Model Checking the Deferred Update Replication Protocol (original) (raw)

On Model-Checking Optimistic Replication Algorithms

2009

Collaborative editors consist of a group of users editing a shared document. The Operational Transformation (OT) approach is used for supporting optimistic replication in these editors. It allows the users to concurrently update the shared data and exchange their updates in any order since the convergence of all replicas, i.e. the fact that all users view the same data, is ensured in all cases. However, designing algorithms for achieving convergence with the OT approach is a critical and challenging issue. In this paper, we address the verification of OT algorithms with a model-checking technique. We formally define, using tool UPPAAL, the behavior and the convergence requirement of the collaborative editors, as well as the abstract behavior of the environment where these systems are supposed to operate. So, we show how to exploit some features of such systems and the tool UPPAAL to attenuate the severe state explosion problem. We have been able to show that if the number of users exceeds 2 then the convergence property is not satisfied for five OT algorithms. A counterexample is provided for every algorithm.

A formal analysis of database replication protocols with SI replicas and crash failures

The Journal of Supercomputing, 2009

This paper provides a formal specification and proof of correctness of a basic Generalized Snapshot Isolation certification-based data replication protocol for database middleware architectures. It has been modeled using a state transition system, as well as the main system components, allowing a perfect match with the usual deployment in a middleware system. The proof encompasses both safety and liveness properties, as it is commonly done for a distributed algorithm. Furthermore, a crash failure model has been assumed for the correctness proof, although recovery analysis is not the aim of this paper. This allows an easy extension toward a crash-recovery model support in future works. The liveness proof focuses in the uniform commit: if a site has committed a transaction, the rest of sites will either commit it or it would have crashed.

Enhancing the Availability of Networked Database Services by Replication and Consistency Maintenance

2003

We describe an operational middleware platform for maintaining the consistency of replicated data objects, called COPla (Common Object Platform). It supports both eager and lazy update propagation for replicated data in networked relational databases. The purpose of replication is to enhance the availability of data objects and services in distributed database networks. Orthogonal to recovery strategies of backed-up snapshots, logs and other measures to alleviate database downtimes, COPla caters for high availability during downtimes of parts of the network by supporting a range of different consistency modes for distributed replications of critical data objects.

Scalable deferred update replication

IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), 2012

Deferred update replication is a well-known approach to building data management systems as it provides both high availability and high performance. High availability comes from the fact that any replica can execute client transactions; the crash of one or more replicas does not interrupt the system. High performance comes from the fact that only one replica executes a transaction; the others must only apply its updates. Since replicas execute transactions concurrently, transaction execution is distributed across the system. The main drawback of deferred update replication is that update transactions scale poorly with the number of replicas, although read-only transactions scale well. This paper proposes an extension to the technique that improves the scalability of update transactions. In addition to presenting a novel protocol, we detail its implementation and provide an extensive analysis of its performance.

A Deterministic Database Replication Protocol Where Multicast Writesets Never Got Aborted

Database replication protocols based on a certification approach are usually the best ones for achieving good performance when an eager update everywhere technique is being considered. The weak voting approach achieves a slightly longer transaction completion time, but with a lower abortion rate. So, both techniques can be considered as the best ones for eager replication when performance is a must, and both of them need atomic broadcast. We propose a new database replication strategy that shares many characteristics with such previous strategies. It is also based on totally ordering the application of writesets, using only an unordered reliable broadcast, instead of an atomic broadcast. Additionally, the writesets of transactions that are aborted in the final validation phase need not be broadcast in our strategy. Thus, this new approach always reduces the communication traffic and also achieves a good transaction response time (even shorter than those previous strategies in some system configurations).

