AGREEMENT PROBLEMS (1) Agreement problems arise in many practical applications:

Similar documents
Asynchronous Models For Consensus

Distributed Consensus

Fault-Tolerant Consensus

CS505: Distributed Systems

Section 6 Fault-Tolerant Consensus

Distributed Systems Byzantine Agreement

Implementing Uniform Reliable Broadcast with Binary Consensus in Systems with Fair-Lossy Links

Finally the Weakest Failure Detector for Non-Blocking Atomic Commit

Coordination. Failures and Consensus. Consensus. Consensus. Overview. Properties for Correct Consensus. Variant I: Consensus (C) P 1. v 1.

Agreement Protocols. CS60002: Distributed Systems. Pallab Dasgupta Dept. of Computer Sc. & Engg., Indian Institute of Technology Kharagpur

CS505: Distributed Systems

Consensus. Consensus problems

Early stopping: the idea. TRB for benign failures. Early Stopping: The Protocol. Termination

Lower Bounds for Achieving Synchronous Early Stopping Consensus with Orderly Crash Failures

Simple Bivalency Proofs of the Lower Bounds in Synchronous Consensus Problems

Model Checking of Fault-Tolerant Distributed Algorithms

Failure detectors Introduction CHAPTER

Impossibility of Distributed Consensus with One Faulty Process

Network Algorithms and Complexity (NTUA-MPLA) Reliable Broadcast. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas

Reliable Broadcast for Broadcast Busses

Eventually consistent failure detectors

Randomized Protocols for Asynchronous Consensus

C 1. Recap: Finger Table. CSE 486/586 Distributed Systems Consensus. One Reason: Impossibility of Consensus. Let s Consider This

Early consensus in an asynchronous system with a weak failure detector*

ROBUST & SPECULATIVE BYZANTINE RANDOMIZED CONSENSUS WITH CONSTANT TIME COMPLEXITY IN NORMAL CONDITIONS

Consensus when failstop doesn't hold

Degradable Agreement in the Presence of. Byzantine Faults. Nitin H. Vaidya. Technical Report #

Failure Detectors. Seif Haridi. S. Haridi, KTHx ID2203.1x

Deterministic Consensus Algorithm with Linear Per-Bit Complexity

A Realistic Look At Failure Detectors

Optimal Resilience Asynchronous Approximate Agreement

Valency Arguments CHAPTER7

Shared Memory vs Message Passing

Easy Consensus Algorithms for the Crash-Recovery Model

How to solve consensus in the smallest window of synchrony

On the weakest failure detector ever

Unreliable Failure Detectors for Reliable Distributed Systems

Tolerating Permanent and Transient Value Faults

CS3110 Spring 2017 Lecture 21: Distributed Computing with Functional Processes

Failure Detection and Consensus in the Crash-Recovery Model

Abstract. The paper considers the problem of implementing \Virtually. system. Virtually Synchronous Communication was rst introduced

Do we have a quorum?

Byzantine agreement with homonyms

The Weakest Failure Detector to Solve Mutual Exclusion

Synchrony Weakened by Message Adversaries vs Asynchrony Restricted by Failure Detectors

On Equilibria of Distributed Message-Passing Games

6.852: Distributed Algorithms Fall, Class 10

Leader Election and Distributed Consensus with Quantum Resources

Byzantine behavior also includes collusion, i.e., all byzantine nodes are being controlled by the same adversary.

Byzantine Agreement. Chapter Validity 190 CHAPTER 17. BYZANTINE AGREEMENT

Generalized Consensus and Paxos

Cuts. Cuts. Consistent cuts and consistent global states. Global states and cuts. A cut C is a subset of the global history of H

Towards optimal synchronous counting

Byzantine Vector Consensus in Complete Graphs

Early-Deciding Consensus is Expensive

Uniform consensus is harder than consensus

Our Problem. Model. Clock Synchronization. Global Predicate Detection and Event Ordering

Benchmarking Model Checkers with Distributed Algorithms. Étienne Coulouma-Dupont

6.852: Distributed Algorithms Fall, Class 24

The Heard-Of Model: Computing in Distributed Systems with Benign Failures

TECHNICAL REPORT YL DISSECTING ZAB

Dynamic Group Communication

Failure detection and consensus in the crash-recovery model

How can one get around FLP? Around FLP in 80 Slides. How can one get around FLP? Paxos. Weaken the problem. Constrain input values

Atomic m-register operations

Byzantine Agreement. Gábor Mészáros. CEU Budapest, Hungary

Replication predicates for dependent-failure algorithms

Optimal and Player-Replaceable Consensus with an Honest Majority Silvio Micali and Vinod Vaikuntanathan

Byzantine Agreement. Gábor Mészáros. Tatracrypt 2012, July 2 4 Smolenice, Slovakia. CEU Budapest, Hungary

