Presentation is loading. Please wait.

Presentation is loading. Please wait.

Impossibility of Distributed Consensus with One Faulty Process Michael J. Fischer Nancy A. Lynch Michael S. Paterson Presented by: Oren D. Rubin.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Impossibility of Distributed Consensus with One Faulty Process Michael J. Fischer Nancy A. Lynch Michael S. Paterson Presented by: Oren D. Rubin."— Presentation transcript:

1 Impossibility of Distributed Consensus with One Faulty Process Michael J. Fischer Nancy A. Lynch Michael S. Paterson Presented by: Oren D. Rubin

2 Agenda:  Motivation  The Consensus Problem  Goal  Assumptions   Terminology   Main

3 Motivation General 1 ’ s army General 4 ’ s army General 3 ’ s army General 2 ’ s army 4 allied armies, each one led by a general, besiege a castle. To seize castle, all four must attack together, otherwise armies defeats Communications by messengers, reliable, but take unbounded time … A Generals may get killed !! (and never be replaced)

4 Motivation … Transaction commit – all data managers must make the same decision in order to preserve the consistency of the database. Can I commit? Yes!! No!!

5 The Consensus Problem There is a set of distributed processes with initial There is a set of distributed processes with initial values  {0,1} – This strengthen the impossibility result and simplifies the discussion. They must all decide on the same value  {0,1}, based on their initial states. They must all decide on the same value  {0,1}, based on their initial states. There must be some initial state of the process set for which the reached decision is 0 and another for which it is 1. There must be some initial state of the process set for which the reached decision is 0 and another for which it is 1. – To avoid trivial consensus protocols (which always result in the same decision) Some “ non-faulty ” processes eventually decide on some value and this decision is irrevocable Some “ non-faulty ” processes eventually decide on some value and this decision is irrevocable

6 Goal No completely asynchronous consensus protocol can tolerate even a single unannounced process death (no Byzantine failures).

7 Assumptions Processing is completely asynchronous  Reliable, includes “ atomic broadcast ” (virtual synchrony), could be out of order.  No assumptions about the relative speeds of processes.  Unknown delay time in message delivery.  No access to synchronized clocks (no time - outs).  No ability to detect the death of a process.

8 Terminology System Model - message passing based. System Model - message passing based. – –message is a pair of (p, m) : destination process and message value N (>1) processes N (>1) processes The message system – –Holds a message buffer Unbounded. – –Supports operations Send(p,m) - places (p,m) in message buffer. Receive(p) – extract a message (p,m) from the message buffer (m is delivered) or return “ null ” (finite number of times).

9 Terminology... Process – automaton, finite or infinite states (deterministic). Process – automaton, finite or infinite states (deterministic). Each process p comprises an internal state –Input register Xp - fixed initial value. –output register Ypfixed –output register Yp - initialed with ‘ b ’ (blank), fixed after rewritten. –Internal storageinitial –Internal storage - unbounded, fixed initial value. Performs atomic steps (A.K.A. events) composed of - – –Receive a message (could be “ null ” ). – –Changes state (depending on message received). – –Sends finite set of messages to other processes Configuration – system ’ s global state, comprises all processes ’ internal states and the message buffer – –Initial configuration: initial states for all processes and message buffer is empty. – –A step takes one configuration to another (completely determined by (p,m) ).

10 Event: (on process p) e = (p,m) : process p performs an atomic step. – –Message m delivered to p. – –Triggers state transition in p. – –Finite number of message sent by p (p, “ null ” ) can always be applied on a configuration Event e applicable to configuration C: if e message buffer or e = (p, “ null ” ). e(C): resulting configuration after applying event e on configuration C: – –Process p has a new internal state (the one resulted from message being delivered). – –All other processes ’ states unchanged. – –Message buffer changed (e removed, process's messages added, if any). Terminology...

11 Schedule (run): finite/infinite sequence of events that can be applied on a configuration C 0. – –Events are applicable to configuration C 0 – –S = e 1 e 2 e 3 … e i … – –S(C 0 ) is the configuration resulted a finite run. Reachable configuration C ’ from C: If a finite run S exists such that S(C 0 ) = C ’. If C 0 is an initial configuration then C ’ is said to be accessible. C0C0 C1C1 C2C2 CiCi e1e3e2e i+1 eiei … Terminology...

