Consistent Logical Checkpointing. Nitin H. Vaidya. Texas A&M University. Phone: Fax:

Similar documents
Some Thoughts on Distributed Recovery. (preliminary version) Nitin H. Vaidya. Texas A&M University. Phone:

On Checkpoint Latency. Nitin H. Vaidya. Texas A&M University. Phone: (409) Technical Report

On Checkpoint Latency. Nitin H. Vaidya. In the past, a large number of researchers have analyzed. the checkpointing and rollback recovery scheme

A Case for Two-Level Distributed Recovery Schemes. Nitin H. Vaidya. reduce the average performance overhead.

Distributed Recovery with K-Optimistic Logging. Yi-Min Wang Om P. Damani Vijay K. Garg

Kevin Skadron. 18 April Abstract. higher rate of failure requires eective fault-tolerance. Asynchronous consistent checkpointing oers a

Optimistic Message Logging for Independent Checkpointing. in Message-Passing Systems. Yi-Min Wang and W. Kent Fuchs. Coordinated Science Laboratory

AN EFFICIENT ALGORITHM IN FAULT TOLERANCE FOR ELECTING COORDINATOR IN DISTRIBUTED SYSTEMS

Fault-Tolerant Computer Systems ECE 60872/CS Recovery

David B. Johnson. Willy Zwaenepoel. Rice University. Houston, Texas. or the constraints of real-time applications [6, 7].

Ecient Redo Processing in. Jun-Lin Lin. Xi Li. Southern Methodist University

Recoverable Distributed Shared Memory Using the Competitive Update Protocol

The Performance of Consistent Checkpointing. Willy Zwaenepoel. Rice University. for transparently adding fault tolerance to distributed applications

MESSAGE INDUCED SOFT CHEKPOINTING FOR RECOVERY IN MOBILE ENVIRONMENTS

Optimistic Distributed Simulation Based on Transitive Dependency. Tracking. Dept. of Computer Sci. AT&T Labs-Research Dept. of Elect. & Comp.

(Preliminary Version 2 ) Jai-Hoon Kim Nitin H. Vaidya. Department of Computer Science. Texas A&M University. College Station, TX

Page 1 FAULT TOLERANT SYSTEMS. Coordinated Checkpointing. Time-Based Synchronization. A Coordinated Checkpointing Algorithm

Novel low-overhead roll-forward recovery scheme for distributed systems

Enhanced N+1 Parity Scheme combined with Message Logging

1 Introduction A mobile computing system is a distributed system where some of nodes are mobile computers [3]. The location of mobile computers in the

Recoverable Mobile Environments: Design and. Trade-o Analysis. Dhiraj K. Pradhan P. Krishna Nitin H. Vaidya. College Station, TX

Failure Models. Fault Tolerance. Failure Masking by Redundancy. Agreement in Faulty Systems

A taxonomy of race. D. P. Helmbold, C. E. McDowell. September 28, University of California, Santa Cruz. Santa Cruz, CA

FAULT TOLERANT SYSTEMS

Recovering from Main-Memory Lapses. H.V. Jagadish Avi Silberschatz S. Sudarshan. AT&T Bell Labs. 600 Mountain Ave., Murray Hill, NJ 07974

A Survey of Rollback-Recovery Protocols in Message-Passing Systems

Three Models. 1. Time Order 2. Distributed Algorithms 3. Nature of Distributed Systems1. DEPT. OF Comp Sc. and Engg., IIT Delhi

Rollback-Recovery p Σ Σ

global checkpoint and recovery line interchangeably). When processes take local checkpoint independently, a rollback might force the computation to it

Improving the Performance of Coordinated Checkpointers. on Networks of Workstations using RAID Techniques. University of Tennessee

Failure Tolerance. Distributed Systems Santa Clara University

The Performance of Consistent Checkpointing in Distributed. Shared Memory Systems. IRISA, Campus de beaulieu, Rennes Cedex FRANCE

Parallel and Distributed Systems. Programming Models. Why Parallel or Distributed Computing? What is a parallel computer?

