Impossibility of Distributed Consensus with One Faulty Process

1
Impossibility of Distributed Consensus with One
Faulty Process

• Michael J. Fischer
• Nancy A. Lynch
• Michael S. Paterson

2
Introduction

• Problem
• Reach agreement among remote processes
• Example transaction commit problem
• Easy if the participating processes and network
  are completely reliable
• Real systems are subject to possible faults
• Process Crash
• Unreliable Communication
• Byzantine failure

3
Result

• No completely asynchronous consensus protocol can
  tolerate even a single unannounced process death

4
Assumption

• Dont consider Byzantine failure
• Reliable message system
• messages are delivered correctly and exactly
  once
• Asynchronous
• No assumption the relative speeds of processes or
  the delay time in delivering a message
• No synchronized clock
• Algorithms based on time-out cant be used
• No ability to detect the death of a process

5
The weak consensus problem

• Initial state 0 or 1
• Decision state
• Nonfaulty process decides on a value in 0, 1
• Requirement
• All nonfaulty processes that make a decision must
  choose the same value.
• Some processes eventually make a decision(for
  proof)
• Trivial solution is ruled out

6
System model

• Processes are modeled as automata and communicate
  by messages
• One atomic step
• receive a message, perform local computation,
  send arbitrary but finite messages
• Atomic broadcast
• send a message to all other processes in one step
• all nonfaulty processes or none will receive it

7
Consensus Protocols

• A consensus protocol P is an asynchronous system
  of N processes
• Each process p has a one-bit input register xp,
  an output register yp, with values in b, 0, 1
• Internal state
• input/output register, pc, internal storage
• Initial state
• all fixed starting values except the input
  register
• output register starts with b

8

• Decision state
• output register has the value 0 or 1
• Once a decision is made, the value cant be
  changed
• p acts deterministically according to a
  transition function
• Processes communicate by messages
• Message system
• send(p, m)
• receive(p)
• nondeterministically

9

• A configuration consists of
• All internal state of each process, the contents
  of message buffer
• A step is a transition of one configuration C to
  another e(C), including 2 phases
• First, receive(p) to get a message m
• Based on ps internal state and m, p enters a new
  internal state and sends finite messages to other
• e (p, m) is called an event and said e can be
  applied to C

10
Schedule, run, reachable and accessible

• A schedule from C
• a finite or infinite sequence s of events that
  can be applied, in turn, starting from C
• The associated sequence of steps is called a run
• s(C) denotes the reulting configuration and is
  said to be reachable from C
• An accessible configuration C
• If C is reachable from some initial configuration

11
Lemma 1

• Suppose that from some configuration C, the
  schedules s1 and s2 lead to configuration C1 ,C2
  , respectively. If the sets of Processes taking
  steps in s1 and s2 respectively, are disjoint,
  then s2 can be applied to C1 and s1 can be
  applied to C2 , and both lead to the same
  configuration.

12
(No Transcript)
13
Decision value, partially correct, nonfaulty

• A configuration C has decision value v if some
  process p is in a decision state with yp v.
• P is partially correct if
• No accessible configuration has more than one
  decision value
• For each v 0, 1, some accessible configuration
  has decision value v.
• A process is nonfaulty
• If it takes infinitely many steps

14
Admissible and deciding run, totally correct

• Admissible run
• At most one process is faulty and all messages
  sent to nonfaulty processes are eventually
  received
• Deciding run
• Some process reaches a decision state
• A consensus protocol P is totally correct in
  spite of one fault if it is partially correct and
  every admissible run is a deciding run

15
Theorem 1

• No consensus protocol is totally correct in spite
  of one fault.

16
Bivalent, 0-valent/1-valent

• Let C be a configuration, V the set of decision
  values of configurations reachable from C. C is
  bivalent if V 2. C is univalent if V 1.
• 0-valent or 1-valent according to the
  corresponding decision value.

17
Lemma 2

• P has a bivalent initial configuration

18
Lemma 3

• Let C be a bivalent configuration of P, and let e
  (p, m) be an event that is applicable to C. Let
  C be the set of configurations reachable from C
  without applying e, and let D e(C) e(E) E
  ?C and e is applicable to E. Then, D contains a
  bivalent configuration.

19
(No Transcript)
20
(No Transcript)
21
Theorem 2

• There is a partially correct consensus protocol
  in which all nonfaulty processes always reach a
  decision, provided no processes die during its
  execution and a strict majority of the processes
  are alive initially

22
Conclusion

• The problem of fault-tolerant cooperative
  computing cannot be solved in a totally
  asynchronous model of computation..
• To solve this problem in practice, more refined
  models of distributed computing is needed