1 Quorum System

Com S 611 Spring Semester 2013
Advanced topics on Networks and Distributed Algorithms
Lecture 13: Monday, March 4, 2013
Instructor: Soma Chaudhuri
Scribe: Debasis Mandal
We are going to start a new topic today: Quorum system. The lexical meaning of the word
Quorum is “the minimum number of members of a group that needs to be present at any
of its meetings to make any decision for the group”. For example, majority is an example
of a quorum for voting in a group. Majority is required in the voting system to avoid the
partitioning and inconsistency in the decision process. But in practice, we may require even
2/3rd majority for a decision to be accepted by the group.
1 Quorum System
In distributed computing, quorum usually means a collection of pairwise non-empty subsets
of nodes in the network, which is large enough to make a decision. Intuitively, a majority is
sufficient to prevent inconsistencies, for given a set S and A, B ⊆ S, if |A|, |B| > |S|/2, it
always holds that A ∩ B ≠ φ. More formally,
Definition 1 A quorum system is a collection of subsets of nodes, called quorums, such
that each pair of quorums have a non-empty intersection.
1.1 Properties
• Quorum system is a mathematical abstraction for guaranteeing consistency in faulttolerant
systems. Its goal is to maintain consistency with minimum number of nodes.
For example, in a read/write distributed storage system of 3 processes, writing a value
in any two processes (majority) guarantees that any later read by any two processes
will return a consistent value.
• Quorums are critical for many applications in distributed computing, mainly where we
want to avoid network partitioning.
1.2 Applications
Quorum systems have been used to implement a wide variety of distributed objects and
services, for example,
1

• replicated databases,
• mutual exclusion,
• read/write storage, and
• group communication.
We’ll cover classical quorum systems in the class and evaluate the quorum systems using
various measures. Specifically, we’ll look into following two applications of quorum systems:
1. distributed read/write storage (Lamport’s register) and
2. consensus.
1.2.1 Replicated Databases
A major goal of the Replicated databases is to ensure consistency in the context of failures,
and Quorum system was first used to implement them by [Thomas, 1979]. He proposed a
majority approach to achieve the consensus in order to maintain the concurrency control
over multiple copies of a replicated database. The majority approach works as follows. To
write data into database, the writer would timestamp the data (Lamport timestamp) and
write it to a majority of servers. Then to read data from the database, the reader would
contact a majority (possibly different) and return the data with the highest timestamp.
Later, arbitrary quorum sizes (not just majority) were also allowed, but all of them required
the non-empty pairwise intersections between quorums (the main reason behind consistency
of Quorum system). In fact, separate read and write quorums are also studied where only
quorum of different classes need to intersect (for example, among read and write quorums,
but not among read quorums).
1.3 System Model
Let S = {s 1 , s 2 , . . . , s n } be the set of n processes that constitute the distributed system.
Each process is running its own protocol. For now, we assume a fixed set of processes, but
this model can be extended to deal with system with dynamic process membership, where
processes join or leave the system (and hence S is not fixed).
Definition 2 A process is a state machine (or I/O automaton), which can be in various
states following the various process actions (called transitions), as defined below. Every
process has input, internal, and output actions, defined by in(s), int(s), out(s) respectively,
for a given process s. External actions to a process are either the input to it (recv) or output
to other process (send). More formally,
2

1. ext(s) = in(s) ∪ out(s)
2. local(s) = int(s) ∪ out(s).
Definition 3 An execution is a (possibly infinite) sequence of alternating global states and
process actions. More formally, e = st 0 , π 1 , st 1 , π 2 , . . ., where e is the execution, π i is the
process action, and st i is the global state, such that (st i , π i+1 , st i+1 ) represents one step of a
system. Furthermore, action π i+1 is enabled in global state st i .
Definition 4 A partial execution is a finite prefix of some execution. A (partial) execution
e extends a partial execution e ′ if e ′ is a prefix of e.
1.4 Communication models
As typical in distributed computing, we’ll consider two types of communication models.
1.4.1 Message passing model
Each message is delivered point-to-point in this model and each send and recv message is
atomic, but a broadcast is implemented by a sequence of send actions (hence, not atomic).
A complete bi-directional network with links between every pair of processes is also assumed.
If {s 1 , s 2 , . . . , s n } is the set of automata and {l ij : s i , s j are processes} is the set of channels
between processes, then the set {s i : ∀i, 1 ≤ i ≤ n} ∪ {l ij : s i , s j are processes} constitute
the global automaton of the system, and state of each of its elements at some time is the
global state of the automaton at that time.
1.4.2 Shared memory model
In this model, processes communicate through operations on shared objects. Suppose {s 1 , s 2 , . . . , s n }
are the processes, and {O 1 , O 2 , . . . , O m } are the operations on shared object i. Then following
are the atomic operations in this model:
• inv s (O, op, v): process s invokes op on O (output actions on s, input action O), and
• resp s (O, op, v): process s receives response (input action on s, output action of O),
where v is the value returned by the operation op.
Definition 5 An operation is complete in an execution if its invocation has corresponding
matching response, and pending if its invocation has no response.
3

1.5 Process failures
Following are the usual kind of failures that typically occur by object/process in both shared
memory and message-passing systems.
Definition 6 If a process behaves correctly according to its protocol, then it’s correct. A
crash failure is one where the process (or shared object) stops executing protocol permanently.
A process is benign if it’s correct or it has a crash failure. A process that is not benign is
called Byzantine or malicious.
Byzantine failures are the worst kind of failures. They can be again of two types:
1. Unauthenticated: Here, a process can pretend to be some other process and can possibly
forge signature of others. Processes can send arbitrary messages in message passing
model or invoke arbitrary operations in shared memory model.
2. Authenticated: We assume digital signature of each process in this type of failure of
Byzantine failure and thus no process can forge other process’s signature.
Definition 7 A fault configuration is a vector C ∈ {0, 1} n such that C i = 1 if and only if
the process s i has failed.
Definition 8 Given a set of processes S and an execution e, we define alive(e, S) as the set
of correct processes in S, and faulty(e, S) as the set of faulty processes in S.
We’ll write them as alive(S) and faulty(S), when e is clear from the context.
Definition 9 A set of processes Q ⊆ S is available if Q ⊆ alive(S).
We also consider probabilistic fault-tolerant model, where each process s i in the set S fails
independently with probability p i .
Definition 10 If p i = p for all i, then it’s called a uniform probabilistic fault tolerant model.
References
[Thomas, 1979] Thomas, R. H. (1979). A majority consensus approach to concurrency control
for multiple copy databases. ACM Trans. Database Syst., 4(2):180–209.
4