Parallel & Distributed Systems group

Availability of Coding Based Replication Schemes. Gagan Agrawal. University of Maryland. College Park, MD 20742

Redo Log Undo Log. Redo Log Undo Log. Redo Log Tail Volatile Store. Pers. Redo Log

Database Management System Prof. D. Janakiram Department of Computer Science & Engineering Indian Institute of Technology, Madras Lecture No.

On the Relevance of Communication Costs of Rollback-Recovery Protocols

CHECKPOINTING WITH MINIMAL RECOVERY IN ADHOCNET BASED TMR

Concurrent checkpoint initiation and recovery algorithms on asynchronous ring networks

Clock and Time. THOAI NAM Faculty of Information Technology HCMC University of Technology

Checkpointing HPC Applications

Correctness Criteria Beyond Serializability

Application-Transparent Checkpointing in Mach 3.OKJX

APPLICATION-TRANSPARENT ERROR-RECOVERY TECHNIQUES FOR MULTICOMPUTERS

Real-Time Scalability of Nested Spin Locks. Hiroaki Takada and Ken Sakamura. Faculty of Science, University of Tokyo

Evaluating the Performance of Mobile Agent-Based Message Communication among Mobile Hosts in Large Ad Hoc Wireless Network

System Models 2. Lecture - System Models 2 1. Areas for Discussion. Introduction. Introduction. System Models. The Modelling Process - General

Design of High Performance Distributed Snapshot/Recovery Algorithms for Ring Networks

A SURVEY AND PERFORMANCE ANALYSIS OF CHECKPOINTING AND RECOVERY SCHEMES FOR MOBILE COMPUTING SYSTEMS

A Low-Overhead Minimum Process Coordinated Checkpointing Algorithm for Mobile Distributed System

TCP over Wireless Networks Using Multiple. Saad Biaz Miten Mehta Steve West Nitin H. Vaidya. Texas A&M University. College Station, TX , USA

Using Speculative Execution For Fault Tolerance. Mohamed F. Younis, Grace Tsai, Thomas J. Marlowe and Alexander D. Stoyenko

Fault Tolerance. Distributed Systems IT332

The Implicit{Yes Vote Commit Protocol. with Delegation of Commitment. Pittsburgh, PA Pittsburgh, PA are relatively less reliable.

FB(9,3) Figure 1(a). A 4-by-4 Benes network. Figure 1(b). An FB(4, 2) network. Figure 2. An FB(27, 3) network

CSE 5306 Distributed Systems

Transaction Management: Crash Recovery (Chap. 18), part 1

some sequential execution crash! Recovery Manager replacement MAIN MEMORY policy DISK

CSE 5306 Distributed Systems. Fault Tolerance

Introduction. Storage Failure Recovery Logging Undo Logging Redo Logging ARIES

Byzantine Consensus in Directed Graphs

Checkpointing and Rollback Recovery in Distributed Systems: Existing Solutions, Open Issues and Proposed Solutions

Optimistic Recovery in Distributed Systems

Steering. Stream. User Interface. Stream. Manager. Interaction Managers. Snapshot. Stream

Adaptive Migratory Scheme for Distributed Shared Memory 1. Jai-Hoon Kim Nitin H. Vaidya. Department of Computer Science. Texas A&M University

Submitted for TAU97 Abstract Many attempts have been made to combine some form of retiming with combinational

Chapter 17: Recovery System

Failure Classification. Chapter 17: Recovery System. Recovery Algorithms. Storage Structure

Checkpoint (T1) Thread 1. Thread 1. Thread2. Thread2. Time

ACID Properties. Transaction Management: Crash Recovery (Chap. 18), part 1. Motivation. Recovery Manager. Handling the Buffer Pool.

A Token Ring Minimum Process Checkpointing Algorithm for Distributed Mobile Computing System

Last Class Carnegie Mellon Univ. Dept. of Computer Science /615 - DB Applications

Dependability tree 1

Chapter 14: Recovery System

Using the Holey Brick Tree for Spatial Data. in General Purpose DBMSs. Northeastern University

Parallel Pipeline STAP System

Transaction Management. Pearson Education Limited 1995, 2005

On the Effectiveness of Distributed Checkpoint Algorithms for Domino-free Recovery

Global Transactions Global Transaction Global Manager Transaction Interface Global Global Scheduler Recovery Manager Global Log Server Log

