Presentation is loading. Please wait.

Presentation is loading. Please wait.

FLP Impossibility of Consensus

Published byRenáta Borosné Modified over 5 years ago

Similar presentations

Presentation on theme: "FLP Impossibility of Consensus"— Presentation transcript:

1 FLP Impossibility of Consensus
Yan Ji Oct 26, 2017 Slides inspired by Lorenzo Alvisi (CS5414 FA16) slides and Philip Daian (CS6410 FA16) slides

2

3 I think you ought to know I'm feeling very depressed.

4 I think you ought to know I'm feeling very depressed.
I have a million ideas, but, they all point to certain death…

5 FLP Impossibility of Consensus
Yan Ji Oct 26, 2017 Slides inspired by Lorenzo Alvisi (CS5414 FA16) slides and Philip Daian (CS6410 FA16) slides

6 Timeline

7 Impossibility of distributed consensus with one faulty process (1985)
2001 Dijkstra prize for the most influential paper in distributed computing Michael Fischer, Yale University Distributed computing, Cryptography Nancy Lynch, MIT Distributed computing theory: Algorithms and lower bounds, Modeling and verification, Wireless networks, Biological algorithms Mike Paterson, University of Warwick Algorithms, Complexity The paper won the 2001 Dijkstra prize for the most influential paper in distributed computing. All three authors, Michael Fischer, Nancy Lynch and Mike Paterson are still very active and extremely eminent researchers in the field. Nancy Lynch, in particular, seems to have been involved in almost every important piece of work in distributed algorithms. Lorenzo shaked hands with all three of them!

8 FLP Result It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing.

9 The Intuition Considering how Paxos works, what is the most difficult part for reaching consensus in an asynchronous distributed system?

10 When does liveness fail in Paxos
P1 receives promises for n1

11 When does liveness fail in Paxos
P1 receives promises for n1 P2 receives promises for n2 > n1 P1 sends proposal numbered n1, rejected

12 When does liveness fail in Paxos
P1 receives promises for n1 P2 receives promises for n2 > n1 P1 sends proposal numbered n1, rejected P1 receives promises for n1′ > n2 P2 sends proposal numbered n2, rejected

13 When does liveness fail in Paxos
P1 receives promises for n1 P2 receives promises for n2 > n1 P1 sends proposal numbered n1, rejected P1 receives promises for n1′ > n2 P2 sends proposal numbered n2, rejected P1 receives promises for n2′ > n1’ P1 sends proposal numbered n1′ , rejected

14 When does liveness fail in Paxos
P1 receives promises for n1 P2 receives promises for n2 > n1 P1 sends proposal numbered n1, rejected P1 receives promises for n1′ > n2 P2 sends proposal numbered n2, rejected P1 receives promises for n2′ > n1’ P1 sends proposal numbered n1′ , rejected . . .

15 The Intuition Considering how Paxos works, what is the most difficult part for reaching consensus in an asynchronous distributed system?

16 The Intuition Considering how Paxos works, what is the most difficult part for reaching consensus in an asynchronous distributed system? CANNOT DISTINGUISH between processes: Crash failure Slow (e.g. in processing or network message delivering)

17 Assumption It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing.

18 Assumption It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. No assumptions about the relative speeds of processes or about the delay time in delivering a message Processes don’t have access to synchronized clocks Unable to detect the death of a process

19 Assumption It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing.

20 Assumption It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. Termination: all non-faulty processes eventually decide on a value Agreement: all processes that decide do so on the same value Validity: the value that has been decided must have been proposed by some process

21 Assumption It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. For simplicity, Termination: all non-faulty processes eventually decide on a value in {0, 1} Agreement: all processes that decide do so on the same value Validity: both 0 and 1 are possible decision values

22 Assumption It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing.

23 Assumption It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. No Byzantine, no fail-stop, just CRASH. All processes follow the protocol except for that at most one might crash. Difference between knowing there is at most one faulty node and there is indeed one faulty node! The proof goes with the assumption of the knowledge of there is at most one node!

24 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing.

25 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. (p, m) p

26 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. Message Buffer M p

27 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. Message Buffer M send(p, m) p

28 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. (p, m) p

29 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. (p, m) receive(p) p

30 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. (p, m) p Deal with m

31 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. Message Buffer M p

32 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. Message Buffer M receive(p) p

33 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. Message Buffer M p Deal with Ø

34 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. (p, m) p

35 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. (p, m) receive(p) p

36 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. (p, m) p Deal with Ø

37 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. All messages are delivered correctly and exactly once The message buffer acts nondeterministically Inserted with arbitrary number of empty messages Message Buffer M

38 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing.

