Benchmarking Model Checkers with Distributed Algorithms. Étienne Coulouma-Dupont
|
|
- Felix Daniel Marshall
- 5 years ago
- Views:
Transcription
1 Benchmarking Model Checkers with Distributed Algorithms Étienne Coulouma-Dupont November 24, 2011
2 Introduction The Consensus Problem Consensus : application Paxos LastVoting Hypothesis The Algorithm Analysis of the Algorithm Simulator Motivations Benchmark Benchmarks Various parameters POEM ALCOOL 2/66
3 Introduction LastVoting Simulator Benchmarks 3/66
4 Panda Project Industrial Benchmark Airbus Code Academic Benchmark Paxos Algorithm 4/66
5 The Consensus Problem The Consensus Problem Context: Distributed Systems Consensus is the problem of making processes agree on a common value in spite of faults 5/66
6 The Consensus Problem The Consensus Problem An Algorithms solves Consensus if and only if it satifies the following conditions: Integrity: Any decision value is the proposed value of some process. Agreement: No two different values are decided. Termination: All process eventually decide. 6/66
7 Consensus : application Consensus Algorithm with industrial applications Chubby (Google, 2006) [Bur06][CGR07] implements a fault tolerant data-base: Fault-tolerance is achieved through replication Consistency is achieved using Paxos Algorithm 7/66
8 Paxos Paxos Family of algorithms built to solve Consensus First published by Leslie Lamport in 1998 [Lam98] Termination is not guaranteed without additional assumptions on liveness Safety is guaranteed 8/66
9 Paxos Several implementations in different models: ChandraToueg Attach to each process in the system a failure detector LastVoting Synchronous communication (rounds) 9/66
10 Paxos Related Works This algorithm has been intensively studied Fuzzati [Fuz08]: proof of Paxos and ChandraToueg with rewriting rules Küfner et al.: assisted proofs in Isabelle Tsuchiya & Schiper: model-checking of LastVoting SAT solver: up to 10 processes Traditional tools: up to 4 processes 10/66
11 Introduction LastVoting Simulator Benchmarks 11/66
12 Hypothesis LastVoting : Hypothesis Assumptions for the environment: with transmission faults : in each round, the adversary chooses a set of edges in which all messages will be correctly transmitted pseudo-synchronous: any message which is not received in the same round as the one during which it was send is thrown out by the process which receives it complete network: simplifies the way algorithms are expressed each process has a unique identity 12/66
13 Hypothesis LastVoting : Hypothesis We assume that each process p has at any time access to the following pieces of information: The round r in which it is The coordinator at round r 13/66
14 The Algorithm The Algorithm s Procedure rithm in a ition must odel such he collecordinators ing prediting algo- Phase i-1 Phase i Phase i+1 e: all pro- c i-1 c i c i+1 c i+2 c 1 c 2 c k c k+1 Figure: Transitions Figure 1. oftransitions configurations of configurations the phase level at(top) the and at the round level phase (bottom) level (top) [TS11]. and at the round level (bottom). (1) 0)) 14/66
15 The Algorithm The Algorithm s Procedure In each round r, each process p: can send a messages according to a sending function S r p, depending on the process state then can compute a new state according to a state transition function T r p, depending on the messages received 15/66
16 Selection (r = 4φ 3) Commit (r = 4φ 2) envoi Coord envoi Coord Ack (r = 4φ 1) Decision (r = 4φ) envoi Coord envoi Coord
17 The Algorithm Notations co = Coord(φ) D(φ) = {p Π d 4φ 3 p?} for all p Π and r [4φ 3, 4φ 1], RCV (p, r) is the set of processes from which p receives a non empty message in round r 17/66
18 The Algorithm Initialization : x p Val, initially v p // v p is the proposed value of p. vote p Val {?}, initially? // Val is the set of values that may be proposed. commit p a Boolean, initially false ready p a Boolean, initially false ts p N, initially 0 18/66
19 The Algorithm Round r = 4φ 3 : // #RCV (co, 4φ 3) > n/2 S r p : send x p, ts p to Coord(p, φ) T r p : if p = Coord(p, φ) and number of ν, θ received > n/2 then let be the largest θ from ν, θ received; vote p := one ν such that ν, θ is received; commit p := true; 19/66
20 The Algorithm Round r = 4φ 2 : // #{p Π co RCV (p, 4φ 2)} > n/2 S r p : if p = Coord(p, φ) and commit p then send vote p to all processes; T r p : if received v from Coord(p, φ) then x p := v; ts p := φ; 20/66
21 The Algorithm Round r = 4φ 1 : // #RCV (co, 4φ 1) > n/2 S r p : if ts p = φ then send ack to Coord(p, φ); T r p : if p = Coord(p, φ) and number of ack received > n/2 then ready p := true; 21/66
22 The Algorithm Round r = 4φ : // p Π \ D(φ) : co RCV (p, 4φ) S r p : if Coord(p, φ) and ready p then send vote p to all processes; T r p : if received v from Coord(p, φ) then DECIDE (v) if p = Coord(p, φ) then ready p := false; commit p := false; 22/66