Novel Log Management for Sender-based Message Logging

Egemen Tanin, Tahsin M. Kurc, Cevdet Aykanat, Bulent Ozguc. Abstract. Direct Volume Rendering (DVR) is a powerful technique for

Clock Synchronization. Synchronization. Clock Synchronization Algorithms. Physical Clock Synchronization. Tanenbaum Chapter 6 plus additional papers

A Concurrency Control for Transactional Mobile Agents

(Pessimistic) Timestamp Ordering. Rules for read and write Operations. Read Operations and Timestamps. Write Operations and Timestamps

T ransaction Management 4/23/2018 1

Database Management Systems Reliability Management

Today CSCI Recovery techniques. Recovery. Recovery CAP Theorem. Instructor: Abhishek Chandra

Distributed Systems. Rik Sarkar James Cheney Global State & Distributed Debugging February 3, 2014

CS514: Intermediate Course in Computer Systems

An Algorithm for Fast Incremental Checkpointing. James S. Plank y. Jian Xu z. Robert H. B. Netzer z. University of Tennessee. Knoxville, TN 37996

(Pessimistic) Timestamp Ordering

Lightweight Logging for Lazy Release Consistent Distributed Shared Memory

Precedence Graphs Revisited (Again)

) Intel)(TX)memory):) Transac'onal) Synchroniza'on) Extensions)(TSX))) Transac'ons)

Efficient Recovery in Harp

A tomicity: All actions in the Xact happen, or none happen. D urability: If a Xact commits, its effects persist.

Coherence-Centric Logging and Recovery for Home-Based Software Distributed Shared Memory

processes based on Message Passing Interface

s00(0) s10 (0) (0,0) (0,1) (0,1) (7) s20(0)

Transcription:

Consistent Logical Checkpointing Nitin H. Vaidya Department of Computer Science Texas A&M University College Station, TX 77843-3112 hone: 409-845-0512 Fax: 409-847-8578 E-mail: vaidya@cs.tamu.edu Technical Report 94-051 July 1994 Abstract A \consistent checkpointing" algorithm saves a consistent view of the distributed system state on stable storage. The loss of computation upon a failure can be bounded by taking consistent checkpoints with adequate frequency. The traditional consistent checkpointing algorithms require the dierent processes to save their state at about the same time. This causes contention for the stable storage, potentially resulting in large overheads. Staggering the checkpoints taken by various processes can reduce the overhead. Some techniques for staggering the checkpoints have been proposed previously [9], however, these techniques result in \limited staggering" in that not all processes' checkpoints can be staggered. Ideally, one would like to stagger the checkpoints arbitrarily. This report presents a simple approach to arbitrarily stagger the checkpoints. Our approach requires that the processes take consistent logical checkpoints, as compared to consistent physical checkpoints enforced by existing algorithms. This report discusses the proposed approach and the implementation issues. The proposed approach was discussed briey in [11]. Section 5 (Related Work) revised October 1994. 1

1 Introduction Applications executed on a large number of processors, either in a distributed environment, or on multicomputers such as ncube, are subject to processor failures. Unless some recovery techniques are utilized, a processor failure will require a restart of the application, resulting in signicant loss of performance. Consistent checkpointing is a commonly used technique to prevent complete loss of computation upon a failure [1, 3, 7, 9, 12]. A \consistent checkpointing" algorithm saves a consistent view of the distributed system state on a stable storage. The loss of computation upon a failure is bounded by taking consistent checkpoints with adequate frequency. The traditional consistent checkpointing algorithms require the dierent processes to save their state at about the same time. This causes contention for the stable storage, potentially resulting in signicant performance degradation [9]. Staggering the checkpoints taken by various processes can reduce the overhead of consistent checkpointing. Some techniques for staggering the checkpoints have been previously proposed [9], however, these techniques result in \limited staggering" in that not all processes' checkpoints can be staggered. Ideally, one would like to stagger the checkpoints arbitrarily. We assume that a processor does not have enough memory to make an \in-memory" copy of entire process state. This report presents a simple approach to \completely stagger" the checkpoints. Our approach requires that the processes take consistent logical checkpoints, as compared to consistent physical checkpoints enforced by existing algorithms. This report discusses the proposed approach and the implementation issues. (These were discussed briey in [11].) The report is organized as follows. Section 2 discusses the notion of a logical checkpoint. Section 3 presents a consistent checkpointing algorithm proposed by Chandy and Lamport [1]. Section 4 presents the basic principle behind the proposed approach; implementation issues are discussed in Section 6. Our approach is closely related to [1, 5, 9, 13], as discussed in Section 5. Section 7 concludes the report. 2