39 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. Configuration: C = (s, M) M: message buffer s: internal states of processes Input register Output register Internal storage Program counter Message Buffer M

40 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. Configuration: C = (s, M) M: message buffer s: internal states of processes Input register, value in {0, 1} Output register, value in {b, 0, 1} Internal storage Program counter p1 0/1, b/0/1 C = (s, M) . M pk 0/1, b/0/1 s

41 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. Event: e = (p, m) p1 0/1, b/0/1 ... (pi, m) pi 0/1, b/0/1 M ... pk 0/1, b/0/1 s

42 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. Step: C’= e(C) = (s’, M’) p1 0/1, b/0/1 ... (pi, m) pi 0/1, b/0/1 M ... p1 0/1, b/0/1 C = (s, M) pk 0/1, b/0/1 . s M pk 0/1, b/0/1 s

43 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. Step: C’= e(C) = (s’, M’) p1 0/1, b/0/1 ... (pi, m) pi 0/1, b/0/1 M ... p1 0/1, b/0/1 C = (s, M) pk p1 0/1, b/0/1 0/1, b/0/1 C = (s, M) . . s M M pk pk 0/1, b/0/1 0/1, b/0/1 s s

44 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. Step: C’= e(C) = (s’, M’) p1 0/1, b/0/1 ... (pi, m) pi 0/1, b/0/1 M ... p1 0/1, b/0/1 C = (s, M) pk p1 0/1, b/0/1 0/1, b/0/1 C = (s, M) . ... s pi (pi, m) 0/1, b M (pi, m) M ... pk pk 0/1, b/0/1 0/1, b/0/1 s s

45 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. Step: C’= e(C) = (s’, M’) p1 0/1, b/0/1 ... (pi, m) pi 0/1, b/0/1 M ... p1 0/1, b/0/1 C = (s, M) pk p1 0/1, b/0/1 0/1, b/0/1 C = (s, M) . ... s p’i 0/1, b 0 M (pi, m) M ... pk pk 0/1, b/0/1 0/1, b/0/1 s s’

46 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. Step: C’= e(C) = (s’, M’) p1 0/1, b/0/1 ... (pi, m) pi 0/1, b/0/1 M ... p1 0/1, b/0/1 C = (s, M) pk p1 0/1, b/0/1 0/1, b/0/1 C = (s, M) . ... s p’i send 0/1, b 0 M (pi, m) M ... pk pk 0/1, b/0/1 0/1, b/0/1 s s’

47 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. Step: C’= e(C) = (s’, M’) p1 0/1, b/0/1 ... (pi, m) pi 0/1, b/0/1 M ... p1 0/1, b/0/1 C = (s, M) pk p1 0/1, b/0/1 0/1, b/0/1 C’ = (s’, M’) . ... s p’i 0/1, b 0 M’ (pi, m) M ... pk pk 0/1, b/0/1 0/1, b/0/1 s s’

48 Model It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. Step: C’= e(C) = (s’, M’) p1 0/1, b/0/1 ... (pi, m) pi 0/1, b/0/1 M ... p1 0/1, b/0/1 C = (s, M) pk p1 0/1, b/0/1 0/1, b/0/1 C’ = (s’, M’) . ... s p’i 0/1, b 0 M’ (pi, m) M ... pk pk 0/1, b/0/1 0/1, b/0/1 s s’

49 Proof It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. How to prove impossibility?

50 Proof It is impossible to have a deterministic protocol that solves consensus in a message-passing asynchronous system in which at most one process may fail by crashing. How to prove impossibility? Assume to the contrary that there exists a consensus protocol P such that… How to define P?

51 More terms A schedule S of P is a finite or infinite sequence of events (e1, e2, …, ek)of P, S(C) = ek(...(e2(e1(C)))...)

52 More terms A schedule S of P is a finite or infinite sequence of events (e1, e2, …, ek)of P, S(C) = ek(...(e2(e1(C)))...) A run of P is a sequence of steps associating a schedule S, in other words, a run is a pair of a configuration C and a schedule S, written as (C, S)

53 More terms A configuration C’ is reachable from a configuration C if there exist a schedule S such that C’ = S(C)

54 More terms A configuration C’ is reachable from a configuration C if there exist a schedule S such that C’ = S(C) A configuration C′ is accessible from an initial configuration C0 if C’ is reachable from C0

55 More terms A configuration C’ is reachable from a configuration C if there exist a schedule S such that C’ = S(C) A configuration C′ is accessible from an initial configuration C0 if C’ is reachable from C0 e1(p1, m1) e2(pk, m2) p1 p’1 p’1 0/1, b C0 = (s0, M0) 0/1, b C1 = (s1, M1) 0/1, b C2 = (s2, M2) . . . M0 M1 M2 pk 0/1, b pk p’k 0/1, b 0/1, b 0 s0 s1 s2

56 More terms A configuration C has decision value v if some process p is in a decision state with output=v, which is “write-once”/irreversible

57 More terms A configuration C has decision value v if some process p is in a decision state with output=v, which is “write-once”/irreversible A run is a deciding run if some process reaches a decision state.