23 Analysis of the Algorithm Terminology Given a partial execution, we define 0-Valence if the value 0 is to be decided 1-Valence if the value 1 is to be decided Univalence if one the above holds Bivalence if none of the above holds Formally, Univalence is defined for LastVoting as follows: v Val, P Π : #P n/2 P = {p Π pr p = v} ( q Π \ P : ts q < ts p ) 23/66
24 Analysis of the Algorithm Termination Termination holds iff P sync (φ) eventually holds: P sync (φ) φ > 0, co Π : ronde1 : #RCV (co, 4φ 3) > n/2 (CPROP(φ)) 24/66
25 Analysis of the Algorithm Termination Termination holds iff P sync (φ) eventually holds: P sync (φ) φ > 0, co Π : ronde1 : #RCV (co, 4φ 3) > n/2 (CPROP(φ)) ronde2 : #{p Π co RCV (p, 4φ 2)} > n/2 (BVOTE(φ)) 24/66
26 Analysis of the Algorithm Termination Termination holds iff P sync (φ) eventually holds: P sync (φ) φ > 0, co Π : ronde1 : #RCV (co, 4φ 3) > n/2 (CPROP(φ)) ronde2 : #{p Π co RCV (p, 4φ 2)} > n/2 (BVOTE(φ)) ronde3 : #RCV (co, 4φ 1) > n/2 (CACK (φ)) 24/66
27 Analysis of the Algorithm Termination Termination holds iff P sync (φ) eventually holds: P sync (φ) φ > 0, co Π : ronde1 : #RCV (co, 4φ 3) > n/2 (CPROP(φ)) ronde2 : #{p Π co RCV (p, 4φ 2)} > n/2 (BVOTE(φ)) ronde3 : #RCV (co, 4φ 1) > n/2 (CACK (φ)) ronde4 : p Π \ D(φ) : co RCV (p, 4φ) (BDEC(φ)) 24/66
28 Analysis of the Algorithm s 0 CP ROP F 01 s 1 F s 11 1 BV OT E F 12 s 2 F 13 s 2 CACK F 23 s 3 F s 33 3 BDEC F 34 s 4 s 4 25/66
29 Analysis of the Algorithm Execution-tree (graph... ) dec none A univ dec part dec all dec none/univ dec none/univ/dec part * B dec none/univ C dec part/dec all D dec all 26/66
30 Analysis of the Algorithm Example of execution φ = 1 p 1 p 2 p 3 pr 1 = 0 pr 2 = 0 pr 3 = 1 ts 1 = 0 ts 2 = 0 ts 3 = 0 d 1 =? d 2 =? d 3 =? s 0 27/66
31 Analysis of the Algorithm φ = 1 p 1 p 2 p 3 ho 1 = 1 ho 2 = 0 ho 3 = 1 pr 1 = 0 pr 2 = 0 pr 3 = 1 ts 1 = 0 ts 2 = 0 ts 3 = 0 d 1 =? d 2 =? d 3 =? s 1 CP ROP s 0 28/66
32 Analysis of the Algorithm φ = 1 p 1 p 2 p 3 ho 1 = 0 ho 2 = 0 ho 3 = 1 pr 1 = 0 pr 2 = 0 pr 3 = 1 ts 1 = 0 ts 2 = 0 ts 3 = 1 d 1 =? d 2 =? d 3 =? s 1 CP ROP F 12 s 0 s 2 29/66
33 Analysis of the Algorithm φ = 2 p 1 p 2 p 3 pr 1 = 0 pr 2 = 0 pr 3 = 1 ts 1 = 0 ts 2 = 0 ts 3 = 1 d 1 =? d 2 =? d 3 =? s 1 CP ROP F 12 s 0 s 2 30/66
34 Analysis of the Algorithm φ = 2 p 1 p 2 p 3 ho 1 = 0 ho 2 = 1 ho 3 = 1 pr 1 = 0 pr 2 = 0 pr 3 = 1 ts 1 = 0 ts 2 = 0 ts 3 = 1 d 1 =? d 2 =? d 3 =? s 1 CP ROP s 0 31/66
35 Analysis of the Algorithm φ = 2 p 1 p 2 p 3 ho 1 = 1 ho 2 = 0 ho 3 = 0 pr 1 = 1 pr 2 = 0 pr 3 = 1 ts 1 = 2 ts 2 = 0 ts 3 = 1 d 1 =? d 2 =? d 3 =? s 1 F 13 CP ROP s 0 s 3 32/66
36 Analysis of the Algorithm φ = 3 p 1 p 2 p 3 pr 1 = 1 pr 2 = 0 pr 3 = 1 ts 1 = 2 ts 2 = 0 ts 3 = 1 d 1 =? d 2 =? d 3 =? s 1 F 13 CP ROP s 0 s 3 33/66
37 Analysis of the Algorithm φ = 3 p 1 p 2 p 3 ho 1 = 1 ho 2 = 1 ho 3 = 0 pr 1 = 1 pr 2 = 0 pr 3 = 1 ts 1 = 2 ts 2 = 0 ts 3 = 1 d 1 =? d 2 =? d 3 =? s 1 CP ROP s 0 34/66
38 Analysis of the Algorithm φ = 3 p 1 p 2 p 3 ho 1 = 0 ho 2 = 1 ho 3 = 1 pr 1 = 1 pr 2 = 1 pr 3 = 1 ts 1 = 2 ts 2 = 3 ts 3 = 3 d 1 =? d 2 =? d 3 =? BV OT E s 1 CP ROP s 0 s 2 35/66
39 Analysis of the Algorithm φ = 3 CP ROP s 0 p 1 p 2 p 3 ho 1 = 1 ho 2 = 0 ho 3 = 1 pr 1 = 1 pr 2 = 1 pr 3 = 1 ts 1 = 2 ts 2 = 3 ts 3 = 3 d 1 =? d 2 =? d 3 =? s 2 BV OT E s 1 CACK s 3 36/66
40 Analysis of the Algorithm s 0 CP ROP φ = 3 p 1 p 2 p 3 ho 1 = 1 ho 2 = 0 ho 3 = 1 pr 1 = 1 pr 2 = 1 pr 3 = 1 ts 1 = 2 ts 2 = 3 ts 3 = 3 d 1 =? d 2 =? d 3 = 1 s 3 CACK s 2 BV OT E s 1 F 34 s 4 37/66
41 Analysis of the Algorithm s 0 CP ROP φ = 4 p 1 p 2 p 3 pr 1 = 1 pr 2 = 1 pr 3 = 1 ts 1 = 2 ts 2 = 3 ts 3 = 3 d 1 =? d 2 =? d 3 = 1 s 3 CACK s 2 BV OT E s 1 F 34 s 4 38/66
42 Analysis of the Algorithm φ = 4 p 1 p 2 p 3 ho 1 = 1 ho 2 = 1 ho 3 = 1 pr 1 = 1 pr 2 = 1 pr 3 = 1 ts 1 = 2 ts 2 = 3 ts 3 = 3 d 1 =? d 2 =? d 3 = 1 s 1 CP ROP s 0 39/66
43 Analysis of the Algorithm φ = 4 p 1 p 2 p 3 ho 1 = 1 ho 2 = 0 ho 3 = 1 pr 1 = 1 pr 2 = 1 pr 3 = 1 ts 1 = 4 ts 2 = 3 ts 3 = 4 d 1 =? d 2 =? d 3 = 1 BV OT E s 1 CP ROP s 0 s 2 40/66
44 Analysis of the Algorithm φ = 4 p 1 p 2 p 3 ho 1 = 1 ho 2 = 0 ho 3 = 1 pr 1 = 1 pr 2 = 1 pr 3 = 1 ts 1 = 4 ts 2 = 3 ts 3 = 4 d 1 =? d 2 =? d 3 = 1 CACK s 2 BV OT E s 1 CP ROP s 0 s 3 41/66
45 Analysis of the Algorithm s 0 CP ROP φ = 4 p 1 p 2 p 3 ho 1 = 1 ho 2 = 1 ho 3 = 0 pr 1 = 1 pr 2 = 1 pr 3 = 1 ts 1 = 4 ts 2 = 3 ts 3 = 4 d 1 = 1 d 2 = 1 d 3 = 1 s 3 CACK s 2 BV OT E s 1 BDEC s 4 42/66
46 Analysis of the Algorithm Comparison with the asynchronous version Each process has a infinite set of integers which is disjoint from the sets of the other processes This set is used to uniquely identify the consensus requests In the asynchronous version, the coordinator first broadcasts the request number of the new request The last broadcast is a flooding broadcast procedure 43/66
47 Analysis of the Algorithm Computability of Paxos Paxos does not terminate [FLP85][Fuz08] Optimal condition not known for consensus algorithms 44/66