2 A Logical Checkpoint A process is said to be deterministic if its state depends only on its initial state and the messages delivered to it [10]. A deterministic process can take two types of checkpoints: a physical checkpoint or a logical checkpoint. A process is said to have taken a physical checkpoint at some time t 1, if the process state at time t 1 is saved on the stable storage. A process is said to have taken a logical checkpoint at time t 1, if enough information is saved on the stable storage to allow the process state at time t 1 to be recovered. To the best of our knowledge, the term logical checkpoint was rst introduced by Wang et al. [13, 14], who also presented one approach for taking a logical checkpoint. Now we present three approaches for taking a logical checkpoint at time t 1. Although the three approaches are equivalent, each approach may be more attractive for some applications than the other approaches. Not all approaches will be feasible on all systems. One approach for establishing a logical checkpoint at time t 1 is to take a physical checkpoint at some time t 0 t 1 and log (on stable storage) all messages delivered to the process between time t 0 and t 1. (For each message, the message log contains the receive sequence number for the message as well as the entire message.) This approach is essentially identical to that presented by Wang et al. [13]. Figure 1 presents an example wherein process takes a physical checkpoint at time t 0. Messages M1, M2 and M3 are delivered to process by time t 1. To establish a logical checkpoint of process at time t 1, messages M1, M2 and M3 are logged on the stable storage. As process is deterministic, the state of process can be recovered using the information on the stable storage (i.e., physical checkpoint at t 0 and messages M1, M2 and M3). We summarize this approach as: physical checkpoint + message log = logical checkpoint The essential purpose behind saving the messages above is to be able to recreate the the state at time t 1, or to be able to \re-perform" the incremental changes made in 3

M1 M3 a physical checkpoint process t0 M2 t1 time a logical checkpoint Figure 1: hysical checkpoint + message log = logical checkpoint process state by each of these messages. This may be achieved simply by taking a physical checkpoint at time t 0 and taking an incremental checkpoint at time t 1. The incremental checkpoint is taken by logging 1 the changes made to process state between time t 0 and t 1. 2 We summarize this approach as: physical checkpoint + incremental checkpoint = logical checkpoint The above two approaches take a physical checkpoint prior to the desired logical checkpoint, followed by logging of additional information (either messages or incremental state change). The third approach is the converse of the above two approaches. Here, the physical checkpoint is taken at a time t 2, where t 2 > t 1. In addition, enough information is saved to un-do the eect of messages received between time t 1 and t 2. For each relevant message (whose eect must be undone), an anti-message is saved on the stable storage. The notion of an anti-message here is similar to that used in time warp mechanism [4] (although the implementations could be very dierent) or that of UNDO records [2] in database systems. Anti-message M corresponding to a message M can be used to undo the state change caused by message M. Figure 2 illustrate this approach. A logical checkpoint of process is to be established at time t 1. rocess delivers messages M4 and M5 between time t 1 and t 2. A physical checkpoint is taken at time t 2, and anti-messages corresponding to messages M4 and M5 are logged on the stable storage. The anti-messages are named M4 and M5, 1 The term logging is used to mean \saving on the stable storage". 2 It is possible to take the so-called physical checkpoint also as the incremental change in the process state since the last physical checkpoint of the process was taken. As the interval between two consecutive physical checkpoints is likely to be large, this incremental change is likely to be large. On the other hand, the interval t0? t1 will be relatively small, potentially reducing the state aected during that interval. 4