58 More terms A configuration C has decision value v if some process p is in a decision state with output=v, which is “write-once”/irreversible A run is a deciding run if some process reaches a decision state. e1(p1, m1) p1 0/1, b C0 = (s0, M0) p’1 0/1, b C1 = (s1, M1) . . M0 M1 pk 0/1, b pk 0/1, b s0 s1

59 More terms A configuration C has decision value v if some process p is in a decision state with output=v, which is “write-once”/irreversible A run is a deciding run if some process reaches a decision state. e1(p1, m1) e2(pk, m2) p1 p’1 p’1 0/1, b C0 = (s0, M0) 0/1, b C1 = (s1, M1) 0/1, b C2 = (s2, M2) . . . M0 M1 M2 pk 0/1, b pk p’k 0/1, b 0/1, b 0 s0 s1 s2

60 More terms A consensus protocol P is partially correct if:
No accessible configuration has more than one decision value (agreement) For each v in {0, 1}, some accessible configuration has decision value v (validity) A run is admissible if every process, except possibly one (faulty process), takes infinitely many steps in S

61 Assume to the contrary that there exists P such that
P is partially correct Agreement + Validity

62 Assume to the contrary that there exists P such that
P is partially correct Agreement + Validity Every admissible run of P is a deciding run Termination

63 Assume to the contrary that there exists P such that
P is partially correct Agreement + Validity Every admissible run of P is a deciding run Termination What kind of contradiction should possibly be like?

64 Categories of configurations
Univalent, or i-valent (i in {0, 1}) A configuration C is univalent or i-valent if some process has decided i in C, or if all configurations accessible from C are i-valent

65 Categories of configurations
Univalent, or i-valent (i in {0, 1}) A configuration C is univalent or i-valent if some process has decided i in C, or if all configurations accessible from C are i-valent ... S1 p1 0, b C = (s, M) . ... S2 Decide on 0 M pk 0, b ... S3 s

66 Categories of configurations
Univalent, or i-valent (i in {0, 1}) A configuration C is univalent or i-valent if some process has decided i in C, or if all configurations accessible from C are i-valent ... S1 p1 1, b C = (s, M) . ... S2 Decide on 1 M pk 1, b ... S3 s

67 Categories of configurations
Bivalent A configuration C is bivalent if some of the configurations accessible from it are 0-valent while others are 1-valent ... S1 p1 Decide on 0 0, b C = (s, M) . ... S2 Decide on 1 M pk 1, b ... S3 Decide on 0 s

68 Categories of configurations
Bivalent (see Bivalent, read Undeciding) A configuration C is bivalent if some of the configurations accessible from it are 0-valent while others are 1-valent ... S1 p1 Decide on 0 0, b C = (s, M) . ... S2 Decide on 1 M pk 1, b ... S3 Decide on 0 s

69 What kind of contradiction should possibly be like?
INDISTINGUISHABILITY between processes: Crashed Simply slow in processing or having a terrible network condition

70 What kind of contradiction should possibly be like?
INDISTINGUISHABILITY between processes: Crashed Simply slow in processing or having a terrible network condition For any protocol, there exists a configuration that is always bivalent.

71 What kind of contradiction should possibly be like?
INDISTINGUISHABILITY between processes: Crashed Simply slow in processing or having a terrible network condition For any protocol, there exists a configuration that is always bivalent. Remaining UNDECIDED in the value

72 What kind of contradiction should possibly be like?
INDISTINGUISHABILITY between processes: Crashed Simply slow in processing or having a terrible network condition For any protocol, there exists a configuration that is always bivalent. Remaining UNDECIDED in the value

73 Proof Outline For any protocol, there is an initial configuration that is bivalent Then there is another bivalent configuration reachable from it after applying some event And another reachable bivalent configuration An infinite undeciding run

74 Most exciting part!!! Lemma 1 (commutativity of schedules)
Suppose that from some C, the schedules S1, S2 lead to C1, C2 respectively. If the steps in S1 and in S2 are disjoint, then S2 can be applied to C1 and S1 can be applied to C2 and both lead to the same C3.

75 Most exciting part!!! Lemma 1 (commutativity of schedules)
Suppose that from some C, the schedules S1, S2 lead to C1, C2 respectively. If the steps in S1 and in S2 are disjoint, then S2 can be applied to C1 and S1 can be applied to C2 and both lead to the same C3. C S1 S2 C1 C2 S2 S1 C3

76 Proof Outline For any protocol, there is an initial configuration that is bivalent Then there is another bivalent configuration reachable from it after applying some event And another reachable bivalent configuration An infinite undeciding run

77 Most exciting part!!! Lemma 2 P has a bivalent initial configuration.

78 Most exciting part!!! Lemma 2 P has a bivalent initial configuration.
Assume all initial configurations are either 0-valent or 1-valent. p1 0, b 1, b 0, b 0, b 1, b 0, b 1, b 1, b 1, b 0, b 1, b 0, b 1, b 0, b p2 p3

