Failure Detectors motivation failure detector properties 4/28/2019 Failure Detectors motivation failure detector properties failure detector classes detector reduction equivalence between classes consensus solving with S solving with S corollaries and other results

4/28/2019 Why Failure Detectors consensus in asynchronous systems is impossible even if a single process crashes (pure) asynchronous systems are not useful for fault tolerance studies asynchronous system is a generic model for reasoning about distributed algorithms how can asynchronous systems be augmented to enable consensus?

Notation T – state numbers in a computation (logical clock ticks) 4/28/2019 Notation T – state numbers in a computation (logical clock ticks) failure pattern is a function F(t) that denotes the set of processes that have crashed so far F: T2P F is monotonic: (p  F(t))  (p  F(t' > t)) crashed(F) are the processes that crash at some time correct(F) = P - crashed(F) once the process crashes it does not recover failure detector is a module of a process that outputs the set of processes that it currently suspects to have crashed failure detector history H is the output of a failure detector H: P  T  2P H(p, t) is the set of processes that p suspects at time t. q  H(p, t) means "p suspects q at time t". failure detector D maps F to a set of H.

Failure Detector Properties 4/28/2019 Failure Detector Properties completeness strong – every process that never crashes eventually suspects every process that does crash F, HD(F),tT, pcrashed(F), qcorrect(F), t'  t: p  H(q, t') weak – some process that never crashes eventually suspects every process that does crash F, HD(F),tT, pcrashed(F), qcorrect(F), t'  t: p  H(q, t') (perpetual) accuracy strong – no process is suspected before it crashes F, HD(F),tT, p, qP-F(t): p  H(q, t) weak – some correct process is never suspected F, HD(F),pcorrect(F), tT, qP-F(t): p  H(q, t) eventual accuracy eventual versions of (weak and strong) accuracy require that the property holds only eventually ex: eventual strong accuracy: F, HD(F),tT, t’>t, p, qP-F(t): p  H(q, t’)

Failure Detector Classes 4/28/2019 Failure Detector Classes the properties define eight detector classes

Detector Reduction reduction algorithm TDD’ transforms D into D’ 4/28/2019 Detector Reduction reduction algorithm TDD’ transforms D into D’ T uses D to maintain variable outputp for every process p every history TDD’ of is a history of D’ if algorithm A requires D’, but only D is available, A can use TDD’ if exists TDD’ – D provides at least as much info as D’ D’ is weaker than D D’ is reducible to D D  D’ reducibility relation is transitive if D>D’ and D’>D then D  D’: D and D’ are equivalent reducibility and equivalence applies to classes of detectors as well

Relation between Weak and Strong Completeness 4/28/2019 Relation between Weak and Strong Completeness observe that strongly complete detectors trivially emulate weak, thus P  Q, S  W, P  Q, S  W however, weakly complete detectors can also emulate strong ones in the algorithm TDD’ each process broadcasts the list of suspects TDD’ transforms weak into strong completeness preserves perpetual (weak and strong) accuracy preserves eventual (weak and strong) accuracy Thus, P  Q, S  W, P  Q, S  W need to consider only strongly complete detectors need to implement only weekly complete deterctors

Consensus with Failure Detectors 4/28/2019 Consensus with Failure Detectors primitives at each process propose(v) propose a value v for consensus decide(v) decide on a consensus value v properties termination – each correct process eventually decides on a value uniform integrity – each process decides at most once agreement – no two correct processes decide differently uniform agreement – no two (correct or faulty) processes decide differently uniform validity – if a process decides on v, then some process proposed v

Solving Consensus Using S 4/28/2019 Solving Consensus Using S tolerates up to n-1 crashes, satisfies uniform agreement three phases first – n-1 rounds of disseminating each process’ value second – processes agreeing on the vector of values correctness proof c – correct process that is never suspected Theorem: the algorithm solves consensus using S

Solving Consen-sus using S 4/28/2019 Solving Consen-sus using S assumptions majority of processes are correct each process knows the id of coordinator at round r Theorem: the algorithm solves consensus using S

Corollaries and Other Results 4/28/2019 Corollaries and Other Results from detector classes equivalence consensus is solvable with W with up to n-1 crashes consensus is solvable using W with less than n/2 crashes other results consensus is not solvable even with P with if maximum number of crashes is at least n/2 crashes W is the weakest failure detector to solve consensus with less than n/2 crashes that is for any detector D, there exists TDW