12 Non-faulty process in a run: a process that take infinitely number of steps on that run, Faulty otherwise. Non-faulty process in a run: a process that take infinitely number of steps on that run, Faulty otherwise. Admissible run: a run with one faulty member at most and all messages to non-faulty members will be delivered eventually. Admissible run: a run with one faulty member at most and all messages to non-faulty members will be delivered eventually. Decision value of a configuration C: a set of all processes ’ non-blank Yp values (their decision states). Decision value of a configuration C: a set of all processes ’ non-blank Yp values (their decision states). –Only 4 Decision values possible: {}, {0}, {1}, {0,1} Deciding run: some process reaches a decision states during the run i.e. a process sets his Yp value (to either 0 or 1). Deciding run: some process reaches a decision states during the run i.e. a process sets his Yp value (to either 0 or 1). Partially correct protocol: Partially correct protocol: –All accessible configuration don ’ t have more than one decision value –There exists two accessible configurations G and H S.T. their decision values are {0} and {1} correspondingly Totally correct protocol: Totally correct protocol: –Partially correct. –Every admissible run is a deciding ones.

13 C is 0-valent: for every schedule S applicable to C, if process p decides on a value v in S(C) then v=0. Decision values is either {} or {0} I.e. S(C) Decision values is either {} or {0} C may be 0-valent although no process has decided {0} yet!! C is 1-valent: similar definition. C is univalent: C is either 0-valent or 1-valent I.e. fate of decision definitive!! C is bivalent: exists schedules S 0 and S 1, applicable to C, such that: – –S0(C) is 0-valent – –S1(C) is 1-valent I.e. both decisions are still possible!! Terminology... Terminology... Valence of configuration C

14 e’5e’5 0-valent Configuration p7.Yp = 0 0-valent Configuration p1.Yp = 0 … … e’e’ e ’’ e ’’’’ e ’’’ e bivalent configuration 0-valent configuration bivalent configuration 0-valent configuration 1-valent configuration 1-valent Configuration p7.Yp = 1

15 Main Event Commutatively: Let C be any configuration and e, e ’ be any events applicable to C occurring to different processes. Then e( e ’ (C) )= e ’ ( e(C) ) C0C0 C3C3 C1C1 C2C2 e e’e’ e’e’ e

16 Main Schedule Commutatively: Let C be any configuration and S, S ’ be any events applicable to C occurring to different processes. Then S( S ’ (C) )= S ’ ( S(C) ) C0C0 C3C3 C1C1 C2C2 S S’S’ S’S’ S

17 Event Commutatively Proof: – –Internal states of the process involved are mutual excluded. – –The message buffer is a set. Schedule Commutatively Proof: – –e 1 e 2 e 3 … e i … e n e ’ 1 e ’ 2 e ’ 3 … e ’ i … e ’ m – –e 1 e 2 e 3 … e i … e ’ 1 e n e ’ 2 e ’ 3 … e ’ i … e ’ m – –e ’ 1 e 1 e 2 e 3 … e i … e n e ’ 2 e ’ 3 … e ’ i … e ’ m – –e ’ 1 e ’ 2 e ’ 3 … e ’ i … e ’ m e 1 e 2 e 3 … e i … e n Main SS’S’ S’S’ S

18 Lemma 1: Every Totally correct protocol has an initial configuration C that is bivalent Lemma 1: Every Totally correct protocol has an initial configuration C that is bivalent – –There is an initial configuration C 0 that is 0-valent – –There is an initial configuration C 1 that is 1-valent –Let ’ s assume the contrary, that all configuration are univalent (since the protocol is partial correct). Adjacent configuration: 2 configurations are adjacent is they differ in only one process ’ s (process p i ) Xp value. Adjacent configuration: 2 configurations are adjacent is they differ in only one process ’ s (process p i ) Xp value. There must exist adjacent configurations C 0, C 1 S.T. C 0 is 0-valent and C 1 is 1-valent (next slide). Take any admissible deciding run (with schedule S) where process p i takes no steps (one faulty process allowed). S can be applied to both C 0 and C 1 and they both will reach the same decision value (since nothing changes except p i ’ s Xp value which is untouched). decision value=1  C 0 is bivalent. decision value=0  C 1 is bivalent. Contradiction!!! Main

