Anish Arora
Ohio State University
Mikhail Nesterenko
Kent State University
Local Tolerance to Unbounded
Byzantine Faults
• large system size presents uniquechallenges to ensuring dependability: faults occur often multiple regions can be
affected by faults faults may interact unpredictably
faults can be spatially/temporally unbounded & complex
• how to tolerate such faults?
affected
faulty
localize tolerance to unbounded complex faults
Tolerating Faults in System of Large Scale
• execution model asynchronous interleaving communication via shared registers
examples graph coloring – color (assign numbers)
vertices of a graph so that colors of adjacent onse do not match if graph has degree d, can always color
in d+1 colors
• routing – assign parent to each process such that there is a path from each process to the sink (destination)
Execution model & Example problems
1 2 3 4 5
sink
Outline
• fault containment & tolerance strict fault containment strict fault tolerance
– strict stabilization
• examples of strictly fault tolerant programs graph coloring dining philosophers routing
• limits of strict fault containment
• critique and further directions
Spatial Fault Hierarchy
• bounded faults – processes outside certain locality of a fault perform correctly (according to specification)
• unbounded faults – process performs correctly in spite of faults outside its locality
• unbounded Byzantine faults - each process behaves correctly regardless of actions outside its locality
if a program is tolerant to unbounded Byzantine faults, it is also tolerant to bounded and unbounded faults of any fault class
Containment of Unbounded Faults
• Proposition 4. P is strictly fault containing if there exists a constant l such that for each process p there exists and invariant I.p which is closed with respect to Byzantine actions of processes whose distance to p is greater than l
• what is the form of this invariant?
• can it include variables outside locality?
• can you always come up with an invariant of this form?
• What does it mean for an individual process to perform correctly?
• What if faults occur inside the containment locality?
Tolerance Inside Locality
• can achieve additional tolerance two process specifications
– ideal (no faults)
– tolerant (faults of some class present)
• example – safety is never violated which spec do processes outside fault locality satisfy?
Strict Stabilization• stabilization – special case of tolerant
spec – eventual satisfaction of ideal spec when (transient) faults stop occurring
• strict stabilization – process p eventuallysatisfies ideal spec regardless of behaviorof processes outside its locality what is the difference between traditional stabilization and strict stabilization? is strict containment required for strict stabilization?
• more formally:
Vertex Coloring Program (PVC)
• Lemma 2. when node has a neighbor with matchingcolor it can select a new color without affecting any of its neighbors
• Invariant:
• Theorem 1. PVC is strictly fault-containing and strictly stabilizing(with locality of 1)
nodes that may recolor following Byzantine
Byzantine node
Dining Philosophers Problem (DP) [D72]
• graph of processes, each may request to eat
• properties no two neighbors
eat together each requesting process
eats eventually
thinking (T)
hungry (H)
eating (E)
cycle of requesting process
DP: Fault-Free Operation [CM84]
actions:
• if thinking, needs to eat & all parents thinking
become hungry
• if hungry & no neighbors eating
eat
• when finished think & become child ofeach neighbor
b eats &gives upprivilege
aT H T
b c
Ta
T Eb c
aT T T
b c
aE T E
b c a & c eat
aT T T
b cexecutes
Dining Philosophers Program (PDP)
• a hungry faulty process may block immediate thinking neighbors
• an eating faulty process may block hungry neighbors and their thinking neighbors
H
E
T
TT
H
E T
ET
H
H
Dining Philosophers Program (PDP)
Lemma 4. non-Byzantine eating process eventually thinks
Lemma 5. a hungry process whose immediate neighborhood is not Byzantine eventually eats
Lemma 6. If a Byzantine process is at least 2 hops away a thinking process eventually becomes hungry
Invariant
Theorem 2. PDP is strictly fault-containing and strictly stabilizing(with locality of 2)
Limits of Containment
Theorem 3. the containment radius of a solution to an r-restrictive problem is at least r
• graph coloring and dining-philosophers are 1-restrictive
• routing is restrictive for arbitrary r
σ is in p’s specs1
s2
s1 and s2 differ in values of a process at least r away from p
Critique and Further Research
• interesting and useful examples of strict containment
geometric spanners, spanners of fixed degree
low-atomicity dining-philosophers
??
• better bounds on containment
r-restriction is obvious but too crude a bound for containment
some non-containing problems appear “almost” the same as containing
example:
• maximal independent set – 1-containing
• maximal independent set with distance of at most 2 – not containing for any l