A Deterministic Database Replication Protocol Where Multicast Writesets Never Get Aborted

OTM Workshops, 2007

Several approaches for the full replication of data in distributed databases [1] have been studied. One of the preferred techniques is the eager update everywhere based on the total-order multicast delivery service [2], where the most outstanding varieties are: certification-based and weak-voting [1]. Under this approach, the execution flow of a transaction can be split into two different main phases:

Replication, consistency, and practicality

ACM SIGMOD Record, 1998

Previous papers have postulated that traditional schemes for the management of replicated data are doomed to failure in practice due to a quartic (or worse) explosion in the probability of deadlocks. In this paper, we present results of a simulation study for three recently introduced protocols that guarantee global serializability and transaction atomicity without resorting to the two-phase commit protocol. The protocols analyzed in this paper include a global locking protocol [lo], a "pessimistic" protocol based on a replication graph [5], and an "optimistic" protocol based on a replication graph [7]. The results of the study show a wide range of practical applicability for the lazy replica-update approach employed in these protocols. We show that under reasonable contention conditions and sufficiently high transaction rate, both replication-graph-based protocols outperform the global locking protocol. The distinctions among the protocols in terms of performance are significant.

Update propagation protocols for replicated databates

ACM SIGMOD Record, 1999

Replication is often used in many distributed systems to provide a higher level of performance, reliability and availability. Lazy replica update protocols, which propagate updates to replicas through independent transactions after the original transaction commits, have become popular with database vendors due to their superior performance characteristics. However, if lazy protocols are used indiscriminately, they can result in non-serializable executions. In this paper, we propose two new lazy update protocols that guarantee serializability but impose a much weaker requirement on data placement than earlier protocols. Further, many naturally occurring distributed systems, like distributed data warehouses, satisfy this requirement. We also extend our lazy update protocols to eliminate all requirements on data placement. The extension is a hybrid protocol that propagates as many updates as possible in a lazy fashion. We implemented our protocols on the Datablitz database system product developed at Bell Labs. We also conducted an extensive performance study which shows that our protocols outperform existing protocols over a wide range of workloads.

The performance of weak-consistency replication protocols

1992

Weak-consistency replication protocols can be used to build wide-area services that are scalable, fault-tolerant, and useful for mobile computer systems. We have developed the timestamped antientropy protocol, which provides reliable eventual delivery with a variety of message orderings. Pairs of replicas periodically exchange update messages; in this way updates eventually propagate to all replicas. In this paper we present a detailed analysis of the fault tolerance and the consistency provided by this protocol. The protocol is extremely robust in the face of site and network failure, and it scales well to large numbers of replicas. We are investigating an architecture for building distributed services that emphasizes scalability and fault tolerance. This allows applications to respond gracefully to changes in demand and to site and network failure. It also provides a single mechanism to support wide-area services and mobile computing systems. It uses weak-consistency replication techniques to build a flexible distributed service. We use data replication to meet availability demands and enable scalability. The replication is dynamic in that new servers can be added or removed to accommodate changes in demand. The system is asynchronous, and servers are as independent as possible; it never requires synchronous cooperation of large numbers of sites. This improves its ability to handle both communication and site failures. Eventually or weakly consistent replication protocols do not perform synchronous updates. Instead, updates are first delivered to one site, then propagated asynchronously to others. The value a server returns to a client read request depends on whether that server has observed the update yet. Eventually, every server will observe the update. Several existing information systems, such as Usenet [1] and the Xerox Grapevine system [2], use similar techniques. Delayed propagation means that clients do not wait for updates to reach distant sites, and the faulttolerance of the replicated data cannot be compromised by clients that misbehave. It also allows updates to be sent using bulk transfer protocols, which provide the best efficiency on high-bandwidth high-latency networks. These transfers can occur at off-peak times. Replicas can be disconnected from the network for a period of time, and will be updated once they are reconnected. On the other hand, clients must be able to tolerate some inconsistency, and the application may need to provide a mechanism to reconcile conflicting updates. Large numbers of replicas allow replicas to be placed near clients, and spread query load over more sites. This decreases both the communication latency for client requests and the amount of long-distance traffic that must be carried on backbone network links. Mobile computing systems can maintain a local replica, ensuring that users can use access information even when disconnected from the network. These protocols can be compared with consistent replication protocols, such as voting protocols. Consistent protocols cannot practically handle hundreds or thousands of replicas, while weak-consistency protocols can. Consistent protocols require the synchronous participation of a large number of replicas, which can be impossible when a client resides on a portable system or when the network is partitioned. It is also difficult to share processing load across many replicas. The communication traffic and associated latency are often unacceptably large for a service with replicas scattered over several continents.