310 likes | 338 Views
CS542 Topics in Distributed Systems. Diganta Goswami. Algorithms to Find Global States. Why? (Distributed) garbage collection [think multiple processes sharing and referencing objects] (Distributed) deadlock detection, termination [think database transactions]
E N D
CS542 Topics inDistributed Systems Diganta Goswami
Algorithms to Find Global States Why? (Distributed) garbage collection [think multiple processes sharing and referencing objects] (Distributed) deadlock detection, termination [think database transactions] Global states most useful for detectingstable predicates : once true always stays true (unless you do something about it) e.g., once a deadlock, always stays a deadlock What? Global state=states of all processes + states of all communication channels Capture the instantaneousstate of each process And the instantaneous state of each communication channel, i.e., messages in transit on the channels How? We’ll see this lecture!
Obvious First Solution… Synchronize clocks of all processes Ask all processes to record their states at known time t Problems? Time synchronization possible only approximately (but distributed banking applications cannot take approximations) Does not record the state of messages in the channels Again: synchronization not required – causality is enough!
Execution of the Processes 1. Global state S 0 c (empty) <$1000, 0> p p <$50, 2000> 2 1 2 c (empty) 1 2. Global state S 1 c (Order 10, $100) <$900, 0> p p <$50, 2000> 2 1 2 c (empty) 1 Send 5 freebie widgets! 3. Global state S 2 c (Order 10, $100) p p <$900, 0> <$50, 1995> 2 1 2 c (five widgets) 1 4. Global state S 3 c (Order 10, $100) <$900, 5> p p <$50, 1995> 2 1 2 c (empty) 1
Cuts Cut = time frontier, one at each process f cut C ifff is to the left of the frontier C Consistent cut Inconsistent cut e12 e10 e11 e13 P1 e21 P2 e22 e20 P3 e31 e30 e32
Consistent Cuts f cut C ifff is to the left of the frontier C A cut C is consistent if and only if e C(if f e then f C) A global state S is consistent if and only ifit corresponds to a consistent cut A consistent cut == a global snapshot Consistent cut Inconsistent cut Lamport’s “happens-before” e12 e10 e11 e13 P1 e21 P2 e22 e20 P3 e31 e30 e32
The “Snapshot” Algorithm Problem: Record a set of process and channel states such that the combination is a global snapshot/consistent cut. System Model: There is a uni-directional communication channel between each ordered process pair (Pj Pi and Pi Pj) Communication channels are FIFO-ordered No failure, all messages arrive intact, exactly once Any process may initiate the snapshot (by sending a special message called “Marker”) Snapshot does not require application to stop sending messages, does not interfere with normal execution Each process is able to record its state and the state of its incoming channels (no central collection)
The “Snapshot” Algorithm (2) 1. Marker sending rule for initiator process P0 After P0 has recorded its own state for each outgoing channel C, send a marker message on C 2. Marker receiving rule for a process Pk on receipt of a marker over channel C ifPk has not yet received a marker record Pk’s own state record the state of C as “empty” for each outgoing channel C, send a marker on C turn on recording of messages over other incoming channels else record the state of C as all the messages received over C since Pk saved its own state; stop recording state of C
Chandy and Lamport’s ‘Snapshot’ Algorithm • Marker receiving rule for process pi • On pi’s receipt of a marker message over channel c: • if (pi has not yet recorded its state) it • records its process state now; • records the state of c as the empty set; • turns on recording of messages arriving over other incoming channels; • else • pi records the state of c as the set of messages it has received over c • since it saved its state. • end if • Marker sending rule for process pi • After pi has recorded its state, for each outgoing channel c: • pi sends one marker message over c • (before it sends any other message over c).
Snapshot Example e11,2 e14 e13 M M e24 M M e21,2,3 M M e31 e32,3,4 1- P1 initiates snapshot: records its state (S1); sends Markers to P2 & P3; turns on recording for channels C21 and C31 2- P2 receives Marker over C12, records its state (S2), sets state(C12) = {} sends Marker to P1 & P3; turns on recording for channel C32 3- P1 receives Marker over C21, sets state(C21) = {a} 4- P3 receives Marker over C13, records its state (S3), sets state(C13) = {} sends Marker to P1 & P2; turns on recording for channel C23 5- P2 receives Marker over C32, sets state(C32) = {b} 6- P3 receives Marker over C23, sets state(C23) = {} 7- P1 receives Marker over C31, sets state(C31) = {} e10 e13 P1 a e23 P2 e20 b P3 e30
Provable Assertion: Chandy-Lamportalgo. determines a consistent cut Let ei and ej be events occurring at pi and pj, respectively such that ei ej The snapshot algorithm ensures that if ej is in the cut then ei is also in the cut. if ej <pj records its state>, then it must be true that ei <pi records its state>. By contradiction, suppose <pi records its state> ei Consider the path of app messages (through other processes) that go from ei ej Due to FIFO ordering, markers on each link in above path precede regular app messages Thus, since <pi records its state> ei , it must be true that pjreceived a marker before ej Thus ej is not in the cut => contradiction
Formally Speaking…. Process Histories For a process Pi, where events ei0, ei1, … occur: history(Pi) = hi = <ei0, ei1, … > prefix history(Pik) = hik = <ei0, ei1, …,eik > Sik : Pi ’s state immediately after kth event For a set of processes P1, …,Pi, …. : global history:H = i (hi) global state:S = i (Siki)channels a cutC H = h1c1 h2c2 … hncn the frontier of C = {eici, i = 1,2, … n}
Global States useful for detecting Global Predicates A cut is consistent if and only if it does not violate causality ARunis a total ordering of events in H that is consistent with each hi’s ordering A Linearization is a run consistent with happens-before () relation in H (history of all events). Linearizations pass through consistent global states. A global state Sk is reachable from global state Si, if there is a linearization, L, that passes through Si and then through Sk. The distributed system evolves as a series of transitions between global states S0 ,S1 , ….