48 Analysis of the Algorithm Fuzzati s proof of Paxos A general pattern of rule: Condition(s) (RULE) Action(s) or Event(s) Example of rule from Fuzzati s Paxos rules: S(i) = (a, r, p, b, (, ι), ) (CRASH) B, C, S B, C, S{i (a, r, p, b, (, ι), )} 45/66
49 Introduction LastVoting Simulator Benchmarks 46/66
50 Motivations Motivations Correct Algorithms Benchmark Algorithms performances 47/66
51 Benchmark Benchmark Banc d essai pour N = 3 Banc d essai pour N = 4 durée moyenne/test (µs) LVOpt version=1 LVOpt version=2 LVOpt version=3 MyLVOpt version=2 MyLVOpt version=3 durée moyenne/test (µs) LVOpt1 LVOpt2 LVOpt3 MyLVOpt2 MyLVOpt3 LVOpt1 LVOpt2 LVOpt3 MyLVOpt2 MyLVOpt3 LVOpt version=1 LVOpt version=2 LVOpt version=3 MyLVOpt version=2 MyLVOpt version=3 48/66
52 Introduction LastVoting Simulator Benchmarks 49/66
53 Motivations Benchmarking with Paxos Tsuchiya & Schiper: SAT Solvers: up to 10 processes NuSMV: up to 4 processes SPIN: up to 3 processes 50/66
54 Motivations Benchmarking with Paxos Tsuchiya & Schiper: SAT Solvers: up to 10 processes NuSMV: up to 4 processes SPIN: up to 3 processes Our work in progress: POEM (Peter Niebert, Marseille): frontend for different tools with partial order techniques preprocessing ALCOOL (CEA/List, Panda): Topological techniques 50/66
55 Various parameters Toward Benchmarking of Model-Checkers Number n of processes of the system 51/66
56 Various parameters Toward Benchmarking of Model-Checkers Number n of processes of the system Number of losses for the system:newline for one round for one phase for k phases for one execution Number of losses per process:newline for one phase for k phases for one execution 51/66
57 POEM POEM Checking is done with IF requests (first order logic): (d[0]<>not_def) and (d[1]<>not_def) and (d[0]<>d[1]) Current problem: false positives (Bug in the frontend?) 52/66
58 POEM First Tests duration (s) perte/ronde 1 perte/ronde number of processes 53/66
59 ALCOOL ALCOOL ALCOOL can detect deadlocks and forbidden zones We transform the properties which are to be verified into deadlock properties Example: B 0 and B 1 two n-ary synchronization barriers Agreement process p waits on B dp Current problem: false positive (feature) 54/66
60 ALCOOL Example 2 #mutex m processes: p1 = P(m).V(m) p2 = P(m).V(m) init: p1 p2 p1 V(m) P(m) P(m) V(m) p2 55/66
61 ALCOOL p1 V(m) P(m) P(m) V(m) p2 56/66
62 ALCOOL p1 Basically only 2 executions: p1.p2 p2.p1 V(m) P(m) P(m) V(m) p2 57/66
63 ALCOOL p1 V(m) p1.p2 : x=8 p2.p1 : V(m) p2 57/66
64 ALCOOL Example 3 p1 #mutex a b processes: p1 = P(a).P(b).V(b).V(a) p2 = P(b).P(a).V(a).V(b) init: p1 p2 V(a) V(b) P(b) P(a) P(b) P(a) V(a) V(b) p2 58/66
65 ALCOOL Example 4 #synchronization 2 b processes: p1 (W(b) + [x==1] + void) p2 init: p1 p2 p2 59/66
66 ALCOOL Example 4 #synchronization 2 b processes: p1 p2 init: p1 p2 W(b) p2 60/66
67 ALCOOL p1 p1 W(b) W(b) p2 61/66
68 ALCOOL Example 5 p1 #synchronization 2 b s processes: p1 = void.w(s).@(x,1). (W(b) + [x==1] + void) p2 init: p1 p2 W(b) p2 62/66
69 ALCOOL Example 5 p1 #synchronization 2 b s processes: p1 = W(s).@(x,1).W(b) p2 init: p1 p2 W(b) W(b) p2 63/66
70 ALCOOL p1 p1 W(b) W(b) p2 W(b) p2 64/66
71 ALCOOL Benchmarks: ALCOOL Analysis of numerical variables Analysis of potential deadlocks ALCOOL +POEM? 65/66
72 Introduction The Consensus Problem Consensus : application Paxos LastVoting Hypothesis The Algorithm Analysis of the Algorithm Simulator Motivations Benchmark Benchmarks Various parameters POEM ALCOOL 66/66
73 BURROWS, MIKE: The Chubby lock service for loosely-coupled distributed systems. In Proceedings of the 7th symposium on Operating systems design and implementation, OSDI 06, pages , Berkeley, CA, USA, USENIX Association. CHANDRA, TUSHAR D., ROBERT GRIESEMER and JOSHUA REDSTONE: Paxos made live: an engineering perspective. In Proceedings of the twenty-sixth annual ACM symposium on Principles of distributed computing, PODC 07, pages , New York, NY, USA, ACM. FISCHER, MICHAEL J., NANCY A. LYNCH and MICHAEL S. PATERSON: Impossibility of distributed consensus with one faulty process. J. ACM, 32: , April /66
74 FUZZATI, RACHELE: A formal approach to fault tolerant distributed consensus. PhD thesis, École Polytechnique Fédérale de Lausanne, Lausanne, LAMPORT, LESLIE: The part-time parliament. ACM Transactions on Computer Systems, 16: , TSUCHIYA, TATSUHIRO and ANDRÉ SCHIPER: Verification of consensus algorithms using satisfiability solving. Distributed Computing, 23: , /66
CS505: Distributed Systems
Department of Computer Science CS505: Distributed Systems Lecture 10: Consensus Outline Consensus impossibility result Consensus with S Consensus with Ω Consensus Most famous problem in distributed computing
More informationSection 6 Fault-Tolerant Consensus
Section 6 Fault-Tolerant Consensus CS586 - Panagiota Fatourou 1 Description of the Problem Consensus Each process starts with an individual input from a particular value set V. Processes may fail by crashing.
