Booting Clock Synchronization in Φ-Model for System Stability
Explore the essential concepts of the Φ-Model and its benefits in system engineering, algorithms, and synchronization methods. Discover how this model improves fault detection and agreement problems while ensuring system accuracy and synchronization.
Booting Clock Synchronization in Φ-Model for System Stability
E N D
Presentation Transcript
The - Model, and how toBoot Clock Synchronization in it Josef WidderEmbedded Computing Systems Groupwidder@ecs.tuwien.ac.atINRIA Rocquencourt, February 10, 2004 Booting Clock Synchronization
Good System Engineering Algorithms proven correctly in CompMod Computational Model today System Model Communication Layer Hardware Booting Clock Synchronization
Roadmap • Basic Concepts of the - Model • Why do we need a new timing model ? • System Model / Computational Model • Solution to a Specific Problem • Booting Clock Synchronization Booting Clock Synchronization
Motivation for the - Model • Weaker models improve coverage • Time(r) free models are weaker than timed ones • Model must be sufficiently strong to solve agreement problems (uniform consensus) Booting Clock Synchronization
Behavior described with • Networks have upper and lower bounds on message transmission (derived from scheduling analysis) • BUT: during high load periods, no message is transmitted with lower bound duration (vice versa) • There exists an relation of fast and slow transmission times Booting Clock Synchronization
Described Behavior (rough sketch) t Booting Clock Synchronization
System Model m ... end-to-end comp. + transmission delay +(t) ... longest delay of all messages in transit at time t -(t) ... shortest delay of all messages in transit at time t > +(t) / -(t) at any time t Booting Clock Synchronization
System Model Booting Clock Synchronization
Comparison to other PartSync Models • - Model has no upper bound of message delays • upper bound is replaced by delay ratio • - Model is sufficiently strong to detect failures without HW Clocks [Le Lann, Schmid 03] Booting Clock Synchronization
HW Timers / Watchdogs do not help in detecting faults r p q A priori knowledge > 2 Booting Clock Synchronization
Computational Model Comp. + transmission end-to-end delay 0 < - + < uncertainty = +- - uncertainty ratio = +/ - Booting Clock Synchronization
Equivalence SysMod & CompMod have the same computational power Analysis of time(r) free algorithms in CompMod Results apply for the SysMod Implementation of perfect failure detector in the - Model [Le Lann, Schmid 2003] Booting Clock Synchronization
Algorithms - A Solution to a Special Problem • Clock Synchronization in the - Model • Time(r) free booting • How to prove properties in the - Model Booting Clock Synchronization
Why Considering Booting ? • f out of n processes Byzantine faulty • booting independently at arbitrary times initially n faulty (not booted) processes f < n / 3 bound cannot always be assumed message loss Booting Clock Synchronization
How to cope with booting ? • Synchronous (lock-step) Systems simultaneous start assumption • Semi-Synchronous (timed) Systems booting time assumption + local timeouts • Partially Synchronous (and Asynchronous) no local timing information: What to do ? Booting Clock Synchronization
Booting Model Processes boot independently at unpredictable times Messages that reach down processes are lost Byzantine processes may always be up passive / active processes; only active ones have to guarantee clock sync Booting Clock Synchronization
Clock Synchronization Original Usage of algorithm [Srikanth & Toueg 87] Booting Clock Synchronization
Clock Sync in Partial Synchrony Integer Valued Clocks Booting Clock Synchronization
Booting Clock Synchronization • n > 3f processes required for CS in the presence of f Byzantine faults [DHS 86] • trivial solution: • send out (join) after booting • answer (join) msgs from others • when received msgs from 3f+1 processes, sufficiently many correct processes are up • BUT: requires n > 4f processes for liveness Booting Clock Synchronization
Weaken Properties during Booting • Precision is always guaranteed • Accuracy (progress) only when n–f correct processes are up Booting Clock Synchronization
The Algorithm 0 VAR k := 0; 1 if received (init, k) from f+1 p's 2 send (echo, k) to all; 3 if received (echo, k) from f+1 p's 4 send (echo, k) to all; 5 if received (echo, k) from 2f+1 p's 6 k := k + 1; 7 send (init, k) to all; 8 if received (echo, j) from f+1 p's where j > k+1 9 k := j–1; 10 send (echo, k) to all; Booting Clock Synchronization
Precision • DMCB = ½ + 5/2 … for any n Booting Clock Synchronization
How is precision achieved ? • Progress requires 2f +1 messages • that are f +1 sent by correct processes • these messages are received by all processes • sufficient to keep clock values close together • Precision achieved by active correct processes • passive until sufficient evidence for precision Booting Clock Synchronization
How progress comes into system • after booting send (join) message • join message is (echo, 0) • already booted processes answer (join) • with clock value … (echo, k) • until 2f+1 processes are up all correct ones wait with clock value 0 Booting Clock Synchronization
How progress comes into system (cont.) • f +1 correct processes are always within 2 rounds • f +1 correct p’s always send (init, k) • as answers from the 2 maximum rounds return • go to good clock value • after n-f correct p’s are up progress • change to active after reception of f+1(init, l) msgs Booting Clock Synchronization
Results • Bounded Precision Dmax during whole operation • if less than n-f processes up: no progress • more than n-f progress possible • if all (at least n-f) correct processes up: • progress within constant time ( 6+) • then all corr. p’s with good precision DMCB Booting Clock Synchronization
What have we seen today ? • - Model (SysMod & CompMod) • How properties are proven (precision) • Solution to the importent problem of booting in time(r) free systems Booting Clock Synchronization
Thanks ! Booting Clock Synchronization
