Committed:Effects are installed to the database. Aborted:Does not execute to completion and any partial effects on database are erased. Consistent state:

Slides:



Advertisements
Similar presentations
6.852: Distributed Algorithms Spring, 2008 Class 7.
Advertisements

(c) Oded Shmueli Distributed Recovery, Lecture 7 (BHG, Chap.7)
CS 603 Handling Failure in Commit February 20, 2002.
DISTRIBUTED SYSTEMS II FAULT-TOLERANT AGREEMENT Prof Philippas Tsigas Distributed Computing and Systems Research Group.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Fault Tolerance in Distributed Systems.
1 ICS 214B: Transaction Processing and Distributed Data Management Lecture 12: Three-Phase Commits (3PC) Professor Chen Li.
Exercises for Chapter 17: Distributed Transactions
CIS 720 Concurrency Control. Timestamp-based concurrency control Assign a timestamp ts(T) to each transaction T. Each data item x has two timestamps:
ICS 421 Spring 2010 Distributed Transactions Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii at Manoa 3/16/20101Lipyeow.
Distributed Transaction Processing Some of the slides have been borrowed from courses taught at Stanford, Berkeley, Washington, and earlier version of.
Termination and Recovery MESSAGES RECEIVED SITE 1SITE 2SITE 3SITE 4 initial state committablenon Round 1(1)CNNN-NNNN Round 2FAILED(1)-CNNN--NNN Round 3FAILED.
Systems of Distributed Systems Module 2 -Distributed algorithms Teaching unit 3 – Advanced algorithms Ernesto Damiani University of Bozen Lesson 6 – Two.
CS 582 / CMPE 481 Distributed Systems
Computer Science Lecture 17, page 1 CS677: Distributed OS Last Class: Fault Tolerance Basic concepts and failure models Failure masking using redundancy.
Non-blocking Atomic Commitment Aaron Kaminsky Presenting Chapter 6 of Distributed Systems, 2nd edition, 1993, ed. Mullender.
Distributed DBMSPage © 1998 M. Tamer Özsu & Patrick Valduriez Outline Introduction Background Distributed DBMS Architecture Distributed Database.
1 Distributed Databases CS347 Lecture 16 June 6, 2001.
Distributed DBMSPage © 1998 M. Tamer Özsu & Patrick Valduriez Outline Introduction Background Distributed DBMS Architecture Distributed Database.
1 CS 194: Distributed Systems Distributed Commit, Recovery Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering.
CS 603 Three-Phase Commit February 22, Centralized vs. Decentralized Protocols What if we don’t want a coordinator? Decentralized: –Each site broadcasts.
©Silberschatz, Korth and Sudarshan19.1Database System Concepts Distributed Transactions Transaction may access data at several sites. Each site has a local.
1 More on Distributed Coordination. 2 Who’s in charge? Let’s have an Election. Many algorithms require a coordinator. What happens when the coordinator.
Failure and Availibility DS Lecture # 12. Optimistic Replication Let everyone make changes –Only 3 % transactions ever abort Make changes, send updates.
1 ICS 214B: Transaction Processing and Distributed Data Management Distributed Database Systems.
Distributed Commit. Example Consider a chain of stores and suppose a manager – wants to query all the stores, – find the inventory of toothbrushes at.
Distributed process management: Distributed deadlock
CMPT Dr. Alexandra Fedorova Lecture XI: Distributed Transactions.
Commit Protocols. CS5204 – Operating Systems2 Fault Tolerance Causes of failure: process failure machine failure network failure Goals : transparent:
Distributed Commit Dr. Yingwu Zhu. Failures in a distributed system Consistency requires agreement among multiple servers – Is transaction X committed?
CS162 Section Lecture 10 Slides based from Lecture and