79 Most exciting part!!! Lemma 2 P has a bivalent initial configuration.
Assume all initial configurations are either 0-valent or 1-valent. p1 0, b 1, b 0, b 0, b 1, b 0, b 1, b 1, b 1, b 0, b 1, b 0, b 1, b 0, b p2 p3 1

80 Most exciting part!!! Lemma 2 P has a bivalent initial configuration.
Assume all initial configurations are either 0-valent or 1-valent. p1 0, b 1, b 0, b 0, b 1, b 0, b 1, b 1, b 1, b 0, b 1, b 0, b 1, b 0, b p2 p3 1

81 Most exciting part!!! Lemma 2 P has a bivalent initial configuration.
Assume all initial configurations are either 0-valent or 1-valent. p1 0, b 1, b 0, b 0, b 1, b 0, b 1, b 1, b 1, b 0, b 1, b 0, b 1, b 0, b p2 p3 1

82 Most exciting part!!! Lemma 2 P has a bivalent initial configuration.
Assume all initial configurations are either 0-valent or 1-valent. p1 0, b 1, b 0, b 0, b 1, b 0, b 1, b 1, b 1, b 0, b 1, b 0, b 1, b 0, b p2 p3 1

83 Most exciting part!!! Lemma 2 P has a bivalent initial configuration.
Assume all initial configurations are either 0-valent or 1-valent. Adjacent: differ in the initial state of a single process C1 C2

84 ... ... Most exciting part!!! Lemma 2
P has a bivalent initial configuration. Assume all initial configurations are either 0-valent or 1-valent. Adjacent: differ in the initial state of a single process ... ... C1 C2 Ci Ci+1 Ck

85 ... ... Most exciting part!!! Lemma 2
P has a bivalent initial configuration. Assume all initial configurations are either 0-valent or 1-valent. Adjacent: differ in the initial state of a single process ... ... C1 C2 Ci Ci+1 Ck 1 1

86 ... ... Most exciting part!!! Lemma 2
P has a bivalent initial configuration. Assume all initial configurations are either 0-valent or 1-valent. Adjacent: differ in the initial state of a single process ... ... C1 C2 Ci Ci+1 Ck 1 1

87 ... ... Most exciting part!!! Lemma 2
differ in the initial state of a single process p Ci Ci+1 Lemma 2 P has a bivalent initial configuration. Assume all initial configurations are either 0-valent or 1-valent. Adjacent: differ in the initial state of a single process ... ... C1 C2 Ci Ci+1 Ck 1 1 Even when there is no faulty node!

88 ... ... Most exciting part!!! Lemma 2
differ in the initial state of a single process p Ci Ci+1 S in which p takes no step Lemma 2 P has a bivalent initial configuration. Assume all initial configurations are either 0-valent or 1-valent. C/p Adjacent: differ in the initial state of a single process ... ... C1 C2 Ci Ci+1 Ck 1 1

89 ... ... Most exciting part!!! Lemma 2
differ in the initial state of a single process p Ci Ci+1 S in which p takes no step S in which p takes no step Lemma 2 P has a bivalent initial configuration. Assume all initial configurations are either 0-valent or 1-valent. C/p Adjacent: differ in the initial state of a single process ... ... C1 C2 Ci Ci+1 Ck 1 1

90 ... ... Most exciting part!!! Lemma 2
differ in the initial state of a single process p Ci Ci+1 S in which p takes no step S in which p takes no step Lemma 2 P has a bivalent initial configuration. Assume all initial configurations are either 0-valent or 1-valent. C/p Adjacent: differ in the initial state of a single process ... ... C1 C2 Ci Ci+1 Ck 1 1

91 ... ... Most exciting part!!! Lemma 2
0/1 Most exciting part!!! differ in the initial state of a single process p Ci Ci+1 S in which p takes no step S in which p takes no step Lemma 2 P has a bivalent initial configuration. Assume all initial configurations are either 0-valent or 1-valent. C/p Adjacent: differ in the initial state of a single process ... ... C1 C2 Ci Ci+1 Ck 1 1

92 ... ... Most exciting part!!! Lemma 2
differ in the initial state of a single process p Ci Ci+1 S in which p takes no step S in which p takes no step Lemma 2 P has a bivalent initial configuration. Assume all initial configurations are either 0-valent or 1-valent. C/p Adjacent: differ in the initial state of a single process ... ... 1 C1 C2 Ci Ci+1 Ck 1 1

93 ... ... Most exciting part!!! Lemma 2
0/1 Most exciting part!!! differ in the initial state of a single process p Ci Ci+1 S in which p takes no step S in which p takes no step Lemma 2 P has a bivalent initial configuration. Assume all initial configurations are either 0-valent or 1-valent. C/p Adjacent: differ in the initial state of a single process ... ... 1 C1 C2 Ci Ci+1 Ck 1 1

94 Proof Outline For any protocol, there is an initial configuration that is bivalent Then there is another bivalent configuration reachable from it after applying some event And another reachable bivalent configuration An infinite undeciding run

95 Most exciting part!!! Lemma 3
Let C be a bivalent configuration of P, and e=(p, m) be an event that is applicable to C. Let E be the set of configurations reachable from C without applying e, and let D=e(E), the set of configurations after applying e to all those in E. Then, D contains a bivalent configuration.

