1 / 28

Good System Engineering

The  - Model , and how to Boot Clock Synchronization in it Josef Widder Embedded Computing Systems Group widder@ecs.tuwien.ac.at INRIA Rocquencourt, February 10, 2004. Good System Engineering. Algorithms proven correctly in CompMod. Computational Model. today. System Model.

marlow
Download Presentation

Good System Engineering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The  - Model, and how toBoot Clock Synchronization in it Josef WidderEmbedded Computing Systems Groupwidder@ecs.tuwien.ac.atINRIA Rocquencourt, February 10, 2004 Booting Clock Synchronization

  2. Good System Engineering Algorithms proven correctly in CompMod Computational Model today System Model Communication Layer Hardware Booting Clock Synchronization

  3. Roadmap • Basic Concepts of the  - Model • Why do we need a new timing model ? • System Model / Computational Model • Solution to a Specific Problem • Booting Clock Synchronization Booting Clock Synchronization

  4. Motivation for the  - Model • Weaker models improve coverage • Time(r) free models are weaker than timed ones • Model must be sufficiently strong to solve agreement problems (uniform consensus) Booting Clock Synchronization

  5. Behavior described with  • Networks have upper and lower bounds on message transmission (derived from scheduling analysis) • BUT: during high load periods, no message is transmitted with lower bound duration (vice versa) • There exists an relation of fast and slow transmission times Booting Clock Synchronization

  6. Described Behavior (rough sketch)  t Booting Clock Synchronization

  7. System Model m ... end-to-end comp. + transmission delay +(t) ... longest delay of all messages in transit at time t  -(t) ... shortest delay of all messages in transit at time t  > +(t) / -(t) at any time t Booting Clock Synchronization

  8. System Model Booting Clock Synchronization

  9. Comparison to other PartSync Models •  - Model has no upper bound of message delays • upper bound is replaced by delay ratio •  - Model is sufficiently strong to detect failures without HW Clocks [Le Lann, Schmid 03] Booting Clock Synchronization

  10. HW Timers / Watchdogs do not help in detecting faults r p q A priori knowledge  > 2 Booting Clock Synchronization

  11. Computational Model Comp. + transmission end-to-end delay  0 < -    + <  uncertainty  = +- - uncertainty ratio  = +/ - Booting Clock Synchronization

  12. Equivalence SysMod & CompMod have the same computational power  Analysis of time(r) free algorithms in CompMod  Results apply for the SysMod  Implementation of perfect failure detector in the  - Model [Le Lann, Schmid 2003] Booting Clock Synchronization

  13. Algorithms - A Solution to a Special Problem • Clock Synchronization in the  - Model • Time(r) free booting • How to prove properties in the  - Model Booting Clock Synchronization

  14. Why Considering Booting ? • f out of n processes Byzantine faulty • booting independently at arbitrary times  initially n faulty (not booted) processes  f < n / 3 bound cannot always be assumed  message loss Booting Clock Synchronization

  15. How to cope with booting ? • Synchronous (lock-step) Systems  simultaneous start assumption • Semi-Synchronous (timed) Systems  booting time assumption + local timeouts • Partially Synchronous (and Asynchronous)  no local timing information: What to do ? Booting Clock Synchronization

  16. Booting Model Processes boot independently at unpredictable times Messages that reach down processes are lost Byzantine processes may always be up passive / active processes; only active ones have to guarantee clock sync Booting Clock Synchronization

  17. Clock Synchronization Original Usage of algorithm [Srikanth & Toueg 87] Booting Clock Synchronization

  18. Clock Sync in Partial Synchrony Integer Valued Clocks Booting Clock Synchronization

  19. Booting Clock Synchronization • n > 3f processes required for CS in the presence of f Byzantine faults [DHS 86] • trivial solution: • send out (join) after booting • answer (join) msgs from others • when received msgs from 3f+1 processes, sufficiently many correct processes are up • BUT: requires n > 4f processes for liveness Booting Clock Synchronization

  20. Weaken Properties during Booting • Precision is always guaranteed • Accuracy (progress) only when n–f correct processes are up Booting Clock Synchronization

  21. The Algorithm 0 VAR k := 0; 1 if received (init, k) from f+1 p's 2  send (echo, k) to all; 3 if received (echo, k) from f+1 p's 4  send (echo, k) to all; 5 if received (echo, k) from 2f+1 p's 6  k := k + 1; 7 send (init, k) to all; 8 if received (echo, j) from f+1 p's where j > k+1 9 k := j–1; 10 send (echo, k) to all; Booting Clock Synchronization

  22. Precision • DMCB = ½  + 5/2 … for any n Booting Clock Synchronization

  23. How is precision achieved ? • Progress requires 2f +1 messages • that are f +1 sent by correct processes • these messages are received by all processes • sufficient to keep clock values close together • Precision achieved by active correct processes • passive until sufficient evidence for precision Booting Clock Synchronization

  24. How progress comes into system • after booting send (join) message • join message is (echo, 0) • already booted processes answer (join) • with clock value … (echo, k) • until 2f+1 processes are up all correct ones wait with clock value 0 Booting Clock Synchronization

  25. How progress comes into system (cont.) • f +1 correct processes are always within 2 rounds • f +1 correct p’s always send (init, k) • as answers from the 2 maximum rounds return • go to good clock value • after n-f correct p’s are up  progress • change to active after reception of f+1(init, l) msgs Booting Clock Synchronization

  26. Results • Bounded Precision Dmax during whole operation • if less than n-f processes up: no progress • more than n-f progress possible • if all (at least n-f) correct processes up: • progress within constant time ( 6+) • then all corr. p’s with good precision DMCB Booting Clock Synchronization

  27. What have we seen today ? •  - Model (SysMod & CompMod) • How properties are proven (precision) • Solution to the importent problem of booting in time(r) free systems Booting Clock Synchronization

  28. Thanks ! Booting Clock Synchronization

More Related