application message anti-message process state S1 M5 t1 M4 t2 time M4* M5* to stable storage Figure 2: Anti-message log + physical checkpoint = logical checkpoint process state S1 M5 M5* M4* state S1 M4 Figure 3: Recovering a logical checkpoint using anti-messages respectively. To recover the state, say S1, of process at time t 1, the process is initialized to the physical checkpoint taken at time t 2 and then anti-messages M5 and M4 are sent to the process. The order in which the anti-messages are delivered is reverse the order in which the messages were delivered. As shown in Figure 3, the nal state of process is identical to the state (or logical checkpoint) at time t 1. We summarize this approach as: anti-message log + physical checkpoint = logical checkpoint An important issue is that of forming the \anti-messages". The anti-messages can possibly be formed by the application itself, or they may consist of a copy of the (old) process state modied by the message. We have, as yet, not experimented with anti-messages. Therefore, practicality of this idea is open to debate. Note that a physical checkpoint is trivially a logical checkpoint, however, the converse 5

is not true. 3 Chandy-Lamport Algorithm [1] Chandy and Lamport [1] presented an algorithm for taking a consistent checkpoint of a distributed system. Although the proposed approach can potentially be used with any consistent checkpointing algorithm, for brevity, we limit our discussion to the Chandy- Lamport algorithm. Assume that the processes communicate with each other using unidirectional communication channels; a bidirectional channel can be modeled as two unidirectional channels. The communication graph is assumed to be strongly connected. The algorithm presented next is essentially identical to Chandy-Lamport [1] and assumes that a certain process is designated as the coordinator. This algorithm is also presented in [9]. Algorithm: The coordinator process, say, initiates the consistent checkpointing algorithm by sending marker messages on each channel, incident on, and directed away from and immediately takes a checkpoint. steps: A process, say Q, on receiving a marker message along a channel c takes the following if Q has not taken a checkpoint then begin Q sends a marker on each channel, incident on, and directed away from Q Q takes a checkpoint Q records the state of channel c as being empty end else Q records the state of channel c as the sequence of messages received along c after Q had taken a checkpoint and before Q received the marker along c. 6

4 Consistent Logical Checkpointing The proposed algorithm can be summarized as follows: staggered physical checkpoints + consistent message logging = consistent logical checkpoints The basic idea is to coordinate logical checkpoints rather than physical checkpoints. In this section, we assume that the rst approach, described in Section 2, for taking logical checkpoints is being used. Thus, a logical checkpoint is taken by logging all the messages delivered to a process since its most recent physical checkpoint. Algorithm 1. hysical checkpointing phase: A checkpoint coordinator sends a take checkpoint message to each process. Each process, sometime after receiving this message, takes a physical checkpoint and sends an acknowledgement to the coordinator. The checkpoints taken by the processes are staggered by allowing an appropriate number 3 of processes to take checkpoints at any time (this can be done using any l-mutual exclusion algorithm). The checkpoints taken by the processes need not be consistent. The processes take checkpoints as soon as possible after receiving the take checkpoint message (subject to the staggering constraint). After a process takes the checkpoint, it can continue execution. A process stores each message delivered to it, after its physical checkpoint, into a volatile buer. Over- ows in this buer are spilled into the stable storage. (Alternatively, the process may asynchronously log these messages to the stable storage even if the buer is not full.) Number of messages required in this phase can be reduced, as discussed in Section 6. 2. Consistent message logging phase: When the coordinator receives acknowledgement messages from all the processes indicating that they have taken a physical checkpoint, the coordinator initiates the consistent message logging phase, essentially, by initiating the Chandy-Lamport algorithm [1]. The only dierence is that when the original algorithm requires a process to take a \checkpoint", the process takes a logical checkpoint 3 For instance, the number of processes allowed to checkpoint simultaneously may be equal to the number of disks. 7

