impossibility of consensus in asynchronous systems (flp) ali ghodsi – uc berkeley / kth...
TRANSCRIPT
![Page 1: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/1.jpg)
Impossibility of Consensus in Asynchronous Systems (FLP)Ali Ghodsi – UC Berkeley / KTH
alig(at)cs.berkeley.edu
![Page 2: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/2.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 2
Modified Model
A correct node can always make a “dummy” transition For state s of a node, there exists a transition ss There exists always an applicable event on every
process
There are no inbufs/outbufs, There is one set of messages M, i.e. “network cloud” Message consists of <sender, payload, destination> Messages are unique
![Page 3: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/3.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 3
Configurations
Each configuration contains the state of each node, and The set of messages in the network, M
Initial config is a config where M is empty and all nodes are in initial state
Configuration
< p1_state,
p2_state,
p3_state,
{m1, m2} >
![Page 4: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/4.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 4
Events, Applicable, Executions… An event <p,m> is the receipt of
message m After the receipt of m, node p
deterministically updates its state (transition function) and puts sent messages in M
<p,m> applicable in config C iff m is in C.M
Execution is a sequence of configurations An applicable event is applied between
configs
![Page 5: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/5.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 5
Intuition behind model
receive <tok, y> from qfor x:=1 to 3 dobegin
y:=y+1;send <tok, y> neighp[x];
endreceive <tok, z> from q;print z+y
Receipt event e
Initial state of p
State of p after receipt of e
Deterministic transition: update state, send
messages
Receipt event f
Deterministic transition
State of p after receipt of f
![Page 6: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/6.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 6
Consensus Correctness (weak) A 1-crash-robust consensus satisfies:
Termination All correct nodes eventually decide
Agreement In every config, decided nodes have decided same value (0
or 1)
Non-triviality (weak validity) There exists one possible input config with outcome decision
0, and There exists one possible input config with outcome decision
1 Example, maybe input “0,0,1”->0 while “0,1,1”->1 Validity implies non-triviality (”0,0,0” must be 0 and ”1,1,1” must
be 1)
![Page 7: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/7.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 7
Definitions
0-decided configuration A configuration with decide ”0” on some process
1-decided configuration A configuration with decide ”1” on some process
0-valent configuration A config in which every reachable decided configuration is a 0-
decide
1-valent configuration A config in which every reachable decided configuration is a 1-
decide
Bivalent configuration A configuration which can reach a 0-decided and 1-decided
configuration
![Page 8: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/8.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 8
Definitions Illustrated 1(4)
0-decided configuration A configuration with decide ”0” on some
process0-decided configuration
{ STATE2,
STATE,5
DECIDE-0,
STATE7
{msg1, msg2}
}
At least of them is in
state DECIDE-0msg1
msg
2
P1 state2
P2 state5
P4 state7
P3 decide0
![Page 9: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/9.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 9
Definitions Illustrated 2(4) 0-valent configuration
No 1-decided configurations are reachable Future determined, means ”everyone will decide 0”
0- valent configuration
{ P1_state,
P2_state,
P3_state,
P4_state,
{msg1}
}
0-valent configuration
{ P1_state,
P2_state2,
P3_state,
P4_state,
{msg1}
}
0-valent configuration
{ decide-0,
P2_state,
P3_state,
P4_state,
{msg1, msg2}
}
0-valent configuration
{ decide-0,
P2_state2,
P3_state2,
P4_state,
{msg1, msg2}
}
0-valent configuration
{ decide-0,
P2_state,
P3_state,
decide-0,
{ msg2}
}
0-valent configuration
{ decide-0,
P2_state2,
P3_state2,
decide-0,
{ msg2}
}
0-valent configuration
{ decide-0,
P2_state,
decide-0,
P4_state,
{msg1, msg2}
}
0-valent configuration
{ decide-0,
P2_state3,
P3_state,
decide-0,
{}
}
![Page 10: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/10.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 10
Definitions Illustrated 3(4) 1-valent configuration
No 0-decided configurations are reachable Future determined, means ”everyone will decide 1”
1- valent configuration
{ P1_state,
P2_state,
P3_state,
P4_state,
{msg1}
}
1-valent configuration
{ P1_state,
P2_state2,
P3_state,
P4_state,
{msg1}
}
1-valent configuration
{ decide-1,
P2_state,
P3_state,
P4_state,
{msg1, msg2}
}
1-valent configuration
{ decide-1,
P2_state,
P3_state,
decide-1,
{ msg2}
}
1-valent configuration
{ decide-1,
P2_state2,
P3_state2,
decide-1,
{ msg2}
}
1-valent configuration
{ decide-1,
P2_state,
decide-1,
P4_state,
{msg1, msg2}
}
1-valent configuration
{ decide-1,
P2_state3,
P3_state,
decide-1,
{}
}
1-valent configuration
{ decide-1,
P2_state2,
P3_state2,
P4_state,
{msg1, msg2}
}
![Page 11: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/11.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 11
Definitions Illustrated 4(4) Bivalent configuration
Both 0 and 1-decided configurations are reachable Future undetermined, could go either way…
Bivalent config.
