CPSC 668 Distributed Algorithms and Systems

advertisement
CPSC 668
Distributed Algorithms and
Systems
Fall 2006
Prof. Jennifer Welch
CPSC 668
Set 11: Asynchronous Consensus
1
Impossibility of Asynchronous Consensus
1. Show impossible in read/write shared memory
with n processors and n - 1 faults
•
•
prove directly: not hard since so many faults
implies there is no 2-proc algorithm for 1 fault
2. Show impossible in r/w shared memory with n
processors and 1 fault. Use reduction:
•
use a hypothetical n-proc algorithm for 1 fault as a
subroutine to design a 2-proc algorithm for 1 fault
3. Show impossible in message passing with n
processors and 1 fault. Use reduction:
•
use a hypothetical message passing algorithm as a
subroutine to design a shared memory algorithm
CPSC 668
Set 11: Asynchronous Consensus
2
Modeling Asynchronous Systems
with Crash Failures
• Let f be the maximum number of faulty
processors.
• For both SM and MP: All but f of the
processors must take an infinite number of
steps in an admissible execution.
• For MP: Also require that all messages sent
must eventually be delivered, except for
those sent by a faulty processor in its last
step, which might or might not be delivered.
CPSC 668
Set 11: Asynchronous Consensus
3
Wait-Free Algorithms
• An algorithm for n processors is wait-free if it
can tolerate n - 1 failures.
• Intuition is that a nonfaulty processor does
not wait for other processors to do something:
it cannot, because it might be the only
processor left alive.
• First result is to show that there is no waitfree consensus algorithm in the
asynchronous r/w shared memory model.
CPSC 668
Set 11: Asynchronous Consensus
4
Impossibility of Wait-Free
Consensus
• Suppose in contradiction there is an nprocessor algorithm for n - 1 faults in the
asynchronous read/write shared memory
model.
• Proof is similar to that showing f + 1 rounds
are necessary in the synchronous message
passing model.
bivalent
initial
config
CPSC 668
bivalent
config
bivalent
config
bivalent
config
Set 11: Asynchronous Consensus
…
bivalent
config
5
Modified Notion of Bivalence
• In the synchronous round lower bound
proof, valency referred to which
decisions are reachable in failuresparse admissible executions.
• For this proof, we are concerned with
which decisions are reachable in any
execution, as long as it is admissible
(for the asynchronous shared memory
model with up to n - 1 failures).
CPSC 668
Set 11: Asynchronous Consensus
6
Univalent Similarity
Lemma (5.15): If C1 and C2 are both
univalent and they are similar w.r.t. pi,
then they have the same valency.
Proof:
pi-only 
C1
v-valent
pi decides
v

C2
w-valent
CPSC 668
pi decides
v
Set 11: Asynchronous Consensus
7
Bivalent Initial Configuration
Lemma (5.16): There exists a bivalent
initial configuration
Proof is a simpler version of what we did
for the synchronous f + 1 round lower
bound proof.
CPSC 668
Set 11: Asynchronous Consensus
8
Critical Processors
If C is bivalent and i(C) (result of pi taking one
step) is univalent, then pi is critical in C.
Lemma (5.17): If C is bivalent, then at least
one processor is not critical in C.
Proof: Suppose in contradiction all processors
are critical.
pi
C
bival.
CPSC 668
pj
i(C)
0-val.
Rest of proof is case
analysis of what pi and
pj do in their two steps
j(C)
1-val.
Set 11: Asynchronous Consensus
9
Critical Processors
Case 1: pi and pj access different registers.
i(C)
0-val.
pj
pi
C
bival.
pi
pj
j(C)
1-val.
Case 2: pi and pj read same register. Same proof.
CPSC 668
Set 11: Asynchronous Consensus
10
Critical Processors
Case 3: pi writes to a register R and pj
reads from R.
C
bival.
pj reads from R
pi writes
to R
i(C)
0-val
j(C)
1-val
pi writes
to R
i(j(C))
1-val
look the same to pi
CPSC 668
Set 11: Asynchronous Consensus
11
Critical Processors
Case 4: What if pi and pj both write to the
same shared variable?
• Can "assume away" the problem by
assuming we only have single-writer
shared variables.
• Or, can do a similar proof for this case.
CPSC 668
Set 11: Asynchronous Consensus
12
Finishing the Impossibility Proof
• Create an admissible execution
C0,i1,C1,i2,C2,… in which all configurations
are bivalent.
– contradicts termination requirement
• Start with bivalent initial configuration.
• Suppose we have bivalent Ck. To get
bivalent Ck+1:
– Let pi k+1 be a proc. that is not critical in Ck.
– Let Ck+1 be ik+1(Ck).
CPSC 668
Set 11: Asynchronous Consensus
13
Impossibility of 1-Resilient
Consensus
Even if the ratio of nonfaulty processors
becomes overwhelming, consensus still
cannot be solved in asynchronous SM (with
read/write registers).
1. Assume there exists an algorithm A for n
processors and 1 failure.
2. Use A as a subroutine to design an
algorithm A' for 2 processors and 1 failure.
3. We just showed such an A' cannot exist.
4. Thus A cannot exist.
CPSC 668
Set 11: Asynchronous Consensus
14
Features of Assumed Algorithm
Assume in contradiction that there exists
algorithm A for processors q0, q1, …, qn-1 that
solves consensus with 1 failure.
W.l.o.g., assume A satisfies:
• each qj has a single shared register Rj which
it writes and others read; initially empty
• code of each qj alternates reads and writes,
beginning with a read
• each write step of qj writes qj 's entire current
local state into Rj
CPSC 668
Set 11: Asynchronous Consensus
15
Idea of Simulation
Construct algorithm A' for 2 processors, p0 and p1 that
solves consensus with 1 failure:
• Each pi goes through the qj 's in round robin order, trying
to simulate their steps.
• When pi begins the simulation for each qj, it uses its own
input as the input for qj.
• If pi ever simulates a decision step by some qj, it
decides the same value.
• How do p0 and p1 keep their simulations consistent?
– Steps are grouped into pairs, a read and the
following write.
– p0 and p1 need to "agree" on the value of each qj 's
local state after each pair of steps by qj.
CPSC 668
Set 11: Asynchronous Consensus
16
Keeping Simulations Consistent
• For qj 's k-th pair, p0 and p1 each have a Flag
shared variable and a Suggest shared
variable.
• Assume qj 's (k-1)-st pair has been computed.
• pi calculates its suggestion for qj 's state after
the k-th pair (more details shortly).
• pi checks if p1-i has made a suggestion for this
state of qj.
• If not, then pi sets its Flag to 1.
• If so, then pi sets its Flag to 0.
CPSC 668
Set 11: Asynchronous Consensus
17
Winner for a Pair
Intepretation of Flag shared variables for qj 's k-th
pair:
1. If pi 's Flag is 1, then pi is the winner.
2. If both are 0, then consider p0 the winner.
3. If one is 0 and the other is not yet set, then
winner is not determined.
4. If neither is set yet, then winner is not
determined.
5. Not possible for both to be 1. (Convince
yourself.)
In situations 1 and 2, qj 's k-th pair is said to be
computed.
CPSC 668
Set 11: Asynchronous Consensus
18
Calculating Suggestion for
Simulated State
How does pi calculate its suggestion for qj 's
state after qj 's k-th pair?
• Get qj 's state after qj 's (k-1)-st pair:
– determine winner for that pair
– get the winner's suggestion (in winner's Suggest
variable for that pair)
– (if k - 1 = 0 then use qj 's initial state with pi 's
input)
• Determine (from state just obtained) which
processor's register (say qr) qj is to read in its
k-th pair
CPSC 668
Set 11: Asynchronous Consensus
19
Calculating Suggestion for
Simulated State
• Get current value of qr 's register:
– Find largest m such that qr 's m-th pair has
been computed
– Get the winning suggestion for that pair
• Apply qj 's transition function to qj 's
state after (k-1)-st pair and current value
of qr 's register to get value of qj 's state
after its k-th pair.
CPSC 668
Set 11: Asynchronous Consensus
20
Correctness of 2-Proc. Algorithm
• Each admissible execution of A' (by p0 and p1)
simulates an execution of A (by q0 through qn-1).
• If pi observes some qj make a decision in the
simulated execution, then pi makes the same
decision.
• If the simulated execution of A were to be
admissible, then it would satisfy
– termination: eventually the qj 's decide
– agreement: the qj 's make the same decision
– validity: if all qj 's have input v, then decision is v.
Remember that the simulated execution's inputs are
based on the real execution's inputs.
• Then the actual execution of A' would be correct.
CPSC 668
Set 11: Asynchronous Consensus
21
Simulated Execution is Admissible
• Must show that at most one of the qj 's fails to
take an infinite number of steps.
• How can a simulation of a qj get stuck?
• If p0 or p1 crashes while simulating qj 's k-th pair
for some k. For instance:
–
–
–
–
p0 writes a suggestion and crashes
p1 sees p0 's suggestion and writes 0 to its Flag
p0 's Flag remains unset forever
So qj 's k-th pair is never computed.
• But the crash of one pi can only block the
simulation of one qj !
– In the example, p1 will be able to progress on its own
simulating the steps of all processors other than qj
CPSC 668
Set 11: Asynchronous Consensus
22
Impossibility of Consensus in
Message Passing
Strategy:
1. Assume there exists an n-processor 1resilient consensus algorithm A for the
asynchronous message passing model.
2. Use A as a subroutine to design an nprocessor 1-resilient consensus algorithm
A' for asynchronous shared memory (with
read/write variables).
3. Previous result shows A' cannot exist.
4. Thus A cannot exist.
CPSC 668
Set 11: Asynchronous Consensus
23
Impossibility of Consensus in MP
Idea of A':
• Simulate message channels wth read/write
registers.
• Then run algorithm A on top of these simulated
channels.
To simulate channel from pi to pj:
• Use one register to hold the sequence of
messages sent over the channel
• pi "sends" a message m by writing the old value
of the register with m appended
• pj "receives" a message by reading the register
and checking for new values at the end
CPSC 668
Set 11: Asynchronous Consensus
24
Randomized Consensus
• To get around the negative results for
asynchronous consensus, we can:
– weaken the termination condition:
nonfaulty processors must decide with
some nonzero probability
– keep the same agreement and validity
conditions
• This version of consensus is solvable, in
both shared memory and message
passing!
CPSC 668
Set 11: Asynchronous Consensus
25
Motivation for Adversary
• Even without randomization, in an
asynchronous system there are many
executions of an algorithm, even when the
inputs are fixed, depending on when
processors take steps, when they fail, and
when messages are delivered.
• To be able to calculate probabilities, we need
to separate out variation due to causes other
than the random choices
• Group executions of interest so that each
group differs only in the random choices
• Perform probabilistic calculations separately
for each group and then combine somehow
CPSC 668
Set 11: Asynchronous Consensus
26
Adversary
• Concept used to account for all variability
other than the random choices is that of
"adversary".
• Adversary is a function that takes an
execution prefix and returns the next event to
occur.
• Adversary must obey admissibility conditions
of the revelant model
• Other conditions might be put on the
adversary (e.g., what information it can
observe, how much computational power it
CPSC
668
Set 11: Asynchronous Consensus
27
has)
Probabilistic Definitions
• An execution of a specific algorithm,
exec(A,C0,R), is uniquely determined by
– an adversary A
– an initial configuration C0
– a collection of random numbers
• Given a predicate P on executions and a fixed
adversary A and initial config C0, Pr[P] is the
probability of {R : exec(A,C0,R) satisfies P}
• Let T be a random variable (e.g., running time).
For a fixed A and C0, the expected value of T is
∑
CPSC 668
x Pr[T = x]
x is a value
of T
Set 11: Asynchronous Consensus
28
Probabilistic Definitions
• We define the expected value of a complexity
measure to be the maximum over all
admissible adversaries A and initial
configurations C0, of the expected value for
that particular A and C0.
• So this is a "worst-case" average: worst
possible adversary (pattern of asynchrony
and failures) and initial configuration,
averaging over the random choices.
CPSC 668
Set 11: Asynchronous Consensus
29
A Randomized Consensus
Algorithm
• Works in message passing model
• Tolerates f crash failures
– more complicated version handles Byzantine
failures
• Works in asynchronous case
– circumvents asynchronous impossibility result
• Requires n > 2f
– this is optimal
CPSC 668
Set 11: Asynchronous Consensus
30
Consensus Algorithm
ensures a high level
of consistency b/w
what different procs
get
Code for processor pi:
Initially r = 1 and prefer = pi 's input
1. while true do
2.
votes := get-core(<VOTE,prefer,r>)
3.
let v be majority of phase r votes
4.
if all phase r votes are v then decide v
5.
outcomes := get-core(<OUTCOME,v,r>)
6.
if all phase r outcome values received are w
then prefer := w
uses randomization
to imitate tossing
7.
else prefer := common-coin()
a coin
8.
r := r + 1
CPSC 668
Set 11: Asynchronous Consensus
31
Properties of Get-Core
• Executed by n processors, at most f of which
can crash.
• Input parameter is a value supplied by the
calling processor.
• Return parameter is an n-array, one entry per
processor
• Every nonfaulty processor's call to get-core
returns.
• There exists a set C of more than n/2
processors such that every array returned by
a call to get-core contains the input
parameter supplied by every processor in C.
CPSC 668
Set 11: Asynchronous Consensus
32
Properties of Common-Coin
• Subroutine implements an f-resilient common
coin with bias .
• Executed by n processors, at most f of which
can crash.
• No input parameter
• Return parameter is a 0 or 1.
• Every nonfaulty processor's call to commoncoin returns.
• Probability that a return value is 0 is at least .
• Probability that a return value is 1 is at least .
CPSC 668
Set 11: Asynchronous Consensus
33
Correctness of Consensus
Algorithm
• For now, don't worry about how to
implement get-core and common-coin.
• Assuming we have subroutines with the
desired properties, we'll show
– validity
– agreement
– probabilistic termination (and expected
running time)
CPSC 668
Set 11: Asynchronous Consensus
34
Unanimity Lemma
Lemma (14.6): if all procs. that reach
phase r prefer v, then all nonfaulty procs
decide v by phase r.
Proof:
• Since all prefer v, all call get-core with v
• Thus get-core returns a majority of
votes for v
• Thus all nonfaulty procs. decide v
CPSC 668
Set 11: Asynchronous Consensus
35
Validity
• If all processors have input v, then all
prefer v in phase 1.
• By unanimity lemma, all nonfaulty
processors decide v by phase 1.
CPSC 668
Set 11: Asynchronous Consensus
36
Agreement
Claim: If pi decides v in phase r, then all
nonfaulty procs. decide v by phase r + 1.
Proof: Suppose r is earliest phase in which any
proc. decides.
• pi decides v in phase r =>
• all its phase r votes are v =>
• pi 's call to get-core(<VOTE,prefer,r>) returns
more than n/2 non-nil entries and all are
<VOTE,v,r> =>
• all entries for procs. in C are <VOTE,v,r>
CPSC 668
Set 11: Asynchronous Consensus
37
Agreement
• Thus every pj receives more than n/2
<VOTE,v,r> entries =>
• pj does not decide a value other than v in
phase r
• Also if pj calls get-core a second time in
phase r, it uses input <OUTCOME,v,r> =>
• Every pk gets only <OUTCOME,v,r> as a result
of its second call to get-core in phase r =>
• pk sets preference to v at end of phase r =>
• in round r + 1, all prefer v and Unanimity
Lemma implies they all decide v in that round.
CPSC 668
Set 11: Asynchronous Consensus
38
Termination
Lemma (4.10): Probability that all nonfaulty
procs decide by any particular phase is at
least .
Proof:
Case 1: All nonfaulty procs set preference in
that phase using common-coin.
– Prob. that all get the same value is at least 2  (
for 0 and  for 1), by property of common-coin
– Then apply Unanimity Lemma (14.6)
CPSC 668
Set 11: Asynchronous Consensus
39
Termination
Case 2: Some processor does not set its
preference using common-coin.
– All procs. that don't use common-coin to
set their preference for that round have the
same preference (convince yourself)
– Probability that the common-coin
subroutine returns the same value for all
procs. that use it is at least .
– Then apply the Unanimity Lemma (14.6).
CPSC 668
Set 11: Asynchronous Consensus
40
Expected Number of Phases
• What is the expected number of phases
until all nonfaulty processors have
decided?
• Probability of all deciding in any given
phase is at least .
• Probability of terminating after i phases
is (1 - )i-1.
• Geometric random variable whose
expected value is 1/ .
CPSC 668
Set 11: Asynchronous Consensus
41
Implementing Get-Core
• Difficulty in achieving consistency of
messages is due to combination of
asynchrony and crash possibility:
– a processor can only wait to receive n - f
messages
– the first n - f messages that pi gets might not be
from the same set of processors as pj 's first n - f
messages
• Overcome this by exchanging messages
three times
CPSC 668
Set 11: Asynchronous Consensus
42
Get-Core
First exchange ("round"):
– send argument value to all
– wait for n - f first round msgs
Second exchange ("round"):
– send values received in first round to all
– wait for n - f second round msgs
– merge data from second round msgs
Third exchange ("round"):
– send values received in second round to all
– wait for n - f third round msgs
– merge data from third round msgs
– return result
CPSC 668
Set 11: Asynchronous Consensus
43
Analysis of Get-Core
• Lemmas 14.4 and 14.5 show that it
satisfies the desired properties
(termination and consistency).
• Time is O(1) (using standard way of
measuring time in an asynchronous
system)
CPSC 668
Set 11: Asynchronous Consensus
44
Implementing Common-Coin
A simple algorithm:
• Each processor independently outputs 0
with probability 1/2 and 1 with
probability 1/2.
• Bias  = 1/2n
• Advantage: simple, no communication
• Disadvantage: Expected number of
phases until termination is 2n
CPSC 668
Set 11: Asynchronous Consensus
45
A Common Coin with Constant
Bias
0 with probability 1/n
c :=
1 with probability 1 - 1/n
coins := get-core(<FLIP,c>)
if there exists j s.t. coins[j] = 0
then return 0
else return 1
CPSC 668
Set 11: Asynchronous Consensus
46
Correctness of Common Coin
Lemma (14.12): Common-coin
implements a (n/2 - 1)-resilient coin
with bias 1/4.
Proof: Fix any admissible adversary that
is weak (cannot see the contents of
messages) and any initial configuration.
All probabilities are calculated with
respect to them.
CPSC 668
Set 11: Asynchronous Consensus
47
Probability of Flipping 1
• Probability that all nonfaulty processors get 1
for the common coin is at least the probability
that they all set c to 1.
• This probability is at least (1 - 1/n)n
• When n = 2, this function is 1/4
• This function increases up to its limit of 1/e.
• Thus the probability that all nonfaulty
processors get 1 is at least 1/4.
CPSC 668
Set 11: Asynchronous Consensus
48
Probability of Flipping 0
• Let C be the set of core processors (whose
existence is guaranteed by properties of getcore).
• If any processor in C sets c to 0, then all the
nonfaulty processors will observe this 0 after
executing get-core, and thus return 0.
• Probability at least one processor in C sets c to
0 is 1 - (1 - 1/n)|C|.
• This expression is at least 1/4 (by arithmetic).
CPSC 668
Set 11: Asynchronous Consensus
49
Summary of Randomized
Consensus Algorithm
• Using the given implementations for
get-core and common-coin, we get a
randomized consensus algorithm for f
crash failures with
– n > 2f
– O(1) expected time complexity
• expected number of phases is 4
• time per phase is O(1)
CPSC 668
Set 11: Asynchronous Consensus
50
Download