by logging the messages delivered since the physical checkpoint taken in the previous phase. As required by the Chandy-Lamport algorithm, messages representing the channel states at the time the consistent checkpoint is taken are also logged. When the Chandy-Lamport algorithm is complete, the processes can discontinue logging received messages (specically, when a process has logged the state of a channel c, it need not log further messages received on channel c). This algorithm establishes a consistent recovery line consisting of one logical checkpoint per process. The above algorithm reduces the contention for the stable storage by completely staggering the physical checkpoints. However, contention is now introduced in the second phase of the algorithm when the processes coordinate message logging. can be reduced by using the limited staggering techniques proposed in [9]. This contention Our scheme will perform well if message volume is relatively small compared to checkpoint sizes. A few variations to the above algorithm are possible, as discussed in Section 6 Figure 4 illustrates the algorithm assuming that the system consists of three processes, and that at most one process can write to the stable storage at any time. rocess acts as the coordinator and initiates the checkpointing phase by sending the take checkpoint messages. rocesses, Q and R take staggered checkpoints. When process receives acknowledgements from processes Q and R, it initiates the consistent message logging phase consisting essentially of an execution of the Chandy-Lamport algorithm. rocess sends marker messages to Q and R and then takes a logical checkpoint by logging messages M0 and M2 to the stable storage. When process Q receives the marker message from process, it sends markers to and R and then takes a logical checkpoint by logging message M1 to the stable storage. Similarly, process R takes a logical checkpoint by logging message M3 to the stable storage. Messages M4 and M5 are logged by the Chandy-Lamport algorithm as the state of the channels at the time the consistent (logical) checkpoints were taken. Recovery: After a failure, each process rolls back to its recent physical checkpoint and re-executes (using the logged messages) to restore the process state to the logical checkpoint that is a part of the most recent consistent recovery line. 8

physical checkpointing phase consistent message logging phase consistent recovery line (coordinator) M2 M4 Q M0 M1 M3 M5 R physical checkpoint logical checkpoint application message take_checkpoint message acknowledgement marker messages Figure 4: An example 5 Relation to Existing Work The algorithm presented above is closely related to [1, 5, 8, 9, 13]. Our algorithm is designed to bound the rollback distance, similar to the traditional coordinated checkpointing algorithms. It may be noted that, after a failure, a process rolls back to a physical checkpoint and then executes to restore a logical checkpoint. Thus, the overhead of recovery (or rollback distance) is determined by when physical checkpoints are taken. Wang et al. [13, 14] introduced the notion of a logical checkpoint. They determine a recovery line consisting of consistent logical checkpoints, after a failure occurs. This recovery line is used to recover from the failure. Their goal is to determine the \latest" consistent recovery line using the information saved on the stable storage. During failurefree operation each process is allowed to independently take checkpoints and log messages. On the other hand, our scheme coordinates logical checkpoints before a failure occurs. These logical checkpoints are used to recover from a future failure. One consequence of this is that we do not need to log all messages, only those message are logged which make the logical 9

checkpoints consistent. lank [9] presents two coordinated checkpointing algorithms (one similar to Chandy- Lamport [1]) that attempt to stagger the checkpoints. However, it is possible that some checkpoints taken by these algorithms cannot be staggered. The degree of staggering is aected by the timing of application message delivery. In contrast, our algorithm allows arbitrary staggering of the physical checkpoints. Long et al. [8] discuss an evolutionary checkpointing approach that is similar to consistent logical checkpointing. The fundamental dierence between the two approaches is that our approach staggers the physical checkpoints, while the scheme in [8] does not allow staggering. By enforcing staggering, our approach is expected to perform much better than [8]. Long et al. also assume synchronized communication, no such assumption is made in the proposed approach. Johnson [5] presents an algorithm that forces the processes to log message on the stable storage or to take a physical checkpoint. The goal of his algorithm is to make the state of a single process committable (primarily, to allow it to commit an output). Also, his algorithm does not control the time at which each process takes the checkpoint. Our algorithm is designed to bound the rollback distance (and not for output commits) and it makes recent states of all processes committable. The same result can be achieved by executing Johnson's algorithm simultaneously for all processes. The implementation will not bound the rollback distance, however, as the timing of the physical checkpoints is not controlled by his algorithm. Additionally, Johnson's algorithm can result in all messages being logged (as processes may choose to log messages asynchronously), our algorithm logs messages only until the consistent message logging phase is completed. 6 Implementation Issues Many variations of the algorithm presented earlier are possible. Utility of these variations depends on the nature of the application and the execution environment. In the following, we discuss some of the implementation issues. 10

