local tolerance to unbounded byzantine faults
DESCRIPTION
Mikhail Nesterenko Kent State University. Anish Arora Ohio State University. Local Tolerance to Unbounded Byzantine Faults. faulty. affected. localize tolerance to unbounded complex faults. Tolerating Faults in System of Large Scale. - PowerPoint PPT PresentationTRANSCRIPT
Anish Arora
Ohio State University
Mikhail Nesterenko
Kent State University
Local Tolerance to Unbounded
Byzantine Faults
• large system size presents uniquechallenges to ensuring dependability: faults occur often multiple regions can be
affected by faults faults may interact unpredictably
faults can be spatially/temporally unbounded & complex
• how to tolerate such faults?
affected
faulty
localize tolerance to unbounded complex faults
Tolerating Faults in System of Large Scale
• execution model asynchronous interleaving communication via shared registers
examples graph coloring – color (assign numbers)
vertices of a graph so that colors of adjacent onse do not match if graph has degree d, can always color
in d+1 colors
• routing – assign parent to each process such that there is a path from each process to the sink (destination)
Execution model & Example problems
1 2 3 4 5
sink
Outline
• fault containment & tolerance strict fault containment strict fault tolerance
– strict stabilization
• examples of strictly fault tolerant programs graph coloring dining philosophers routing
• limits of strict fault containment
• critique and further directions
Spatial Fault Hierarchy
• bounded faults – processes outside certain locality of a fault perform correctly (according to specification)
• unbounded faults – process performs correctly in spite of faults outside its locality
• unbounded Byzantine faults - each process behaves correctly regardless of actions outside its locality
if a program is tolerant to unbounded Byzantine faults, it is also tolerant to bounded and unbounded faults of any fault class
Containment of Unbounded Faults
• Proposition 4. P is strictly fault containing if there exists a constant l such that for each process p there exists and invariant I.p which is closed with respect to Byzantine actions of processes whose distance to p is greater than l
• what is the form of this invariant?
• can it include variables outside locality?
• can you always come up with an invariant of this form?
• What does it mean for an individual process to perform correctly?
• What if faults occur inside the containment locality?
Tolerance Inside Locality
• can achieve additional tolerance two process specifications
– ideal (no faults)
– tolerant (faults of some class present)
• example – safety is never violated which spec do processes outside fault locality satisfy?
Strict Stabilization• stabilization – special case of tolerant
spec – eventual satisfaction of ideal spec when (transient) faults stop occurring
• strict stabilization – process p eventuallysatisfies ideal spec regardless of behaviorof processes outside its locality what is the difference between traditional stabilization and strict stabilization? is strict containment required for strict stabilization?
• more formally:
Vertex Coloring Program (PVC)
• Lemma 2. when node has a neighbor with matchingcolor it can select a new color without affecting any of its neighbors
• Invariant:
• Theorem 1. PVC is strictly fault-containing and strictly stabilizing(with locality of 1)
nodes that may recolor following Byzantine
Byzantine node
Dining Philosophers Problem (DP) [D72]
• graph of processes, each may request to eat
• properties no two neighbors
eat together each requesting process
eats eventually
thinking (T)
hungry (H)
eating (E)
cycle of requesting process
DP: Fault-Free Operation [CM84]
actions:
• if thinking, needs to eat & all parents thinking
become hungry
• if hungry & no neighbors eating
eat
• when finished think & become child ofeach neighbor
b eats &gives upprivilege
aT H T
b c
Ta
T Eb c
aT T T
b c
aE T E
b c a & c eat
aT T T
b cexecutes
Dining Philosophers Program (PDP)
• a hungry faulty process may block immediate thinking neighbors
• an eating faulty process may block hungry neighbors and their thinking neighbors
H
E
T
TT
H
E T
ET
H
H
Dining Philosophers Program (PDP)
Lemma 4. non-Byzantine eating process eventually thinks
Lemma 5. a hungry process whose immediate neighborhood is not Byzantine eventually eats
Lemma 6. If a Byzantine process is at least 2 hops away a thinking process eventually becomes hungry
Invariant
Theorem 2. PDP is strictly fault-containing and strictly stabilizing(with locality of 2)
Limits of Containment
Theorem 3. the containment radius of a solution to an r-restrictive problem is at least r
• graph coloring and dining-philosophers are 1-restrictive
• routing is restrictive for arbitrary r
σ is in p’s specs1
s2
s1 and s2 differ in values of a process at least r away from p
Critique and Further Research
• interesting and useful examples of strict containment
geometric spanners, spanners of fixed degree
low-atomicity dining-philosophers
??
• better bounds on containment
r-restriction is obvious but too crude a bound for containment
some non-containing problems appear “almost” the same as containing
example:
• maximal independent set – 1-containing
• maximal independent set with distance of at most 2 – not containing for any l