iccsa-16-factory-extended

sections.tex (23567B)

---

 \section{Methods}
 
 \subsection{Model of computation}
 
 To infer fault tolerance model which is suitable for big data applications we
 use bulk-synchronous parallel model~\citep{valiant1990bridging} as the basis.
 This model assumes that a parallel programme is composed of a number of
 sequential steps that are internally parallel, and global synchronisation of
 all parallel processes occurs after each step. In our model all sequential
 steps are pipelined where it is possible. The evolution of the computational
 model is described as follows.
 
 Given a programme that is sequential and large enough to be decomposed into a
 number of sequential steps, the simplest way to make it run faster is to
 exploit data parallelism. Usually it means finding multi-dimensional arrays and
 loops that access their elements and trying to make them parallel. After
 transforming the loops the programme will still have the same number of
 sequential steps, but every step will (ideally) be internally parallel.
 
 After that the only possibility to speedup the programme is to overlap
 execution of code blocks that work with different hardware devices. The most
 common pattern is to overlap computation with network or disk I/O. This
 approach makes sense because all devices operate with little synchronisation,
 and issuing commands in parallel makes the whole programme perform better. This
 behaviour can be achieved by allocating a separate task queue for each device
 and submitting tasks to these queues asynchronously with execution of the main
 thread. After this optimisation the programme will be composed of a number of
 steps chained into the pipeline, each step is implemented as a task queue for a
 particular device.
 
 Pipelining of otherwise sequential steps is beneficial not only for the code
 accessing different devices, but for the code different branches of which are
 suitable for execution by multiple hardware threads of the same core, i.e.
 branches accessing different regions of memory or performing mixed arithmetic
 (floating point and integer). In other words, code branches which use different
 modules of processor are good candidates to run in parallel on a processor core
 with multiple hardware threads.
 
 Even though pipelining may not add parallelism for a programme that uses only
 one input file (or a set of input parameters), it adds parallelism when the
 programme can process multiple input files: each input generates tasks which
 travel through the whole pipeline in parallel with tasks generated by other
 inputs. With a pipeline an array of files is processed in parallel by the same
 set of resources allocated for a batch job. The pipeline is likely to deliver
 greater efficiency for busy HPC clusters compared to executing a separate job
 for each input file, because the time that each subsequent job spends in the
 queue is eliminated. A diagram of a pipeline is presented in
 fig.~\ref{fig:pipeline} and discussed in sec~\ref{sec:results}.
 
 Computational model with a pipeline can be seen as \emph{bulk-asynchronous
 model}, because of the parallel nature of otherwise sequential execution steps.
 This model is the basis of the fault-tolerance model developed here.
 
 \subsection{Programming model principles}
 
 Data processing pipeline model is based on the following principles that
 maximise efficiency of a programme:
 \begin{itemize}
 
 \item There is no notion of a message in the model, a kernel is itself a
 	message that can be sent over network to another node and directly access
 	any kernel on the local node. Only programme logic may guarantee the
 	existence of the kernel.
 
 \item A kernel is a \emph{cooperative routine}, which is submitted to the kernel
   pool upon the call and is executed asynchronously by the scheduler. There can
   be any number of calls to other subroutines inside routine body. Every call
   submits corresponding subroutine to the kernel pool and returns immediately.
   Kernels in the pool can be executed in any order; this fact is used by the
   scheduler to exploit parallelism offered by the computer by distributing
   kernels from the pool across available cluster nodes and processor cores.
 
 \item Asynchronous execution prevents the use of explicit synchronisation after
   the call to subroutine is made; the system scheduler returns the control flow
   to the routine each time one of its subroutine returns. Such cooperation
   transforms each routine which calls subroutines into an event handler, where
   each event is a subroutine and the handler is the routine that called them.
 
 \item The routine may communicate with any number of local kernels, whose
   addresses it knows; communication with kernels which are not adjacent in the
   call stack complexifies the control flow and the call stack looses its tree
   shape. Only the programme logic may guarantee the presence of communicating
   kernels in memory. One way to ensure this is to perform communication between
   subroutines which are called from the same routine. Since such communication
   is possible within the hierarchy through the parent routine, it may be treated
   as an optimisation that eliminates the overhead of transferring data over an
   intermediate node. The situation is different for interactive or event-based
   programmes (e.g. servers and programmes with graphical interface) in which
   this is primary type of communication.
 
 \item In addition to this, communication which does not occur along hierarchical
   links and is executed over the cluster network complexifies the design of
   resiliency algorithms. Since it is impossible to ensure that a kernel resides
   in memory of a neighbour node, a node may fail in the middle of its execution
   of the corresponding routine. As a result, upon a failure of a routine all of
   its subroutines must be restarted. This encourages a programmer to construct
   \begin{itemize}
 	\item deep tree hierarchies of tightly coupled kernels (which communicate
 		on the same level of hierarchy) to reduce overhead of recomputation;
 	\item fat tree hierarchies of loosely coupled kernels, providing maximal
 		degree of parallelism.
 	\end{itemize}
 	Deep hierarchy is not only the requirement of technology; it helps optimise
 	communication of large number of cluster nodes reducing it to
 	communication of adjacent nodes.
 
 \end{itemize}
 Thus, kernels possess properties of both cooperative routines and event
 handlers.
 
 \subsection{Fail over model}
 
 Although fault-tolerance and high-availability are different terms, in essence
 they describe the same property --- an ability of a system to switch processing
 from a failed component to its live spare or backup component. In case of
 fault-tolerance it is the ability to switch from a failed slave node to a spare
 one, i.e. to repeat computation step on a healthy slave node. In case of
 high-availability it is the ability to switch from a failed master node to a
 backup node with full recovery of execution state. These are the core abilities
 that constitute distributed system's ability to \emph{fail over}.
 
 The key feature that is missing in the current parallel programming and big
 data processing technologies is a possibility to specify hierarchical
 (parent-child) dependencies between parallel tasks (kernels). When one has such
 dependency, it is trivial to determine which kernel should be responsible for
 re-executing a failed kernel on a healthy node. To re-execute the kernel on the
 top of the hierarchy, its copy is created and executed on a different node
 (detailed algorithm is discussed in sec.~\ref{sec:master-node-failure}).  There
 exists a number of engines that are capable of executing directed acyclic
 graphs of kernels in parallel~\citep{acun2014charmpp,islam2012oozie}, but
 graphs are not suitable to infer parent-child relationship between kernels,
 because a node in the graph may have multiple parent nodes.
 
 \subsection{Programming model}
 
 This work is based on the results of previous research:
 In~\citep{gankevich2015subordination,gankevich2015iccsa} we developed an
 algorithm that allows to build a tree hierarchy from strictly ordered set of
 cluster nodes. The sole purpose of this hierarchy is to make a cluster more
 fault-tolerant by introducing multiple master nodes. If a master node fails,
 then its subordinates try to connect to another node from the same or higher
 level of the hierarchy. If there is no such node, one of the subordinates
 becomes the master. In~\citep{gankevich2015spec} we developed a framework for
 big data processing without fault tolerance, and here this framework is
 combined with fault-tolerance techniques described in this paper.
 
 Each programme that runs on top of the tree hierarchy is composed of
 computational kernels---objects that contain data and code to process it. To
 exploit parallelism a kernel may create arbitrary number of subordinate kernels
 which are automatically spread first across available processor cores, second
 across subordinate nodes in the tree hierarchy. The programme is itself a kernel
 (without a parent as it is executed by a user), which either solves the problem
 sequentially on its own or creates subordinate kernels to solve it in parallel.
 
 In contrast to HPC applications, in big data applications it is inefficient to
 run computational kernels on arbitrary chosen nodes. More practical approach is
 to bind every kernel to a file location in a parallel file system and transfer
 the kernel to that location before processing the file. That way expensive data
 transfer is eliminated, and the file is always read from a local drive. This
 approach is more deterministic compared to existing ones, e.g. MapReduce
 framework runs jobs on nodes that are ``close'' to the file location, but not
 necessarily the exact node where the file is located~\citep{dean2008mapreduce}.
 However, this approach does not come without disadvantages: scalability of a
 big data application is limited by the strategy that was employed to distribute
 its input files across cluster nodes. The more nodes used to store input files,
 the more read performance is achieved. The advantage of our approach is that
 the I/O performance is more predictable, than one of the hybrid approach with
 streaming files over the network.
 
 The main purpose of the model is to simplify the development of distributed batch
 processing applications and middleware. The focus is to make an application
 resilient to failures, i.e. make it fault tolerant and highly available, and do
 it transparently to a programmer. The implementation is divided into two
 layers: the lower layer consists of routines and classes for single node
 applications (with no network interactions), and the upper layer for
 applications that run on an arbitrary number of nodes. There are two kinds of
 tightly coupled entities in the model~--- \emph{control flow objects} (or
 \emph{kernels}) and \emph{pipelines}~--- which are used together to compose a
 programme.
 
 Kernels implement control flow logic in theirs \texttt{act} and \texttt{react}
 methods and store the state of the current control flow branch. Both logic and
 state are implemented by a programmer. In the \texttt{act} method some function is
 either directly computed or decomposed into nested functions (represented by a
 set of subordinate kernels) which are subsequently sent to a pipeline. In
 \texttt{react} method subordinate kernels that returned from the pipeline are
 processed by their parent. Calls to \texttt{act} and \texttt{react} methods are
 asynchronous and are made within threads attached to a pipeline. For each
 kernel \texttt{act} is called only once, and for multiple kernels the calls are
 done in parallel to each other, whereas \texttt{react} method is called once
 for each subordinate kernel, and all the calls are made in the same thread to
 prevent race conditions (for different parent kernels different threads may be
 used).
 
 Pipelines implement asynchronous calls to \texttt{act} and \texttt{react}, and
 try to make as many parallel calls as possible considering concurrency of the
 platform (no. of cores per node and no. of nodes in a cluster). A pipeline
 consists of a kernel pool, which contains all the subordinate kernels sent by
 their parents, and a thread pool that processes kernels in accordance with
 rules outlined in the previous paragraph. A separate pipeline is used for each
 device: There are pipelines for parallel processing, schedule-based processing
 (periodic and delayed tasks), and a proxy pipeline for processing of kernels on
 other cluster nodes.
 
 In principle, kernels and pipelines machinery reflect the one of procedures and
 call stacks, with the advantage that kernel methods are called asynchronously
 and in parallel to each other (as much as programme logic allows). Kernel field
 is the stack, \texttt{act} method is a sequence of processor instructions
 before nested procedure call, and \texttt{react} method is a sequence of
 processor instructions after the call. Constructing and sending subordinate
 kernels to the pipeline is nested procedure call. Two methods are necessary to
 make calls asynchronous, and replace active wait for completion of subordinate
 kernels with passive one. Pipelines, in turn, allow implementing passive wait,
 and call correct kernel methods by analysing their internal state.
 
 \subsection{Handling master node failures}
 \label{sec:master-node-failure}
 
 A possible way of handling a failure of a node where the first kernel is
 located (a master node) is to replicate this kernel to a backup node, and make
 all updates to its state propagate to the backup node by means of a distributed
 transaction. This approach requires synchronisation between all nodes that
 execute subordinates of the first kernel and the node with the first kernel
 itself. When a node with the first kernel goes offline, the nodes with
 subordinate kernels must know what node is the backup one. However, if the
 backup node also goes offline in the middle of execution of some subordinate
 kernel, then it is impossible for this kernel to discover the next backup node
 to return to, because this kernel has not discovered the unavailability of the
 master node yet. One can think of a consensus-based algorithm to ensure that
 subordinate kernels always know where the backup node is, but distributed
 consensus algorithms do not scale well to the large number of nodes and they
 are not reliable~\citep{fischer1985impossibility}. So, consensus-based approach
 does not play well with asynchronous nature of computational kernels as it may
 inhibit scalability of a parallel programme.
 
 Fortunately, the first kernel usually does not perform operations in parallel,
 it is rather sequentially launches execution steps one by one, so it has only
 one subordinate at a time. Such behaviour is described by bulk-synchronous
 parallel programming model, in the framework of which a programme consists of
 sequential supersteps which are internally
 parallel~\citep{valiant1990bridging}. Keeping this in mind, we can simplify
 synchronisation of its state: we can send the first kernel along with its
 subordinate to the subordinate node. When the node with the first kernel fails,
 its copy receives its subordinate, and no execution time is lost. When the node
 with its copy fails, its subordinate is rescheduled on some other node, and in
 the worst case a whole step of computation is lost.
 
 The described approach works only for kernels that do not have a parent and have
 only one subordinate at a time, and act similar to manually triggered
 checkpoints. The advantage is that they
 \begin{itemize}
     \item save results after each sequential step when memory footprint of a
       programme is low,
     \item they save only relevant data,
     \item and they use memory of a subordinate node instead of stable storage.
 \end{itemize}
 
 \section{Evaluation}
 \label{sec:results}
 
 Master node fail over technique is evaluated on the example of wave energy
 spectra processing application. This programme uses NDBC
 dataset~\citep{ndbc-dataset} to reconstruct frequency-directional spectra from
 wave rider buoy measurements and compute variance. Each spectrum is
 reconstructed from five variables using the following
 formula~\citep{earle1996nondirectional}.
 \begin{equation*}
     S(\omega, \theta) = \frac{1}{\pi}
     \left[
         \frac{1}{2} + 
         r_1 \cos \left( \theta - \alpha_1 \right) +
         r_2 \sin \left( 2 \left( \theta - \alpha_2 \right) \right)
     \right]
     S_0(\omega).
 \end{equation*}
 Here $\omega$ denotes frequency, $\theta$ is wave direction, $r_{1,2}$ and
 $\alpha_{1,2}$ are parameters of spectrum decomposition and $S_0$ is
 non-directional spectrum; $r_{1,2}$, $\alpha_{1,2}$ and $S_0$ are acquired
 through measurements. Properties of the dataset which is used in evaluation are
 listed in Table~\ref{tab:ndbc-dataset}.
 
 \begin{table}
     \centering
     \caption{NDBC dataset properties.}
     \begin{tabular}{ll}
         \toprule
         Dataset size                & 144MB \\
         Dataset size (uncompressed) & 770MB \\
         No. of wave stations        & 24 \\
         Time span                   & 3 years (2010--2012) \\
         Total no. of spectra        & 445422 \\
         \bottomrule
     \end{tabular}
     \label{tab:ndbc-dataset}
 \end{table}
 
 The algorithm of processing spectra is as follows. First, current directory is
 recursively scanned for input files. Data for all buoys is distributed across
 cluster nodes and each buoy's data processing is distributed across processor
 cores of a node. Processing begins with joining corresponding measurements for
 each spectrum variables into a tuple, then for each tuple frequency-directional
 spectrum is reconstructed and its variance is computed. Results are gradually
 copied back to the machine where the application was executed and when the
 processing is complete the programme terminates. A data processing pipeline
 corresponding to the algorithm is presented in fig.~\ref{fig:pipeline}.
 
 \begin{figure}
 	\centering
 	\includegraphics[scale=0.6]{ppl}
 	\caption{Data processing pipeline of a programme.}
 	\label{fig:pipeline}
 \end{figure}
 
 
 \begin{table}
     \centering
     \caption{Test platform configuration.}
     \begin{tabular}{ll}
          \toprule
          CPU & Intel Xeon E5440, 2.83GHz \\
          RAM & 4Gb \\
          HDD & ST3250310NS, 7200rpm \\
          No. of nodes & 12 \\
          No. of CPU cores per node & 8 \\
          \bottomrule
     \end{tabular}
     \label{tab:cluster}
 \end{table}
 
