Unreliable Failure Detectors for Reliable Distributed Systems

More documents

Recommendations

Info

238 T. D. CHANDRA AND S. TOUEGEvery process p executes the followingTo execute R-broadcast(m):send m to all (including p)R-deliver(m) occurs as fo]lows:when receive m for the first timeif sender(m) # p then send m to aflR-deliver(m)FIG.4. Reliable Broadcast by message diffusion.Since Q satisfies weak completeness, by Lemma 3.1, 53’ satisfies strong completeness.We now show that ~ and $23’have the same accuracy property. If 9 is in Qor W, this follows from Lemma 3.2. If !3 is in 0S2 or OW, this follows fromLemma 3.3. •lBy Theorem 3.4 and Observation 2.6.1, we have:COROLLARY3.5. 9 = Q, Y’= W, OQ?= 03, and OY = OW.The relations given in Corollary 3.5 are sufficient for the purposes of thispaper. A complete enumeration of the relations between the eight failuredetectors classes defined in Figure 1 is given in Section 8.4. Reliable BroadcastWe now define Reliable Broadcast, a communication primitive for asynchronoussystems that we use in our algorithm.13 Informally, Reliable Broadcast guaranteesthat (1) all correct processes deliver the same set of messages, (2) allmessages broadcast by correct processes are delivered, and (3) no spuriousmessages are ever delivered. Formally, Reliable Broadcast is defined in terms oftwo primitives, R-broadcasr(m ) and R-deliver(m) where m is a message drawnfrom a set of possible messages. When a process executes R-broadcast(m), wesay that it R-broadcasts m, and when a process executes R-deliver(m), we saythat it R-delivers m. We assume that every message m includes a field denotedsender(m) that contains the identity of the sender, and a field with a sequencenumber; these two fields make every message unique. Reliable Broadcastsatisfies the following properties [Hadzilacos and Toueg 1994]:Validity. If a correct process R-broadcasts a message m, then it eventuallyR-delivers m.Agreement. If a correct process R-delivers a message m, then all correctprocesses eventually R-deliver m.Uniform tnte~”ty. For any message m, every process R-delivers m at mostonce, and only if m was previously R-broadcast by sender(m).In Figure 4, we give a simple Reliable Broadcast algorithm for asynchronoussystems. Informally, when a process receives a message for the first time, it relaysthe message to all processes and then R-delivers it, This algorithm satisfies1~This is a ~rash.failureToueg [1985] for “Byzantine” failures.version of the asynchronous broadcast primitive defined in Bracha and
Unreliable Failure Detectors for Reliab[e Distributed Systems 239validity, agreement and uniform integrity in asynchronous systems with up ton – 1 crash failures. The proof is obvious and therefore omitted.5. The Consensus ProblemIn the Consensus problem, all correct processes propose a value and must reacha unanimous and irrevocable decision on some value that is related to theproposed values [Fischer 1983], We define the Consensus problem in terms oftwo primitives, propose(v) and decide(u), where u is a value drawn from a set ofpossible proposed values. When a process executes propose(v), we say that itproposes v; similarly, when a process executes decide(u), we say that it decides u.The Consensus problem is specified as follows:Termination. Every correct process eventually decides some value.Uniform inte~”~. Every process decides at most once.Agreement. No two correct processes decide differently.UniJorm validi~. If a process decides v, then v was proposed by someprocess .14It is well-known that Consensus cannot be solved in asynchronous systems thatare subject to even a single crash failure [Fischer et al, 1985; Dolev et al. 1987].6. Solving Consensus using Unreliable Failure DetectorsWe now show how to solve Consensus using each one of the eight classes offailure detectors defined in Figure 1. By Corollary 3.5, we only need to show howto solve Consensus using each one of the four classes of failure detectors thatsatisfy strong completeness, namely, 9, Y’,09, and OY.In Section 6.1, we present an algorithm that solves Consensus using Y. Since W> Y, this algorithm also solves Consensus using 9. In Section 6.2, we give aConsensus algorithm that uses 09’. Since 09 5 0!3’, this algorithm also solvesConsensus using 0$7. Our Consensus algorithms actually solve a stronger form ofConsensus than the one specified in Section 5: They ensure that no twoprocesses, whether correct or faulty, decide differently—a property called uniformagreement [Neiger and Toueg 1990].The Consensus algorithm that uses 9 tolerates any number of failures. Incontrast, the one that uses 09’ requires a majority of correct processes. We showthat to solve Consensus this requirement is necessary even if one uses 09, a classof failure detectors that is stronger than OY’. Thus, our algorithm for solvingConsensus using 0.9’ (or 09’) is optimal with respect to the number of failuresthat it tolerates.6.1. SOLVINGCONSENSUS USING 9’. The algorithm inFigure 5 solves Consensususing any Strong failure detector $2 E !3’.In other words, it works with anyfailure detector Q that satisfies strong completeness and weak accuracy. Thisalgorithm tolerates up to n – 1 faulty processes (in asynchronous systems with nprocesses).‘4The validitypropertycapturesthe relation between the decision value and the proposedChanging this property results in other types of Consensus [Fischer 1983].values.
Page 1 and 2: Unreliable Failure Detectors for Re
Page 4 and 5: 228 T. D. CHANDRAAND S. TOUEGTo do
Page 6 and 7: 230 T. D. CHANDRAAND S. TOUEGChandr
Page 8 and 9: 232 T. D. CHANDRAAND S. TOUEGInform
Page 10 and 11: 234 T. D. CHANDRAAND S. TOUEGFIG. 1
Page 12 and 13: 236 T. D. CHANDRA AND S. TOUEGEvery
Page 16 and 17: 240 T. D. CHANDRA AND S. TOUEGEvery
Page 18 and 19: 242 T. D. CHANDRAAND S. TOUEGLEMMA
Page 20 and 21: 244 T. D. CHANDRA AND S. TOUEGother
Page 22 and 23: 246 T. D. CHANDRAAND S. TOUEGSince
Page 24 and 25: 248 T. D. CHANDRAAND S. TOUEGIn R~
Page 26 and 27: 250 T. D, CHANDRAAND S. TOUEGdelive
Page 28 and 29: 252 T. D. CHANDRAAND S. TOUEGpropos
Page 30 and 31: 254 T. D. CHANDRAAND S. TOUEGI 1I 1
Page 32 and 33: 256 T. D, CHANDRAAND S. TOUEGEvery
Page 34 and 35: 258 T. D. CHANDRA AND S. TOUEGdetec
Page 36 and 37: 260 T. D. CIMNDRA AND S, TOUEGconti
Page 38 and 39: 262 T. D. CHANDRAAND S. TOUEGfailur
Page 40 and 41: 264 T. D. CHANDRA AND S. TOUEGFO at
Page 42 and 43: 266 T. D. CHANDRA AND S. TOUEGBERMA

Unreliable Failure Detectors for Reliable Distributed Systems

Create successful ePaper yourself

Delete template?

Save as template?