19 Main P1P1 P0P0 PiPi PnPn processes Xp=0 Xp=1 Xp=0 Xp=1 Xp=0 Xp=1 0-valent 1-valent Xp=1 Xp=0 adjacent Not necessary The 1-valent

20 Lemma 2: Lemma 2: Let C be any bivalent configuration, and e be any event applicable to C. There exists a finite schedule S applicable to C that does not contain e, such that e( S (C) ) is also bivalent. F = { S(C) : S finite schedule applicable to C that does not contain e} D = {e(C ’ ) : C ’ F} Need to show that D contains a bivalent configuration. Main ee ee e e e e e D configurations F configurations Bivalent

21 Assume the contrary, D doesn ’ t have a bivalent configuration Neighbors configuration: configuration C 0 and C 1 are neighbors if one resulted from the other in one step e ’ = (p ’,m ’ ) There exists neighbors C 0, C 1 S.T. C 1 =e ’ (C 0 ) or C 0 =e ’ (C 1 ) And that D 1 =e(D 0 ), D 0 =e(D 1 ) are 1-valent and 0-valent correspondingly (next slide) Main

22 Key: Though each run can be infinite, in finite number of step the run is decided Key: Though each run can be infinite, in finite number of step the run is decided Algorithm to finding Algorithm to finding C 0, C 1 a. a.Start with a bivalent configuration b. b.If there exists an event e ’’ that leads to bivalent configuration then go to b with e(C). else (must be eventually because protocol is totally correct) all events lead to univalent configuration including e (which lead to a 0-valent or a 1-valent configuration) but there must exist another event e ’’’ which leads to the other-valent (since we reached a bivalent configuration) Main e’5e’5 0-valent Configuration p7.Yp = 0 0-valent Configuration p1.Yp = 0 … … e ’’’’ e ’’ e’e’ e ’’’ e bivalent configuration 0-valent configuration bivalent configuration 0-valent configuration 1-valent configuration 1-valent Configuration p7.Yp = 1 C0C0 C1C1

23 Without loss of generality Without loss of generality C 1 =e ’ (C 0 ) Main … (proof continued) e’e’ e C0C0 D0D0 C1C1 F configurations D configurations D1D1 e

24 Case 1: p not equals to p ’ – –By the commutatively property D 1 is 0-valent and 1-valent, Contradiction!! Main e’e’ e C0C0 D0D0 C1C1 F configurations D configurations D1D1 e e’e’

25 Case 1: p equals to p ’ – –Be S the schedule of a finite deciding run in which process p takes no steps (S is applicable to D 1 and D 0 due to commutatively) S(C 0 )=A by commutatively e(A)=E 0 = S( e(C 0 ) ) which is 0-valent configuration Also by commutatively e(A)=E 1 = S( e ’ ( e(C 0 ) ) ) which is 1-valent configuration But since S is a deciding run A must be a univalent configuration and applying events on it only lead to univalent configuration Contradiction !! – – Main e’e’ e C0C0 D0D0 C1C1 e e’e’ E0E0 S A S e e D1D1 E0E0 S 0-valent 1-valent

26 The last 2 contradictions proved that D contains a bivalent configuration. The last 2 contradictions proved that D contains a bivalent configuration. The idea: postpone the event that leads to a univalent configuration by that delaying the decision. The idea: postpone the event that leads to a univalent configuration by that delaying the decision. The algorithm: The algorithm: a. Execution begins with the bivalent configuration C 0 which is promised. b. we order the messages in the message buffer, according to the time they were sent, earliest first. c. We go over the processes in a round robin fashion (infinitely), for each process: Let m be the first message in the message buffer destined to the process in the head of the queue or “ null ” Let m be the first message in the message buffer destined to the process in the head of the queue or “ null ” By lemma 2 there exists a bivalent configuration C ’ S.T. C ’ is reachable from C by a schedule S in which (p,m) is the last step applied. By lemma 2 there exists a bivalent configuration C ’ S.T. C ’ is reachable from C by a schedule S in which (p,m) is the last step applied. We apply S. We apply S. since all messages are delivered this infinite run is admissible. Main … finally

27 THE END

Download ppt "Impossibility of Distributed Consensus with One Faulty Process Michael J. Fischer Nancy A. Lynch Michael S. Paterson Presented by: Oren D. Rubin."

Similar presentations

Distributed Computing 8. Impossibility of consensus Shmuel Zaks ©

Distributed Computing 8. Impossibility of consensus Shmuel Zaks ©
Impossibility of Distributed Consensus with One Faulty Process

Impossibility of Distributed Consensus with One Faulty Process
Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu.

Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu.
CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Consensus --- 2 Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Consensus Steve Ko Computer Sciences and Engineering University at Buffalo.
6.852: Distributed Algorithms Spring, 2008 Class 7.

6.852: Distributed Algorithms Spring, 2008 Class 7.
Distributed Computing 8. Impossibility of consensus Shmuel Zaks ©

Distributed Computing 8. Impossibility of consensus Shmuel Zaks ©
CSE 486/586, Spring 2013 CSE 486/586 Distributed Systems Consensus Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 486/586, Spring 2013 CSE 486/586 Distributed Systems Consensus Steve Ko Computer Sciences and Engineering University at Buffalo.
Announcements. Midterm Open book, open note, closed neighbor No other external sources No portable electronic devices other than medically necessary medical.

Announcements. Midterm Open book, open note, closed neighbor No other external sources No portable electronic devices other than medically necessary medical.
Distributed Algorithms – 2g1513 Lecture 10 – by Ali Ghodsi Fault-Tolerance in Asynchronous Networks.

Distributed Algorithms – 2g1513 Lecture 10 – by Ali Ghodsi Fault-Tolerance in Asynchronous Networks.
CS 425 / ECE 428 Distributed Systems Fall 2014 Indranil Gupta (Indy) Lecture 13: Impossibility of Consensus All slides © IG.

CS 425 / ECE 428 Distributed Systems Fall 2014 Indranil Gupta (Indy) Lecture 13: Impossibility of Consensus All slides © IG.
Computer Science 425 Distributed Systems CS 425 / ECE 428 Consensus

Computer Science 425 Distributed Systems CS 425 / ECE 428 Consensus
Consensus Hao Li.

Consensus Hao Li.
Distributed Computing 8. Impossibility of consensus Shmuel Zaks ©

Distributed Computing 8. Impossibility of consensus Shmuel Zaks ©
Structure of Consensus 1 The Structure of Consensus Consensus touches upon the basic “topology” of distributed computations. We will use this topological.

Structure of Consensus 1 The Structure of Consensus Consensus touches upon the basic “topology” of distributed computations. We will use this topological.
Distributed systems Module 2 -Distributed algorithms Teaching unit 1 – Basic techniques Ernesto Damiani University of Bozen Lesson 3 – Distributed Systems.

Distributed systems Module 2 -Distributed algorithms Teaching unit 1 – Basic techniques Ernesto Damiani University of Bozen Lesson 3 – Distributed Systems.
 Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 1 Principles of Reliable Distributed Systems Lecture 7: Failure Detectors.

 Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 7: Failure Detectors.
Asynchronous Consensus (Some Slides borrowed from ppt on Web.(by Ken Birman) )

Asynchronous Consensus (Some Slides borrowed from ppt on Web.(by Ken Birman) )
CPSC 668Set 9: Fault Tolerant Consensus1 CPSC 668 Distributed Algorithms and Systems Fall 2006 Prof. Jennifer Welch.

CPSC 668Set 9: Fault Tolerant Consensus1 CPSC 668 Distributed Algorithms and Systems Fall 2006 Prof. Jennifer Welch.
CPSC 668Set 9: Fault Tolerant Consensus1 CPSC 668 Distributed Algorithms and Systems Spring 2008 Prof. Jennifer Welch.

CPSC 668Set 9: Fault Tolerant Consensus1 CPSC 668 Distributed Algorithms and Systems Spring 2008 Prof. Jennifer Welch.
1 Fault-Tolerant Consensus. 2 Failures in Distributed Systems Link failure: A link fails and remains inactive; the network may get partitioned Crash:

1 Fault-Tolerant Consensus. 2 Failures in Distributed Systems Link failure: A link fails and remains inactive; the network may get partitioned Crash:

Similar presentations

Ads by Google