| Previous | Table of Contents | Next |
#ifndef _FT_IDL_#define _FT_IDL_
import ::TimeBase;import ::CosNaming; import ::CosEventComm; import ::CosNotification; import ::IOP; import ::GIOP; import ::CORBA;
#pragma prefix “omg.org?
module FT {typeprefix FT “omg.org?;// Specification for Interoperable Object Group References
typedef string FTDomainId;typedef unsigned long long ObjectGroupId;typedef unsigned long ObjectGroupRefVersion;
struct TagFTGroupTaggedComponent { // tag = TAG_FT_GROUP;
| GIOP::Version | version; | ||||
| FTDomainId | ft_domain_id; | ||||
| ObjectGroupId | object_group_id; | ||||
| ObjectGroupRefVersion | object_group_ref_version; | ||||
| }; |
struct TagFTPrimaryTaggedComponent { // tag = TAG_FT_PRIMARY; boolean primary; };
// Specification for Most Recent Object Group Reference struct FTGroupVersionServiceContext { //context_id = FT_GROUP_VERSION;
ObjectGroupRefVersion object_group_ref_version; };
// Specification for Transparent Reinvocation const CORBA::PolicyType REQUEST_DURATION_POLICY = 47;
struct FTRequestServiceContext { // context_id = FT_REQUEST; string client_id; long retention_id; TimeBase::TimeT expiration_time;
};
interface RequestDurationPolicy : CORBA::Policy { readonly attribute TimeBase::TimeT request_duration_value; };
// Specification for Transport Heartbeatsconst CORBA::PolicyType HEARTBEAT_POLICY = 48;const CORBA::PolicyType HEARTBEAT_ENABLED_POLICY = 49;
struct TagFTHeartbeatEnabledTaggedComponent {// tag = TAG_FT_HEARTBEAT_ENABLED;boolean heartbeat_enabled;};
struct HeartbeatPolicyValue {boolean heartbeat;TimeBase::TimeT heartbeat_interval;TimeBase::TimeT heartbeat_timeout;};interface HeartbeatPolicy : CORBA::Policy {
readonly attribute HeartbeatPolicyValue heartbeat_policy_value; }; interface HeartbeatEnabledPolicy : CORBA::Policy {
readonly attribute boolean heartbeat_enabled_policy_value; };
// Specification of Common Types and Exceptions for ReplicationManagerinterface GenericFactory;interface FaultNotifier;
typedef CORBA::RepositoryId TypeId;typedef Object ObjectGroup;
typedef CosNaming::Name Name;
typedef any Value;struct Property {NameValue}; |
|||||
| nam; | |||||
| val; | |||||
typedef sequence<Property> Properties;
typedef Name Location; typedef sequence<Location> Locations; typedef Properties Criteria;
struct FactoryInfo { GenericFactory the_factory; Location the_location; Criteria the_criteria;
};typedef sequence<FactoryInfo> FactoryInfos;
typedef unsigned short ReplicationStyleValue;const ReplicationStyleValue STATELESS = 0;const ReplicationStyleValue COLD_PASSIVE = 1;const ReplicationStyleValue WARM_PASSIVE = 2;const ReplicationStyleValue ACTIVE = 3;const ReplicationStyleValue ACTIVE_WITH_VOTING = 4;
typedef unsigned short MembershipStyleValue;const MembershipStyleValue MEMB_APP_CTRL = 0;const MembershipStyleValue MEMB_INF_CTRL = 1;
typedef unsigned short ConsistencyStyleValue;const ConsistencyStyleValue CONS_APP_CTRL = 0;const ConsistencyStyleValue CONS_INF_CTRL = 1;
typedef unsigned short FaultMonitoringStyleValue;const FaultMonitoringStyleValue PULL = 0;const FaultMonitoringStyleValue PUSH = 1;const FaultMonitoringStyleValue NOT_MONITORED = 2;
typedef unsigned short FaultMonitoringGranularityValue;
const FaultMonitoringGranularityValue MEMB = 0; const FaultMonitoringGranularityValue LOC = 1; const FaultMonitoringGranularityValue
LOC_AND_TYPE = 2;
typedef FactoryInfos FactoriesValue;
typedef unsigned short InitialNumberReplicasValue; typedef unsigned short MinimumNumberReplicasValue;
struct FaultMonitoringIntervalAndTimeoutValue {
| TimeBase::TimeT | monitoring_interval; | ||||
| TimeBase::TimeT | timeout; | ||||
| }; |
typedef TimeBase::TimeT CheckpointIntervalValue;
exception InterfaceNotFound {}; exception ObjectGroupNotFound {}; exception MemberNotFound {}; exception ObjectNotFound {};
exception MemberAlreadyPresent {}; exception BadReplicationStyle {}; exception ObjectNotCreated {}; exception ObjectNotAdded
{}; exception PrimaryNotSet {}; exception UnsupportedProperty {
Name nam;
Value val; }; exception InvalidProperty {
Name nam;
Value val; }; exception NoFactory {
Location the_location;
TypeId type_id; }; exception InvalidCriteria {