Checkpointing versus message logging: If a process receives too many messages after taking the physical checkpoint in the rst phase of the algorithm, then it may decide to take a physical checkpoint in the second phase (rather than logging messages). This makes the physical checkpoint taken by the process in the rst phase redundant. However, this modication may reduce the overhead when checkpoint size is smaller than what the message log would be. A process may decide to not take the physical checkpoint in the rst phase, if it a priori knows that its message log will be large. In this case, the process would take a physical checkpoint in the second phase. 4 The coordinator may initiate the consistent message logging phase even before all processes have taken the physical checkpoint. In this case, consider a process Q that receives a marker message before Q has taken the physical checkpoint (in the rst phase). Then, process Q can take a physical checkpoint in the second phase rather than logging messages to establish a logical checkpoint (essentially, process can pretend that it decided to not take a physical checkpoint in the rst phase). 5 If the coordinator initiates consistent message logging phase early, then it can cause increase in stable storage contention as some checkpoints may not be staggered anymore. Staggering in the consistent message logging phase: During the consistent message logging phase, the processes will save their message logs to the stable storage at about the same time. To minimize stable storage contention during this phase, the technique presented by lank [9] can be used. Essentially, lank's method (as applied to our algorithm) would suggest that the processes should delay the sending of a marker message until after the process has itself established a logical checkpoint. (As pointed out earlier, this results in a limited amount of staggering.) We suggest another approach for limited staggering. This 4 Johnson [5] suggested a scheme where each process uses a similar heuristic to decide whether to log messages or not. 5 Recollect that a physical checkpoint is also trivially a logical checkpoint. So the process here is actually taking a logical checkpoint, but not by logging messages. 11

physical checkpointing phase consistent message logging phase (coordinator) M2 consistent recovery line M4 Q M0 M1 M3 M5 M6 R physical checkpoint application message take_checkpoint message logical checkpoint acknowledgement marker messages Figure 5: Delaying the delivery of the marker messages approach delays the receipt of a marker message, unlike the delayed sending of the marker messages suggested by lank. The Chandy-Lamport algorithm requires that a process take a checkpoint (if it has not already done so) when it receives a marker message on any channel. It is possible to introduce some staggering by delaying the delivery of the marker message. Delivery of a marker message can be delayed until a message subsequent to the marker message (on the same channel) needs to be delivered. Figure 5 illustrates this. As shown in this gure, process R can delay taking logical checkpoint even though it has received markers from both and Q. The logical checkpoint of process can be delayed until message M6 from process needs to be delivered to process R. As the marker precedes message M6, delivery of the marker cannot be delayed any further. Another related point is that, in our algorithm, messages are logged either because they are needed to establish a logical checkpoint or because they represent the channel state at the time the consistent logical checkpoints are taken. It is possible to log these two types 12

of messages together (rather than separately, as implied by the algorithm description in Section 4). Number of messages required in the physical checkpointing phase: The description of the algorithm in Section 4 implies that, for N processes, 2(N? 1) messages (take checkpoint and acknowledgement) are required in this phase, possibly in addition to the messages required to ensure staggered checkpointing (mutual exclusion). However, the number of messages can be reduced signicantly as illustrated with an example in Figure 6. Assume that there are three processes and at most one can write to the stable storage at any time. The processes can form a \cycle", position in the cycle determining when a process takes the physical checkpoint. As shown in the gure, process takes a physical checkpoint, and sends a take checkpoint message to process Q (but to no other process). On receiving this message, process Q takes a physical checkpoint, and then sends a take checkpoint message to R. On receiving the take checkpoint message, process R takes a physical checkpoint, and then sends an acknowledgement message to process. Receipt of this acknowledgment suces to guarantee that all processes have taken a physical checkpoint. Also, the cyclic arrangement ensures that only one process takes a physical checkpoint at any time. This approach can be easily modied when multiple processes can write to the stable storage simultaneously (e.g., form multiple cycles). Approach for taking a logical checkpoint: The discussion so far assumed that a logical checkpoint is taken by taking a physical checkpoint and logging subsequently received messages. It is easy to see that the proposed algorithm can be modied to allow a process to use any of the three approaches presented earlier (in Section 2) for establishing a logical checkpoint. In fact, dierent processes may simultaneously use dierent approaches for establishing a logical checkpoint. Details of the modied algorithm will be presented in a future revision of this report. Synchronizing pair of processes: lank [9] suggests that staggered checkpoints can increase the overhead, if the application does a lot of synchronization. While we agree 13