Clojure Concurrency Constructs, Part Two. CSCI 5828: Foundations of Software Engineering Lecture 13 10/07/2014

Time Free Self-Stabilizing Local Failure Detection

arxiv:cs/ v1 [cs.dc] 29 Dec 2004

Approximation of δ-timeliness

Weakening Failure Detectors for k-set Agreement via the Partition Approach

THE chase for the weakest system model that allows

A Short Introduction to Failure Detectors for Asynchronous Distributed Systems

Combining Shared Coin Algorithms

Information-Theoretic Lower Bounds on the Storage Cost of Shared Memory Emulation

Protocol for Asynchronous, Reliable, Secure and Efficient Consensus (PARSEC)

arxiv:quant-ph/ v2 23 Feb 2006

Asynchronous Leasing

On the weakest failure detector ever

Self-stabilizing Byzantine Agreement

Resolving Message Complexity of Byzantine. Agreement and Beyond. 1 Introduction

arxiv: v1 [cs.dc] 3 Oct 2011

Lecture 5: Efficient PAC Learning. 1 Consistent Learning: a Bound on Sample Complexity

I R I S A P U B L I C A T I O N I N T E R N E THE NOTION OF VETO NUMBER FOR DISTRIBUTED AGREEMENT PROBLEMS

The Extended BG-Simulation and the Characterization of t-resiliency

arxiv: v2 [cs.dc] 18 Feb 2015

Unreliable Failure Detectors for Reliable Distributed Systems

Byzantine Agreement in Polynomial Expected Time

Termination Detection in an Asynchronous Distributed System with Crash-Recovery Failures

A subtle problem. An obvious problem. An obvious problem. An obvious problem. No!

CS505: Distributed Systems

Common Knowledge and Consistent Simultaneous Coordination

On the Minimal Synchronism Needed for Distributed Consensus

Eventual Leader Election with Weak Assumptions on Initial Knowledge, Communication Reliability, and Synchrony

The Byzantine Generals Problem Leslie Lamport, Robert Shostak and Marshall Pease. Presenter: Jose Calvo-Villagran

Genuine atomic multicast in asynchronous distributed systems

Byzantine Agreement in Expected Polynomial Time

Transcription:

AGREEMENT PROBLEMS (1) AGREEMENT PROBLEMS Agreement problems arise in many practical applications: agreement on whether to commit or abort the results of a distributed atomic action (e.g. database transaction) agreement on an estimate of an airplane s altitude based on the readings of multiple altimeters agreement on whether to classify a system component as faulty, given the results of separate diagnostic tests performed by separate processes

COORDINATED ATTACK PROBLEM (1) BASIC AGREEMENT PROBLEM A fable: attack! attack! attack! attack! attack!

COORDINATED ATTACK PROBLEM (2) Coordinated Attack problem Battlefield scenario: several generals are planning a coordinated attack from different directions against a common objective the only way the attack can succeed is if all attack together each general has an initial opinion about whether his army is ready to attack the generals communicate only via messengers

COORDINATED ATTACK PROBLEM (3) First protocol: each general sends its opinion to all other generals Link failures: it may possibly require several rounds (number of rounds = diameter of the communication graph) the messengers can be lost or captured the protocol does not work any more! in fact there is no algorithm that solves this problem correctly

COORDINATED ATTACK PROBLEM (4) Formally (Weak Validity version): 1 = attack / commit 0 = retreat / abort Agreement: Validity: Termination: No two processes decide on different values 1. If all processes start with 0, then 0 is the only possible decision value. 2. If all processes start with 1 and all messages are delivered, then 1 is the only possible decision value. All processes eventually decide. Validity is quite weak: if even one process starts with value 1, the algorithm is allowed to decide on 1; if all processes start with 1 and all messages are lost the algorithm can make decision on 0. Even this Weak Validity version of the problem is impossible to solve in any distributed system with two or more nodes. Even in the synchronous model!

SYNCHRONOUS SYSTEMS (1) SYNCHRONOUS SYSTEMS Model: a channel (link) c ij at any time can hold at most one single message M a state-transition function maps (deterministically) states i and vectors of incoming messages M {null} to states i a message-generation function maps states i x neighbors to elements of M {null} execution of the entire system begins with all the processes in arbitrary start states, and all channels empty the processes, in lock-step, repeatedly perform the following 2 steps: step 1) accordingly to the current state generate the messages to be sent to the neighbors; put these messages in the appropriate channels step 2) apply the state-transition function to the current state and the incoming messages to obtain the new state; remove all messages from channels (the combination of the 2 steps is called a round)