{ P1_state,
P2_state,
P3_state,
P4_state,
{msg1}
}
0-valent config.
{ P1_state,
P2_state2,
P3_state,
P4_state,
{msg1}
}
1-valent config.
{ decide-1,
P2_state5,
P3_state6,
P4_state5,
{msg1, msg3}
}
0-valent config.
{ decide-0,
P2_state2,
P3_state2,
P4_state,
{msg1, msg2}
}
1-valent config.
{ decide-1,
P2_state5,
P3_state6,
decide-1,
{ msg2}
}
0-valent config.
{ decide-0,
P2_state2,
P3_state2,
decide-0,
{ msg2}
}
0-valent config.
{ decide-0,
P2_state,
decide-0,
P4_state,
{msg1, msg2}
}
1-valent config.
{ decide-1,
P2_state9,
P3_state6,
decide-1,
{}
}
![Page 12: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/12.jpg)
FLP Impossibility Without Proofs
![Page 13: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/13.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 13
Bivalent Initial Configuration
Initial Bivalency Lemma (Lemma 1)
Any algorithm that solves the 1-crash consensus has an initial bivalent configuration
![Page 14: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/14.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 14
Main lemma: Staying Bivalent
Bivalency Preservation Lemma (Lemma 2) Given any bivalent config and any event e
applicable in There exists a reachable config where e is
applicable, and e() is bivalent
Bivalent …e
Bivalent …
e
…
…
eBivalent
Lemma 2 Illustration
(= possible)
![Page 15: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/15.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 15
FLP Impossibility Theorem
No deterministic 1-crash-robust consensus algorithm exists for the asynchronous model
Proof1. Start in a initial bivalent config (Lemma 1)2. Given the bivalent config, pick the event e that has
been applicable longest Pick the path taking us to another config
where e is applicable (might be empty) Apply e, and get a bivalent config (Lemma 2)
3. Repeat 2.
Termination violated
![Page 16: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/16.jpg)
FLP Impossibility Proofs
![Page 17: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/17.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 17
Bivalent Initial Configuration
Initial Bivalency Lemma (Lemma 1)
Any algorithm that solves the 1-crash consensus has an initial bivalent configuration
![Page 18: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/18.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 18
Proof 1/(10)
We know that the algorithm must be non-trivial There should be some initial configuration
that will lead to a 0-decide There should be some initial configuration
that will lead to a 1-decide
Take two such configuration i1 and i2 E.g. 4 processes
initial values (0,1,0,1,1) lead to 1 Initial values (0,0,1,0,0) lead to 0
![Page 19: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/19.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 19
Proof 2/(10)
We know there exists inputsp1, p2, p3, p4, p5
(0,1,0,1,1) leading to 1
(0,0,1,0,0) leading to 0
Lets look at other initial configurations by flipping the inputs
transforming the upper input to the lower input
![Page 20: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/20.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 20
Proof 3/(10)
We know there exists inputsp1, p2, p3, p4, p5
(0,1,0,1,1) leading to 1 (0,0,0,1,1) leading to ?
(0,0,1,0,0) leading to 0
Lets look at other initial configurations by
flipping the inputs transforming the upper
input to the lower input
![Page 21: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/21.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 21
Proof 4/(10)
We know there exists inputsp1, p2, p3, p4, p5
(0,1,0,1,1) leading to 1 (0,0,0,1,1) leading to ? (0,0,1,1,1) leading to ?
