1 © P. Kouznetsov On the weakest failure detector for non-blocking atomic commit Rachid Guerraoui Petr Kouznetsov Distributed Programming Laboratory Swiss.

© P. Kouznetsov 1

On the weakest failure detector for non-blocking

atomic commit

Rachid Guerraoui Petr Kouznetsov

Distributed Programming LaboratorySwiss Institute of Technology in Lausanne (EPFL)

2

Contribution

We consider the Non-Blocking Atomic Commit (NBAC) problem [Skeen81] in an asynchronous system with failure detectors [FLP85, CT96]

We define the weakest (timeless) failure detector to solve NBAC

3

Roadmap1. Background2. Non-blocking atomic commit (NBAC)3. Conjecture: ?P+ is the weakest for

NBAC4. A reduced problem: weakest timeless

failure detector to solve NBAC5. Open issues

4

Model: processes and failures

Asynchronous message-passing system with crash failures

No time bounds on message communication or process relative speeds

Communication by message-passing through reliable channels

Processes can fail by crashingCorrect processes never crashA majority of processes is correct

Agreement problems are not solvable in an asynchronous model if at least one process can crash [FLP85]

5

Model: failure detectors [CT96]Synchrony assumptions are encapsulated

in the failure detectors:

Each process has a failure detector module that gives hints (maybe wrong) on the state of other processes.

The information provided by failure detectors does not depend on anything but failures.

Example: Perfect failure detector P: eventually, every correct process detects a crash, and no crash is detected before it occurs.

6

Weakest failure detector [CHT96]A failure detector D is the weakest to

solve problem M iff it is:

Sufficient: D solves M (there is an algorithm that solves M using D)

Necessary: D is weaker than any failure detector D’ that solves M (there is an algorithm that implements D using D’)

7

Weakest failure detector for Consensus

Processes propose values and decide on some final values so that:Agreement no two processes decide differentlyTermination every correct process eventually decidesValidity: a decided value is a proposed value

: eventually, the same correct process is elected by correct processes [CHT96].

p1

p2

p3

[p1]

[p2]

[p3]

[p3]

[p3]

[p3]

[p1]

[p2]

[p1] ……

[p1] ……

8

Roadmap1. Background2. Non-blocking atomic commit (NBAC)3. Conjecture: ?P+ is the weakest for

NBAC4. A reduced problem: weakest timeless

failure detector to solve NBAC5. Open issues

9

Problem: NBACAtomic transactions: processes vote

yes or no and take decisions (commit or abort) so that:

Agreement: no two processes decide differently

Termination: every correct process eventually decides

Commit-Validity: abort cannot be decided if every process is correct and votes yes

Abort-Validity: commit cannot be decided if some process votes no

10

Problem: weakest FD for NBAC

P is sufficient to solve NBAC (3PC algorithm [Skeen81]).

Is P necessary to solve NBAC? [SM95,FRT99]

Failure detector that is necessary and sufficient to solve NBAC?

11

Anonymous failure detector ?PProcess pi: Initially output 0 If (and only if) there is a failure,

then, eventually, output forever 1

Necessary to solve NBAC: it can be emulated by any algorithm that solves NBAC.

[Gue02]

12

Roadmap1. Background2. Non-blocking atomic commit (NBAC)3. Conjecture: ?P+ is the weakest for

NBAC4. A reduced problem: weakest timeless

failure detector to solve NBAC5. Open issues

13

A candidate ?P+

Good news: There is an algorithm that transforms Consensus into NBAC using ?P [Gue02]. ?P+<P

Bad news: there exists a failure detector B that solves NBAC and B is incomparable with ?P+ , so ?P+ cannot be the weakest to solve NBAC

14

Stillborn failure detector BProcess pi: Initially output If there is a process crashed at time

0, then, eventually, output forever pi

Otherwise, eventually, output forever a set of suspected processes “behaves like” the perfect failure detector P

15

But B is rather strangeB is strongly time-dependent :

t=0

(1)

p1

p2

[p1]

(2)

p1

p2

[p2]

?

t=

We can generalize B for any time t0 (B[t])

[]

[]

16

A filter (timeless failure detectors)

to get rid of time-based detectors like B

Timeless failure detectors A cannot imply any information about global time: a failure occurred at time t and a failure occurred at time t+d can be reported in the same way.

, P, ?P A

B[t] A

17

Roadmap1. Background2. Non-blocking atomic commit (NBAC)3. Conjecture: ?P+ is the weakest for

NBAC4. A reduced problem: weakest timeless

failure detector to solve NBAC5. Open issues

18

A reduced problem What is the weakest failure

detector in A to solve NBAC?

Conjecture: ?P+ is the one

More precisely: any failure detector DA that solves NBAC can emulate (the proof is extending the technique of [CHT96] and

is rather technically involved)

19

Extending [CHT96] The idea: to achieve non-triviality of any

execution of an NBAC algorithm N using a timeless failure detector

The technique: every process maintains an imaginary failure-free partial run assumed preceding the current real run

The result: simulating N over the constructed run, the correct processes eventually agree on a single correct process:

20

Open Issues Weakest failure detector for NBAC

in general? Optimality of A: can we make it

bigger? No majority? Indulgent algorithms: is ?P+ the

weakest to allow indulgent solution?

21

Questions?