Distributed Consensus Reaching agreement is a fundamental problem in distributed computing. Some examples are Leader election / Mutual Exclusion Commit.
Distributed Transactions March 15, Transactions What is a Distributed Transaction?  A transaction that involves more than one server  Network.
8. Distributed DBMS Reliability
Distributed Txn Management, 2003Lecture 3 / Distributed Transaction Management – 2003 Jyrki Nummenmaa
B. Prabhakaran 1 Fault Tolerance Recovery: bringing back the failed node in step with other nodes in the system. Fault Tolerance: Increase the availability.
Distributed Transactions Chapter 13
Distributed Txn Management, 2003Lecture 4 / Distributed Transaction Management – 2003 Jyrki Nummenmaa
Consensus and Its Impossibility in Asynchronous Systems.
DISTRIBUTED SYSTEMS II FAULT-TOLERANT AGREEMENT Prof Philippas Tsigas Distributed Computing and Systems Research Group.
1 Distributed and Replicated Data Seif Haridi. 2 Distributed and Replicated Data Purpose –Increase performance (parallel processing) –Increase safety.
Distributed Transaction Management, Fall 2002Lecture Distributed Commit Protocols Jyrki Nummenmaa
Fault Tolerance CSCI 4780/6780. Distributed Commit Commit – Making an operation permanent Transactions in databases One phase commit does not work !!!
DISTRIBUTED SYSTEMS II FAULT-TOLERANT AGREEMENT II Prof Philippas Tsigas Distributed Computing and Systems Research Group.
University of Tampere, CS Department Distributed Commit.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved Chapter 8 Fault.
Commit Algorithms Hamid Al-Hamadi CS 5204 November 17, 2009.
Distributed Transactions Chapter – Vidya Satyanarayanan.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved Chapter 8 Fault.
Concurrency Control and Reliable Commit Protocol in Distributed Database Systems Jian Jia Chen 2002/05/09 Real-time and Embedded System Lab., CSIE, National.
Chap 15. Agreement. Problem Processes need to agree on a single bit No link failures A process can fail by crashing (no malicious behavior) Messages take.
Two-Phase Commit Brad Karp UCL Computer Science CS GZ03 / M th October, 2008.
Revisiting failure detectors Some of you asked questions about implementing consensus using S - how does it differ from reaching consensus using P. Here.
Impossibility of Distributed Consensus with One Faulty Process By, Michael J.Fischer Nancy A. Lynch Michael S.Paterson.
Multi-phase Commit Protocols1 Based on slides by Ken Birman, Cornell University.
1 Fault-Tolerant Consensus. 2 Communication Model Complete graph Synchronous, network.
Fault Tolerance Chapter 7. Goal An important goal in distributed systems design is to construct the system in such a way that it can automatically recover.
Distributed DBMSPage © 1998 M. Tamer Özsu & Patrick Valduriez Outline Introduction Background Distributed DBMS Architecture Distributed Database.
Topics in Distributed Databases Database System Implementation CSE 507 Some slides adapted from Navathe et. Al and Silberchatz et. Al.
Unreliable Failure Detectors for Reliable Distributed Systems Tushar Deepak Chandra Sam Toueg Presentation for EECS454 Lawrence Leinweber.
Distributed Systems Lecture 6 Global states and snapshots 1.
Distributed Databases – Advanced Concepts Chapter 25 in Textbook.
Outline Introduction Background Distributed DBMS Architecture
Commit Protocols CS60002: Distributed Systems
Outline Introduction Background Distributed DBMS Architecture
Outline Announcements Fault Tolerance.
Outline Introduction Background Distributed DBMS Architecture
Assignment 5 - Solution Problem 1
Distributed Transactions
Distributed Databases Recovery
CIS 720 Concurrency Control.
Presentation transcript:

