1. Eran Bergman & Eddie Bortnikov, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 1 Principles of Reliable Distributed Systems Recitation 1: Introduction Spring 2007 Alex Shraer

2. Eran Bergman & Eddie Bortnikov, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 2 Last on 046272 Models –Synchronous and Asynchronous –Failure models (a little…) Specifications –Liveness and Safety The Coordinated Attack Problem Note: The proofs on the board are included in the course’s material –Yes, you should know them for the exam

3. Eran Bergman & Eddie Bortnikov, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 3 Safety and Liveness The properties are verifiable on an execution’s trace Safety = a property always happens –Closed under all prefixes Liveness = a property eventually happens

4. Eran Bergman & Eddie Bortnikov, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 4 Safety and Liveness A safety property cannot be “fixed” after it is violated. You can always extend a trace to satisfy a liveness property. finite refutation: if every counter-example trace for a property p has a finite prefix in which p does not hold, then p is safety. On the other hand, you can always extend a trace to satisfy a liveness property.

5. Eran Bergman & Eddie Bortnikov, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 5 Safety/Liveness/Both/None? Consider a partial elevator spec: The elevator will not stop in between floors. The elevator may break after the 1 st year of use If someone summons the elevator to some floor: –The elevator will eventually stop. –The elevator reaches that floor no later than 1 minute later

6. Eran Bergman & Eddie Bortnikov, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 6 Safety/Liveness/Both/None? ראש השנה חל בדיוק פעם אחת בשנה. היועץ המשפטי יוכל להתמנות לתפקיד שופט. נהג שצבר שלוש עבירות תנועה לא ינהג לפני שיעבור קורס נהיגה מונעת. אף תהליך לא יכול להשתמש ב CPU במשך זמן אינסופי. כל קריאה לפונקציה חוזרת. המשטרה תפנה את הצומת החסום, אבל זה ייקח לה לפחות חצי שעה. המשטרה תפנה את הצומת החסום תוך חצי שעה לכל היותר. מספר המנעולים שאחראי הבניין מתקין במהלך השנה הוא לפחות 30.

7. Eran Bergman & Eddie Bortnikov, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 7 Coordinated Attack Let’s attack A B

8. Eran Bergman & Eddie Bortnikov, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 8 The Model: Synchronous with Message Loss Message loss can be detected –Bounded delay, timeouts Message loss is unbounded –In some runs, all the messages are lost

9. Eran Bergman & Eddie Bortnikov, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 9 Coordinated Attack Definition (Reminder) Requirements: –both generals must decide the same: either to attack or not to attack –if both are not ready to attack they must not attack –if both are ready to attack and no messages are lost then they must attack Still cannot be achieved!

10. Eran Bergman & Eddie Bortnikov, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 10 Properties of Coordinated Attack Agreement: If both generals decide, they decide the same. Termination: Every general eventually decides. Validity: –If both inputs are “not ready” then no general decides “attack” –if both inputs are “ready” and every message sent is delivered then no general decides “no-attack”.

11. Eran Bergman & Eddie Bortnikov, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 11 What happens if? (cont’d) Weak Termination: If there are no message losses, then all processes eventually decide. We want an algorithm that solves the problem where Agreement, Weak Termination and Validity are required.

12. Eran Bergman & Eddie Bortnikov, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 12 What happens if? (cont’d) Unanimous Termination: If any process decides, then all processes eventually decide. We want an algorithm that solves the problem where Agreement, Weak Termination, Unanimous Termination and Validity are required. Homework

13. Eran Bergman & Eddie Bortnikov, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 13 Where’s the difference? Why couldn’t we use the proof from class when only Weak Termination was used?

14. Eran Bergman & Eddie Bortnikov, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 14 Stronger Models Bounded loss rate – take 1 –At most, 10 messages are lost on each channel (from general A to general B and vice versa). Is it enough?

15. Eran Bergman & Eddie Bortnikov, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 15 Interfaces (Reminder) There are two generals A, B. Each has an input inp A, inp B  {“ready”, “not ready”} Possible actions for Q  {A, B}: –Decide Q (v), v  {“attack”, “no attack”} (Output) –Send Q (m), m  {“yes”, “no”} (Output) –Deliver Q (m) (Input)

16. Eran Bergman & Eddie Bortnikov, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 16 Suggested Algorithm Each general performs the following: –Repeat 11 times: Send(inp) –Upon Deliver(m) Decide(this.inp & m.inp) Or any deterministic rule that matches validity –halt.

17. Eran Bergman & Eddie Bortnikov, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 17 To Summarize The exact model assumptions and the exact problem specification are critical –Minor changes in either lead to different results.