(0,0,1,0,0) leading to 0
Lets look at other initial configurations by
flipping the inputs transforming the upper
input to the lower input
![Page 22: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/22.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 22
Proof 5/(10)
We know there exists inputsp1, p2, p3, p4, p5
(0,1,0,1,1) leading to 1 (0,0,0,1,1) leading to ? (0,0,1,1,1) leading to ? (0,0,1,0,1) leading to ? (0,0,1,0,0) leading to 0
Lets look at other initial configurations by
flipping the inputs transforming the upper
input to the lower input
![Page 23: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/23.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 23
Proof 6/(10)
We know there exists inputsp1, p2, p3, p4, p5
(0,1,0,1,1) leading to 1 (0,0,0,1,1) leading to ? (0,0,1,1,1) leading to ? (0,0,1,0,1) leading to ? (0,0,1,0,0) leading to 0
There must exist two neighboring
configurations here, with two
different outcomes
Lets look at other initial configurations by
flipping the inputs transforming the upper
input to the lower input
![Page 24: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/24.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 24
Proof 7/(10)
We know there exists inputsp1, p2, p3, p4, p5
(0,1,0,1,1) leading to 1 (0,0,0,1,1) leading to 1 (0,0,1,1,1) leading to 1 (0,0,1,0,1) leading to 0 (0,0,1,0,0) leading to 0
Assume the following two
Lets look at other initial configurations by flipping the inputs
![Page 25: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/25.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 25
Proof 8/(10)
We know there exists inputsp1, p2, p3, p4, p5
(0,1,0,1,1) leading to 1 (0,0,0,1,1) leading to 1 (0,0,1,1,1) leading to 1 (0,0,1,0,1) leading to 0 (0,0,1,0,0) leading to 0
Assume the following two
Identical configurations except for
process p4
![Page 26: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/26.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 26
Proof 9/(10)
We know there exists inputsp1, p2, p3, p4, p5
(0,0,1,1,1) leading to 1 (0,0,1,0,1) leading to 0
The consensus algorithm should tolerate if p4 crashes! (0,0,1,X,1), leads to ? (either 0 or 1)
Assume the following two
![Page 27: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/27.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 27
Proof 10/(10)
We know there exists inputs p1, p2, p3, p4, p5
(0,0,1,1,1) leading to 1 (0,0,1,0,1) leading to 0
The consensus algorithm should tolerate if p4 crashes! (0,0,1,X,1), leads to ? (either 0 or 1)
If it leads to 1, then depending on whether p4 crashes or not (0,0,1,0,1) either leads to 0 or 1 (bivalent)
If it leads to 0, then depending on whether p4 crashes or not(0,0,1,1,1) either leads to 0 or 1 (bivalent)
Assume the following two
![Page 28: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/28.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 28
Initial Bivalence
Intuition Given any algorithm, we can find some start state, that
depending on the failure of one process, will either lead to a 0-decide or a 1-decide
Bivalent Initial Config
{ P1_state,
P2_state,
P3_state,
P4_state,
{msg1}
}
1-valent configuration
{ P1_state,
P2_state2,
P3_state,
P4_state,
{msg1}
}
0-valent configuration
{ P1_state,
P2_state,
P3_state,
P4_state,
{msg1, msg2}
}
1-valent configuration
{ decide-1,
P2_state2,
P3_state2,
P4_state,
{msg1, msg2}
}
0-valent configuration
{ decide-0,
P2_state,
P3_state,
P4_state,
{ msg2}
}
1-valent configuration
{ P1_state,
P2_state,
decide-1,
P4_state,
{msg1, msg2}
}
0-valent configuration
{ decide-0,
decide-0,
P3_state,
decide-0,
{}
}
![Page 29: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/29.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 29
Order of events
Intuition The order in which two applicable events are
executed is not important!
Order Theorem Let ep and eq be two events on two different
nodes p and q which are both applicable in config C, then ep can be applied to eq(C), eq can be applied to ep(C), and ep(eq(C)) = eq(ep(C) ).
