1 / 14

Failure detector

Failure detector. The story goes back to the FLP’85 impossibility result about consensus in presence of crash failures. If crash can be detected , then consensus is trivial! In synchronous systems with bounded delay channels, crash failures can definitely be detected using timeouts.

clydia
Download Presentation

Failure detector

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Failure detector The story goes back to the FLP’85 impossibility result about consensus in presence of crash failures. If crash can be detected, then consensus is trivial! In synchronous systems with bounded delay channels, crash failures can definitely be detected using timeouts. But what about asynchronous systems? Can we design a failure detector for asynchronous distributed systems?

  2. Failure detectors for asynchronous systems In asynchronous distributed systems, the detection of crash failures is imperfect. There will be false positives and false negatives. This is why, consensus cannot be solved? But how close can we get towards a perfect failure detector? Two properties are relevant: Completeness. Every crashed process is suspected. Accuracy. No correct process is suspected.

  3. Example crashed 1 3 0 6 5 7 4 2 0 suspects {1,2,3,7} to have failed. Does this satisfy completeness? Does this satisfy accuracy?

  4. Classification of completeness Strong completeness. Every crashed process is eventually suspected by every correct process, and remains a suspect thereafter. Weak completeness. Every crashed process is eventually suspected by at least one correct process, and remains a suspect thereafter. (These are liveness properties)

  5. Classification of accuracy Strong accuracy.No correct process is ever suspected. Weak accuracy. There is at least one correct process that is never suspected. (These are safety properties)

  6. Transforming completeness Transforming Weak completeness into strong completeness Program strong completeness (program for process i}; define D: set of process ids (representing the suspects); initially D is generated by the weakly completefailure detector; do true  send D(i) to every process j ≠ i; receive D(j) from every process j ≠ i; D(i) := D(i)  D(j); if j  D(i)  D(i) := D(i) \ j fi od

  7. Eventual accuracy Accuracy is a safety property. A failure detector is eventually strongly accurate, if there exists a time T after which no correct process is suspected. (Before that time, a correct process be added to and removed from the list of suspects any number of times) A failure detector is eventually weakly accurate, if there exists a time T after which at least one process is no more suspected.

  8. Classifying failure detectors {strong completeness, weak completeness} x {strong accuracy, weak accuracy, eventually strong accuracy, eventual weak accuracy} Perfect P. (Strongly) Complete and strongly accurate Strong S. (Strongly) Complete and weakly accurate Eventually perfect ◊P. (Strongly) Complete and eventually strongly accurate Eventually strong ◊S (Strongly) Complete and eventually weakly accurate Other classes are feasible like W (combining weak completeness with weak accuracy) and◊W

  9. Classifying failure detectors strong accuracy weak accuracy ◊ strong accuracy ◊ weak accuracy Perfect P Strong S ◊P ◊S strong completeness Perfect P. (Strongly) Complete and strongly accurate Strong S. (Strongly) Complete and weakly accurate Eventually perfect ◊P. (Strongly) Complete and eventually strongly accurate Eventually strong ◊S (Strongly) Complete and eventually weakly accurate Weak W ◊W weak completeness

  10. Motivation Given a failure detector of a certain type, how can we solve the consensus problem? Question 1. How can we implement these classes of failure detectors in asynchronous distributed systems? Question 2. What is the weakest class of failure detectors that can solve the consensus problem? (Weakest class of failure detectors is closer to reality)

  11. Consensus using failure detector input output 1 2 Agreed value 3 4

  12. Consensus using P {program for process p, t = max number of faulty processes} init Vp := (,,, …, ,); Vp[p] := input of p; Dp := Vp; rp:=1 {Phase 1} do rp < t+1  send (rp, Dp, p) to all; wait to receive (rp, Dq, q) from all q, or q becomes a suspect; k := 1; do k ≠ n  if Vp[k] =  (rp, Dq, q): Dq[k] ≠  Vp[k] := Dq[k] fi k:=k+1 od rp := rp +1 od {Phase 2} Final decision value is the first element Vp[j]: Vp[j] ≠ 

  13. Understanding consensus using P It is possible that a process p sends out the first message to q and then crashes. If there are n processes and t of them crashed, then after at most (t +1) asynchronous rounds, Vp for each correct process p becomes identical, and contains all inputs from processes that may have transmitted at least once. The choice function leads to a unique output.

  14. Understanding consensus using P Sends (2, Dj) and then crashes Sends (1, Di) and then crashes Sends (t, Dk) and then crashes j i i k l l Sends (t+1,Dl) Completely connected topology l l

More Related