Criteria invalid_criteria; }; exception CannotMeetCriteria { Criteria unmet_criteria; };
// Specification of PropertyManager Interface // which ReplicationManager Inherits interface PropertyManager {
void set_default_properties(in Properties props) raises (InvalidProperty, UnsupportedProperty); Properties get_default_properties();
void remove_default_properties(in Properties props)raises (InvalidProperty,UnsupportedProperty);
void set_type_properties(in TypeId type_id,in Properties overrides)raises (InvalidProperty,UnsupportedProperty);
Properties get_type_properties(in TypeId type_id);
void remove_type_properties(in TypeId type_id,in Properties props)raises (InvalidProperty,UnsupportedProperty);
void set_properties_dynamically(in ObjectGroup object_group, in Properties overrides)
raises(ObjectGroupNotFound,InvalidProperty,UnsupportedProperty);
Properties get_properties(in ObjectGroup object_group) raises(ObjectGroupNotFound); };
// Specification of ObjectGroupManager Interface
// which ReplicationManager Inherits
interface ObjectGroupManager { ObjectGroup create_member(in ObjectGroup object_group, in Location the_location, in TypeId
type_id, in Criteria the_criteria) raises(ObjectGroupNotFound,: MemberAlreadyPresent, NoFactory, ObjectNotCreated, InvalidCriteria,
CannotMeetCriteria);
ObjectGroup add_member(in ObjectGroup object_group, in Location the_location, in Object member)
raises(ObjectGroupNotFound,MemberAlreadyPresent,ObjectNotAdded);
ObjectGroup remove_member(in ObjectGroup object_group, in Location the_location) raises(ObjectGroupNotFound,
MemberNotFound);
ObjectGroup set_primary_member(in ObjectGroup object_group, in Location the_location)
raises(ObjectGroupNotFound,MemberNotFound,PrimaryNotSet,BadReplicationStyle);
Locations locations_of_members(in ObjectGroup object_group) raises(ObjectGroupNotFound);
ObjectGroupId get_object_group_id(in ObjectGroup object_group) raises(ObjectGroupNotFound);
ObjectGroup get_object_group_ref(in ObjectGroup object_group) raises(ObjectGroupNotFound);
Object get_member_ref(in ObjectGroup object_group, in Location loc) raises(ObjectGroupNotFound, MemberNotFound); };
// Specification of GenericFactory Interface
// which ReplicationManager Inherits and Application Objects Implement
interface GenericFactory { typedef any FactoryCreationId;
Object create_object(in TypeId type_id, in Criteria the_criteria, out FactoryCreationId factory_creation_id)
raises (NoFactory,ObjectNotCreated,InvalidCriteria,InvalidProperty,CannotMeetCriteria);
void delete_object(in FactoryCreationId factory_creation_id) raises (ObjectNotFound); };
// Specification of ReplicationManager Interface interface ReplicationManager : PropertyManager, ObjectGroupManager, GenericFactory
{ void register_fault_notifier(in FaultNotifier fault_notifier);
FaultNotifier get_fault_notifier() raises (InterfaceNotFound); };
// Specifications for Fault Management // Specification of PullMonitorable Interface // which Application Objects Inherit
interface PullMonitorable {
boolean is_alive(); };
// Specification of FaultNotifier Interface interface FaultNotifier { typedef unsigned long long ConsumerId;
void push_structured_fault(in CosNotification::StructuredEvent event);
void push_sequence_fault(in CosNotification::EventBatch events);
ConsumerId connect_structured_fault_consumer( in CosNotifyComm::StructuredPushConsumer push_consumer);
ConsumerId connect_sequence_fault_consumer( in CosNotifyComm::SequencePushConsumer push_consumer);
void disconnect_consumer( in ConsumerId connection)raises(CosEventComm::Disconnected);
void replace_constraint(in ConsumerId connection, in CosNotification::EventTypeSeq event_types, in string constr_expr);
};
// Specifications for Logging and Recovery typedef sequence<octet> State;
exception NoStateAvailable {}; exception InvalidState {}; exception NoUpdateAvailable {}; exception InvalidUpdate {};
// Specification of Checkpointable Interface // which Updateable and Application Objects Inherit interface Checkpointable
{
State get_state()raises(NoStateAvailable);
void set_state(in State s) raises(InvalidState); };
// Specification of Updateable Interface // which Application Objects Inherit
interface Updateable : Checkpointable { State get_update() raises(NoUpdateAvailable);