![Page 30: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/30.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 30
Definitions
A schedule is a sequence of events <e1, e2,…,ek>
A schedule =<e1, e2,…,ek> is applicable in config C iff e1 is applicable in C, e2 is applicable in e1(C) e3 is applicable in e2(e1(C)) ...
If the resulting config is D we write (C)=D
![Page 31: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/31.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 31
Order of sequences
Diamond Theorem Let sequences 1 and 2 be applicable in
configuration C, and let no node participate in both 1 and 2, then: 2 is applicable in 1(C)
1 is applicable in 2(C), and 1(2(C))=2(1(C))
Proof By induction using the order theorem
![Page 32: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/32.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 32
Illustration of Diamond Theorem
C
1 2
1(C) 2(C)
D
2 1
D =2(1(C))=1(2(C))
![Page 33: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/33.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 33
Bivalent Configuration
Any configuration of the 1-robust consensus algorithm is exactly one of these three Bivalent 0-valent 1-valent
Why? Any configuration leads to a decide (termination) We know bivalent configurations exist If it is not bivalent, it must lead to either 0-decide or
1-decide, so it is either 0-valent or 1-valent
![Page 34: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/34.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 34
Bivalent Configurations
In any bivalent config , either one applicable event goes to a bivalent config,
or there exists two applicable events, leading to
a 0-valent and 1-valent configurations (respectively)
1-valent
0-valent
Case 1 Case 2
BivalentBivalent
Bivalent
![Page 35: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/35.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 35
Main lemma: Staying Bivalent
Bivalency Preservation Lemma Given any bivalent config and any event e
applicable in There exists a reachable config where e is
applicable, and e() is bivalent
Bivalent …e
Bivalent …
e
…
…
eBivalent
Lemma 2 Illustration
(= possible)
![Page 36: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/36.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 36
Proof definitions
Assume e involves process p
Let C be all possible configs reachable from without applying e is in C as well
Apply event e to all configs in C and call the resulting configs D
Bivalent
…
e
Lemma 2 Illustration
…
…
…
…
……
…
e
e…
…
e
…eC D
…
e
![Page 37: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/37.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 37
Proof intuition
We will prove that D contains a bivalent config by contradiction
That is, assume there is no bivalent config in D, show that this will lead to a contradiction
Bivalent
…
e
Lemma 2 Illustration
…
…
…
…
……
…
…
e
e
e
…
…
e
…e
C
D
![Page 38: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/38.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 38
Proof Map
Assume there is no bivalent config in D
Then all configs in D are 0-valent or 1-valent
Show that exists a 0-valent and 1-valent config in D
Show exists two neighboring configs c1=f(c0), in C d0=e(c0) and d1=e(c1) d0 is 0-valent, d1 is 1-valent
Show this is a contradiction
Assumption must be incorrectD must contain a bivalent configuration
fc0 c1
d0 d1
e e
C
D
![Page 39: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/39.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 39
Proof
Assume D contains no bivalent configs i.e. all configs in D are either 0-valent or 1-
valent
We next show that there exists a 0-valent config in D, and there
exists a 1-valent config in D
![Page 40: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/40.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 40
Proof We can reach a 0- and 1-valent config from (bivalency of
) Call the 0-valent one 0 and the 1-valent one 1
If 0 is in C, then e(0) is in D and is 0-valent
If 0 not in C, then exists 0 on the path to 0 such that 0 is in C,e(0) is in D and is 0-valent (NB: assumed no bivalent D)
Symmetric argument shows there is a 1-valent config in D
Bivalent
…
e
0
…
…
…
……
…
…
e
e
e
…
…
e
…e
C
1 is in C
Bivalent
…
e
0
…
…
…
…
0
…
e
e
e
…
…
e
…e
C
1 is not in C
![Page 41: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/41.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 41
Reflection
Now we know D must contain a 0-valent and a 1-valent config
Call the 0/1-valent configs in D: d0 and d1
![Page 42: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/42.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 42
f
Deriving the contradiction
There must exist two configs c0 and c1
in C such that c1=f(c0), and d0=e(c0)
and d1=e(c1)
c0 c1
d0 d1
e e
C
D
Let’s see why!