Committed:Effects are installed to the database. Aborted:Does not execute to completion and any partial effects on database are erased. Consistent state: Derived state from serial execution. Inconsistency caused by: 1.Concurrently executing transaction. 2.Failures causing partial or incorrect execution of a transaction. Commit protocols: Protocols for directing the successful execution of a simple transaction. Termination protocols: Protocols at operational site to commit/abort an unfinished transaction after a failure.

Distributed Crash Recovery: Centralized Protocols Hierarchical Protocols Linear Protocols Decentralized Protocols Phase: Consists of a message round where all Sites exchange messages. Two Phase Commit Protocol: ARGUS, LOCUS, INGRES Four Phase Commit Protocol: SSD-1 Quorum: Minimum number of sites needed to proceed with an action

Commit/Termination Protocols Two Phase Commit Three Phase Commit Four Phase Commit Linear, Centralized, Hierarchical, Decentralized Protocols Two Phase Commit: Site 1Site 2 1.Trans. arrives. Message to ask for vote is sent to other site(s) Message is recorded. Site votes Y or N (abort) Vote is sent to site 1 2.The vote is received. If vote = Y on both sites, then Commit else Abort Either Commit or Abort based on the decision of site 1

The general may themselves be traitors or send inconsistent information. Byzantine Agreement: Problem of a set of processors to agree on a common value for an object. Processors may fail arbitrarily, die and revive randomly, send messages when they are not supposed to etc. Two generals are situated on adjacent hills and enemy is in the valley in between. Enemy can defeat either general, but not both. To succeed, both generals must agree to either attack or retreat. The generals can communicate via messengers who are subject to capture or getting lost. Byzantine General Problem:

q1q1 w1w1 a1a1 c1c1 c2c2 xact request start xact yes abort yes commit a2a2 no w2w2 q2q2 start xact yes start xact no abort commit Site 1 (co-ordinator) Site 2 (slave) cici aiai wiwi qiqi Figure. The local protocols for the two-phase commit protocol. Figure. The decentralized two-phase commit protocol. xact no i1 no in xact yes i1 yes in … … no 1i | |no ni … yes 1i | |yes ni … Site i (i = 1,2,…n) send receive

cici aiai wiwi qiqi xact i no i xact i yes i … abort i commit i q1q1 a1’a1’c1’c1’ W1’W1’ w1w1 a1a1 C1C1 c2c2 a2a2 q2q2 w2w2 Site 1 (co-ordinator) Site 2 (back-up) request xact 2 act 2 xact 3 xact 4 abort 2 act 2 commit 2 act 2 Site i (i = 3,4) (slave) yes 3 yes 4 commit 2 no 3 |no 4 abort 2 ack 2 commit 3 commit 4 ack 2 abort 3 abort 4 Figure. The SDD-1 four-phase commit protocol.

Protocol: Finite set of states Messages addressed to the site Messages sent by the site Initial state Abort states Commit states Properties: Protocols are non-deterministic: Sites make local decisions. Messages can arrive in any order V V Q Q V Q Q : Q Q

Global State 1.Global state vector containing the states of the local protocols. 2.Outstanding messages in the network. A global state transition occurs whenever a local state transition occurs at a participating site. Exactly one global transition occurs for each local transition.

Global state graph Global state is inconsistent if its state vector contains both a commit & abort state. q 1 q 2 xact req w 1 q 2 start xact w 1 w 2 yes w 1 a 2 no a 1 w 2 abort c 1 w 2 commit a 1 a 2 c 1 c 2

Two states are potentially concurrent if: a reachable global state that contains both local states. Concurrency set of s is set of all local states that are potentially concurrent with it. C(s) C(w 1 ) = { V 2, a 2, w 2 } The sender set for s, S(s) = {t/t sends message m & m  M} where M be the set of messages that are received by s. t is a local state.

Global state Inconsistent if it contains both local commit state local abort state Final state if: all local states are final Terminal state if: an immediately reachable successor state  deadlock Committable state (local) if:  all sites have voted yes on committing the transaction otherwise, non-committable

Definition: Protocol is synchronous within one state transition if: one site never leads another site by more than one state transition. Theorem: Fundamental non-blocking A protocol is non-blocking iff: 1. no local state s C(s) = A (abort) and C (commit) 2. no non-committable state s C(s) = C (commit) Lemma: A protocol that is synchronous within one state transition is non-blocking iff: 1.No local state adjacent to both a commit & an abort state. 2. No non-committable state adjacent to a commit state.

q 1 q 2 xact req w 1 q 2 start xact w 1 w 2 yes w 1 a 2 no a 1 w 2 abort c 1 w 2 commit a 1 a 2 p 1 c 2 (initial state) c 1 c 2 Figure. The reachable global state graph for the protocol of Figure 4.1.

q1q1 w1w1 a1a1 c1c1 c2c2 request xact yes abort yes commit a2a2 p2p2 q2q2 xact yes xact no abort/- Site 1 (co-ordinator) Site 2 (slave) commit ack p1p1 no failure time out Figure. The protocol with failure and timeout transitions obeying rules 1 & 2.

Theorem: There exists no protocol using independent recovery that is resilient to arbitrary failures by two sites. G 0  abort | G 1 | G k-1  site j recovers to abort (only j makes a transition) other sites recover to abort G k  site j recovers to commit | G m  commit Failure of j  recover to commit Failure of any other site  recover to abort Same state exists for other sites First global state

Theorem: There exists no protocol resilient to a network partitioning when messages are lost. Rule 3: Rule 4: Isomorphic to Rule 1: Rule 2: undelivered message ↔ timeout timeout ↔ failure Theorem: Rules 3 & 4 are necessary and sufficient for making protocols resilient to a partition in a two-site protocol. Theorem: There exists no protocol resilient to a multiple partition.