void set_update(in State s) raises(InvalidUpdate);
};
};
#endif // for #ifndef _FT_IDL
Appendix A GlossaryA.1 List of TermsActive ReplicationActive Replication with VotingApplication-Controlled ConsistencyApplication-Controlled MembershipBackup MemberByzantine Fault |
|||||
| All of the members of an object group independently | |||||
| execute the methods invoked on the object, so that if a | |||||
| fault prevents one replica from operating correctly, the | |||||
| other replicas will produce the required results without | |||||
| the delay incurred by recovery. | |||||
| Active replication where the requests (replies) from the | |||||
| members of a client (server) object group are voted, and | |||||
| are delivered to the members of the server (client) object | |||||
| group only if a majority of the requests (replies) are | |||||
| identical. | |||||
| A ConsistencyStyle in which the application is | |||||
| responsible for checkpointing, logging, activation and | |||||
| recovery, and for maintaining whatever kind of | |||||
| consistency is appropriate for the application. | |||||
| A MembershipStyle in which the application, or an | |||||
| application-level manager, can create a member of the | |||||
| object group and then invoke the add_member() | |||||
| operation of the ObjectGroupManager interface to | |||||
| cause the Replication Manager to add the member to the | |||||
| group. Alternatively, the application can invoke the | |||||
| create_member() operation of the | |||||
| ObjectGroupManager interface to cause the | |||||
| Replication Manager to create the member and add it to | |||||
| the object group. The application is responsible for | |||||
| enforcing the InitialNumberReplicas and | |||||
| MinimumNumberReplicas properties. | |||||
| In passive replication, a member of an object group that | |||||
| does not execute the methods invoked on the object | |||||
| group but is available to assume the role of the primary | |||||
| member in the event of a fault. | |||||
| A form of commission fault that occurs when an object | |||||
| or host generates incorrect results maliciously. |
Causal Order Causal order ensures that if a multicast message m1 could have caused, possibly indirectly, a message m2 then
no object receives m2 before it receives m1. The causally precedes relation is the transitive closure of:
• If message m1 is delivered to object replica O before O sends message m2, then m1 causally precedes m2.
• If object replica O sends message m1 before message m2, then m1 causally precedes m2.
• If both m1 and m2 are delivered to object replica O, and m1 causally precedes m2, then m1 is delivered to O before m2.
Checkpoint A snapshot of the state of an object.
Checkpoint Interval An interval of time (in seconds and nanoseconds) between writing the full state of an object to a log.
Cold Passive Replication A form of passive replication in which only one replica, the primary replica, in the object group
executes the methods invoked on the object. The state of the primary replica is extracted from the log and is loaded into
the backup replica when needed for recovery.
Commission Fault A commission fault occurs when an object or host generates incorrect results. Commission faults must be handled
by active replication with majority voting.
ConsistencyStyle The value of the ConsistencyStyle is either CONS_INF_CTRL or CONS_APP_CTRL.
Distributed Logging A logging strategy in which a co-located log is maintained for each replica of an object.
Duplicates Duplicate requests and duplicate replies can arise in active replication and in passive replication when the primary
fails and a new primary is introduced. To maintain exactly once semantics and strong replica consistency, the Fault Tolerance
Infrastructure provides mechanisms to detect and suppress duplicates.
Failure A failure is the event of a system’s generating a result that does not satisfy the system specification or not generating
a result that is required by the system specification. A failure is defined by the system specification, without reference
to any enclosing system of which the system is a component.
