce table processor.
• Get the default delay time for bounces
• Check if contains an entry for a particular message
• Generate a well -formed e -mail message
• Process a bounce for the first time. Write it to the database and send out the initial
notification via SMTP.

8 | P a g e
SMTP Session
• Class implementing an SMTP proxy. It intercepts SMTP commands and turns them into
verbs for the undo system.
• Constructor. Stash handles to the network I/O streams and initialize state
• Handle a new client command. Returns true if session should terminate, false otherwise.
• Pass through the result of an SMTP command, extracting the result code
• Determine the result of an SMTP command, silently swall owing the output
• Gets all the response lines from an SMTP command, swallowing the output
• Parse the result code out of a line of S MTP output

Time Travel Store Manager
• This interface defines the API used by the undo manager to control the time -travel storage
layer.
• Query the storage manager's capabilities.
• Initialize the time -travel storage layer
• Shutdown the time -travel storage layer
• Fine-grained time -travel: restore system to a previous point in time, restored state is copied
forward to the present and the system continues in the present
• An exception thrown if restoring a time -point snapshot fails
• An exception thrown if there are no more checkpoints
• An exception thrown if the system cannot take the requested checkpoint

Undo Manager
• This interface provides the primary link between the application and the undo system: the
application calls into this interface to invoke rewind and replay, to perform logging, and to
register callback handlers for verb replay, quiescence
* // …
* UndoManager um = new UndoManager(…);
* um.registerAppCallbacks(…);
* um.initialize();
* // …
• Register the application's undo -related callbacks.
• Register for notification of (and veto power over) time -travel events
• Register to receive notification when history is irretrievably

9 | P a g e
• Initialize the UndoManager. Must be called after callbacks are registered. This function
initializes the time -travel store, opens the undo logs, performs any database crash -recovery
needed, sets up internal data structures, scans the l og to reconstruct control state, and
prepares the UndoManager for logging or replaying.
• Shut down the undo manager
• Query the current status of the system with respect to undo
• Indicate that repairs have been completed and the 3R undo process
• Invoke the replay process, starting with the next log record
• Query the list of verbs that replayed with inconsistencies during this undo cycle.
• Commit the undo process.
• Replay from the record immediately following the current virtual time through to the
present and commit the undo process.
• Return a list of all active history modifications.

Conclusion
Evaluat ion from feasibility p oint of view for the Three R ’s from a performance perspective is
demonstrated to be feasible . The model facilitates creating a forgiven environment that comes to
support human mistakes and increase the work efficiency . The undo function solves very easy
different error sources equivalent to an update process of self-healing from physical damages . The
undo recovery mechanism is applicable to real word applications as many times users detect the
error after occurrence .

10 | P a g e

References
Articles:
C. Perrow. Normal Accidents: L iving with High -Risk Technologies. Princeton, NJ: Princeton
Press, 1999
D. Rumsfeld. Rumsfeld’s Rules: Advice on government, business and life. The Wall Street Journal
Manager’s Journal, 29 January 2001.
Osterman Research. Survey on Messaging System Downti me from a user perspective.
https://www.ostermanresearch.com/results/surveyresults_dt0801.html.
J. Reason. Human Error. Cambridge University Press, 1990.

Websites:
http://roc.cs.berkeley.edu/roc_ overview.html
https://oracle -base.com/articles/9i/flashback -query
http://roc.cs.berkeley.edu/projects /undo/undosrc -0.1.zip