physical checkpointing phase (coordinator) Q R take_checkpoint message acknowledgement Figure 6: Reducing the messages required in phase 1 with this suggestion as such, it may be possible to overcome the problem is some systems. Figure 7 (based on an example in [9]) illustrates two processes ( and Q) that communicate as follows: Whenever one process sends a message to the other, the other acknowledges with another message. The rst process stalls until the acknowledgement is received. During normal operation, the synchronization operation does not introduce any (signicant) stalls. When the checkpoints are staggered, however, the rst process may have to wait for the second process to complete a checkpoint before the acknowledgement will be sent. With non-staggered checkpoints, the duration of the wait could be much smaller. A solution to this problem may be to allow a process to deliver (and respond to) an \urgent" message even when it is taking a physical checkpoint. However, delivery of the message may modify the state that is being checkpointed. Therefore, the checkpointing procedure should include these modications (incremental change) in the nal checkpoint. Figure 8 illustrates this. In this case, the physical checkpoint stored on the stable storage will reect the state of process after message M was delivered. 14

application message marker message Q wait Normal operation Q wait Staggered checkpointing Q wait Figure 7: Staggering checkpoints with a synchronizing pair of processes (based on [9]) incremental checkpoint Q M wait Figure 8: Delivering a message while checkpointing 15

7 Summary This report presents an algorithm for taking consistent logical checkpoints. The proposed approach ensures that the physical checkpoints taken by various processes are completely staggered to minimize the contention in accessing the stable storage. The report also suggests a number of variations of the proposed approach. erformance evaluation of the proposed algorithm is a subject of future work [6]. The experimental results will be made available in a future revision of this report. References [1] K. M. Chandy and L. Lamport, \Distributed snapshots: Determining global states in distributed systems," ACM Trans. Comp. Syst., vol. 3, pp. 63{75, February 1985. [2] C. J. Date, An Introduction to Database Systems. Addison-Wesley, 1986. [3] E. N. Elnozahy, D. B. Johnson, and W. Zwaenepoel, \The performance of consistent checkpointing," in Symposium on Reliable Distributed Systems, 1992. [4] D. Jeerson, \Virtual time," ACM Trans. rog. Lang. Syst., vol. 3, pp. 404{425, July 1985. [5] D. B. Johnson, \Ecient transparent optimistic rollback recovery for distributed application programs," in Symposium on Reliable Distributed Systems, pp. 86{95, October 1993. [6] S. Kaul (Advisor: N. Vaidya), M.S. thesis, in progress, Texas A&M University. [7] R. Koo and S. Toueg, \Checkpointing and rollback-recovery for distributed systems," IEEE Trans. Softw. Eng., vol. 13, pp. 23{31, January 1987. [8] J. Long, B. Janssens, and W. K. Fuchs, \An evolutionary approach to concurrent checkpointing," submitted to IEEE Transactions on arallel and Distributed Systems. 16

[9] J. S. lank, Ecient Checkpointing on MIMD Architectures. hd thesis, Dept. of Computer Science, rinceton University, June 1993. [10] R. E. Strom and S. A. Yemini, \Optimistic recovery: An asynchronous approach to fault-tolerance in distributed systems," Digest of papers: The 14 th Tolerant Comp., pp. 374{379, 1984. Int. Symp. Fault- [11] N. H. Vaidya, \Some thoughts on distributed recovery," Tech. Rep. 94-044, Computer Science Department, Texas A&M University, College Station, June 1994. Available via anonymous ftp from ftp.cs.tamu.edu in directory /pub/vaidya. [12] Y. M. Wang and W. K. Fuchs, \Lazy checkpoint coordination for bounding rollback propagation," in Symposium on Reliable Distributed Systems, pp. 78{85, October 1993. [13] Y. M. Wang, Y. Huang, and W. K. Fuchs, \rogressive retry for software error recovery in distributed systems," in Digest of papers: The 23 rd pp. 138{144, 1993. Int. Symp. Fault-Tolerant Comp., [14] Y. M. Wang, A. Lowry, and W. K. Fuchs, \Consistent global checkpoints based on direct dependency tracking." To appear in Inform. rocess. Lett. 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback