Early stopping: the idea. TRB for benign failures. Early Stopping: The Protocol. Termination

Transcription

1 TRB for benign failures Early stopping: the idea Sender in round : :! send m to all Process p in round! k, # k # f+!! :! if delivered m in round k- and p " sender then 2:!! send m to all 3:!! halt 4:! receive round k messages 5:! if received m then 6:!! deliver(m) 7:!! if k = f+ then halt 8:! else if k = f+ 9:!! deliver(sf) 0:!! halt Terminates in f + rounds How can we do better? find a protocol whose round complexity is proportional to! t the number of failures that actually occurred rather than to f.. the max number of failures that may occur Suppose processes can detect the set of processes that have failed by the end of round i Call that set faulty(p, i) If faulty(p, i) < ithere can be no active dangerous chains, and p can safely deliver SF Early Stopping: The Protocol failed to send a message to! p! in any round,..., k :!if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "? and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 6: if received value v "? then 7:!! value := v 8:!! deliver value 9:! else if k =f + or faulty(p, k) < k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt Termination

2 Termination Validity failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt If in any round a process receives a value, then it delivers the value in that round If a process has received only? for f + rounds, then it delivers SF in round f + failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt Validity Agreement - failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt If the sender is correct then it sends m to all in round By Validity of the underlying send and receive, every correct process will receive m by the end of round By the protocol, every correct process will deliver m by the end of round failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt Lemma :! For any r, if a process p delivers m!! SF in round r, then there exists a sequence of processes, p,..., p r such that = sender, p r = p, and in each round k, k r, p k sent m and p k received it. Furthermore, all processes in the sequence are distinct, unless r = and = p = sender Lemma 2:! For any r, if a process p sets value to SF in round r, then there exist some j r and a sequence of distinct processes! q j, q j+,..., q r = p q j! such that only receives? in rounds to j, faulty(q j, j) < j, and in each round k, j+ k r, q k sends SF to q k and q k receives SF

3 Agreement - 2 Agreement - 2 failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt Lemma 3:! It is impossible for p and q, not necessarily correct or distinct, to set value in the same round r to m and SF, respectively failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt Lemma 3:! It is impossible for p and q, not necessarily correct or distinct, to set value in the same round r to m and SF, respectively Proof By contradiction Suppose p sets value = m and q sets value = SF By Lemmas and 2 there exist,..., p r q j,..., q r with the appropriate characteristics Since q j did not receive m from process p k k j in round k q j must conclude that,..., p j are all faulty processes But then, faulty(q j, j) j CONTRADICTION Agreement - 3 Agreement - 3 failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt Proof If no correct process ever receives m, then every correct process delivers SF in round f + Let r be the earliest round in which a correct process delivers value! SF r " f By Lemma 3, no (correct) process can set value differently in round r In round r + " f +, that correct process sends its value to all Every correct process receives and delivers the value in round r + " f + r = f + By Lemma, there exists a sequence,, p f+ = p r of distinct processes Consider processes,, p f f + processes; only f faulty one of,, p f is correct-- let it be p c To send v in round c +, p c must have set its value to v and delivered v in round c < r CONTRADICTION

4 Integrity Integrity failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt At most one m Failures are benign, and a process executes at most one deliver event before halting If m! SF, only if m was broadcast From Lemma in the proof of Agreement A Lower Bound Views Theorem There is no algorithm that solves the consensus problem in fewer than f + rounds in the presence of f crash failures, if n f +2 Let # be an execution. The view of process in α., denoted by α p i, is the subsequence of computation and message receive events that occur in p i together with the state of p i in the initial configuration of α p p 2 p 3 p 4 p i We consider a special case! the proof technique (f =) to study p p 2 p 3 p 4

5 Views Let # be an execution. The view of process in α., denoted by α p i, is the subsequence of computation and message receive events that occur in p i together with the state of p i in the initial configuration of α p i Definition Let α and α 2 be two executions of consensus and let! p i be a correct process in both! α and α 2. α is similar to α 2 with respect to p i, denoted α pi α 2 if α p i = α 2 p i Similarity p p 2 p 3 p 4 from p. from p4. α p 3 p p 2 p 3 p 4 Definition Let α and α 2 be two executions of consensus and let! p i be a correct process in both! α and α 2. α is similar to α 2 with respect to p i, denoted α pi α 2 if α p i = α 2 p i Similarity Definition Let α and α 2 be two executions of consensus and let! p i be a correct process in both! α and α 2. α is similar to α 2 with respect to p i, denoted α pi α 2 if α p i = α 2 p i Similarity Note If α pi α 2 then p i decides the same value in both executions Note If α pi α 2 then p i decides the same value in both executions Lemma If α pi α 2 and p i is correct, then dec( α ) = dec( α 2 )

