Unreliable Failure Detectors for Reliable Distributed Systems

More documents

Recommendations

Info

240 T. D. CHANDRA AND S. TOUEGEvery procese p executes the foliowin~procedurevp4-(L,l,...VP(P]4- IJpAP t VPpropose,l){p’s estimateof the pruposed values}Phase 1: {astmchnmous rounds r~, 1< rP < n – 1}forrptltorb-lsend (rP, AP, p) to allwait until ~q : received (rp, Aq, q) or ~ ~ 9P] {que~ the ~ailum detector}nwgsP(rP] t {(rp,Aq,II)I r-+ed (rp, AQ~ q)}Apt(L, L,...,l)fork+ ltonif Vp[k] = 1 and 3(rP, Aq,q) E msgsp[rP]Vp[k] t Aq[k]with A~[k] # 1 thenAP[k] + AQ[k]Pheee 2: send VP to allwait until ~q : received VQ or q 6 ‘3P] {que~ the faike detector}lastm9gsP t {Vq I received VQ}forktl tonif WQ G hmtnasgsp with Vq[k] = 1 then Vp[k] t 1Phase 3: decide( first non-l component of Vp)FIG.5. Solving Consensus using any Q c 9.The algorithm runs through three phases. In Phase 1, processes execute n – 1asynchronous rounds (rP denotes the current round number of process p ) duringwhich they broadcast and relay their proposed values. Each process p waits untilit receives a round r message from every process that is not in 9P, beforeproceeding to round r + 1. Note that while p is waiting for a message from q inround r, it is possible that q is added to 9P. If this occurs, p stops waiting for q‘smessage and proceeds to round r + 1.By the end of Phase 2, correct processes agree on a vector based on theproposed values of all processes. The ith element of this vector either containsthe proposed value of process pi or 1. We will show that this vector contains theproposed value of at least one process. In Phase 3, correct processes decide thefirst nontrivial component of this vector.Let R = (F, H9, 1, S, T) be any run of the algorithm in Figure 5 using9 G Y in which all correct processes propose a value. We have to show that thetermination, uniform validity, agreement and uniform integrity properties ofConsensus hold.Note that VP[q] is p‘s current estimate of q‘s proposed value. Furthermore,AP[q] = Uqat the end of round r if and only if p receives Vq, the value proposedby q, for the first time in round r.LEMMA 6.1.1. For all p and q, and in all phases, VP[q] is either v~ or 1.PROOF. Obvious from the algorithm. •lLEMMA 6.1.2. Eveiy correct process eventual~ reaches Phase 3.
Unreliable Failure Detectors for Reliable Distributed Systems 241PROOF (SKETCH). The only way a correct processp can be prevented fromreaching Phase 3 is by blocking forever at one of the two wait statements (inPhase 1 and 2, respectively). This can happen only if p is waiting forever for amessage from a process q and q never joins $lP. There are two cases to consider:(1) q crashes. Since S2 satisfies strong completeness, there is a time after whichq E !3P.