Simple Termination Protocol Message sent by an operational site abort – If trans. state is abort (If in abort) committable – If trans. state is committable (If in p or c) non-committable – If trans. state is neither committable nor abort (If in initial or wait)  If at least one committable message is received, then commit the transaction, else abort it. Not robust Site 1 (committable)  site 2 No message Site 3 (non-committable)  site 2 Site 2 fails Conclusion Site 3 confused

Issue 1OPn. site fails immediately after making a commit decision Issue 2Site does not know the current operational status (i.e., up or down) of other sites. Site 1 Site 2 Site 3 Crash Commuts Committable Noncommittable Site 3 does not know if site 1 was up at beginning. Does not know it got inconsistent messages Resilient protocols require at least two rounds unless no site fails during the execution of the protocol.

Site i (i = 2,3,…n) (slave) cici aiai wiwi qiqi xact i no i xact i yes i … abort i commit i pipi prepare i ack i p1p1 a1a1 q1q1 w1w1 c1c1 ack 2 ack n commit 2 commit n … … … request xact 2 xact 4 … … no 2 | |no n abort 2 abort n … … yes 2 yes n prepare 2 prepare n Site I (co-ordinator) Figure. The central site three-phase commit protocol.

MESSAGES RECEIVED SITE 1SITE 2SITE 3SITE 4SITE5 initial state Commit- able non Round 1(1)CNNNN-NNNN Round 2FAILED(1)-CNNN--NNN Round 3FAILED (1)--CNN---NN Round 4FAILED (1)---CN Round 5FAILED ----C NOTE: (1) site fails after sending a single message. Figure. Worst case execution of the resilient transition Protocol.

First message round: Type of transaction stateMessage sent Final abort stateabort Committable statecommittable All other statesnon-committable Second and subsequent rounds: Message received from previous roundMessage sent One or more abort messagesabort One or more committable messagescommittable All non-committable messagesnon-committable (a) Summary of rules for sending messages. The transactions is terminated if: ConditionFinal state Receipt of a single abort messageabort Receipt of all committable messagescommit 2 successive rounds of messages where all messages are non-committable abort (b) Summary of commit and termination rules. Figure. Summary of the resilient decentralized termination protocol.

First Message round: Trans. stateMessage Sent abort committable othersnon-committable Second and subsequent rounds: Message from previous round: Message sent abort committable all non-committablenon-commitable Trans. is terminated if: abort  abort all committable  commit 2 successive rounds of  abort non-committable (no site failure)

Commit Rule: A transaction is committed at a site only after the receipt of a round consisting entirely of committable messages Termination Rule: If a site ever receives two successive rounds of non-committable messages and it detects no site failures between rounds, it can safely abort the transaction. Lemma: N i (r+1)  N i (r) Set of sites sending non-committables to site i during round r. Lemma: If N i (r+1) = N i (r), then all messages received by site i during r + r + 1 were non-committable messages.

Recovery Protocols: Protocols at failed site to complete all Transactions outstanding at the time of failure Classes of failures: 1.Site failure 2.Lost messages 3.Network partitioning 4.Byzantine failures Effects of failures: 1.Inconsistent database 2.Transaction processing is blocked. 3.Failed component unavailable.

Independent Recovery: A recovering site makes a transition directly to a final state without communicating with other sites. Lemma: For a protocol, if a local state’s concurrency set contains both an abort and commit, it is not resilient to an arbitrary failure of a single site. Rule 1: s: Intermediate state If C(s) contains a commit  failure transition from s to commit otherwise failure transition from s to abort s i  commit because other site may be in abort s i  abort because other site may be in commit cannot

Rule 2: For each intermediate state s i : if t j in s(s i ) & t j has a failure transition to a commit (abort), then assign a timeout transition from s i to a commit (abort). Theorem: Rules 1 and 2 are sufficient for designing protocols resilient to a single site failure. p: consistent p’: p + Failure + Timeout Transition s 2 = f 2  f 2  C(s i ) s i in s(s 2 ) f 2 ← inconsistent  s 1 f 1 site 1 fails