96 Most exciting part!!! Lemma 3
Let C be a bivalent configuration of P, and e=(p, m) be an event that is applicable to C. Let E be the set of configurations reachable from C without applying e, and let D=e(E), the set of configurations after applying e to all those in E. Then, D contains a bivalent configuration. C 0/1

97 ... Most exciting part!!! Lemma 3
Let C be a bivalent configuration of P, and e=(p, m) be an event that is applicable to C. Let E be the set of configurations reachable from C without applying e, and let D=e(E), the set of configurations after applying e to all those in E. Then, D contains a bivalent configuration. Any schedule without applying e E1 C E2 E3 ... 0/1 E

98 ... ... Most exciting part!!! Lemma 3
Let C be a bivalent configuration of P, and e=(p, m) be an event that is applicable to C. Let E be the set of configurations reachable from C without applying e, and let D=e(E), the set of configurations after applying e to all those in E. Then, D contains a bivalent configuration. Any schedule without applying e E1 Apply e D1 C E2 D2 E3 D3 ... ... 0/1 E D

99 ... ... Most exciting part!!! Lemma 3
Let C be a bivalent configuration of P, and e=(p, m) be an event that is applicable to C. Let E be the set of configurations reachable from C without applying e, and let D=e(E), the set of configurations after applying e to all those in E. Then, D contains a bivalent configuration. Any schedule without applying e E1 Apply e D1 C E2 D2 E3 D3 0/1 ... ... 0/1 E D

100 Most exciting part!!! Assume all configurations in D are univalent.

101 Most exciting part!!! Assume all configurations in D are univalent.
There exists both 0-valent configuration and 1-valent configuration in D.

102 Most exciting part!!! Assume all configurations in D are univalent.
There exists both 0-valent configuration and 1-valent configuration in D. C is bivalent, so for i in {0, 1} there exists a Ci reachable from C that is i-valent.

103 Most exciting part!!! Assume all configurations in D are univalent.
There exists both 0-valent configuration and 1-valent configuration in D. C is bivalent, so for i in {0, 1} there exists a Ci reachable from C that is i-valent. Consider C0 without loss of generality,

104 Most exciting part!!! Assume all configurations in D are univalent.
There exists both 0-valent configuration and 1-valent configuration in D. C is bivalent, so for i in {0, 1} there exists a Ci reachable from C that is i-valent. Consider C0 without loss of generality, C0 C 0/1

105 Most exciting part!!! Assume all configurations in D are univalent.
There exists both 0-valent configuration and 1-valent configuration in D. C is bivalent, so for i in {0, 1} there exists a Ci reachable from C that is i-valent. Consider C0 without loss of generality, A schedule without applying e C0 C 0/1

106 Most exciting part!!! Assume all configurations in D are univalent.
There exists both 0-valent configuration and 1-valent configuration in D. C is bivalent, so for i in {0, 1} there exists a Ci reachable from C that is i-valent. Consider C0 without loss of generality, A schedule without applying e Apply e C0 D0 C 0/1

107 Most exciting part!!! Assume all configurations in D are univalent.
There exists both 0-valent configuration and 1-valent configuration in D. C is bivalent, so for i in {0, 1} there exists a Ci reachable from C that is i-valent. Consider C0 without loss of generality, A schedule without applying e Apply e C0 D0 C 0/1

108 Most exciting part!!! Assume all configurations in D are univalent.
There exists both 0-valent configuration and 1-valent configuration in D. C is bivalent, so for i in {0, 1} there exists a Ci reachable from C that is i-valent. Consider C0 without loss of generality, A schedule already applied e C0 C 0/1

109 Most exciting part!!! Assume all configurations in D are univalent.
There exists both 0-valent configuration and 1-valent configuration in D. C is bivalent, so for i in {0, 1} there exists a Ci reachable from C that is i-valent. Consider C0 without loss of generality, Apply e C C’ D0 C’’ C0 0/1

110 Most exciting part!!! Assume all configurations in D are univalent.
There exists both 0-valent configuration and 1-valent configuration in D. C is bivalent, so for i in {0, 1} there exists a Ci reachable from C that is i-valent. Consider C0 without loss of generality, Apply e C C’ D0 C’’ C0 0/1

111 Most exciting part!!! Assume all configurations in D are univalent.
There exists both 0-valent configuration and 1-valent configuration in D. C is bivalent, so for i in {0, 1} there exists a Ci reachable from C that is i-valent. Consider C0 without loss of generality, There exists D0 that is 0-valent.