actual execution e ,e ,... 0 1 recording S recording S init final begins ends S snap ' pre-snap: e' ,e ' ,...e post-snap: e ' ,e ' ,... 0 1 R-1 R R+1 Reachability between states in the snapshot algorithm '
Distributed debugging Examine the problem of recording a system’s global state so that we may make useful statements about whether a transitory state – as opposed to a stable state – occurred in an actual execution This is what we require, in general, when debugging a distributed system Is |xi – xj| <= where xi is a variable in process Pi
Distributed debugging Chandy and Lamport’s algorithm collects state in a distributed fashion The processes in the system can send the state they gather to a monitor process for collection Algorithm [Marzullo and Neiger, ‘91] – The observed processes send their states to a process called a monitor, which assembles globally consistent states from what it receives The monitor lie outside the system, observing its execution
Distributed debugging Goal is to determine cases when a given global state predicate was definitely True at some point in the execution we observed, and cases when it was possibly True Possibly – because we may extract a consistent global state S from an executing system and find that (S) is True. No single observation of a consistent global state allows us to conclude whether a non-stable predicate ever evaluated to True in the actual execution
Distributed debugging Possibly :There is a consistent global state S through which a linearization of H passes such that (S) is True Definitely : For all linearization L of H, there is a consistent global state S through which L passes such that (S) is True
Distributed debugging We now describe How the process states are collected How the monitor extracts consistent global states How the monitor evaluates possibly and definitely in both asynchronous and synchronous systems
Distributed debugging The observed processes pi (I = 1, 2, … N) send their initial state to monitor process initially, and thereafter from time to time, in state messages No need to send state except initially and when it changes Global state predicate may depend only on certain parts of the process’ states – hence need only send relevant state Need only send state at times when the predicate may become True or cease to be True The monitor process records the state messages from process pi in a separate queue Qi, for each i= 1, 2, … N
Distributed debugging In order that the monitor can distinguish consistent global states from inconsistent global states, the observed processes enclose their vector clock values with their state messages Each queue Qi is kept ordered in sending order (can be established by examining the i-th component of the vector clock)
Distributed debugging Let S = (s1, s2, …, SN) be a global statedrawn from the state messages that the monitor has received. Let V(si) be the vector clock of the state si received from pi S is a consistent global state iff V(si)[i] >= V(sj)[i] for i, j = 1, 2, …, N That is, the no. of pi’s events known at pj when it sent sj is no more than the no. of events that have occurred at pi when it sent si. Hence, if one process’s state depends upon another, then the global state also encompasses the state upon which it depends
Distributed debugging The monitor process may establish whether a given global state is consistent, using the vector timestamps sent by the observed processes It can construct a lattice of consistent global states corresponding to the execution of the processes – captures the relation of reachability between consistent global states The nodes denote global states, and the edges denote possible transitions between these states
(1,0) (2,0) (3,0) (4,3) x = 1 x = 100 x = 105 x = 90 1 1 1 1 p 1 m m 1 2 Physical p 2 time x = 100 x = 95 x = 90 2 2 2 (2,1) (2,2) (2,3) 2 Cut C Cut C 1 Vector timestamps and variable values
Level 0 S 00 1 S 10 2 S Sij = global state after i events at process 1 20 and j events at process 2 3 S S 30 21 4 S S 31 22 5 S S 32 23 6 S 33 S 7 43 The lattice of global states for the execution of previous Fig
Distributed debugging A linearization traverses the lattice from any global state to any global state reachable from it on the next level – that is, in each step some process experiences one event. For ex. S22 is reachable from S20, but S22 is not reachable from S30. The lattice shows all linearizations corresponding to a history A monitor process can now evaluate possibly and definitely
Distributed debugging To evaluate possibly , the monitor process starts at the initial state and steps through all consistent states reachable from that point, evaluating at each stage. It stops when evaluates to True To evaluate definitely , the monitor process must attempt to find a set of states through which all linearizations must pass, and at each of which evaluates to True Note that, the state S’ is reachable from S iff V(sj)[j] >= V(s’i)[j] for j = 1, 2, …, N, j ≠ i
Global State Predicates Aglobal-state-predicateis a function from the set of global states to {true, false} , e.g., deadlock, termination A global state S0 satisfies liveness property P iff: liveness(P(S0)) L linearizations from S0 L passes through an SL & P(SL) = true Ex: P(S) = the computation will terminate A global state S0 satisfies this safety property P if: safety(P(S0)) S reachable from S0, P(S) = false Ex: P(S) = S has a deadlock Global states often useful for detecting stable global-state-predicate: itis one that once it becomes true, it remains true in subsequent global states, e.g., an object O is orphaned, or deadlock A stable predicate may be a safety or liveness predicate
Liveness versus Safety Can be confusing, but terms are very important: Liveness=guarantee that something good will happen, eventually “Guarantee of termination” is a liveness property Guarantee that “at least one of the atheletes in the 100m final will win gold” is liveness A criminal will eventually be jailed Completeness in failure detectors Safety=guarantee that something bad will never happen Deadlock avoidance algorithms provide safety A peace treaty between two nations provides safety An innocent person will never be jailed Accuracy in failure detectors Can be difficult to satisfy both liveness and safety!