Perfect Failure Detection with Very Few Bits Pierre Fraigniaud 1 - - PowerPoint PPT Presentation

Perfect Failure Detection with Very Few Bits

Pierre Fraigniaud 1 Sergio Rajsbaum 2

• C. Travers3

Petr Kuznetsov 4 Thibault Rieutord 4

1IRIF, Paris 2UNAM, Mexico 3LaBRI, Bordeaux 4ParisTech, Paris

ANR Descartes, Chasseneuil, Octobre 2017

Failure Detectors [Chandra Toueg 96]

• Distributed device
• Give (unreliable) information on failures

Modular Distributed Computing

Failure Detector Communication Primitives Network Protocol

Modular Distributed Computing

Failure Detector Communication Primitives Network Protocol A s y n c h r

• n

y

Modular Distributed Computing

Failure Detector Communication Primitives Network Protocol A s y n c h r

• n

y F a i l u r e s

Relative Hardness of Distributed Task

Failure detector D is the weakest for task T ⇐ ⇒

1 There is a protocol for T using D 2 Any f.d. D′ that can be used to solve T can emulate D

Relative Hardness of Distributed Task

Failure detector D is the weakest for task T ⇐ ⇒

1 There is a protocol for T using D 2 Any f.d. D′ that can be used to solve T can emulate D

Minimum information on failures required to solve T

Failure Detectors

1 2 3 4 5 6

• Local failure detection module at each proc.

Failure Detectors

1 2 3 4 5 6

• Local failure detection module at each proc.
• Provide information on other proc. failures

Perfect Failure Detector

{p1, p4} p1 p2 p3 p4 p5 Perfect failure detector P

Perfect Failure Detector

{p1, p4} p1 p2 p3 p4 p5 Perfect failure detector P

• Provide each proc. with a list of proc ids.

Perfect Failure Detector

{p1, p4} p1 p2 p3 p4 p5 Perfect failure detector P

• Provide each proc. with a list of proc ids.
• No false alarm

Perfect Failure Detector

{p1, p4, p5} p1 p2 p3 p4 p5 Perfect failure detector P

• Provide each proc. with a list of proc ids.
• No false alarm
• Eventually outputs the set of non-faulty processes

Failure Detector φ

2 p1 p2 p3 p4 p5 Failure detector φ

Failure Detector φ

2 p1 p2 p3 p4 p5 Failure detector φ

• Provide each proc. with an integer

Failure Detector φ

2 p1 p2 p3 p4 p5 Failure detector φ

• Provide each proc. with an integer
• Lower bound on the number of failures

Failure Detector φ

3 p1 p2 p3 p4 p5 Failure detector φ

• Provide each proc. with an integer
• Lower bound on the number of failures
• Eventually tight

P vs. φ

In a n-process system P φ

P vs. φ

In a n-process system P

• List of proc ids.

φ

• integer f , 0 ≤ f ≤ n

P vs. φ

In a n-process system P

• List of proc ids.
• n bits per process

φ

• integer f , 0 ≤ f ≤ n
• log n bits per process

P vs. φ

In a n-process system P

• List of proc ids.
• n bits per process

φ

• integer f , 0 ≤ f ≤ n
• log n bits per process

And yet:

Theorem (Mostefaoui, Raynal, T.)

P and φ are equivalent: any task that can be solved using P (resp. φ) can also be solved using φ (resp. P)

This talk

How many bits per proc. are needed to achieve perfect failure detection ?