112 Most exciting part!!! Assume all configurations in D are univalent.
There exists both 0-valent configuration and 1-valent configuration in D. Without loss of generality, assume D0=e(C) in D is 0-valent

113 Most exciting part!!! Assume all configurations in D are univalent.
There exists both 0-valent configuration and 1-valent configuration in D. Without loss of generality, assume D0=e(C) in D is 0-valent Neighbor: one result from the other in a single step C E1

114 Most exciting part!!! Assume all configurations in D are univalent. There exists both 0-valent configuration and 1-valent configuration in D. Without loss of generality, assume D0=e(C) in D is 0-valent Neighbor: one result from the other in a single step ... ... C E1 Ei Ei+1 Ek e=(p, m) Dk 1

115 Most exciting part!!! Assume all configurations in D are univalent. There exists both 0-valent configuration and 1-valent configuration in D. Without loss of generality, assume D0=e(C) in D is 0-valent Neighbor: one result from the other in a single step ... ... C E1 Ei Ei+1 Ek e=(p, m) e=(p, m) D0 Dk 1

116 Most exciting part!!! Assume all configurations in D are univalent. There exists both 0-valent configuration and 1-valent configuration in D. Without loss of generality, assume D0=e(C) in D is 0-valent Neighbor: one result from the other in a single step ... ... C E1 Ei Ei+1 Ek e=(p, m) D0 D1 Di Di+1 Dk 1 1

117 Most exciting part!!! Assume all configurations in D are univalent. There exists both 0-valent configuration and 1-valent configuration in D. Without loss of generality, assume D0=e(C) in D is 0-valent Neighbor: one result from the other in a single step ... ... e’=(p’, m’) C E1 Ei Ei+1 Ek e=(p, m) D0 D1 Di Di+1 Dk 1 1

118 ... ... Most exciting part!!! Case 1: p’ != p Ei e e’ Di Ei+1 e Di+1
Neighbor: one result from the other in a single step ... ... e’=(p’, m’) C E1 Ei Ei+1 Ek e=(p, m) D0 D1 Di Di+1 Dk 1 1

119 ... ... Most exciting part!!! Case 1: p’ != p Apply Lemma 1 Ei e e’ Di
Neighbor: one result from the other in a single step ... ... e’=(p’, m’) C E1 Ei Ei+1 Ek e=(p, m) D0 D1 Di Di+1 Dk 1 1

120 ... ... Most exciting part!!! Case 1: p’ != p Apply Lemma 1 Ei e e’ Di
Neighbor: one result from the other in a single step ... ... e’=(p’, m’) C E1 Ei Ei+1 Ek e=(p, m) D0 D1 Di Di+1 Dk 1 1

121 ... ... Most exciting part!!! Case 1: p’ != p Apply Lemma 1 Ei e e’ Di
Neighbor: one result from the other in a single step ... ... e’=(p’, m’) C E1 Ei Ei+1 Ek e=(p, m) D0 D1 Di Di+1 Dk 1 1

122 ... ... Most exciting part!!! Case 2: p’ = p e Ei e’ Di Ei+1 e Di+1
Neighbor: one result from the other in a single step ... ... e’=(p’, m’) C E1 Ei Ei+1 Ek e=(p, m) D0 D1 Di Di+1 Dk 1 1

123 ... ... Most exciting part!!! Case 2: p’ = p e Ei e’ Di Ei+1 e
A deciding S (p takes no steps) Di+1 Case 2: p’ = p A Neighbor: one result from the other in a single step ... ... e’=(p’, m’) C E1 Ei Ei+1 Ek e=(p, m) D0 D1 Di Di+1 Dk 1 1

124 ... ... Most exciting part!!! Case 2: p’ = p Apply Lemma 1 e Ei e’ Di
A deciding S (p takes no steps) Di+1 Case 2: p’ = p Apply Lemma 1 S A e C0 Neighbor: one result from the other in a single step ... ... e’=(p’, m’) C E1 Ei Ei+1 Ek e=(p, m) D0 D1 Di Di+1 Dk 1 1

125 ... ... Most exciting part!!! Case 2: p’ = p Apply Lemma 1 e Ei e’ Di
A deciding S (p takes no steps) Di+1 Case 2: p’ = p Apply Lemma 1 S A e C0 Neighbor: one result from the other in a single step ... ... e’=(p’, m’) C E1 Ei Ei+1 Ek e=(p, m) D0 D1 Di Di+1 Dk 1 1

126 ... ... Most exciting part!!! Case 2: p’ = p Apply Lemma 1 e Ei e’ Di
A deciding S (p takes no steps) Di+1 Case 2: p’ = p Apply Lemma 1 S S A e’ e e C0 C1 Neighbor: one result from the other in a single step ... ... e’=(p’, m’) C E1 Ei Ei+1 Ek e=(p, m) D0 D1 Di Di+1 Dk 1 1

