Embed Size (px)
Citation preview
© P. Kouznetsov 1
On the weakest failure detector for non-blocking
atomic commit
Rachid Guerraoui Petr Kouznetsov
Distributed Programming LaboratorySwiss Institute of Technology in Lausanne (EPFL)
2
Contribution
We consider the Non-Blocking Atomic Commit (NBAC) problem [Skeen81] in an asynchronous system with failure detectors [FLP85, CT96]
We define the weakest (timeless) failure detector to solve NBAC
3
Roadmap1. Background2. Non-blocking atomic commit (NBAC)3. Conjecture: ?P+ is the weakest for
NBAC4. A reduced problem: weakest timeless
failure detector to solve NBAC5. Open issues
4
Model: processes and failures
Asynchronous message-passing system with crash failures
No time bounds on message communication or process relative speeds
Communication by message-passing through reliable channels
Processes can fail by crashingCorrect processes never crashA majority of processes is correct
Agreement problems are not solvable in an asynchronous model if at least one process can crash [FLP85]
5
Model: failure detectors [CT96]Synchrony assumptions are encapsulated
in the failure detectors:
Each process has a failure detector module that gives hints (maybe wrong) on the state of other processes.
The information provided by failure detectors does not depend on anything but failures.
Example: Perfect failure detector P: eventually, every correct process detects a crash, and no crash is detected before it occurs.
6
Weakest failure detector [CHT96]A failure detector D is the weakest to
solve problem M iff it is:
Sufficient: D solves M (there is an algorithm that solves M using D)
Necessary: D is weaker than any failure detector D’ that solves M (there is an algorithm that implements D using D’)
7
Weakest failure detector for Consensus
Processes propose values and decide on some final values so that:Agreement no two processes decide differentlyTermination every correct process eventually decidesValidity: a decided value is a proposed value
: eventually, the same correct process is elected by correct processes [CHT96].
p1
p2
p3
[p1]
[p2]
[p3]
[p3]
[p3]
[p3]
[p1]
[p2]
[p1] ……
[p1] ……
8
Roadmap1. Background2. Non-blocking atomic commit (NBAC)3. Conjecture: ?P+ is the weakest for
NBAC4. A reduced problem: weakest timeless
failure detector to solve NBAC5. Open issues
9
Problem: NBACAtomic transactions: processes vote
yes or no and take decisions (commit or abort) so that:
Agreement: no two processes decide differently
Termination: every correct process eventually decides
Commit-Validity: abort cannot be decided if every process is correct and votes yes
Abort-Validity: commit cannot be decided if some process votes no
10
Problem: weakest FD for NBAC
P is sufficient to solve NBAC (3PC algorithm [Skeen81]).
Is P necessary to solve NBAC? [SM95,FRT99]
Failure detector that is necessary and sufficient to solve NBAC?
11
Anonymous failure detector ?PProcess pi: Initially output 0 If (and only if) there is a failure,
then, eventually, output forever 1
Necessary to solve NBAC: it can be emulated by any algorithm that solves NBAC.
[Gue02]
12
Roadmap1. Background2. Non-blocking atomic commit (NBAC)3. Conjecture: ?P+ is the weakest for
NBAC4. A reduced problem: weakest timeless
failure detector to solve NBAC5. Open issues
13
A candidate ?P+
Good news: There is an algorithm that transforms Consensus into NBAC using ?P [Gue02]. ?P+<P
Bad news: there exists a failure detector B that solves NBAC and B is incomparable with ?P+ , so ?P+ cannot be the weakest to solve NBAC
14
Stillborn failure detector BProcess pi: Initially output If there is a process crashed at time
0, then, eventually, output forever pi
Otherwise, eventually, output forever a set of suspected processes “behaves like” the perfect failure detector P
15
But B is rather strangeB is strongly time-dependent :
t=0
(1)
p1
p2
[p1]
(2)
p1
p2
[p2]
?
t=
We can generalize B for any time t0 (B[t])
[]
[]
16
A filter (timeless failure detectors)
to get rid of time-based detectors like B
Timeless failure detectors A cannot imply any information about global time: a failure occurred at time t and a failure occurred at time t+d can be reported in the same way.
, P, ?P A
B[t] A
17
Roadmap1. Background2. Non-blocking atomic commit (NBAC)3. Conjecture: ?P+ is the weakest for
NBAC4. A reduced problem: weakest timeless
failure detector to solve NBAC5. Open issues
18
A reduced problem What is the weakest failure
detector in A to solve NBAC?
Conjecture: ?P+ is the one
More precisely: any failure detector DA that solves NBAC can emulate (the proof is extending the technique of [CHT96] and
is rather technically involved)
19
Extending [CHT96] The idea: to achieve non-triviality of any
execution of an NBAC algorithm N using a timeless failure detector
The technique: every process maintains an imaginary failure-free partial run assumed preceding the current real run
The result: simulating N over the constructed run, the correct processes eventually agree on a single correct process:
20
Open Issues Weakest failure detector for NBAC
in general? Optimality of A: can we make it
bigger? No majority? Indulgent algorithms: is ?P+ the
weakest to allow indulgent solution?
21
Questions?