![Page 43: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/43.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 43
Proofing two neighbors exist 1(4) We know is bivalent, and e() is in D and is either 0-
valent or 1-valent, assume 0-valent
0-valent
e
C
D
![Page 44: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/44.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 44
Proofing two neighbors exist 2(4) We know is bivalent, and e() is in D and is either 0-
valent or 1-valent, assume 0-valent
There is a reachable 1-valent config in D
f0 1
0-valent
e e
C 2 … m
1-valent
D
![Page 45: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/45.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 45
Proofing two neighbors exist 3(4) We know is bivalent, and e() is in D and is either 0-
valent or 1-valent, assume 0-valent
There is a reachable 1-valent config in D
e is applicable in each i, and must be 0-valent or 1-valent
1
0-valent 1-valent
e e
C 2 … m
x-valent y-valent z-valent
D
e e e
f0
![Page 46: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/46.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 46
There exists two neighbors, one
1-valent and one 0-valent
Proofing two neighbors exist 4(4)
1
0-valent 1-valent
e e
C 2 … m
0-valent 1-valent z-valent
D
e e e
f0 f1 f2 f3
We know is bivalent, and e() is in D and is either 0-valent or 1-valent, assume 0-valent
There is a reachable 1-valent config in D
e is applicable in each i, and must be 0-valent or 1-valent
![Page 47: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/47.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 47
There exists two neighbors, one
1-valent and one 0-valent
Proofing two neighbors exist 4(4) We know is bivalent, and e() is in D and is either 0-
valent or 1-valent, assume 0-valent
There is a reachable 1-valent config in D
e is applicable in each i, and is 0/1-valent
f1C 2
0-valent 1-valent
D
e e
![Page 48: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/48.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 48
There exists two neighbors, one
1-valent and one 0-valent
Neighbors lead to contradiction 1(3)
Either events e & f happen on same node or not both cases will lead to contradictions
f1C 2
0-valent 1-valent
D
e e
![Page 49: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/49.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 49
Neighbors lead to contradiction 2(3) We now know there exist two configs c0 and c1 in C such
that c1=f(c0), and d0=e(c0) and d1=e(c1)
Assume e and f happen on two different processes p and q Then, the order of their execution can be exchanged (diamond
thm) fc0 c1
d1
e e
C
D
0-valent 1-valentf
d0
Contradiction as d0 is 0-valent, but it leads to a 1-valent config, hence d0 must be bivalent, but
we assumed no bivalent configs exist in D
![Page 50: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/50.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 50
Neighbors lead to contradiction 3(3) We know there exist two configs c0 and c1 in C s.t. c1=f(c0), and
d0=e(c0) and d1=e(c1)
Assume e and f happen on the same node p. If p is silent, then algo must still terminate correctly
fc0 c1
d1e e
C
0-valent 1-valentd0
Contradiction as all nodes in A decided, A cannot be bivalent
fx ee A
If p is silent, algo should terminate
with everyone deciding in a config A
0
by diamond thm
1
by diamond thm
0-valent 1-valent
![Page 51: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/51.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 51
FLP Impossibility Theorem
No deterministic 1-crash-robust consensus algorithm exists for the asynchronous model
Proof1. Start in a initial bivalent config (Lemma 1)
2. Given the bivalent config, pick the event e that has been applicable longest
Pick the execution taking us to another config where e is applicable
Apply e, and get a bivalent config (Lemma 2)3. Repeat 2.
![Page 52: Impossibility of Consensus in Asynchronous Systems (FLP) Ali Ghodsi – UC Berkeley / KTH alig(at)cs.berkeley.edu](https://reader036.vdocuments.net/reader036/viewer/2022062712/56649c725503460f949243e7/html5/thumbnails/52.jpg)
Ali Ghodsi, alig(at)cs.berkeley.edu 52
Summary
We have proved that a 1-crash resilient deterministic consensus algorithm does not exist
Hence, there exists always an execution which stays in bivalent configs and still keeps applying all applicable events in a fair order!
All correct nodes execute infinite number of events, messages delivered, and still leads to no decision!
Circumventing FLP impossibility Probabilistically Randomization Partial Synchrony (e.g. failure detectors)