Fault A fault is behavior of a component of a system that causes incorrect behavior of the system. A fault is the external
manifestation of a failure of the component.
| Fault Analyzer | A component of the Fault Tolerance Infrastructure that | ||||
| registers for fault notifications and aggregates multiple | |||||
| related fault notifications into a single fault report. | |||||
| Fault Containment Region | One or more locations that can be affected by a single | ||||
| fault. Each member of an object group is assigned to a | |||||
| different fault containment region to ensure that, if one | |||||
| member incurs a fault, the other members are not | |||||
| affected. | |||||
| Fault Monitor | A component of the system, also known as a Fault | ||||
| Detector, that monitors the occurrence of faults in other | |||||
| entities, such as objects, hosts, processes, and networks. | |||||
| Fault detectors are typically based on timeouts and are | |||||
| unreliable (inaccurate) because they cannot determine | |||||
| whether an entity has failed or is merely slow. | |||||
| FaultMonitoringGranularity | The value of the FaultMonitoringGranularity of an | ||||
| object group is either MEMB, LOC, or | |||||
| LOC_AND_TYPE. The FaultMonitoringGranularity | |||||
| provides a means of scalably monitoring the members of | |||||
| many object groups. | |||||
| FaultMonitoringIntervalAndTimeout | The value of the | ||||
| FaultMonitoringIntervalAndTimeout is a structure | |||||
| that contains an interval of time between successive | |||||
| pings of an object, and the time allowed for subsequent | |||||
| responses from the object to determine whether it is | |||||
| faulty. | |||||
| FaultMonitoringStyle | The value of the FaultMonitoringStyle is either PULL, | ||||
| PUSH, or NOT_MONITORED. | |||||
| Fault Tolerance | The ability to provide continuous service, unperturbed by | ||||
| the presence of faults. In contrast, with high availability, | |||||
| existing operations can be disrupted by a fault but | |||||
| subsequent new operations, or retired existing operations, | |||||
| are serviced. | |||||
| Fault Tolerance Domain | For scalability, large applications are divided into | ||||
| multiple fault tolerance domains, each managed by a | |||||
| single Replication Manager. The members of an object | |||||
| group are located within a single fault tolerance domain | |||||
| but can invoke, or can be invoked by, objects of other | |||||
| fault tolerance domains. A host can support objects from | |||||
| multiple fault tolerance domains. | |||||
| Fault Transparency | A server object group is fault transparent to a client | ||||
| object if, in the presence of a faulty server replica, the | |||||
| server object group interacts with the client object as if | |||||
| there were no faults. |
| Gateway | A gateway provides access into a fault tolerance domain | ||||
| for objects outside that domain, and provides protocol | |||||
| conversion between the IIOP protocol used outside the | |||||
| fault tolerance domain and the group communication | |||||
| protocol used inside that domain. | |||||
| GenericFactory | An interface of the Replication Manager that creates | ||||
| object groups, as well as individual members of object | |||||
| groups. | |||||
| Group Communication Protocol | A protocol that provides communication between object | ||||
| groups, typically multicasting, reliable delivery, causal | |||||
| ordering, total ordering, group membership, and virtual | |||||
| synchrony. | |||||
| Group Membership | The set of members of a group, which may change | ||||
| dynamically in time, as members fail and are removed | |||||
| from the group and as new and recovered members are | |||||
| added. | |||||
| FT_GROUP_VERSION Service | A service context, included in a request message, that | ||||
| Context | allows a server to determine whether the client is using | ||||
| an obstacle object group reference and, if so, to return a | |||||
| LOCATION_FORWARD_PERM response that | |||||
| contains the most recent object reference for the server | |||||
| object group. | |||||
| HEARTBEAT_POLICY | A client-side policy that allows a client to request | ||||
| heartbeating to determine that its connection to a server | |||||
| has failed. | |||||
| HEARTBEAT_ENABLED_POLICY | A server-side policy that allows a client to determine that | ||||
| its connection to a server has failed. | |||||
| Incremental State Transfer | A form of state transfer that is used for transferring large | ||||
| states of an object in fragments. | |||||
| Infrastructure-Controlled | A ConsistencyStyle in which the Fault Tolerance | ||||
| Consistency | Infrastructure is responsible for checkpointing, logging, | ||||
| activation and recovery and for maintaining Strong | |||||
| Replica Consistency. | |||||
| Infrastructure-Controlled | A MembershipStyle in which the application directs | ||||
| Membership | the Replication Manager to create the object group and | ||||
| the Replication Manager invokes the individual factories, | |||||
| for the appropriate locations, to create the members of | |||||
| the object group both initially to satisfy the | |||||
| InitialReplicas property and after the loss of a member | |||||
| because of a fault to satisfy the | |||||
| MinimumNumberReplicas property. |
| InitialNumberReplicas | The InitialNumberReplicas property of an object | ||||
| group specifies the number of replicas of the object to be | |||||