This talk

How many bits per proc. are needed to achieve perfect failure detection ? Theorem (upper bound)

There exists a failure detector µP as powerful as P that

• utputs O(Ack−1(n)) bits per proc

This talk

How many bits per proc. are needed to achieve perfect failure detection ? Theorem (upper bound)

There exists a failure detector µP as powerful as P that

• utputs O(Ack−1(n)) bits per proc

Theorem (lower bound)

No failure detector outputting a constant number of bits per proc. can emulate P

Model

id1 id2 id3 id4 id5

• Message passing

Model

id1 id2 id3 id4 id5

• Message passing
• Asynchronous

Model

id1 id2 id3 id4 id5

• Message passing
• Asynchronous
• n processes

Model

id1 id2 id3 id4 id5

• Message passing
• Asynchronous
• n processes
• Crash failures

Model

id1 id2 id3 id4 id5

• Message passing
• Asynchronous
• n processes
• Crash failures
• Unique ids

Distributed Encoding

• f the Integers

[Fraigniaud, Rajsbaum, T. LATIN’16]

Counting the Stars

Counting with Distributed Certificates

id1 id2 id3 id4 id5

Counting with Distributed Certificates

id1 id2 id3 id4 id5 01 11 00 01 01

Counting with Distributed Certificates

id1 id2 id3 id4 id5 01 11 00 01 01

• verify(5,

01 11 00 01 01 ) ? − → YES

Counting with Distributed Certificates

id1 id2 id3 id4 id5 01 11 00 01 01

• verify(5,

01 11 00 01 01 ) ? − → YES

• verify(3,

11 00 01 ) ? − → NO

Distributed Encoding of the Integers

• A alphabet

Distributed Encoding of the Integers

• A alphabet
• f : A∗ → {YES, NO}

Distributed Encoding of the Integers

• A alphabet
• f : A∗ → {YES, NO}

such that for each n ∈ N there exists a code of n cn ∈ An :

1 f(cn) = YES and

Distributed Encoding of the Integers

• A alphabet
• f : A∗ → {YES, NO}

such that for each n ∈ N there exists a code of n cn ∈ An :

1 f(cn) = YES and 2 For every sub-word c′ of cn, f(c′) = NO

Simple Distributed Encoding

distributed code of n C(n) = n, n, . . . . . . , n

• n times

Simple Distributed Encoding

distributed code of n C(n) = n, n, . . . . . . , n

• n times

f (x1, . . . , xℓ) = YES ⇐ ⇒ x1 = x2 = . . . = xℓ = ℓ

Simple Distributed Encoding

distributed code of n C(n) = n, n, . . . . . . , n

• n times

f (x1, . . . , xℓ) = YES ⇐ ⇒ x1 = x2 = . . . = xℓ = ℓ Alphabet of N symbols to encode the first N integers

Simple Distributed Encoding

distributed code of n C(n) = n, n, . . . . . . , n

• n times

f (x1, . . . , xℓ) = YES ⇐ ⇒ x1 = x2 = . . . = xℓ = ℓ Alphabet of N symbols to encode the first N integers Challenge: Compact encoding

Diagonal Sequence

0000 code of 4

Diagonal Sequence

0000 code of 4 00110 code of 5

Diagonal Sequence

0000 code of 4 00110 code of 5 011010 code of 6

Diagonal Sequence

0000 code of 4 00110 code of 5 011010 code of 6 1101010 10101011 010101111 1111110010 11111001011 111100101111 1110010111111 . . . . . . . . . . . . 11111111111 . . . . . . . . . 1 code of 2257 − 2

Diagonal Sequence

0000 code of 4 00110 code of 5 011010 code of 6 1101010 10101011 010101111 1111110010 11111001011 111100101111 1110010111111 . . . . . . . . . . . . 11111111111 . . . . . . . . . 1 code of 2257 − 2 not a sub-word

Diagonal Sequence

0000 code of 4 00110 code of 5 011010 code of 6 1101010 10101011 010101111 1111110010 11111001011 111100101111 1110010111111 . . . . . . . . . . . . 11111111111 . . . . . . . . . 1 code of 2257 − 2 not a sub-word H(4)-1

Aside: Well Quasi-order

Let w, w ′ ∈ {0, 1}∗ w ∗ w ′ ⇐ ⇒ w is a sub-word of w ′ w 1010 w’ 001110111110

Aside: Well Quasi-order

Let w, w ′ ∈ {0, 1}∗ w ∗ w ′ ⇐ ⇒ w is a sub-word of w ′ w 1010 w’ 001110111110

Bad Sequence

A sequence w1, w2, . . . , wℓ of words of {0, 1}∗ is bad iff for every i < j, wi ∗ wj

