Non-volatile storage

The stable store layer requires the provision of a non-volatile store that is assumed to consist of a contiguous set of equal sized blocks. Subject to these constraints, the non-volatile store may actually consist of as many disjoint physical components as desired. To meet the specification for this layer of the persistent store, an implementation of non-volatile storage must provide the following six procedures:

a) initialise storage, b) close storage, c) read block, d) write block, e) block size and f) synchronise, 4.3.3.1 Initialise storage

This procedure performs those operations necessary to initialise the non-volatile storage. For example, it may need to gain exclusive use of the storage media implementing the store. This should be called before the non-volatile store is used. It should only be called once. 4.3.3.2 Close storage

This procedure performs those operations necessary to stop using the non-volatile store. This may include relinquishing exclusive use of the storage media. This should be the last procedure to be called.

4.3.3.3 Read block

This procedure is used to copy a block of non-volatile storage to a page of main memory. It is parameterised by the block number in the non-volatile store and the page number in main memory.

4.3.3.4 Write block

This procedure is used to copy a page of main memory to a block of the non-volatile store. It has the same parameters as the read block procedure.

4.3.3.5 Block size

4.3.3.6 Synchronise

This procedure does not return until all requested read block and write block operations have been completed. This ensures that a checkpoint operation knows that a requested operation has completed.

To complement these six procedures the following assumptions must be valid: a) A write block can only corrupt the block being written to,

b) If a write block completes it has not caused any corruption.

c) A block is written in a predefined order, low addresses to high addresses or high addresses to low addresses.

d) A read block can never cause corruption.

e) The architecture halts if a read block or write block fails.

These procedures and assumptions are sufficient to implement the stable storage mechanism, described in Section 4.3.2, for the following reasons. Firstly, all completed

read block and write block operations performed by the checkpoint mechanism can be assumed to have worked. The checkpoint mechanism can ensure all requested reads and writes are complete by using the synchronise procedure. Since the failure of a read block or

write block causes the architecture to halt, failures can be ignored during normal operation of the store. In fact, failures need only be detected when the architecture is restarted. This can be performed by updating certain blocks at each step in a checkpoint. Each of these blocks have a time stamp recorded at their start and end. Since all blocks are written in a specific order, a corrupt block can be detected by the discrepancy between its two time stamp values. Thus, the point of failure can be determined by identifying the corrupt block. The appropriate action can then be taken to restore the stable store to a self-consistent state.

4.4 The architecture layers

The new architecture is composed of the following eight layers shown in Figure 4.2:

a) A physical machine that provides main memory, non-volatile storage and network interfaces.

b) The lowest software layer is a set of interfaces to allow access to main memory, the non-volatile storage and the appropriate network communications software.

c) A fixed size non-volatile store that is organised as a contiguous set of equal sized blocks. It may be constructed from an arbitrary number of disjoint physical components but must appear to be a single contiguous set of blocks.

d) A shadow paged virtual memory mechanism over the non-volatile store with a simple checkpointing mechanism. The checkpointing mechanism operates as a secure atomic action. The size of the virtual address space is the same as the physical size of the non-volatile store. However, only part of the virtual address space is shadow paged, the remainder is used to hold the shadow copies of changed blocks.

e) A set of object management procedures that can be used to implement a heap of persistent objects within the virtual address space. These procedures assume that all objects conform to a single format that distinguishes an object's address fields. In addition, the following assumptions are made of the higher layers of the architecture:

a. they do not create their own objects,

b. they do not manufacture their own addresses,

c. they store all addresses in the address fields of objects, d. they perform all addressing by indexing object addresses and e. they do not explicitly delete reachable objects.

f) An abstract machine that provides an instruction set and those primitives required to efficiently execute PAIL programs.

g) Any programming language that can be compiled into the language PAIL. The use of PAIL ensures that all programs conform to the assumptions of layer e.

h) Any concurrency, distribution or user transaction models that are present in or can be constructed from the programming languages of the previous layer.

Distribution

Concurrency User Transactions PAIL

Abstract Machine Heap of Persistent Objects Shadow Paged Virtual Memory

Non Volatile Storage

Software Interfaces to the Physical Machine Physical Machine