More informationSimple Bivalency Proofs of the Lower Bounds in Synchronous Consensus Problems
Simple Bivalency Proofs of the Lower Bounds in Synchronous Consensus Problems Xianbing Wang, Yong-Meng Teo, and Jiannong Cao Singapore-MIT Alliance E4-04-10, 4 Engineering Drive 3, Singapore 117576 Abstract
More informationCS505: Distributed Systems
Cristina Nita-Rotaru CS505: Distributed Systems. Required reading for this topic } Michael J. Fischer, Nancy A. Lynch, and Michael S. Paterson for "Impossibility of Distributed with One Faulty Process,
More informationAsynchronous Models For Consensus
Distributed Systems 600.437 Asynchronous Models for Consensus Department of Computer Science The Johns Hopkins University 1 Asynchronous Models For Consensus Lecture 5 Further reading: Distributed Algorithms
More informationLower Bounds for Achieving Synchronous Early Stopping Consensus with Orderly Crash Failures
Lower Bounds for Achieving Synchronous Early Stopping Consensus with Orderly Crash Failures Xianbing Wang 1, Yong-Meng Teo 1,2, and Jiannong Cao 3 1 Singapore-MIT Alliance, 2 Department of Computer Science,
More informationAGREEMENT PROBLEMS (1) Agreement problems arise in many practical applications:
AGREEMENT PROBLEMS (1) AGREEMENT PROBLEMS Agreement problems arise in many practical applications: agreement on whether to commit or abort the results of a distributed atomic action (e.g. database transaction)
More informationFault-Tolerant Consensus
Fault-Tolerant Consensus CS556 - Panagiota Fatourou 1 Assumptions Consensus Denote by f the maximum number of processes that may fail. We call the system f-resilient Description of the Problem Each process
More informationEarly consensus in an asynchronous system with a weak failure detector*
Distrib. Comput. (1997) 10: 149 157 Early consensus in an asynchronous system with a weak failure detector* André Schiper Ecole Polytechnique Fe dérale, De partement d Informatique, CH-1015 Lausanne, Switzerland
More informationDistributed Consensus
Distributed Consensus Reaching agreement is a fundamental problem in distributed computing. Some examples are Leader election / Mutual Exclusion Commit or Abort in distributed transactions Reaching agreement
More informationImplementing Uniform Reliable Broadcast with Binary Consensus in Systems with Fair-Lossy Links
Implementing Uniform Reliable Broadcast with Binary Consensus in Systems with Fair-Lossy Links Jialin Zhang Tsinghua University zhanggl02@mails.tsinghua.edu.cn Wei Chen Microsoft Research Asia weic@microsoft.com
More informationAbstract. The paper considers the problem of implementing \Virtually. system. Virtually Synchronous Communication was rst introduced
Primary Partition \Virtually-Synchronous Communication" harder than Consensus? Andre Schiper and Alain Sandoz Departement d'informatique Ecole Polytechnique Federale de Lausanne CH-1015 Lausanne (Switzerland)
More informationValency Arguments CHAPTER7
CHAPTER7 Valency Arguments In a valency argument, configurations are classified as either univalent or multivalent. Starting from a univalent configuration, all terminating executions (from some class)
More informationEasy Consensus Algorithms for the Crash-Recovery Model
Reihe Informatik. TR-2008-002 Easy Consensus Algorithms for the Crash-Recovery Model Felix C. Freiling, Christian Lambertz, and Mila Majster-Cederbaum Department of Computer Science, University of Mannheim,
More informationFinally the Weakest Failure Detector for Non-Blocking Atomic Commit
Finally the Weakest Failure Detector for Non-Blocking Atomic Commit Rachid Guerraoui Petr Kouznetsov Distributed Programming Laboratory EPFL Abstract Recent papers [7, 9] define the weakest failure detector
More informationTolerating Permanent and Transient Value Faults
Distributed Computing manuscript No. (will be inserted by the editor) Tolerating Permanent and Transient Value Faults Zarko Milosevic Martin Hutle André Schiper Abstract Transmission faults allow us to
More informationModel Checking of Fault-Tolerant Distributed Algorithms
Model Checking of Fault-Tolerant Distributed Algorithms Part I: Fault-Tolerant Distributed Algorithms Annu Gmeiner Igor Konnov Ulrich Schmid Helmut Veith Josef Widder LOVE 2016 @ TU Wien Josef Widder (TU
More informationAsynchronous Leasing
Asynchronous Leasing Romain Boichat Partha Dutta Rachid Guerraoui Distributed Programming Laboratory Swiss Federal Institute of Technology in Lausanne Abstract Leasing is a very effective way to improve
More informationCoordination. Failures and Consensus. Consensus. Consensus. Overview. Properties for Correct Consensus. Variant I: Consensus (C) P 1. v 1.