Well-quasi Order

Higman’s lemma

({0, 1}∗, ∗) is a well-quasi order

Well-quasi Order

Higman’s lemma

({0, 1}∗, ∗) is a well-quasi order That is, every bad sequence over {0, 1}∗ is finite

Well-quasi Order

Higman’s lemma

({0, 1}∗, ∗) is a well-quasi order That is, every bad sequence over {0, 1}∗ is finite

Length Function Theorem [ Schmitz et al., ICALP’11]

Bad sequences w1, w2, . . . , wℓ over {0, 1}∗ with

• |w1| ≤ d
• |wi| ≤ i

have length bounded by L(d) where L is a function of Ackermannian growth

A Bad Sequence

0000 00110 011010 1101010 10101011 10101011 010101111 1111110010 11111001011 111100101111 1110010111111 . . . . . . . . . . . . 11111111111 . . . . . . . . . 1 not a sub-word

Multi diagonal sequence

D1 D2 D3

Multi diagonal sequence

D1 D2 D3 H(1) H(H(1)) H(H(H(1)))

Multi diagonal sequence

D1 D2 D3 H(1) H(H(1)) H(H(H(1))) encode integers H(1) . . . H(H(1)) − 1

Multi diagonal sequence

D1 D2 D3 H(1) H(H(1)) H(H(H(1))) encode integers H(1) . . . H(H(1)) − 1 encode integers H(H(1)) . . . H(H(H(1))) − 1

Encoding from Multi Diagonal Sequence

A = {0, 1} × N Code(n) : Di

• 010. . .0101

n

Encoding from Multi Diagonal Sequence

A = {0, 1} × N Code(n) : (0, i), (1, i), (0, i), . . . , (1, i), (0, i), (1, i) Di

• 010. . .0101

n

Encoding from Multi Diagonal Sequence

A = {0, 1} × N Code(n) : (0, i), (1, i), (0, i), . . . , (1, i), (0, i), (1, i) Di

• 010. . .0101

n f((b1, d1), (b2, d2), . . . , (bn, dn)) = YES ⇐ ⇒

1 d1 = d2 = . . . = dn = i 2 b1, . . . , bn is the sequence of length n in Di

Compactness

How many bits to distributively encode the first n integers? Code(n) : (0, i), (1, i), (0, i), . . . , (1, i), (0, i), (1, i)

Compactness

How many bits to distributively encode the first n integers? Code(n) : (0, i), (1, i), (0, i), . . . , (1, i), (0, i), (1, i) = ⇒ 1 + log(i) bits

Compactness

How many bits to distributively encode the first n integers? Code(n) : (0, i), (1, i), (0, i), . . . , (1, i), (0, i), (1, i) = ⇒ 1 + log(i) bits where i = min{j : n < Hj(1)}≤ Ack−1(n) Di Hi(1)

Perfect Failure Detection from Distributed Encoding

Perfect failure detection from distributed encoding

Failure detector µP:

• Encode an upper bound on the number of alive processes
• Eventually converge to the (code of the) number of

non-faulty processes

µP

p1 p2 p3 p4 p5 x x epoch i epoch i + 1

• w1
• w2
• w4
• w5
• Constant fd output at each proc in each epoch
• w1w2w4w5 ∗ code(ai), where # alive(epoch i) ≤ ai

µP

epoch 1 epoch 2 epoch ℓ a1 a2 aℓ time

• At most n epochs
• a1 ≥ a2 ≥ . . . ≥ aℓ

µP

epoch 1 epoch 2 epoch ℓ a1 a2 aℓ time

• At most n epochs
• a1 ≥ a2 ≥ . . . ≥ aℓ
• aℓ = # alive(last epoch) = # correct procs