SYNCHRONOUS SYSTEMS (2) Failures: for the following discussion of the Coordinated Attack we will consider only link failures we consider both process failures and link (channel) failures a process can exhibit stopping failure simply by stopping somewhere in the middle of its execution: it might fail before or after step 1 or step 2, or in the middle of performing step 1 (putting only a subset of output messages) a process can exhibit Byzantine failure: it can generate its next messages and next state in some arbitrary way independent of message-generation function and state-transition function a link can fail by losing messages (i.e. a process might attempt to place a message in a channel during step 1, but the faulty link might not record the message)

COORDINATED ATTACK PROBLEM (5) Impossibility Result for link failures We show the impossibility result for the simplest case of 2 nodes connected by 1 edge. This case implies impossibility for any graph with more nodes. Theorem: Let G be a graph consisting of 2 nodes connected by single edge. There is no algorithm that solves the coordinated attack problem on G. Proof sketch (by contradiction): suppose a solution exists, say algorithm A without loss of generality assume: there is only 1 start state for each input value (i.e. only 1 execution possible for a given input and message pattern) and both processes P 1 and P 2 send messages in every round of A. let α be the execution when both processes start with value 1 and all messages are delivered by Termination both decide (assume at round r), and by Validity on the value 1

COORDINATED ATTACK PROBLEM (6) let α 1 be the same as α, except that after round r all messages are lost (note, in α 1 both processes also decide on 1) P 1 P 2 let α 2 be the same as α 1, except that m 1 is lost α 2 is indistinguishable from α 1 to P 1 (α 2 ~ 1 α 1 ) since P 1 decides on 1 in α 1, it decides on 1 in α 2 by Termination and Agreement P 2 also decides on 1 let s continue: m 2 is lost in α 3 ~ 2 α 2 P 2 still decides on 1, so must do P 1... etc α' = both processes start with 1 and no message is delivered both decide on 1 α'' ~ 1 α' = P 1 starts with 1, P 2 starts with 0 P 1 still decides on 1, so must do P 2 m 2 m 1 round r α''' ~ 2 α'' = both start with 0 P 2 still decides on 1 Validity is violated!

OTHER AGREEMENT PROBLEMS (1) OTHER AGREEMENT PROBLEMS Consensus: Termination: Agreement: Integrity: correct all P c decides exactly 1 value v i all P c decides the same v i v i was proposed by some P i Every process broadcast its initial value. Initial values of different processes may bye different. All nonfaulty processes agree on any common value (we don't care which, as far as the integrity condition is not violated).

OTHER AGREEMENT PROBLEMS (2) Byzantine Agreement: Termination: Agreement: Integrity: all P c decides exactly 1 value v s all P c decides the same v s v s was proposed by some distinguished source P s An arbitrary chosen process P s (source) broadcast its initial value to other processes. If the source is faulty, then all nonfaulty processes agree on any common value. It is irrelevant what value faulty processes agree on or whether they agree on a value at all.

OTHER AGREEMENT PROBLEMS (3) Interactive Consistency: Termination: all P c agree on 1 vector v 1, v 2,..., v N Agreement: all P c agree on the same vector v 1, v 2,..., v N Validity: if P i is correct, i-th vector value v i was proposed by P i Every process broadcast its initial value. Initial values of different processes may bye different. Processes agree on all proposed values. If the i-th process is faulty, then all nonfaulty processes agree on any common value for v i.

OTHER AGREEMENT PROBLEMS (4) Relations among agreement problems All agreement problems are closely related. For example, the Byzantine Agreement is a special case of the Interactive Consistency problem, in which the initial value of only one process is of interest. On the other hand, if each of the N processes runs a copy of Byzantine Agreement protocol, the Interactive Consistency problem is solved. Consensus can be solved using the solution of the Interactive Consistency all nonfaulty processes can compute the decision basing on the majority value of the common vector, or by choosing the first value v 1. Thus, solution to the Interactive Consistency and Consensus can be derived from solutions to the Byzantine Agreement. It doesn't mean that the Byzantine Agreement problem is weaker than the Interactive Consistency or that the Interactive Consistency is weaker than Consensus. There is no linear ordering.

OTHER AGREEMENT PROBLEMS (5) In fact, the Byzantine Agreement can be solved using Consensus: 1. The source sends its value to all other processes, including itself 2. All processes run an algorithm for the Consensus problem using the values received in the first step as their proposals. (If the source is nonfaulty, all the processes will receive the same value in step 1, and all nonfaulty processes will then agree on that value in step 2. If the source is faulty, the other processes may not receive the same value in step 1, but all nonfaulty processes will agree on the same value as a result of the consensus algorithm in step 2.)

CONSENSUS (1) CONSENSUS FLP 85 Impossibility Result [1] There is no deterministic Consensus solution in an asynchronous system if even a single process only can crash.

