220 likes | 543 Views
Leader Election. Let G = (V,E) define the network topology. Each process i has a variable L(i) that defines the leader . i,j V i,j are non-faulty :: L(i) V L(i) = L(j) L(i) is non-faulty Often reduces to maxima (or minima) finding problem. Bully algorithm.
E N D
Leader Election Let G = (V,E) define the network topology. Each process i has a variable L(i) that defines the leader. i,j V i,j are non-faulty :: L(i) V L(i) = L(j) L(i) is non-faulty Often reduces to maxima (or minima) finding problem.
Bully algorithm • Send election message (I want to be the leader) • Give up if a process with larger id sends election message. • Then wait for the leader message (I am the leader). Otherwise elect yourself the leader and send a leader message If you don’t receive a leader message from a process of larger id, then re-initiate election by sending election message. What is the worst-case message complexity ?
Initially all processes are red. {For each initiator i} do token <j> j < i skip token <j> j > i send <j>; color := black token <j> j = i L(i) := i {i becomes the leader} od {Non-initiators remain black} do token <j> received send <j> od What is the message complexity? O(n2) Maxima finding on a ring
Franklin’s algorithm Send probes in both directions. Probes from higher numbered processes knock the lower numbered proceses out of competition. In each round, at least 1/2 of the contenders quit. What is the message complexity? O(n log n) Bidirectional ring
Peterson’s algorithm Finds maxima on a unidirectional ringusing O (n log n) messages. Uses an id and an alias for each process.
Peterson’s algorithm initially i : color(i) = red, alias(i) = i {program for each round and for each red process} send alias; receive alias (N); if alias = alias (N) I am the leader alias ≠ alias (N) send alias(N); receive alias(NN); if alias(N) > max (alias, alias (NN)) alias:= alias (N) alias(N) < max (alias, alias (NN)) color := black fi fi {N(i) and NN(i) denote neighbor and neighbor’s neighbor}
One of the promises of a distributed system is that the system will continue to perform even if some components / processes fail. Faults and fault-tolerance
Cause and effect • Study what causes what. • We view the effect failures at our level of abstraction, and then try to suppress it. • MTBF (Mean Time Between Failures) and MTTR (Mean Time To Repair)
Classification of failures • Crash failure • Omission failure • Transient failure • Byzantine failure • Software failure • Temporal failure • Security failure What are these?
Crash failures • Process become dead, and the condition is irreversible. • Can we detect crash failures? • Fail-stop failures.
Omission failures Message lost in transit. May happen due to various causes, like • Transmitter malfunction • Buffer overflow • Collisions at the MAC layer • Receiver out of range
Transient failure • (Hardware) Arbitrary perturbation of the global state. May be induced by power surge, weak batteries, lightning, radio-frequency interferences etc. • (Software) Heisenbugs, are a class of temporary internal faults and are intermittent. They are essentially permanent faults whose conditions of activation occur rarely or are not easily reproducible, so they are harder to detect during the testing phase.
Byzantine failure Anything goes! Includes every conceivable form of erroneous behavior. Numerous possible causes. Includes malicious behaviors (like a process executing a different program instead of the specified one) too. Most difficult kind of failure.
Software failures • Coding error or human error • Design flaws • Memory leak • Incomplete specification (example Y2K) Many failures can be caused by software bugs
Specification of faulty behavior program example1; define x : boolean (initially x = true); {a, b are messages); do {S}: x send a {specified action} {F}:true send b{faulty action} od a a a a b a a a b b a a a a a a a …
Specification continued program example 2; define j: integer, flag: boolean; initially j = 0, flag = false {a, b are messages); {S}: do ¬flag message = a x := a; flag := true (j < N) flag send x to j; j := j+1 j = N j := 0; flag := false od {F}: flag x := b{b ≠ a}
F-intolerant vs F-tolerant systems Four types of tolerance: - Masking - Non-masking - Fail-safe - Graceful degradation tolerances Fault-tolerance faults
P is the invariant of the original fault-free system Q represents the worst possible behavior of the system when failures occur. It is called the fault span. Q is closed under S or F. Fault-tolerance Q P
Masking: P = Q Non-masking: P Q (safety property may be temporarily violated, but not liveness). Eventually safety property is restored Fault-tolerance Q P