From µP to P

Let Q = {q1, . . . , q4} ⊆ {p1, . . . , pn} q1 q2 q3 q4 epoch i ai

• w1
• w2
• w3
• w4

w = w1w2w3w4

• Recall: w ∗ code(ai) and |Alive(epoch i)| ≤ ai

From µP to P

Let Q = {q1, . . . , q4} ⊆ {p1, . . . , pn} q1 q2 q3 q4 epoch i ai

• w1
• w2
• w3
• w4

w = w1w2w3w4

• Recall: w ∗ code(ai) and |Alive(epoch i)| ≤ ai
• Code def.: w ≺∗ code(ai) =

⇒ f(w) = false and f(code(ai)) = true

From µP to P

Let Q = {q1, . . . , q4} ⊆ {p1, . . . , pn} q1 q2 q3 q4 epoch i ai

• w1
• w2
• w3
• w4

w = w1w2w3w4

• Recall: w ∗ code(ai) and |Alive(epoch i)| ≤ ai
• Code def.: w ≺∗ code(ai) =

⇒ f(w) = false and f(code(ai)) = true

• Hence, if f(w) = true then {p1, . . . , pn} \ Q ⊆ Faulty

Dirty Collect

Let Q = {q1, . . . , q4} ⊆ {p1, . . . , pn} q1 q2 q3 q4 epoch i ai

• w1
• w2
• w3
• w4

w = w1w2w3w4

• w1, w2, w3, w4 sampled in = epochs

Dirty Collect

Let Q = {q1, . . . , q4} ⊆ {p1, . . . , pn} q1 q2 q3 q4 epoch i ai

• w1
• w2
• w3
• w4

w = w1w2w3w4

• w1, w2, w3, w4 sampled in = epochs
• f(w) = true ?? f(w) = false ??

Clean Collect

epoch 1 epoch 2 epoch 3 epoch ℓ a1 a2 a3 a4 time collect collect collect collect w1 w2 w3 w4

• At most n epochs

Clean Collect

epoch 1 epoch 2 epoch 3 epoch ℓ a1 a2 a3 a4 time collect collect collect collect w1 w2 w3 w4

• At most n epochs

= ⇒ In a sequence of n collects, at least one is clean

From µP to P

epoch 1 epoch 2 epoch 3 epoch ℓ a1 a2 a3 a4 time collect collect collect collect w1 w2 w3 w4

• Collect i is successful if (1) terminates and (2)

f(wi) = true

From µP to P

epoch 1 epoch 2 epoch 3 epoch ℓ a1 a2 a3 a4 time collect collect collect collect w1 w2 w3 w4

• Collect i is successful if (1) terminates and (2)

f(wi) = true

• If for some set Q, there are n successful collects

P output = {p1, . . . , pn} \ Q

µP: Summary

Failure detector µP

• Outputs O(log Ack−1(n)) bits per processes
• Can emulate the perfect failure detector P

µP: Summary

Failure detector µP

• Outputs O(log Ack−1(n)) bits per processes
• Can emulate the perfect failure detector P
• (P can also emulate µP – see the paper)

Lower Bound

Failure detector µP

• Outputs O(log Ack−1(n)) bits per processes

Lower Bound

Failure detector µP

• Outputs O(log Ack−1(n)) bits per processes

Is there a f.d. D that

1 can emulate P 2 outputs less than log Ack−1(n) bits per process ?

Lower Bound

Failure detector µP

• Outputs O(log Ack−1(n)) bits per processes

Is there a f.d. D that

1 can emulate P 2 outputs less than log Ack−1(n) bits per process ?