127 ... ... Most exciting part!!! Case 2: p’ = p Apply Lemma 1 e Ei e’ Di
A deciding S (p takes no steps) Di+1 Case 2: p’ = p Apply Lemma 1 S S A e’ e e C0 C1 Neighbor: one result from the other in a single step ... ... e’=(p’, m’) 1 C E1 Ei Ei+1 Ek e=(p, m) D0 D1 Di Di+1 Dk 1 1

128 ... ... Most exciting part!!! Case 2: p’ = p Apply Lemma 1 e Ei e’ Di
A deciding S (p takes no steps) Di+1 Case 2: p’ = p Apply Lemma 1 S S A e’ e e C0 C1 Neighbor: one result from the other in a single step ... ... e’=(p’, m’) 1 C E1 Ei Ei+1 Ek e=(p, m) D0 D1 Di Di+1 Dk 1 1

129 Most exciting part!!! Assume all configurations in D are univalent.
There exists both 0-valent configuration and 1-valent configuration in D. Without loss of generality, assume D0=e(C) in D is 0-valent Contradiction!

130 Proof Outline For any protocol, there is an initial configuration that is bivalent Then there is another bivalent configuration reachable from it after applying some event And another reachable bivalent configuration An infinite undeciding run

131 Most exciting part!!! Construct an infinite undeciding admissible run

132 Most exciting part!!! Construct an infinite undeciding admissible run
By Lemma 2 0/1

133 Most exciting part!!! Construct an infinite undeciding admissible run
S1 applying e1 = receive(p1) last C0 C1 By Lemma 2 By Lemma 3 0/1 0/1

134 Most exciting part!!! Construct an infinite undeciding admissible run
S2 applying e2 = receive(p2) last S1 applying e1 = receive(p1) last C0 C1 C2 By Lemma 2 By Lemma 3 By Lemma 3 0/1 0/1 0/1

135 Most exciting part!!! Construct an infinite undeciding admissible run
S2 applying e2 = receive(p2) last S1 applying e1 = receive(p1) last S3 applying e3 = receive(p3) last C0 C1 C2 C3 By Lemma 2 By Lemma 3 By Lemma 3 By Lemma 3 0/1 0/1 0/1 0/1

136 Most exciting part!!! Construct an infinite undeciding admissible run
S2 applying e2 = receive(p2) last S4 applying e4 = receive(p1) last S1 applying e1 = receive(p1) last S3 applying e3 = receive(p3) last C0 C1 C2 C3 C4 By Lemma 2 By Lemma 3 By Lemma 3 By Lemma 3 By Lemma 3 0/1 0/1 0/1 0/1 0/1

137 Most exciting part!!! Construct an infinite undeciding admissible run S2 applying e2 = receive(p2) last S4 applying e4 = receive(p1) last S1 applying e1 = receive(p1) last S3 applying e3 = receive(p3) last ... C0 C1 C2 C3 C4 By Lemma 2 By Lemma 3 By Lemma 3 By Lemma 3 By Lemma 3 0/1 0/1 0/1 0/1 0/1

138 Most exciting part!!! Construct an infinite undeciding admissible run S2 applying e2 = receive(p2) last S4 applying e4 = receive(p1) last S1 applying e1 = receive(p1) last S3 applying e3 = receive(p3) last ... C0 C1 C2 C3 C4 By Lemma 2 By Lemma 3 By Lemma 3 By Lemma 3 By Lemma 3 0/1 0/1 0/1 0/1 0/1 An infinite UNDECIDING run

139 Assume to the contrary that there exists P such that
P is partially correct Agreement + Validity Every admissible run of P is a deciding run Termination

140 Assume to the contrary that there exists P such that
P is partially correct Agreement + Validity Every admissible run of P is a deciding run Termination Contradiction!

141 Wrap-up Computation determinism Deterministic Probabilistic
Timing assumptions Synchronous Asynchronous Failure model Fail-stop Crash Byzantine Permissionless Byzantine

142 Wrap-up Computation determinism Deterministic Probabilistic
Timing assumptions Synchronous Asynchronous Failure model Fail-stop Crash Byzantine Permissionless Byzantine

143 Wrap-up Impossibility Computation determinism Deterministic
Probabilistic Timing assumptions Synchronous Asynchronous Failure model Fail-stop Crash Byzantine Permissionless Byzantine Impossibility

144 Takeaway You CANNOT guarantee safety and liveness at the same time!

145 Takeaway You CANNOT guarantee safety and liveness at the same time!
But you CAN get around FLP: Release the failure model

146 Release the failure model
The majority are non-faulty No process dies during the execution of the protocol Two-stage protocol: Listens for messages from L- 1 other processes, L=N/2+1 (WHY?), and construct the incoming stream graph G Construct G+ and make decision upon values from the unique initial clique

147 Takeaway You CANNOT guarantee safety and liveness at the same time!
But you CAN get around FLP: Release the failure model Terminate with probability of 1 instead of ALWAYS