| created when the object group is first created. | |||||
| Location | A set of hosts that form a single fault containment | ||||
| region. Members of object groups are created at different | |||||
| locations. | |||||
| Log | A record of messages and object states that is created to | ||||
| ensure that recovery is possible after a fault. | |||||
| LoggingMechanism | A component of the Fault Tolerance Infrastructure that | ||||
| records all of the actions of an object group in a log. | |||||
| MembershipStyle | The value of the MembershipStyle of an object group | ||||
| is either MEMB_INF_CTRL or MEMB_APP_CTRL. | |||||
| Membership Handling Mechanism | A component of the Fault Tolerance Infrastructure that | ||||
| ensures that GIOP messages addressed to object groups | |||||
| are delivered to the appropriate members of those | |||||
| groups. It detects and suppresses duplicate messages, | |||||
| passes messages to the Logging Mechanism to put into | |||||
| the log, and applies to the objects messages that the | |||||
| Recovery Mechanism has retrieved from the log. | |||||
| MinimumNumberReplicas | The MinimumNumberReplicas property of an object | ||||
| group specifies the smallest number of replicas of the | |||||
| object needed to maintain the desired fault tolerance. The | |||||
| application or the Replication Manager creates additional | |||||
| replicas of the object to ensure that the number of | |||||
| replicas does not fall below the specified minimum | |||||
| number. | |||||
| Multicasting | For replicated client and server objects, messages are | ||||
| originated by a client (server) within a client (server) | |||||
| object group and are multicast to the client and server | |||||
| object groups. Messages are delivered to the members of | |||||
| both the client and server object groups to facilitate the | |||||
| detection and suppression of duplicates. | |||||
| Object Group | A set of member objects, each of which implements the | ||||
| same set of interfaces and has the same implementation | |||||
| code. | |||||
| ObjectGroupManager | An interface of the Replication Manager that contains | ||||
| operations for creating a member of an object group at a | |||||
| particular location, adding a member to an object group | |||||
| at a particular location, removing a member from an | |||||
| object group at a particular location, getting the locations | |||||
| of the members of an object group, and setting the | |||||
| primary member of a passively replicated object group. |
Object Group ReferencePassive ReplicationPrimary MemberProperty ManagerPull MonitorPush MonitorRecoveryRecovery MechanismReliable DeliveryReplica DeterminismReplication |
|||||
| An interoperable object reference that contains multiple TAG_INTERNET_IOP profiles that represent primary and backup members of a passively replicated object group or that represent gateways. All of the TAG_INTERNET_IOP profiles contain a TAG_FT_GROUP component that contains the fault tolerance domain identifier, object group identifier, and object group reference version number for the server object group. If the profiles are those of members of a passively replicated server object group, then one of the profiles contains the TAG_FT_PRIMARY component for the profile that addresses the primary member of the server object group. | |||||
| Only the primary member of an object group executes the methods that have been invoked on the object group. The object group contains additional backup replicas. | |||||
| In passive replication, the member of an object group that executes the methods invoked on the object group. | |||||
| An interface of the Replication Manager that contains operations for setting and getting the fault tolerance properties. | |||||
| A Fault Monitor that interrogates the monitored object periodically to determine whether it is alive. | |||||
| A Fault Monitor to which the monitored object periodically reports that it is alive. | |||||
| The restoration of the state of a member of an object group so that it can continue the operation of the object | |||||
| group. | |||||
| A component of the Fault Tolerance Infrastructure that sets the state of a member of an object group, either when a backup member is promoted to be the primary member after a fault occurs, or alternatively when a new member is introduced into the group. | |||||
| Every message addressed to a group, or originated by a group, is delivered to every member of the group, except for members suspected of being faulty. | |||||
| Replica determinism requires that two or more members of an object group, when presented with the same sequence of requests and replies, behave in exactly the | |||||
| same manner. | |||||
| The fundamental technique used in building fault-tolerant systems. |
| Replication Manager | A component of the Fault Tolerance Infrastructure that | ||||
| provides access to the Fault Notifier and that inherits | |||||
| three interfaces. PropertyManager, GenericFactory | |||||
| and ObjectGroupManager. Logically, there is one | |||||
| Replication Manager per fault tolerance domain. The | |||||
| Replication Manager interacts with the Fault Monitors | |||||
| and Fault Notifier, and with the Logging and Recovery | |||||
| Mechanisms of the Fault Tolerance Infrastructure. | |||||
| ReplicationStyle | The value of the ReplicationStyle of an object group is | ||||
| either STATELESS, COLD_PASSIVE, | |||||