Theorem

No failure detector with constant-size output can emulate P

Lower Bound Proof

Assume for contradiction D f.d. such that

• Constant range R, (independant of n)

Lower Bound Proof

Assume for contradiction D f.d. such that

• Constant range R, (independant of n)
• TD→P (can emulate P)

Lower Bound Proof

Assume for contradiction D f.d. such that

• Constant range R, (independant of n)
• TD→P (can emulate P)

Ingredients

• Ramsey’s theorem
• Well quasi-order theory

Goal

Construct two executions e and e′ :

• indistinguishable for some non-faulty processes
• with Correct(e) Correct(e′)

Goal

Construct two executions e and e′ :

• indistinguishable for some non-faulty processes
• with Correct(e) Correct(e′)

= ⇒ in e′ TD→P erroneously outputs a non-faulty process

From Executions to Words

Let e an (infinite) execution q

• d1

d2 d3 d4 d5 d6 d7

• As RD is finite, ∃d ∈ D output infinitely many times at q

From Executions to Words

Let e an (infinite) execution q

• d2

d3 d5 d7 d d d

• As RD is finite, ∃d ∈ D output infinitely many times at q

From Executions to Words

Let e an (infinite) execution q

• d2

d3 d5 d7 d d d

• As RD is finite, ∃d ∈ D output infinitely many times at q

Execution ˜ e q

• d

d d

• Constant failure detector output

From Executions to Words

Let e an (infinite) execution in which crashes are initial q1 q2 q3 q4 q5 x x

From Executions to Words

Let e an (infinite) execution in which crashes are initial q1 q2 q3 q4 q5 x x

• d1
• d1
• d1
• d1
• d3
• d3
• d3
• d3
• d3
• d5
• d5
• d5
• d5

Constant f.d. output (di) at each non-faulty process qi

From Executions to Words

Let e an (infinite) execution in which crashes are initial q1 q2 q3 q4 q5 x x

• d1
• d1
• d1
• d1
• d3
• d3
• d3
• d3
• d3
• d5
• d5
• d5
• d5

Constant f.d. output (di) at each non-faulty process qi e − → we = d1d3d5 ∈ R∗

D

Towards Indistinguishable Executions

execution associated word ∈ R∗

D

e1 w1 e2 w2 e3 w3 . . . . . . . . . . . . ... eL wL |wi| = i

Towards Indistinguishable Executions

execution associated word ∈ R∗

D

e1 w1 e2 w2 e3 w3 . . . . . . . . . . . . ... eL wL |wi| = i

• (Higman’s Lemma) (R∗

D ∗) is a wqo

Towards Indistinguishable Executions

execution associated word ∈ R∗

D

e1 w1 e2 w2 e3 w3 . . . . . . . . . . . . ... eL wL |wi| = i

• (Higman’s Lemma) (R∗

D ∗) is a wqo

= ⇒ For large enough L, ∃ i, j : 1 ≤ i < j ≤ L and wi subword of wj

Towards Indistinguishable Executions

execution e w = abc q1 q2 q3

• a
• a
• a
• a
• b
• b
• b
• b
• c
• c
• c
• c

execution e′ w ′ = xabyc q′

1

q′

2

q′

3

q′

4

q′

5

• x
• x
• x
• x
• a
• a
• a
• a
• b
• b
• b
• b
• y
• y
• y
• y
• c
• c
• c
• c

.

Towards Indistinguishable Executions

execution e w = abc q1 q2 q3

• a
• a
• a
• a
• b
• b
• b
• b
• c
• c
• c
• c

execution e′ w ′ = xabyc q′

1

q′

2

q′

3

q′

4

q′

5

• x
• x
• x
• x
• a
• a
• a
• a
• b
• b
• b
• b
• y
• y
• y
• y
• c
• c
• c
• c

a (or b, c) may be output at processes with distinct ids in e and e′.

Towards Indistinguishable Executions

execution e w = abc q1 q2 q3

• a
• a
• a
• a
• b
• b
• b
• b
• c
• c
• c
• c

execution e′ w ′ = xabyc q′

1

q′

2

q′

3

q′

4

q′

5

• x
• x
• x
• x
• a
• a
• a
• a
• b
• b
• b
• b
• y
• y
• y
• y
• c
• c
• c
• c

a (or b, c) may be output at processes with distinct ids in e and e′. Rely on Ramsey’s Theorem to get rid of ids

Conclusion

Summary:

• Perfect failure detection with O(Ack−1(n)) bits per

process

• Perfect failure detection with constant output is

impossible

Conclusion

Summary:

• Perfect failure detection with O(Ack−1(n)) bits per

process

• Perfect failure detection with constant output is

impossible

• Applications of wqo theory to distributed computing

Conclusion

Summary:

• Perfect failure detection with O(Ack−1(n)) bits per

process

• Perfect failure detection with constant output is

impossible

• Applications of wqo theory to distributed computing

Future work:

Conclusion

Summary:

• Perfect failure detection with O(Ack−1(n)) bits per

process

• Perfect failure detection with constant output is

impossible

• Applications of wqo theory to distributed computing

Future work:

• Close the gap between lower and upper bounds

Conclusion

Summary:

• Perfect failure detection with O(Ack−1(n)) bits per

process

• Perfect failure detection with constant output is

impossible

• Applications of wqo theory to distributed computing

Future work:

• Close the gap between lower and upper bounds
• Failure detector as (distributed) encoder: Relation

between output size and failure detector power

Conclusion

Summary:

• Perfect failure detection with O(Ack−1(n)) bits per

process

• Perfect failure detection with constant output is

impossible

• Applications of wqo theory to distributed computing

Future work:

• Close the gap between lower and upper bounds
• Failure detector as (distributed) encoder: Relation

between output size and failure detector power

• Other application of the distributed encoding of the

integers

Thanks!

Coloring Subsets of Processes

c assigns a color to each subset of processes c(Q = {q1, . . . , qk}) ∈ Rk

D

q1 q2 q3 p = qi x

Coloring Subsets of Processes

c assigns a color to each subset of processes c(Q = {q1, . . . , qk}) ∈ Rk

D

q1 q2 q3 p = qi x

• d1
• d1
• d1
• d1
• d2
• d2
• d2
• d2
• d2
• d3
• d3
• d3
• d3

Coloring Subsets of Processes

c assigns a color to each subset of processes c(Q = {q1, . . . , qk}) ∈ Rk

D

q1 q2 q3 p = qi x

• d1
• d1
• d1
• d1
• d2
• d2
• d2
• d2
• d2
• d3
• d3
• d3
• d3

c({q1, . . . , q3}) = (d1, d2, d3)

Getting Rid of Ids

c : Q = {q1, . . . , qk} → Rk

D

Getting Rid of Ids

c : Q = {q1, . . . , qk} → Rk

D

Ramsey’s Theorem

• For any m, k

Getting Rid of Ids

c : Q = {q1, . . . , qk} → Rk

D

Ramsey’s Theorem

• For any m, k
• There exists n = g(m, k) such that

Getting Rid of Ids

c : Q = {q1, . . . , qk} → Rk

D

Ramsey’s Theorem

• For any m, k
• There exists n = g(m, k) such that
• There exists a m-subset S of the n procs such that

Getting Rid of Ids

c : Q = {q1, . . . , qk} → Rk

D

Ramsey’s Theorem

• For any m, k
• There exists n = g(m, k) such that
• There exists a m-subset S of the n procs such that
• Every k-subset of S has the same color

Getting Rid of Ids

c : Q = {q1, . . . , qk} → Rk

D

Ramsey’s Theorem

• For any m, k
• There exists n = g(m, k) such that
• There exists a m-subset S of the n procs such that
• Every k-subset of S has the same color

Intuitively

For any q ∈ S,

• For failure pattern with k correct procs and initial crashes
• F.d output at q depends only on the rank of its id

Failure Detector Specification

A failure detector D

• Outputs symbols in some range RD
• Is defined with respect to failure patterns

Failure Pattern

p1 p2 p3 p4 x x x

Failure Pattern

p1 p2 p3 p4 x x x

F : N → 2{p1,...,pn}

Failure Detector Specification

For each failure pattern, D defines which outputs are valid

• History : H(p, t) is the output at process p at time t
• D(F) = valid histories for failure pattern F

Failure Detector Equivalence

Failure detectors D and D′ are equivalent ⇐ ⇒ There exist two asynchronous, crash-resilient protocols

• TD→D′ that emulates D′ using D
• TD′→D that emulates D using D′