Recovery in heterogeneous system

We discuss backward error recovery for large software systems, where different subsystems may belong to essentially different application areas, like databases and process control. Examples of such systems are found in modem telecommunication, transportation, manufacturing and uilitary applications. Such heterogeneous subsystems are naturally built according to different design "models", viz. the "object-action" model (where the long-term state of the computation is encapsulated in data objects, and active processes invoke operations on these objects), and the "process-conversation" model (where the state is contained in the processes, communicating via messages), which also imply different ways of organising backward error recovery. In the objectaction model, backward recovery is naturally organised via atomic transactions; in the process-conversation model, via conversations. We show how checkpointing and roll-back can be co-ordinated between two sets of such heterogeneous subsystems, namely sets of message passing processes organised in conversations and data servers offering atomic transactions. Our solution involves altering the virtual machine on which the programs run, and programming conventions which seem rather natural and can be automatically enforced. We demonstrate the feasibility of the approach by showing how it would work with the Ada language, and show a toy example.