| WARM_PASSIVE, ACTIVE, or | |||||
| ACTIVE_WITH_VOTING. | |||||
| Replication Transparency | A client object is unaware that it is interacting with a | ||||
| group of server objects, but rather ‘‘thinks’’ that it is | |||||
| interacting with an individual server object. | |||||
| Repository Identifier | The identifier of a type within the Interface Repository. | ||||
| REQUEST_DURATION_POLICY | A client-side policy that defines the time interval over | ||||
| which a client’s request to a server remains valid and | |||||
| should be retained by the server ORB to detect repeated | |||||
| requests. | |||||
| FT_REQUEST Service Context | A service context, included in a request message, that | ||||
| allows a server to detect and suppress duplicate requests | |||||
| and to garbage collect requests that are obsolete. | |||||
| Shared Logging | A logging strategy in which the primary member of an | ||||
| object group logs its state by writing the log records onto | |||||
| stable storage. | |||||
| State Transfer | In both passive and active replication, when a new or | ||||
| recovered member of an object group is activated, a state | |||||
| transfer is required to transfer the state of the object to | |||||
| the new or recovered member, so that the new or | |||||
| recovered member will have the same state as the other | |||||
| members of the object group. | |||||
| Stateless Object | The behavior of a stateless object is unaffected by its | ||||
| history of invocations. A typical example of a stateless | |||||
| object is a server that provides read-only access to a | |||||
| database. | |||||
| Strong Membership Consistency | Strong Membership Consistency means that, for each | ||||
| method invocation on an object group, the Fault | |||||
| Tolerance Infrastructure on all hosts agree on the | |||||
| membership of the object group. |
Strong Replica Consistency For passive replication, Strong Replica Consistency means that, at the end of each state transfer,
each of the members of the object group have the same state. For active replication, Strong Replica Consistency means that,
at the end of each method invocation on the object group, each of the members of the object group have the same state.
TAG_FT_GROUP Component A component of all of the profiles of the Object Group Reference that contains the fault tolerance
domain identifier, object group identifier, and object group reference version number of the server object group with that
reference.
TAG_FT_HEARTBEAT_ENABLED A component of a TAG_INTERNET_IOP profile of an
Component object group reference that indicates that a member of a server object group, or gateway, is heartbeat enabled.
TAG_FT_PRIMARY Component A component of one of the TAG_INTERNET_IOP profiles of an object group reference that is intended
to address the primary member of the object group, and that indicates that this TAG_INTERNET_IOP profile should be used in
preference to other TAG_INTERNET_IOP profiles within the object group reference.
Total Order The ordered before relation is the transitive closure of:
• If message m1 is delivered to object replica O before message m2 is delivered to O, then m1 is ordered before m2.
• If message m1 precedes message m2, then m1 is ordered before m2.
• If both m1 and m2 are delivered to object replica O, and m1 is ordered before m2, then m1 is delivered to O before m2 is delivered to O.
The ordered before relation is acyclic.
Unique Primary Replica For passive replication, one and only one member of the object group executes the methods invoked on
the object group.
Unreplicated Client Object An unreplicated client object communicates with a replicated server object using IIOP. The client
may communicate directly with a member of the server object group or, if multicasting is provided, the client may communicate
with a gateway, which then multicasts the message to the server object group.
Virtual Synchrony If object replicas O1 and O2 are in the same view of the object group membership M and they transition together
to the next view of the object group membership M’, then the same messages are delivered to O1 and O2 while they are members
of M. Virtual synchrony is used to ensure that a state transfer to initialize a new member of object group membership M occurs
at the point in the message order corresponding to a membership change. Thus, at the start of the next view of the object
group membership M’, all of the members in M’ will have the same state.
Warm Passive Replication A form of passive replication in which only the primary member executes the methods invoked on the
object group by the client objects. Several other members operate as backups. The backups do not execute the methods invoked
on the object group; rather, the state of the primary is transferred to the backups periodically.
Appendix B Compliance
B.1.1 Fault Tolerant CORBA Passive Replication Compliance Point
This compliance point requires support of all specifications defined previously. However, the implementation of these specifications
need only support the semantics for the STATELESS, COLD_PASSIVE, and WARM_PASSIVE values of the ReplicationStyle property.
B.1.2 Fault Tolerant CORBA Active Replication Compliance Point
This compliance point requires support of all specifications defined previously. However, the implementation of these specifications
need only support the semantics for the STATELESS and ACTIVE values of the ReplicationStyle property.