CONSENSUS (2) Relaxation Despite the impossibility results many non-trivial problems do have solutions, even in asynchronous systems where processes may fail. For the consensus problem, the FLP'85 result turns out to be very sensitive to the weakening of the model assumptions: (1) Weaker fault model e.g. in the initially dead-processes model, weaker than crash failure model, consensus and election are deterministically achievable. (2) Weak termination relaxed termination condition, where termination is required only when a distinguished process is correct (Byzantine failures). (3) Randomization another relaxation of the termination condition. (4) Synchrony synchronous system model.

INITIALLY-DEAD PROCESSES (1) INITIALLY-DEAD PROCESSES In the model of initially-dead processes, no process can fail after having executed an event. Def.: A f-initially-dead fair execution of N processes is an execution in which at least N - f processes are active, each active process is correct and each message sent to a correct process is delivered. We can solve consensus as long as f < 2 N. General idea: because processes do not fail after sending a message, it is safe for P i to wait for the receipt of a message from P j if it knows that P j has already sent at least one message

INITIALLY-DEAD PROCESSES (2) Algorithm Fischer-Lynch-Paterson [1] Structures: Successors i, Active i, Rcvd i sets of processes; initially N + 1 2 L = at least L processes are correct P i : bcast(name,i) while ( Successors i < L-1) recv(name,j) Successors i :=Successors i {j} bcast(propose,i,v i,successors i ) Active i := Successors i while (Active i Rcvd i ) recv(propose,j,v j,successors j ) Active i := Active i Successors j {j} Rcvd i := Rcvd i {j} compute knot() first stage second stage

INITIALLY-DEAD PROCESSES (3) Description: First stage processes construct a directed graph G broadcasting its identity the successors of P i are such P j from which it has received a NAME message edge (i,j) in G P i waits for the receipt of L-1 messages as there are at least L correct processes, each correct process P C receives sufficiently many messages to complete this work an initially-dead process has not sent any messages it forms an isolated node in G each P C has L-1 successors it is not isolated obviously then, there is a knot in G containing correct processes, say K, and because each P C has out-degree L-1, this knot has size at least L, consequently there is exactly 1 knot (2L>N); not necessarily all P C belong to K as a correct P i has L-1 successors, at least one successor belongs to K, implying that all processes in K are descendants of P i Second stage

INITIALLY-DEAD PROCESSES (4) processes construct a supergraph of G containing at least their descendants, by receiving the set of successors from every process they know to be correct (no deadlock occur since no P C can fail now) at the end of this stage, each P C has received the set of successors of each of its descendants, allowing to compute a unique knot K in G Consensus: as all P C agree on a knot K of correct processes, and each of them broadcast its proposed value v i, together with its successors, after computing K, processes decide on a value in function of collected values from processes in K (majority or the lowest value, etc) O(N 2 ) messages required

OTHER AGREEMENT PROBLEMS (6) Some other well-know problems related to agreement: Election in the initially dead-processes model, as all processes agree on a knot K of correct processes, it is trivial to elect a process e.g. a process with the highest identity in K is elected Election & Consensus in the initially dead-processes model, any election algorithm choosing a correct process as leader also solves the consensus problem: the leader broadcasts its initial value and all correct processes decide on it however, in the crash failure model, the availability of a leader does not help the leader can crash before broadcasting its value... anyway, the election is not solvable in the crash failure model

OTHER AGREEMENT PROBLEMS (7) Generalization: Def.: A distributed task is described by sets In and Out of possible input and output values, and a (possibly partial) function T: In N Out N The interpretation of the mapping T is that if a vector x= x 1,..., x N describes the input of the processes, then T (x) is the set of legal outputs of the algorithm, described as a decision vector d= d 1,..., d N. If T is a partial function, not every combination of input values is allowed. Def.: Algorithm A is a f-crash robust solution for task T if it satisfies the following: Termination: in every f-crash fair execution, all P C decide Consistency: if all P i are correct, the decision vector d is in T (x)

OTHER AGREEMENT PROBLEMS (8) Examples Consensus all decisions must be equal: Out N = { 0, 0,..., 0, 1, 1,..., 1,... } Election one process decide 1 and the others decide 0: Out N = { 1, 0,..., 0, 0, 1,..., 0,..., 0, 0,..., 1 }

BIBLIOGRAPHY (1) BIBLIOGRAPHY [1] M. J. Fischer, N. A. Lynch, M. S. Paterson, Impossibility of distributed consensus with one faulty process. Journal of the ACM no. 32, 1985, pp.374-382. [2] N. A. Lynch. Distributed Algorithms. Morgan Kaufmann Pub. Inc., San Francisco 1996. [3] G. Tel, Introduction to Distributed Algorithms, Cambridge University Press, 1994, ch.13. [4] R. Chow, T. Johnson, Distributed Operating Systems & Algorithms, Addison Wesley Longman, 1997, ch. 11

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback