The Atomic Commit Problem

2 The Problem Reaching a decision in a distributed environment Every participant: has an opinion can veto

3 Atomic Commitment Protocol A correct ACP guarantees that: All the DM (database manager) that reach a decision, reach the same decision. Decisions are not reversible. A Commit decision can only be reached if all the DMs voted to commit. If there are no failures and all the DMs voted to commit, the decision will be Commit. At any point, if all failures are repaired, and no new failures are introduced, then all the DMs eventually reach a decision.

4 2 Phase Commit (2PC)

5 2PC – continued Phase 1: Coordinator (C) sends the transaction to all participants Every node that makes up its mind to commit or abort, sends its vote to C. Phase 2: Coordinator collects all replies. If everyone voted commit, it decides commit, and sends commit to all. Otherwise, it decides abort, and sends abort to all. Participants wait for commit or abort message, and decides accordingly.

6 2PC - continued Problem: If the coordinator fails, then everyone is stuck For instance, if everyone voted commit but did not receive an answer, it is unknown whether the coordinator committed or aborted before failing. If anybody decided – everybody decides the same If all working nodes are waiting – the protocol blocks This is known as blocking Skeen & Stonebraker proved that if the network might partition, blocking is unavoidable

7 3 Phase Commit (D. Skeen 1982) Idea: Use quorums to decide on commit or abort A majority of the DMs must agree to abort or commit after all the DMs agreed locally. Simple majority can be generalized to weighted majority. Instead of one quorum, there can be an abort quorum and a commit quorum. Assumption: Nodes can reliably detect when other nodes are faulty The protocol consists of two phases Initial Recovery

8 3 Phase Commit (3PC)

9 3PC – Recovery Phase

10 3PC – Recovery Phase (Decision Rule)

11 Blocking in 3PC It is possible that a quorum is connected for sufficiently long time, and still no decision is made

12 Extended 3PC (Dolev&Keidar 1995) - Intuition If we just could “know” which intention came last – we could say that the earlier ones are stale

13 Extended 3PC (Dolev&Keidar 1995) - Intuition - continued We can! An elected coordinator has a sequential number An intention (pre-* message) by a later coordinator overrides an intention by an earlier one!

14 E3PC – continued Uses identical state diagrams as 3PC. Uses similar communication to 3PC (with different message contents). Maintains two additional counters: Last_elected – the number of the last election that this site took part in. This variable is updated when a new coordinator is elected. Last_attempt – the election number in the last attempt this site made to commit or abort. The coordinator changes this variable’s value to the value of Last_elected when ever it makes a decision. Every other participant sets its Last_attempt to Last_elected when it moves to the PRE-COMMIT or to the PRE-ABORT state, following a message from the coordinator. Uses a different decision rule and recover procedure.

15 E3PC – continued Predicate: Is_Max_Attempt_Commitable TRUE if and only if all nodes that have not decided and for which Last_Attempt = Max_Attempt are in PC Intuitively, it means that since all the nodes that have the most up to date knowledge about attempts to decide in which a quorum was involved are in PC. This indicates that Abort (or even PA) could not have been decided, and thus it’s safe to decide Commit

16 E3PC – The recovery procedure Elect new coordinator r (e.g., smallest non-faulty node) New coordinator collects Last_Elected and Last_attempt from everyone and computes Max_Elected and Max_Attempt Last_Elected = Max_Elected + 1 and send it to everyone Every node i that receives Last_Elected assigns Last_Electedi = Last_Elected New coordinator r collects the states of all processes Coordinator tries to decide according to the following rule: If one process said Abort, then Abort If one process said Commit, then Commit If Is_Max_Commitable and got quorum, then PC If not Is_Max_Commitable and got quorum, then PA Else wait If decision <> wait then coordinator sets Last_Attempt = Last_Elected

17 E3PC – The recovery procedure - continued Any node that received PA or PC switches to that state and sends ACK-PA or ACK-PC accordingly. Also assign Last_Attempt = Last_Elected If the coordinator receives a quorum of ACK-PA or ACK-PC, it decides accordingly and sends decision to all processes A node that receives Commit or Abort decides accordingly

18 E3PC does not Block a Quorum

19 Correctness of E3PC - Outline Two contradicting attempts (PRE-COMMIT and PRE-ABORT) cannot be made with the same value of Last_Attempt (every two quorums intersect, and a quorum of sites must increase Last_Elected before a PRE-COMMIT and PRE- ABORT decision) The value of Last_Attempt at each site increases every time the site changes state from a committable state to a non-final committable state. And vice versa. If the coordinator reaches a COMMIT(ABORT) decision, when setting its Last_Attempt to i, then for every j>=i, no coordinator will decide PRE- ABORT(PRE-COMMIT) when setting its Last_Attempt to j. (prove by induction on j>=i ) If some site running the protocol COMMITS the transaction, then no other site ABORTS the transaction.