The Parsimonious Approach to Constructing Fault-Tolerant Protocols

Fault-tolerant distributed protocols, by definition, are designed with the worst in mind. This focus on tolerating the worst often leads to expensive designs that overlook the practical observation that the occurrence of disruptions and failures is rare relative to the lifetime or mission periods of many systems. The class of optimistic fault-tolerant protocols leverages that observation and strives to achieve efficiency during normal operation of the system. In this paper, we describe a specialization of the optimistic approach to building fault-tolerant protocols that we call the parsimonious approach. In the parsimonious approach, we design the protocol with the explicit aim of achieving frugality or efficiency with respect to a given metric of interestM (such as latency degree, resource usage, message complexity, etc.) while never violating correctness (i.e., safety and liveness). When certain operational assumptions are satisfied, the design uses some lightweight mechanism that can provide desired protocol functionality with optimal M. The optimistic hope is that those assumptions are satisfied more often than not, i.e., the chosen parsimonious mechanism is applicable for most of the system’s lifetime. For this hope to be realistic, however, the operational assumptions of the mechanism must have good coverage. The protocol design uses a more expensive fall-back or recovery mechanism whenever the assumptions are not satisfied; after ensuring correctness properties, the protocol then reverts back to using the parsimonious mechanism. To handle situations that are contradictory to the assumptions implies the detection of their occurrence in the first place, i.e., failure or anomaly detection [1]. Correctness must never be violated despite imperfections in the detection mechanism.