Modeling Paxos In Addition To Flexible Paxos Inward Pluscal In Addition To Tla+
The kickoff run of this transportation service describes modeling Paxos inward Pluscal. The 2nd run shows how to alteration that model to accomplish a flexible quorum Paxos. for correctness against concurrency bugs. I had written to a greater extent than virtually modeling at a higher abstraction score before inward this post too this post.
Leader denotes the arrive at used for the ids of the leader processes, and Acceptor denotes the arrive at used for the ids of the acceptor processes. Slot is the arrive at of slots, and Ballots is the arrive at of ballots.
Acceptors are simple, they simply react to leaders' Phase1, Phase2, Phase3 messages sent amongst diverse ballot numbers. To this end, the acceptor trunk calls macros, which are inlined piece the Pluscal code is beingness translated to TLA+ for model checking.
An acceptor keeps a variable for remembering the maximum ballot let on maxBal it promised. It also remembers all values it accepted at Phase2a using hVal, a fix of <slot, ballot, value> tuples. Finally an acceptor stores the decided proposals at each slot every bit a set. Of course of written report if the understanding belongings of Paxos holds, the decided set for a slot has cardinality <=1.
The leader loops through the iii phases of a circular for each slot. It tries to dominate inward Phase1, then it tin become to Phase2. After the leader is elected, Phase1 tin survive skipped inward subsequent slots, if the leader is non preempted yesteryear roughly other leader. An elected leader tin acquire preempted whatsoever fourth dimension too CollectP2 tin fail, then the leader checks this before it tin stimulate upward one's hear a value at SendP3.
The ballot let on of the leader b is incremented modulo G (the let on of leaders) then it remains unique across leaders. The variable pVal is a fix to shop the values accepted inward before slots, then a suitable value can survive re-proposed inward Phase2a. (See CollectP1 and SendP2 macros.)
AccMsg denotes fix of acceptor messages sent too LMsg denotes fix of leader messages sent. Instead of truly sending messages inward channels too to each acceptor, sending message is modeled every bit adding a message inward a messageboard, where other processes tin nondestructively read the message. (This sentiment resembles the Linda tuplespaces idea.)
The macros SentXX returns a fix of messages inward the messageboard that jibe a specific filter. SuitVal is a macro for identifying the proposal amongst the highest ballot id accepted for a given slot.
SendP1(b) lets a leader position a Phase1a message amongst ballot let on b to the AccMsg messageboard. ReplyP1(b) lets acceptors react to a Phase1a message amongst ballot let on b by writing a respond dorsum to LMsg messageboard. CollectP1(b) lets a leader to choke along every bit elected from Phase1 if a bulk of acceptors said OK. The await statement serves every bit a guard: if the expect predicate is non satisfied, the residuum of the macro is non executed.
SendP2(b,s) lets a leader position a Phase2a message amongst ballot let on b, slot let on s to the AccMsg messageboard. The message proposes self as value, or SuitVal as value if applicable. ReplyP2(b) lets acceptors react to a Phase2a message amongst ballot let on b yesteryear writing a respond dorsum to LMsg messageboard.
Using CollectP2(b,s) a leader tin larn that its proposal was accepted yesteryear bulk of acceptors, or else it tin larn that it has been preempted yesteryear a higher ballot number. SendP3 and ReceiveP3 macros implement Phase3 of Paxos.
The model checking took seven minutes amongst the parameters I mentioned inward the comments. Not bad.
My sense amongst using TLA+ inward distributed systems class
There is a vibrant Google Groups forum for TLA+: https://groups.google.com/forum/#!forum/tlaplus
By clicking on label "tla" at the halt of the transportation service you lot tin laissez passer on all my posts virtually TLA+
An acceptor keeps a variable for remembering the maximum ballot let on maxBal it promised. It also remembers all values it accepted at Phase2a using hVal, a fix of <slot, ballot, value> tuples. Finally an acceptor stores the decided proposals at each slot every bit a set. Of course of written report if the understanding belongings of Paxos holds, the decided set for a slot has cardinality <=1.
The ballot let on of the leader b is incremented modulo G (the let on of leaders) then it remains unique across leaders. The variable pVal is a fix to shop the values accepted inward before slots, then a suitable value can survive re-proposed inward Phase2a. (See CollectP1 and SendP2 macros.)
The model checking took seven minutes amongst the parameters I mentioned inward the comments. Not bad.
Flexible Paxos
Using TLA+ for pedagogy distributed systemsMy sense amongst using TLA+ inward distributed systems class
There is a vibrant Google Groups forum for TLA+: https://groups.google.com/forum/#!forum/tlaplus
By clicking on label "tla" at the halt of the transportation service you lot tin laissez passer on all my posts virtually TLA+
0 Response to "Modeling Paxos In Addition To Flexible Paxos Inward Pluscal In Addition To Tla+"
Post a Comment