6 Definition Let α and α 2 be two executions of consensus and let! p i be a correct process in both! α and α 2. α is similar to α 2 with respect to p i, denoted α pi α 2 if α p i = α 2 p i Similarity The transitive closure of! α pi α 2 is denoted! α α 2. We say that! α α 2 if there exist executions β!, β 2,.!.., β k+ such that α = β pi β 2 pi2..., pik β k+ = α 2 Definition Let α and α 2 be two executions of consensus and let! p i be a correct process in both! α and α 2. α is similar to α 2 with respect to p i, denoted α pi α 2 if α p i = α 2 p i Similarity The transitive closure of! α pi α 2 is denoted! α α 2. We say that! α α 2 if there exist executions β!, β 2,.!.., β k+ such that α = β pi β 2 pi2..., pik β k+ = α 2 Note If α pi α 2 then p i decides the same value in both executions Note If α pi α 2 then p i decides the same value in both executions Lemma If α α 2 then! dec( α ) = dec( α 2 ) Lemma If α pi α 2 and p i is correct, then dec( α ) = dec( α 2 ) Lemma If α pi α 2 and p i is correct, then dec( α ) = dec( α 2 ) Single-Failure Case The Idea By contradiction There is no algorithm that solves consensus in fewer than two rounds in the presence of one crash failure, if n 3 Consider a one-round execution in which each process proposes 0. What is the decision value? Consider another one-round execution in which each process proposes. What is the decision value? So what? Show that there is a chain of similar executions that relate the two executions.

7 s Adjacent s are similar! Definition is the execution of the algorithm in which no failures occur only processes,..., p i propose 0 p i 0 α 0 i p i p i+ p n p i α n + Starting from, we build a set of executions! where 0 j n as follows: j αj i is obtained from after removing the messages that p i sends to the j-th highest numbered processors (excluding itself) The executions 0 n 0

8 2 p i n n β i n

9 p i p i n β i n 2 n β i n 3 p i p i + n β i 0 n β i 0

10 Arbitrary failures with message authentication Fail-stop Crash p i Send Omission Receive Omission + Process can send conflicting messages to different receivers Messages signed with unforgeable signatures General Omission Arbitrary failures with message authentication Arbitrary (Byzantine) failures Valid messages AFMA: The Idea A valid message m has the following form: in round : m.: s id ( m is signed by the sender) in round r >, if received by p from q : m : p : p 2 :... : p r where p = sender; p r = q p,..., p r are distinct from each other and from message has not been tampered with p A correct process p discards all non-valid messages it receives If a message is valid, it extracts the value from the message it relays the message, with its own signature appended At round f +: if it extracted exactly one message, p delivers it otherwise, p delivers SF

11 AFMA: The Protocol Termination Initialization for process p :! if p = sender and p wishes to broadcast m then!! extracted := relay := {m} Process p in round k, k f +! for each s relay!! send s : p to all! receive round k messages from all processes! relay :=! for each valid message received s = m : p : p 2 :... : p k!! if m extracted then!!! extracted := extracted {m}!!! relay := relay {s} At the end of round f +!! if m such that extracted = {m} then!!! deliver m!! else deliver SF Initialization for process p :! if p = sender and p wishes to broadcast m then!! extracted := relay := {m} Process p in round k, k f +! for each s relay!! send s : p to all! receive round k messages from all processes! relay :=! for each valid message received s = m : p : p2 :... : pk!! if m extracted then!!! extracted := extracted {m}!!! relay := relay {s} At the end of round f +!! if m such that extracted = {m} then!!! deliver m!! else deliver SF In round f +, every correct process delivers either m or SF and then halts Initialization for process p :! if p = sender and p wishes to broadcast m then!! extracted := relay := {m} Process p in round k, k f +! for each s relay!! send s : p to all! receive round k messages from all processes! relay :=! for each valid message received s = m : p : p2 :... : pk!! if m extracted then!!! extracted := extracted {m}!!! relay := relay {s} At the end of round f +!! if m such that extracted = {m} then!!! deliver m!! else deliver SF Lemma. If a correct process extracts m, then every correct process eventually extracts m Agreement Proof Let r be the earliest round in which some correct process extracts m. Let that process be p. if p is the sender, then in round p sends a valid message to all. All correct processes extract that message in round otherwise, p has received in round r a message!! m : p : p2 :... : pr Claim: p, p2,..., pr are all faulty true for p = s Suppose pj, j r, were correct pj signed and relayed message in round j pj extracted message in round j CONTRADICTION If r f, p will send a valid message! m : p : p2 :... : pr : p! in round r+ f + and every correct process will extract it in round r+ f + If r =f +, by Claim above, p, p2,..., pf+ faulty At most f faulty processes CONTRADICTiON Initialization for process p :! if p = sender and p wishes to broadcast m then!! extracted := relay := {m} Process p in round k, k f +! for each s relay!! send s : p to all! receive round k messages from all processes! relay :=! for each valid message received s = m : p : p2 :... : pk!! if m extracted then!!! extracted := extracted {m}!!! relay := relay {s} At the end of round f +!! if m such that extracted = {m} then!!! deliver m!! else deliver SF Validity From Agreement and the observation that the sender, if correct, delivers its own message.