148 Terminate with probability of 1 instead of ALWAYS
Use randomization to terminate with arbitrarily high probability M. Ben Or. “Another advantage of free choice: completely asynchronous agreement protocols” (PODC 1983, pp )

149 Takeaway You CANNOT guarantee safety and liveness at the same time!
But you CAN get around FLP: Release the failure model Terminate with probability of 1 instead of ALWAYS Use failure detector

150 Use failure detector Introduce failure detectors to distinguish between crashed processes and very slow processes Chandra, T.D., Hadzilacos, V. and Toueg, S., The weakest failure detector for solving consensus. Journal of the ACM (JACM), 43(4), pp

Download ppt "FLP Impossibility of Consensus"

Similar presentations

Distributed Computing 8. Impossibility of consensus Shmuel Zaks ©

Distributed Computing 8. Impossibility of consensus Shmuel Zaks ©
Impossibility of Distributed Consensus with One Faulty Process

Impossibility of Distributed Consensus with One Faulty Process
Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu.

Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu.
The weakest failure detector question in distributed computing Petr Kouznetsov Distributed Programming Lab EPFL.

The weakest failure detector question in distributed computing Petr Kouznetsov Distributed Programming Lab EPFL.
CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Consensus --- 2 Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Consensus Steve Ko Computer Sciences and Engineering University at Buffalo.
6.852: Distributed Algorithms Spring, 2008 Class 16.

6.852: Distributed Algorithms Spring, 2008 Class 16.
Distributed Computing 8. Impossibility of consensus Shmuel Zaks ©

Distributed Computing 8. Impossibility of consensus Shmuel Zaks ©
CSE 486/586, Spring 2013 CSE 486/586 Distributed Systems Consensus Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 486/586, Spring 2013 CSE 486/586 Distributed Systems Consensus Steve Ko Computer Sciences and Engineering University at Buffalo.
Announcements. Midterm Open book, open note, closed neighbor No other external sources No portable electronic devices other than medically necessary medical.

Announcements. Midterm Open book, open note, closed neighbor No other external sources No portable electronic devices other than medically necessary medical.
Distributed Algorithms – 2g1513 Lecture 10 – by Ali Ghodsi Fault-Tolerance in Asynchronous Networks.

Distributed Algorithms – 2g1513 Lecture 10 – by Ali Ghodsi Fault-Tolerance in Asynchronous Networks.
CS 425 / ECE 428 Distributed Systems Fall 2014 Indranil Gupta (Indy) Lecture 13: Impossibility of Consensus All slides © IG.

CS 425 / ECE 428 Distributed Systems Fall 2014 Indranil Gupta (Indy) Lecture 13: Impossibility of Consensus All slides © IG.
Computer Science 425 Distributed Systems CS 425 / ECE 428 Consensus

Computer Science 425 Distributed Systems CS 425 / ECE 428 Consensus
Consensus Hao Li.

Consensus Hao Li.
Distributed Computing 8. Impossibility of consensus Shmuel Zaks ©

Distributed Computing 8. Impossibility of consensus Shmuel Zaks ©
Structure of Consensus 1 The Structure of Consensus Consensus touches upon the basic “topology” of distributed computations. We will use this topological.

Structure of Consensus 1 The Structure of Consensus Consensus touches upon the basic “topology” of distributed computations. We will use this topological.
Asynchronous Consensus (Some Slides borrowed from ppt on Web.(by Ken Birman) )

Asynchronous Consensus (Some Slides borrowed from ppt on Web.(by Ken Birman) )
CPSC 668Set 9: Fault Tolerant Consensus1 CPSC 668 Distributed Algorithms and Systems Fall 2006 Prof. Jennifer Welch.

CPSC 668Set 9: Fault Tolerant Consensus1 CPSC 668 Distributed Algorithms and Systems Fall 2006 Prof. Jennifer Welch.
CPSC 668Set 9: Fault Tolerant Consensus1 CPSC 668 Distributed Algorithms and Systems Spring 2008 Prof. Jennifer Welch.

CPSC 668Set 9: Fault Tolerant Consensus1 CPSC 668 Distributed Algorithms and Systems Spring 2008 Prof. Jennifer Welch.
Impossibility of Distributed Consensus with One Faulty Process Michael J. Fischer Nancy A. Lynch Michael S. Paterson Presented by: Oren D. Rubin.

Impossibility of Distributed Consensus with One Faulty Process Michael J. Fischer Nancy A. Lynch Michael S. Paterson Presented by: Oren D. Rubin.
Distributed systems Module 2 -Distributed algorithms Teaching unit 1 – Basic techniques Ernesto Damiani University of Bozen Lesson 4 – Consensus and reliable.

Distributed systems Module 2 -Distributed algorithms Teaching unit 1 – Basic techniques Ernesto Damiani University of Bozen Lesson 4 – Consensus and reliable.

Similar presentations

Ads by Google