Coordination Failures and Consensus If the solution to availability and scalability is to decentralize and replicate functions and data, how do we coordinate the nodes? data consistency update propagation
More informationAgreement Protocols. CS60002: Distributed Systems. Pallab Dasgupta Dept. of Computer Sc. & Engg., Indian Institute of Technology Kharagpur
Agreement Protocols CS60002: Distributed Systems Pallab Dasgupta Dept. of Computer Sc. & Engg., Indian Institute of Technology Kharagpur Classification of Faults Based on components that failed Program
More informationHow to solve consensus in the smallest window of synchrony
How to solve consensus in the smallest window of synchrony Dan Alistarh 1, Seth Gilbert 1, Rachid Guerraoui 1, and Corentin Travers 2 1 EPFL LPD, Bat INR 310, Station 14, 1015 Lausanne, Switzerland 2 Universidad
More informationOptimal Resilience Asynchronous Approximate Agreement
Optimal Resilience Asynchronous Approximate Agreement Ittai Abraham, Yonatan Amit, and Danny Dolev School of Computer Science and Engineering, The Hebrew University of Jerusalem, Israel {ittaia, mitmit,
More informationCommunication Predicates: A High-Level Abstraction for Coping with Transient and Dynamic Faults
Communication Predicates: A High-Level Abstraction for Coping with Transient and Dynamic Faults Martin Hutle martin.hutle@epfl.ch André Schiper andre.schiper@epfl.ch École Polytechnique Fédérale de Lausanne
More informationConsensus when failstop doesn't hold
Consensus when failstop doesn't hold FLP shows that can't solve consensus in an asynchronous system with no other facility. It can be solved with a perfect failure detector. If p suspects q then q has
More informationThe Weighted Byzantine Agreement Problem
The Weighted Byzantine Agreement Problem Vijay K. Garg and John Bridgman Department of Electrical and Computer Engineering The University of Texas at Austin Austin, TX 78712-1084, USA garg@ece.utexas.edu,
More informationDegradable Agreement in the Presence of. Byzantine Faults. Nitin H. Vaidya. Technical Report #
Degradable Agreement in the Presence of Byzantine Faults Nitin H. Vaidya Technical Report # 92-020 Abstract Consider a system consisting of a sender that wants to send a value to certain receivers. Byzantine
More informationCS3110 Spring 2017 Lecture 21: Distributed Computing with Functional Processes
CS3110 Spring 2017 Lecture 21: Distributed Computing with Functional Processes Robert Constable Date for Due Date PS6 Out on April 24 May 8 (day of last lecture) 1 Introduction In the next two lectures,
More informationEventually consistent failure detectors
J. Parallel Distrib. Comput. 65 (2005) 361 373 www.elsevier.com/locate/jpdc Eventually consistent failure detectors Mikel Larrea a,, Antonio Fernández b, Sergio Arévalo b a Departamento de Arquitectura
More informationHow can one get around FLP? Around FLP in 80 Slides. How can one get around FLP? Paxos. Weaken the problem. Constrain input values
How can one get around FLP? Around FLP in 80 Slides Weaken termination Weaken the problem use randomization to terminate with arbitrarily high probability guarantee termination only during periods of synchrony
More informationCS505: Distributed Systems
Cristina Nita-Rotaru CS505: Distributed Systems Ordering events. Lamport and vector clocks. Global states. Detecting failures. Required reading for this topic } Leslie Lamport,"Time, Clocks, and the Ordering
More informationFailure detectors Introduction CHAPTER
CHAPTER 15 Failure detectors 15.1 Introduction This chapter deals with the design of fault-tolerant distributed systems. It is widely known that the design and verification of fault-tolerent distributed
More informationFormal Verification Techniques. Riccardo Sisto, Politecnico di Torino
Formal Verification Techniques Riccardo Sisto, Politecnico di Torino State exploration State Exploration and Theorem Proving Exhaustive exploration => result is certain (correctness or noncorrectness proof)
More informationByzantine agreement with homonyms
Distrib. Comput. (013) 6:31 340 DOI 10.1007/s00446-013-0190-3 Byzantine agreement with homonyms Carole Delporte-Gallet Hugues Fauconnier Rachid Guerraoui Anne-Marie Kermarrec Eric Ruppert Hung Tran-The
More informationWeakening Failure Detectors for k-set Agreement via the Partition Approach
Weakening Failure Detectors for k-set Agreement via the Partition Approach Wei Chen 1, Jialin Zhang 2, Yu Chen 1, Xuezheng Liu 1 1 Microsoft Research Asia {weic, ychen, xueliu}@microsoft.com 2 Center for
More informationRandomized Protocols for Asynchronous Consensus
Randomized Protocols for Asynchronous Consensus Alessandro Panconesi DSI - La Sapienza via Salaria 113, piano III 00198 Roma, Italy One of the central problems in the Theory of (feasible) Computation is
More informationEventual Leader Election with Weak Assumptions on Initial Knowledge, Communication Reliability, and Synchrony
Eventual Leader Election with Weak Assumptions on Initial Knowledge, Communication Reliability, and Synchrony Antonio FERNÁNDEZ Ernesto JIMÉNEZ Michel RAYNAL LADyR, GSyC, Universidad Rey Juan Carlos, 28933
More informationGeneralized Consensus and Paxos
Generalized Consensus and Paxos Leslie Lamport 3 March 2004 revised 15 March 2005 corrected 28 April 2005 Microsoft Research Technical Report MSR-TR-2005-33 Abstract Theoretician s Abstract Consensus has
More informationDistributed Systems Byzantine Agreement
Distributed Systems Byzantine Agreement He Sun School of Informatics University of Edinburgh Outline Finish EIG algorithm for Byzantine agreement. Number-of-processors lower bound for Byzantine agreement.
