# A General Characterization of Indulgence R. Guerraoui EPFL joint work with N. Lynch (MIT)

## Presentation on theme: "A General Characterization of Indulgence R. Guerraoui EPFL joint work with N. Lynch (MIT)"— Presentation transcript:

A General Characterization of Indulgence R. Guerraoui EPFL joint work with N. Lynch (MIT)

Indulging ourselves with a good Texan steak… Not really…

Indulging into some fancy activities

« He that is without sin among you, let him cast the first stone at her » John 8:3-11 Rather

An indulgent algorithm is a forgiving distributed algorithm

Roadmap A non-indulgent algorithm Indulgence is good but hard Characterizing indulgence

Distributed system: a finite set of acquainted processes that can crash P1 P3 P2 crash

Example: consensus Processes propose values and have to decide on one among these values Key to implementing reliable distributed services

Consensus C1. Validity: Any value decided is a value proposed C2. Agreement: No two correct processes decide differently C3. Termination: Every correct process eventually decides C4. Integrity: No process decides twice

P1 P2 P3 Assuming synchronous rounds

Consensus algorithm (leader) In round i, Pi is the leader The leader of a round decides its current proposal and broadcasts it to all

Consensus algorithm (non-leader) At the end of a round, a process that is not leader in the round adopts the proposal of the leader in that round, if any

P1 P2 P3 propose(0)decide(0) propose(1) propose(0) Consensus algorithm decide(0)

P1 P2 P3 propose(0) propose(1) propose(0) decide(1) crash Consensus algorithm

Correctness argument Let pi be the correct process with the smallest id in a run R. Assume pi decides v. If i = n, then pn is the only correct process. Otherwise, in round i < n, all correct processes receive v and will not decide anything different from v.

This consensus algorithm is however not very forgiving…

Agreement is violated if a round is not synchronous (no safety) P1 P2 P3 propose(0) propose(1) decide(1) decide(0) P1 dead? decide(1)

We want an algorithm that forgives asynchronous rounds….. … We want some indulgence

Roadmap A non-indulgent algorithm Indulgence is good but hard Characterizing indulgence

Rounds can be asynchronous P1 P2 P3 propose(0) propose(1) decide(1) decide(0) P1 dead? decide(1)

Indulgent consensus: Idea 1 The processes alternate the roles of leaders until one of them decides

Indulgent consensus P1 P2 P3 propose(0) propose(1) propose(0) p1’s round p2’s round p3’s round p1’s round etc

Indulgent consensus: Idea 2 A leader does not decide unless it gets a majority of support

Indulgent consensus P1 P2 P3 propose(0) propose(1) propose(0) p1’s round p2’s round p3’s round p1’s round etc

Zooming in a round To decide, leader executes steps 1-2-3 1. leader selects among a majority the latest adopted value (latest with respect to the round in which the value is adopted –step 2) 2. leader imposes that value at a majority: any process in that majority adopts that value – pi fails if it is suspected 3. leader decides and broadcasts the decision to all

Zooming in a round P1 P2 P3 propose(0) decide(0) propose(1) propose(0) decide(0) [0] step 1 step 2 round 1 step 3 [1] [0]

Indulgent consensus: Idea 3 A leader decides as soon as it is ahead by one synchronous round (FLP is watching you…)

There are indeed consensus algorithms that preserve agreement in asynchronous rounds and terminate whenever rounds are synchronous

Such algorithms preserves safety in asynchronous rounds and ensure liveness whenever rounds are synchronous

« While there is life, there is hope » Cicero

Indulgent algorithms are tricky Majority Timestamp

What about other problems? Is there an indulgent atomic commit algorithm?

What is actually an indulgent atomic commit algorithm?

An algorithm is indulgent if it preserves safety in asynchronous rounds and ensures liveness whenever rounds are synchronous

Is there an indulgent atomic commit algorithm? NO :(((

What about a shared memory or a radio model? What if powerful communication services are available?

An algorithm is indulgent if it tolerates timing failures (or unreliable failure detection)

General characterization of indulgence

We know it when we see it…

Roadmap A non-indulgent algorithm Indulgence is good but hard Characterizing indulgence

How to characterize indulgence? Independently of a specific distributed system model, be it time-based, round-based, message passing, broadcast, shared memory,…

Let’s take some perspective

What is distributed computing anyway?

Distributed computing is a game

A game between a scheduler and a set of processes

The scheduler decides which process goes next The processes take steps

R P1;P2;P1;P1;P2;P2;P1;P1;P1;P1….

Of runs and interleavings An algorithm is characterized by a unique set of event sequences called runs The sequence of process ids in a run is an interleaving

Of runs and interleavings I(R ) = P1;P2;P1;P2 R

An algorithm tolerates a set of possible interleavings Example: a k-resilient algorithm assumes that at least k processes are scheduler infinitely often

Ideally, we would like to characterize indulgence as a general property of histories and interleavings

Any finite run of an indulgent algorithm can be extended with steps of any process Candidate characterization

P1 P2 P3 propose(0) propose(1) decide(1) decide(0) P1 dead? decide(1)

But… we want to preclude algorithms that rely on the knowledge that: - one out of 2 processes stop taking steps, or - two processes will go in lock- step

Any finite run of an indulgent algorithm can be extended with any interleaving Candidate characterization 2

P1 P2 P3 propose(0) propose(1) decide(1) decide(0) P1 dead? decide(1)

But we do not want to preclude k-resilient algorithms

How to capture indulgence without precluding t-resilient algorithms?

Murphy to the rescue An algorithm is indulgent if each finite run can be extended with any possible interleaving NB. If the finite run belongs to the algorithm, so does the extension

Positive results Indulgent algorithms are Safe and Uniform

propose(0) decide(0) propose(1) propose(0) decide(1) crash Uniformity

Indulgent algorithms cannot be Failure-sensitive or Divergent Negative results

Other results Fast indulgent consensus (Dutta) Generic indulgent consensus (Raynal) Indulgent atomic broadcast (Brasileiro; Rodrigues) The GIRAF framework (Keidar/Shraer)

Open problems What can be solved in an indulgent manner? What is the inherent price of indulgence? How to automatically generate indulgent algorithms?

Download ppt "A General Characterization of Indulgence R. Guerraoui EPFL joint work with N. Lynch (MIT)"

Similar presentations