(2) q does not crash. In this case, we can show (by an easy but tedious inductionon the round number) that q eventually sends the message p is waiting for.In both cases p is not blocked forever and reaches Phase 3. ❑Since ~ satisfies weak accuracy there is a correct process c that is neversuspected by any process, that is, Vt E 5, Vp E II – F(t) :c @ H@(p, t). LetII,denote the set of processes that complete all n – 1 rounds of Phase 1, and Ilzdenote the set of processes that complete Phase 2. We say VP s Vq if and only iffor all k E ~, V,,[k] is either Vq[k] or 1-.LEMMA 6.1.3. In every round r, 1 s r 5 n – 1, all processes p E 111 receive(r, A{., c) from process c, that is, (r, Ac, c) is in msgsP[r].PROOF. Since p E 111,p completes all n – 1 rounds of Phase 1. At each round r,since c @ 9P, p waits forand receives the message (r, AC,c) from c. ❑LEMMA6.1.4. For all p G 111, VC = VP at the end of Phase 1.PROOF, Suppose for some process g, V=[q] # L at the end of Phase 1, FromLemma 6.1.1. VC[q] = I+. Consider any p E IIl. We must show that VP[q] = Vq atthe end of Phase 1. This is obvious if p = c, thus we consider the case where p # c.Let r be the first round in which c received Uq(if c = q, we define r to be O).From the algorithm, it is clear that A=[q] = Vqat the end of round r. There aretwo cases to consider:(l)rSn- 2. In round r + 1 s n – 1, c relays Vq by sending the message(r + 1, AC, c) with AC[q] = Uq to all. From Lemma 6.1.3, p receives(r + 1, A=, c) in round r + 1, From the algorithm, it is clear that p setsVP[q] to 7Jq by the end of round r + 1.(2) r = n – 1. In this case, c received Vq for the first time in round n – 1.Since each process relays Uq (in its vector A) at most once, it is easy to seethat ijq was relayed by all n – 1 processes in II – {c}, including p, beforebeing received by c. Since p sets VP[q] = Uq before relaying Vq, it followsthat VP[q] = II,, at the end of Phase 1. ClLEMMA6.1.5. For all p E IIz, VC = VP al the end of Phase 2.PROOF. Consider any p c IIz and q E II. We have to show thatVP[q] = VC[q] at the end of Phase 2. There are two cases to consider:(1) V.[q] = Vq at the end of Phase 1. From Lemma 6.1.4, for all processesp‘ E II, (including p and c), VP, [q] = Uq at the end of Phase 1. Thus, for allthe vectors V sent in Phase 2, V[q] = Vq. Hence, both VP[q] and V,[q]remain equal to v~ throughout Phase 2.(2) Vr[q] = L at the end of Phase 1. Since c @ !3,, p waits for and receives V=in Phase 2. Since V=[q] = ~, p sets VP[q] t J at the end of Phase 2. ❑
Page 1 and 2: Unreliable Failure Detectors for Re
Page 4 and 5: 228 T. D. CHANDRAAND S. TOUEGTo do
Page 6 and 7: 230 T. D. CHANDRAAND S. TOUEGChandr
Page 8 and 9: 232 T. D. CHANDRAAND S. TOUEGInform
Page 10 and 11: 234 T. D. CHANDRAAND S. TOUEGFIG. 1
Page 12 and 13: 236 T. D. CHANDRA AND S. TOUEGEvery
Page 14 and 15: 238 T. D. CHANDRA AND S. TOUEGEvery
Page 18 and 19: 242 T. D. CHANDRAAND S. TOUEGLEMMA
Page 20 and 21: 244 T. D. CHANDRA AND S. TOUEGother
Page 22 and 23: 246 T. D. CHANDRAAND S. TOUEGSince
Page 24 and 25: 248 T. D. CHANDRAAND S. TOUEGIn R~
Page 26 and 27: 250 T. D, CHANDRAAND S. TOUEGdelive
Page 28 and 29: 252 T. D. CHANDRAAND S. TOUEGpropos
Page 30 and 31: 254 T. D. CHANDRAAND S. TOUEGI 1I 1
Page 32 and 33: 256 T. D, CHANDRAAND S. TOUEGEvery
Page 34 and 35: 258 T. D. CHANDRA AND S. TOUEGdetec
Page 36 and 37: 260 T. D. CIMNDRA AND S, TOUEGconti
Page 38 and 39: 262 T. D. CHANDRAAND S. TOUEGfailur
Page 40 and 41: 264 T. D. CHANDRA AND S. TOUEGFO at
Page 42 and 43: 266 T. D. CHANDRA AND S. TOUEGBERMA

Unreliable Failure Detectors for Reliable Distributed Systems

Create successful ePaper yourself

Delete template?

Save as template?