More informationReplication predicates for dependent-failure algorithms
Replication predicates for dependent-failure algorithms Flavio Junqueira and Keith Marzullo Department of Computer Science and Engineering University of California, San Diego La Jolla, CA USA {flavio,
More informationByzantine Agreement. Gábor Mészáros. Tatracrypt 2012, July 2 4 Smolenice, Slovakia. CEU Budapest, Hungary
CEU Budapest, Hungary Tatracrypt 2012, July 2 4 Smolenice, Slovakia Byzantium, 1453 AD. The Final Strike... Communication via Messengers The Byzantine Generals Problem Communication System Model Goal G
More informationC 1. Recap: Finger Table. CSE 486/586 Distributed Systems Consensus. One Reason: Impossibility of Consensus. Let s Consider This
Recap: Finger Table Finding a using fingers Distributed Systems onsensus Steve Ko omputer Sciences and Engineering University at Buffalo N102 86 + 2 4 N86 20 + 2 6 N20 2 Let s onsider This
More informationFinite-State Model Checking
EECS 219C: Computer-Aided Verification Intro. to Model Checking: Models and Properties Sanjit A. Seshia EECS, UC Berkeley Finite-State Model Checking G(p X q) Temporal logic q p FSM Model Checker Yes,
More informationI R I S A P U B L I C A T I O N I N T E R N E THE NOTION OF VETO NUMBER FOR DISTRIBUTED AGREEMENT PROBLEMS
I R I P U B L I C A T I O N I N T E R N E N o 1599 S INSTITUT DE RECHERCHE EN INFORMATIQUE ET SYSTÈMES ALÉATOIRES A THE NOTION OF VETO NUMBER FOR DISTRIBUTED AGREEMENT PROBLEMS ROY FRIEDMAN, ACHOUR MOSTEFAOUI,
More informationSynchrony Weakened by Message Adversaries vs Asynchrony Restricted by Failure Detectors
Synchrony Weakened by Message Adversaries vs Asynchrony Restricted by Failure Detectors Michel RAYNAL, Julien STAINER Institut Universitaire de France IRISA, Université de Rennes, France Message adversaries
More informationByzantine behavior also includes collusion, i.e., all byzantine nodes are being controlled by the same adversary.
Chapter 17 Byzantine Agreement In order to make flying safer, researchers studied possible failures of various sensors and machines used in airplanes. While trying to model the failures, they were confronted
More informationByzantine Agreement. Chapter Validity 190 CHAPTER 17. BYZANTINE AGREEMENT
190 CHAPTER 17. BYZANTINE AGREEMENT 17.1 Validity Definition 17.3 (Any-Input Validity). The decision value must be the input value of any node. Chapter 17 Byzantine Agreement In order to make flying safer,
More informationConsensus and Universal Construction"
Consensus and Universal Construction INF346, 2015 So far Shared-memory communication: safe bits => multi-valued atomic registers atomic registers => atomic/immediate snapshot 2 Today Reaching agreement
More informationThe Heard-Of Model: Computing in Distributed Systems with Benign Failures
The Heard-Of Model: Computing in Distributed Systems with Benign Failures Bernadette Charron-Bost Ecole polytechnique, France André Schiper EPFL, Switzerland Abstract Problems in fault-tolerant distributed
More informationUniform consensus is harder than consensus
R Available online at www.sciencedirect.com Journal of Algorithms 51 (2004) 15 37 www.elsevier.com/locate/jalgor Uniform consensus is harder than consensus Bernadette Charron-Bost a, and André Schiper
More informationByzantine Vector Consensus in Complete Graphs
Byzantine Vector Consensus in Complete Graphs Nitin H. Vaidya University of Illinois at Urbana-Champaign nhv@illinois.edu Phone: +1 217-265-5414 Vijay K. Garg University of Texas at Austin garg@ece.utexas.edu
More informationDynamic Group Communication
Dynamic Group Communication André Schiper Ecole Polytechnique Fédérale de Lausanne (EPFL) 1015 Lausanne, Switzerland e-mail: andre.schiper@epfl.ch Abstract Group communication is the basic infrastructure
More informationDistributed Computing in Shared Memory and Networks
Distributed Computing in Shared Memory and Networks Class 2: Consensus WEP 2018 KAUST This class Reaching agreement in shared memory: Consensus ü Impossibility of wait-free consensus 1-resilient consensus
More informationEffectively Nonblocking Consensus Procedures Can Execute Forever a Constructive Version of FLP
Effectively Nonblocking Consensus Procedures Can Execute Forever a Constructive Version of FLP Robert L. Constable Cornell University July 17, 2008 1 Abstract The Fischer-Lynch-Paterson theorem (FLP) says
More informationImpossibility of Distributed Consensus with One Faulty Process
Impossibility of Distributed Consensus with One Faulty Process Journal of the ACM 32(2):374-382, April 1985. MJ Fischer, NA Lynch, MS Peterson. Won the 2002 Dijkstra Award (for influential paper in distributed
More informationConsensus. Consensus problems
Consensus problems 8 all correct computers controlling a spaceship should decide to proceed with landing, or all of them should decide to abort (after each has proposed one action or the other) 8 in an
More informationROBUST & SPECULATIVE BYZANTINE RANDOMIZED CONSENSUS WITH CONSTANT TIME COMPLEXITY IN NORMAL CONDITIONS
ROBUST & SPECULATIVE BYZANTINE RANDOMIZED CONSENSUS WITH CONSTANT TIME COMPLEXITY IN NORMAL CONDITIONS Bruno Vavala University of Lisbon, Portugal Carnegie Mellon University, U.S. Nuno Neves University
More informationAtomic m-register operations
Atomic m-register operations Michael Merritt Gadi Taubenfeld December 15, 1993 Abstract We investigate systems where it is possible to access several shared registers in one atomic step. We characterize
More informationA Realistic Look At Failure Detectors
A Realistic Look At Failure Detectors C. Delporte-Gallet, H. Fauconnier, R. Guerraoui Laboratoire d Informatique Algorithmique: Fondements et Applications, Université Paris VII - Denis Diderot Distributed
More information6.852: Distributed Algorithms Fall, Class 24
