1 FelixGartnerandSvenKloppenburg DarmstadtUniversityofTechnologyGermanyfelixinformatiktudarmstadtdeSysteamEngineeringDarmstadtGermanysvensysengde 1 ConsistentDetectionofGlobalPredicatesund ID: 492035
Download Pdf The PPT/PDF document "ConsistentDetectionofGlobalPredicatesund..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1 ConsistentDetectionofGlobalPredicatesunderaWeakFaultAssumption FelixGartnerandSvenKloppenburg DarmstadtUniversityofTechnology,Germany,felix@informatik.tu-darmstadt.deSysteamEngineering,Darmstadt,Germany,sven@syseng.de 1 ConsistentDetectionofGlobalPredicatesunderaWeakFaultAssumption FelixGartnerandSvenKloppenburg DarmstadtUniversityofTechnology,Germany,felix@informatik.tu-darmstadt.deSysteamEngineering,Darmstadt,Germany,sven@syseng.de Athene:Godessofwisdom,guardianofartsandcrafts(KeynotebyMikeMorgantiyesterday) 2 \Wearelookingforsoftwarewhichalsoworksinverylargeandveryopendistributedsystems." 3 Observationinfault-freeasynchronoussystems Distributedcomputationsinasynchronoussystems. p 1 p 2 3 Observationinfault-freeasynchronoussystems Distributedcomputationsinasynchronoussystems. p 1 p 2 m 1 m 2 Applicationandmonitorprocesses. Applicationandcontrolmessages. Predicatedetection:Latticeofconsistentglobalstates. Modalitiespossiblyanddenitely. 4 Predicatedetectioninfaultyasynchronoussystems crashfaultassumption=atmosttprocessessimplystopexecutingsteps. Forthemoment:restrictcrashfaultstoapplicationprocessesonly(monitorsalwaysstayalive). Predicateupireferstofunctionalstateofpi. Canbeusedinpredicates: { Processpicrashedafter4thevent::upi^eci=4 { Everyprocesseithercommitsorcrashes:8i::upi_commiti Idea:ndsuitableanalogiestopossiblyanddenitelyforthesetypesofpredicates. 5 Implementablefailuredetection Everymonitormustkeepupiuptodate(failuredetection,discussedindetailbyMikelLarreayesterday). Canensureeventualdetection,butcannotavoidfalsesuspicions. Terminology:failuredetectorssuspectandrehabilitateapplicationprocesses. Bestwecando:anon-crashingprocessisnotpermanentlysuspected[ 3 ]. Forobservationpurposes:addcausalityinformationtosuspicions: { \mjsuspectspiaftereventekonpi." { \mjrehabilitatespiaftereventekonpi." Assume:betweentwoeventsatmostonesuspicionandrehabilitation. 6 Latticeoverextendedstatespace Treatupiasavariableonpi. Suspicion/rehabilitationisasimplestatechangeofpi(extendedstatespace). Changeofupinconsistentstatesyieldsagainconsistentstates. Lemma:Integrationofsuspicions/rehabilitationsintostatelatticeyieldsnewlattice(overextendedstatespace). Usethislatticeforpredicatedetection. 7 Permonitorlattice Duetofalsesuspicionsmonitorsconstructdierentstatelattices. possibly/denitelynotobserver-invariant. p 1 p 2 m 1 s us pe c t s p 1 m 1 r e ha bi l i t a t e s p 1 p 1 p 1 p 2 m 1 m 2 p 2 8 Globalfailuredetectorsemantics Problem:falsesuspicions. Solution:dene\global"failuredetectorsemantics. piis(globally)suspectedaftereki... { (pessimistic)9amonitorwhichsuspectspiafterek. { (optimistic)8monitorssuspectpiafterek. Candenepessimisticandoptimisticstatelattice(unionandintersectionofallmonitorlattices). 9 Newmodalities Givenpredicate'onextendedstatespace. negotiably(')holdsipossibly(')holdsonpessimisticstatelattice. discernibly(')holdsidenitely(')holdsonoptimisticstatelattice. p 1 p 2 p 1 p 1 p 2 p 2 m 1 s us pe c t s p 1 a f t e r e 0 m 1 r e ha bi l i t a t e s p 1 a f t e r e 0 9 Newmodalities Givenpredicate'onextendedstatespace. negotiably(')holdsipossibly(')holdsonpessimisticstatelattice. discernibly(')holdsidenitely(')holdsonoptimisticstatelattice. p 1 p 2 p 1 p 1 p 2 p 2 m 1 s us pe c t s p 1 a f t e r e 0 m 1 r e ha bi l i t a t e s p 1 a f t e r e 0 ' p 1 c r a s he s w he n p 2 i s i nbe t w e e n e v e nt s 1 a nd 2 ' p 1 c r a s he s w he n p 2 i s i nbe t w e e n e v e nt s 1 a nd 2 ' ( or bot h) e x e c ut e a n e v e nt e i t he r p 1 or p 2 10 Intuitionbehindnewmodalities Optimistic/pessimisticlatticecanbeunderstoodinanalogytooptimistic/pessimisticnetworkprotocols: { pessimistic:becarefulallthetime,takeimmediateactionifsomethingbadhaspossiblyhappened. ) usenegotiablytotriggeraction. { optimistic:goaheadwithoutsynchronizationandhopeforthebest,dealwithcon ictsonlywhennecessary. ) usediscerniblytoignorespurioussuspicions. Understandableinanalogytopossibly/denitely: { Safetyrequirement2':takeactionifnegotiably(:')isdetected. { Livenessrequirement3':validatedifdiscernibly(')isdetected. 11 Detectionalgorithmsinanutshell Letmonitorscausallybroadcasttheirsuspicionstoallothermonitors. Eventuallyallmonitorlatticesconverge. Canthendopossibly/denitelydetectioninobserverinvariantstatelattices(usestandardalgorithms). Problem:howknowthattherewillbeno\late"failuredetectoreventsarriving? Solution: { Monitorspiggybackcoordinatesofmostrecentglobalstatetheyhaveseen:permonitorstableregion. { Takeintersectionofallmonitorregions:globallysettledregion. { Steadilyexpandsettledregion,extractoptimistic/pessimisticdataanddopossibly/denitelydetectiononit. 12 Settledregionexample p 2 p 1 p 1 p 2 12 Settledregionexample p 2 p 1 p 1 p 2 m 2 s us pe c t s p 2 a f t e r e 2 a t a ppl i c a t i on t i m e (2 ; 2) m 2 s us pe c t s p 2 a f t e r e 2 a t a ppl i c a t i on t i m e (2 ; 2) a f t e r e 1 a t m 1 s us pe c t s p 2 a a ppl i c a t i on t i m e (3 ; 1) a f t e r e 1 a t m 1 s us pe c t s p 2 a a ppl i c a t i on t i m e (3 ; 1) no c ha nge t o be e xpe c t e d r e g a r di ng m 2 no c ha nge t o be e xpe c t e d r e g a r di ng m 2 no c ha nge t o be e xpe c t e d r e g a r di ng m 1 no c ha nge t o be e xpe c t e d r e g a r di ng m 1 s e t t l e d r e gi on 13 Advancedtopics Algorithmworksunderassumptionthatnomonitorsfail. Ifmonitorscanfail,detectionbecomesharder: { Canstilldetectnegotiablywithoutastableregion. { Detectiondiscerniblyimpossible,becauseaccuratefailuredetectionisneeded. { Aweakervariant(t-discernably)canbedetectedatthepriceofhavingamajorityofcorrectmonitors. 14 Complexityandrestrictedpredicates Complexity: { generalpredicatedetectionisNP-complete[ 1 ]. { Ourdetectionalgorithmsareonlywrappersaroundpossibility/denitelydetection. { Studyrestrictedclassesofpredicates. Perfectfailuredetectorsavailable: { Nofalsesuspicions. { Optimistic/pessimisticlatticearethesame. Perfectfailuredetectorsandcrashpredicates: { Predicatesarestable. { possibly=denitely!negotiably=discernibly 15 Overviewofresults Firstworktodealwithgeneralpredicatesinfaultysystems(onlyotherworkbyGargandMitchell[ 2 ]restrictstheclassesofpredicates). Observationmodalitiesnegotiablyanddiscernibly... { donotsolveallproblemsincrash-aectedsystems. { re ectbytheirdenitiontheinherentproblemofcrashfailuredetection. { canbeunderstoodinanalogytopossiblyanddenitely. { canbedetectedinasynchronoussystems,evenifmonitorsmaycrash. Stillalotofworktodo. 16 References [1] CraigM.ChaseandVijayK.Garg.Detectionofglobalpredicates:Techniquesandtheirlimitations.DistributedComputing,11(4):191{201,1998. [2] VijayK.GargandJ.RogerMitchell.Distributedpredicatedetectioninafaultyenvironment.InProceedingsofthe18thIEEEInternationalConferenceonDistributedComputingSystems(ICDCS98),1998. [3] VijayK.GargandJ.RogerMitchell.Implementablefailuredetectorsinasynchronoussystems.InProc.18thConferenceonFoundationsofSoftwareTechnologyandTheoreticalComputerScience,number1530inLectureNotesinComputerScience,Chennai,India,December1998.Springer-Verlag.Acknowledgements Slidesproducedusing\cuttingedge"LATEXslideprocessor PPower4 byKlausGuntermann.