 In a series of test runs we benchmarked performance of the application in the
 presence of different types of failures:
 \begin{itemize}
     \item failure of a master node (a node where the first kernel is run),
     \item failure of a slave node (a node where spectra from a particular
       station are reconstructed) and
     \item failure of a backup node (a node where the first kernel is copied).
 \end{itemize}
 A tree hierarchy with sufficiently large fan-out value was chosen to make all
 cluster nodes connect directly to the first one so that only one master node
 exists in the cluster. In each run the first kernel was launched on a different
 node to make mapping of kernel hierarchy to the tree hierarchy optimal. A victim
 node was made offline after a fixed amount of time early after the programme
 start. To make up for the node failure all data files have replicas stored on
 different cluster nodes. All relevant parameters are summarised in
 Table~\ref{tab:benchmark} (here ``root'' and ``leaf'' refer to a node in the
 tree hierarchy). The results of these runs were compared to the run without node
 failures (Figure~\ref{fig:benchmark-bigdata}).
 
 \begin{table}
     \centering
     \caption{Benchmark parameters.}
     \begin{tabular}{llll}
          \toprule
          Experiment no. & Master node & Victim node & Time to offline, s \\
          \midrule
          1 & root &      & \\
          2 & root & leaf & 30 \\
          3 & leaf & leaf & 30 \\
          4 & leaf & root & 30 \\
          \bottomrule
     \end{tabular}
     \label{tab:benchmark}
 \end{table}
 
 The benchmark showed that only a backup node failure results in significant
 performance penalty, in all other cases the performance is roughly equals to the
 one without failures but with the number of nodes minus one. It happens because
 the backup node not only stores the copy of the state of the current computation
 step but executes this step in parallel with other subordinate nodes. So, when a
 backup node fails, the master node executes the whole step once again on
 arbitrarily chosen healthy subordinate node.
 
 % \begin{figure}
 %     \centering
 %     \includegraphics{factory-3000}
 %     \caption{Performance of hydrodynamics HPC application in the presence of node failures.}
 %     \label{fig:benchmark-hpc}
 % \end{figure}
 
 \begin{figure}
     \centering
     \includegraphics{spec}
     \caption{Performance of spectrum processing application in the presence of different types of node failures.}
     \label{fig:benchmark-bigdata}
 \end{figure}
 
 To measure how much time is lost due to a failure we divide the total execution
 time with a failure by the total execution time without the failure but with
 the number of nodes minus one. The results for this calculation are obtained
 from the same benchmark and are presented in
 fig.~\ref{fig:benchmark-bigdata-2}. The difference in performance lies within
 20\% margin for the number of nodes less or equal to six. As is expected, the
 slowdown is noticable for the small number of nodes, and performance penalty
 descreases for large number of nodes, as smaller portion of execution state is
 lost. The picture is different for the number of nodes larger than six:
 performance ratio fluctuates within 50\% margin. The reason for such behaviour
 is that spectrum processing application does not scale beyond six nodes, and
 the benchmark does not give realiable results beyond this point.
 
 \begin{figure}
     \centering
     \includegraphics{build/ratio.eps}
 	\caption{Slowdown of the spectrum processing application in the presence of
 	different types of node failures compared to execution without failures but
 	with the number of nodes minus one.}
     \label{fig:benchmark-bigdata-2}
 \end{figure}
 
 \section{Discussion}
 
 Described algorithm guarantees to handle one failure per computational step,
 more failures can be tolerated if they do not affect the master node. The system
 handles simultaneous failure of all subordinate nodes, however, if both master
 and backup nodes fail, there is no chance for an application to survive. In this
 case the state of the current computation step is lost, and the only way to
 restore it is to restart the application.
 
 Computational kernels are means of abstraction that decouple a distributed
 application from physical hardware: it does not matter how many nodes are online
 for an application to run successfully. Computational kernels eliminate the need
 to allocate a physical backup node to make the master node highly available, with
 computational kernels approach any node can act as a backup one. Finally,
 computational kernels can handle subordinate node failures in a way that is
 transparent to a programmer.
 
 The disadvantage of this approach is evident: there is no way of making existing
 middleware highly available without rewriting their source code. Although, our
 programming framework is lightweight, it is not easy to map architecture of
 existing middleware systems to it: most systems are developed keeping in mind
 static assignment of server/client roles, which is not easy to make dynamic.
 Nevertheless, our approach may simplify design of future middleware systems.