6.852: Distributed Algorithms Fall, 2009 Class 24 Today s plan Self-stabilization Self-stabilizing algorithms: Breadth-first spanning tree Mutual exclusion Composing self-stabilizing algorithms Making
More informationGenuine atomic multicast in asynchronous distributed systems
Theoretical Computer Science 254 (2001) 297 316 www.elsevier.com/locate/tcs Genuine atomic multicast in asynchronous distributed systems Rachid Guerraoui, Andre Schiper Departement d Informatique, Ecole
More informationTime Free Self-Stabilizing Local Failure Detection
Research Report 33/2004, TU Wien, Institut für Technische Informatik July 6, 2004 Time Free Self-Stabilizing Local Failure Detection Martin Hutle and Josef Widder Embedded Computing Systems Group 182/2
More informationLearning from the Past for Resolving Dilemmas of Asynchrony
Learning from the Past for Resolving Dilemmas of Asynchrony Paul Ezhilchelvan and Santosh Shrivastava School of Computing Science, Newcastle University, UK Paul.Ezhilchelvan@ncl.ac.uk Abstract This paper
More informationUnreliable Failure Detectors for Reliable Distributed Systems
Unreliable Failure Detectors for Reliable Distributed Systems A different approach Augment the asynchronous model with an unreliable failure detector for crash failures Define failure detectors in terms
More informationEarly stopping: the idea. TRB for benign failures. Early Stopping: The Protocol. Termination
TRB for benign failures Early stopping: the idea Sender in round : :! send m to all Process p in round! k, # k # f+!! :! if delivered m in round k- and p " sender then 2:!! send m to all 3:!! halt 4:!
More informationCombining Shared Coin Algorithms
Combining Shared Coin Algorithms James Aspnes Hagit Attiya Keren Censor Abstract This paper shows that shared coin algorithms can be combined to optimize several complexity measures, even in the presence
More informationGeneric Broadcast. 1 Introduction
Generic Broadcast Fernando Pedone André Schiper Département d Informatique Ecole Polytechnique Fédérale delausanne 1015 Lausanne, Switzerland {Fernando.Pedone, Andre.Schiper@epfl.ch} Abstract Message ordering
More informationarxiv: v2 [cs.dc] 18 Feb 2015
Consensus using Asynchronous Failure Detectors Nancy Lynch CSAIL, MIT Srikanth Sastry CSAIL, MIT arxiv:1502.02538v2 [cs.dc] 18 Feb 2015 Abstract The FLP result shows that crash-tolerant consensus is impossible
More informationDo we have a quorum?
Do we have a quorum? Quorum Systems Given a set U of servers, U = n: A quorum system is a set Q 2 U such that Q 1, Q 2 Q : Q 1 Q 2 Each Q in Q is a quorum How quorum systems work: A read/write shared register
More informationDEXON Consensus Algorithm
DEXON Consensus Algorithm Infinitely Scalable, Low-Latency Byzantine Fault Tolerant Blocklattice DEXON Foundation Aug 9 2018, v1.0 Abstract A blockchain system is a replicated state machine that must be
More informationAgreement. Today. l Coordination and agreement in group communication. l Consensus
Agreement Today l Coordination and agreement in group communication l Consensus Events and process states " A distributed system a collection P of N singlethreaded processes w/o shared memory Each process
More informationNetwork Algorithms and Complexity (NTUA-MPLA) Reliable Broadcast. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas
Network Algorithms and Complexity (NTUA-MPLA) Reliable Broadcast Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas Slides are partially based on the joint work of Christos Litsas, Aris Pagourtzis,
More information6.852: Distributed Algorithms Fall, Class 25
6.852: Distributed Algorithms Fall, 2009 Class 25 Today s plan Partially synchronous (timed) distributed systems Modeling timed systems Proof methods Mutual exclusion in timed systems Consensus in timed
More informationCommunication-Efficient Randomized Consensus
Communication-Efficient Randomized Consensus Dan Alistarh 1, James Aspnes 2, Valerie King 3, and Jared Saia 4 1 Microsoft Research, Cambridge, UK. Email: dan.alistarh@microsoft.com 2 Yale University, Department
More informationInformation-Theoretic Lower Bounds on the Storage Cost of Shared Memory Emulation
Information-Theoretic Lower Bounds on the Storage Cost of Shared Memory Emulation Viveck R. Cadambe EE Department, Pennsylvania State University, University Park, PA, USA viveck@engr.psu.edu Nancy Lynch
More informationTime. To do. q Physical clocks q Logical clocks
Time To do q Physical clocks q Logical clocks Events, process states and clocks A distributed system A collection P of N single-threaded processes (p i, i = 1,, N) without shared memory The processes in
More informationOn Equilibria of Distributed Message-Passing Games
On Equilibria of Distributed Message-Passing Games Concetta Pilotto and K. Mani Chandy California Institute of Technology, Computer Science Department 1200 E. California Blvd. MC 256-80 Pasadena, US {pilotto,mani}@cs.caltech.edu
More informationOur Problem. Model. Clock Synchronization. Global Predicate Detection and Event Ordering
Our Problem Global Predicate Detection and Event Ordering To compute predicates over the state of a distributed application Model Clock Synchronization Message passing No failures Two possible timing assumptions:
More informationTime. Lakshmi Ganesh. (slides borrowed from Maya Haridasan, Michael George)
Time Lakshmi Ganesh (slides borrowed from Maya Haridasan, Michael George) The Problem Given a collection of processes that can... only communicate with significant latency only measure time intervals approximately
More informationThe Heard-Of model: computing in distributed systems with benign faults
Distrib. Comput. (2009) 22:49 71 DOI 10.1007/s00446-009-0084-6 The Heard-Of model: computing in distributed systems with benign faults Bernadette Charron-Bost André Schiper Received: 21 July 2006 / Accepted:
More informationOn the Resilience and Uniqueness of CPA for Secure Broadcast
On the Resilience and Uniqueness of CPA for Secure Broadcast Chris Litsas, Aris Pagourtzis, Giorgos Panagiotakos and Dimitris Sakavalas School of Electrical and Computer Engineering National Technical
More informationUnreliable Failure Detectors for Reliable Distributed Systems
Unreliable Failure Detectors for Reliable Distributed Systems Tushar Deepak Chandra I.B.M Thomas J. Watson Research Center, Hawthorne, New York and Sam Toueg Cornell University, Ithaca, New York We introduce
More informationRevising UNITY Programs: Possibilities and Limitations 1
Revising UNITY Programs: Possibilities and Limitations 1 Ali Ebnenasir, Sandeep S. Kulkarni, and Borzoo Bonakdarpour Software Engineering and Network Systems Laboratory Department of Computer Science and
More information6.852: Distributed Algorithms Fall, Class 10
6.852: Distributed Algorithms Fall, 2009 Class 10 Today s plan Simulating synchronous algorithms in asynchronous networks Synchronizers Lower bound for global synchronization Reading: Chapter 16 Next:
More informationOptimal and Player-Replaceable Consensus with an Honest Majority Silvio Micali and Vinod Vaikuntanathan
Computer Science and Artificial Intelligence Laboratory Technical Report MIT-CSAIL-TR-2017-004 March 31, 2017 Optimal and Player-Replaceable Consensus with an Honest Majority Silvio Micali and Vinod Vaikuntanathan
More informationTowards optimal synchronous counting
Towards optimal synchronous counting Christoph Lenzen Joel Rybicki Jukka Suomela MPI for Informatics MPI for Informatics Aalto University Aalto University PODC 5 July 3 Focus on fault-tolerance Fault-tolerant
More informationByzantine Agreement. Gábor Mészáros. CEU Budapest, Hungary
CEU Budapest, Hungary 1453 AD, Byzantium Distibuted Systems Communication System Model Distibuted Systems Communication System Model G = (V, E) simple graph Distibuted Systems Communication System Model
More informationThe Byzantine Generals Problem Leslie Lamport, Robert Shostak and Marshall Pease. Presenter: Jose Calvo-Villagran
+ The Byzantine Generals Problem Leslie Lamport, Robert Shostak and Marshall Pease Presenter: Jose Calvo-Villagran jcalvovi@uwaterloo.ca + Overview n The Byzantine Generals Problem n A solution: Oral Messages
More informationModeling and Analysis of Communicating Systems
Modeling and Analysis of Communicating Systems Lecture 5: Sequential Processes Jeroen Keiren and Mohammad Mousavi j.j.a.keiren@vu.nl and m.r.mousavi@hh.se Halmstad University March 2015 Outline Motivation
More informationClocks in Asynchronous Systems
Clocks in Asynchronous Systems The Internet Network Time Protocol (NTP) 8 Goals provide the ability to externally synchronize clients across internet to UTC provide reliable service tolerating lengthy
More informationMethods for Software Verification. Andrea Corradini Gian Luigi Ferrari. Second Semester 6 CFU
Methods for Software Verification Andrea Corradini Gian Luigi Ferrari Second Semester 6 CFU. The importance of Software Correctness Increasing integration of ICT in different applications: Embedded systems
More informationarxiv: v2 [cs.dc] 21 Apr 2017
AllConcur: Leaderless Concurrent Atomic Broadcast (Extended Version) arxiv:1608.05866v2 [cs.dc] 21 Apr 2017 Marius Poke HLRS University of Stuttgart marius.poke@hlrs.de Abstract Many distributed systems
More informationEarly-Deciding Consensus is Expensive
Early-Deciding Consensus is Expensive ABSTRACT Danny Dolev Hebrew University of Jerusalem Edmond Safra Campus 9904 Jerusalem, Israel dolev@cs.huji.ac.il In consensus, the n nodes of a distributed system
More informationA Brief Introduction to Model Checking
A Brief Introduction to Model Checking Jan. 18, LIX Page 1 Model Checking A technique for verifying finite state concurrent systems; a benefit on this restriction: largely automatic; a problem to fight:
More informationFailure Detectors. Seif Haridi. S. Haridi, KTHx ID2203.1x
Failure Detectors Seif Haridi haridi@kth.se 1 Modeling Timing Assumptions Tedious to model eventual synchrony (partial synchrony) Timing assumptions mostly needed to detect failures Heartbeats, timeouts,
More informationLecture 4 Event Systems
Lecture 4 Event Systems This lecture is based on work done with Mark Bickford. Marktoberdorf Summer School, 2003 Formal Methods One of the major research challenges faced by computer science is providing
More informationInformation and Computation
Information and Computation 209 (2011) 927 950 Contents lists available at ScienceDirect Information and Computation journal homepage:www.elsevier.com/locate/ic The impossibility of boosting distributed
More informationDistributed Algorithms (CAS 769) Dr. Borzoo Bonakdarpour
Distributed Algorithms (CAS 769) Week 1: Introduction, Logical clocks, Snapshots Dr. Borzoo Bonakdarpour Department of Computing and Software McMaster University Dr. Borzoo Bonakdarpour Distributed Algorithms
More informationTemporal Logic of Actions
Advanced Topics in Distributed Computing Dominik Grewe Saarland University March 20, 2008 Outline Basic Concepts Transition Systems Temporal Operators Fairness Introduction Definitions Example TLC - A
More informationarxiv:cs/ v1 [cs.dc] 29 Dec 2004
Reductions in Distributed Computing Part I: Consensus and Atomic Commitment Tasks arxiv:cs/0412115v1 [cs.dc] 29 Dec 2004 Bernadette Charron-Bost Abstract We introduce several notions of reduction in distributed
More informationWait-Free Dining Under Eventual Weak Exclusion
Wait-Free Dining Under Eventual Weak Exclusion Scott M. Pike, Yantao Song, and Srikanth Sastry Texas A&M University Department of Computer Science College Station, TX 77843-3112, USA {pike,yantao,sastry}@cs.tamu.edu
More information