Data Synchronization A Complete Theoretical Solution for Filesystems_2

2025-04-27 0 0 367.24KB 22 页 10玖币
侵权投诉
Citation: Csirmaz, E. P; Csirmaz, L
Data Synchronization: A Complete
Theoretical Solution for Filesystems.
2022,1, 0.
Article
Data Synchronization: A Complete Theoretical Solution for
Filesystems
Elod P. Csirmaz1,and Laszlo Csirmaz2
1elod@epcsirmaz.com
2Rényi Institute, Budapest, and UTIA, Prague; csirmaz@renyi.hu
*Correspondence: elod@epcsirmaz.com
Abstract:
Data reconciliation in general, and filesystem synchronization in particular, lacks rigorous
theoretical foundation. This paper presents, for the first time, a complete analysis of synchronization for
two replicas of a theoretical filesystem. Synchronization has two main stages: identifying the conflicts, and
resolving them. All existing (both theoretical and practical) synchronizers are operation-based: they define,
using some rationale or heuristics, how conflicts are to be resolved without considering the effect of the
resolution on subsequent conflicts. Instead, our approach is declaration-based: we define what constitutes
the resolution of all conflicts, and for each possible scenario we prove the existence of sequences of
operations/commands which convert the replicas into a common synchronized state. These sequences
consist of operations rolling back some local changes, followed by operations performed on the other
replica. The set of rolled-back operations provides the user with clear and intuitive information on the
proposed changes, so she can easily decide whether to accept them or ask for other alternatives. All
possible synchronized states are described by specifying a set of conflicts, a partial order on the conflicts
describing the order in which they need to be resolved, as well as the effect of each decision on subsequent
conflicts. Using this classification, the outcomes of different conflict resolution policies can be investigated
easily.
Keywords: data synchronization; conflict resolution, filesystem theory
MSC: 08A02, 08A70, 68M07, 68P05
1. Introduction and related work
This work is a comprehensive treatment of filesystem synchronization and conflict res-
olution on a simple but powerful theoretical model of filesystems. Synchronizing diverged
copies of some data stored on a variety of devices and locations is an important and ubiquitous
task. The last two decades have seen tremendous advancement, both theoretical and practi-
cal, in the closely related fields of distributed data storage [
13
,
15
] and group editors [
17
,
18
].
This progress has been based on, and has expanded significantly, two competing theoretical
frameworks: Operational Transformation (OT) and Conflict-free Replicated Data Types (CRDT).
OT appeared in the seminal work [
6
] and was refined later in [
18
]. The general idea is that
operations are enriched with the context in which they were generated. Before applying them,
they are transformed depending on the context of their origin and the context where they are
to be applied. Main applications are collaborative editors, the most notable example being
Google Docs [
5
]. The core concept of CRDT is commutativity, see [
13
,
15
]. Basic data types
with special operators are devised so that executing the operators in different orders yield the
same results. Examples are counters or sets with add and delete operators. The basic types are
used as building blocks in more complex applications such as collaborative editors [
11
], the
commercial product Riak [8], and others.
Data Synchronization: A Complete Theoretical Solution for Filesystems
arXiv:2210.04565v2 [cs.IT] 12 Nov 2022
Data Synchronization: A Complete Theoretical Solution for Filesystems 2 of 22
Both OT and CRDT have been successfully applied in a variety of synchronization tasks
[
10
,
20
]. Filesystem synchronization, however, fits very poorly into these frameworks, mainly
because it works under a completely different modus operandi: constant, low latency communi-
cation in OT and CRDT versus a single data exchange in filesystem synchronization; frequent
loose synchronization with eventual convergence requirement versus a single but complete
synchronization; small number of differences versus significant structural differences accumu-
lated during an extended time period; and so on. Consequently, for a theoretical investigation
of filesystem synchronization, we follow a traditional framework instead, described in e.g. [
2
]
and depicted in Figure 1adapted from [4].
Φ
Φ
Φ
Φ1
Φ2
Ψ
Ψ
Ψ
. . . . . . merged state . . . . . .
. . . . . . replicas . . . . . .
update detector
update detector
reconciler
α0
updates
β0
updates
α1
synchronization
β1
synchronization
α
β
Figure 1.
Outline of the synchronization process. Identical replicas of the original filesystem
Φ
are
updated (modified) yielding the divergent replicas
Φ1
and
Φ2
. The reconciler uses the update information
α
and
β
extracted by the update detectors, and generates the synchronizing instructions
α1
and
β1
. These
create the identical merged state
Ψ
when applied to the replicas. The update detectors determine the
update information
α
and
β
either by comparing the different states of the replicas (e.g.
Φ1
vs.
Φ
), or by
having access to the update instructions α0and β0that were applied to Φ.
Two identical replicas of the original filesystem
Φ
are updated independently, yielding the
divergent replicas
Φ1
and
Φ2
. In the state-based case the update detector receives the original
(
Φ
) and the current (
Φ1
or
Φ2
) states, and generates the update information
α
(or
β
) describing
the differences between the original filesystem and the replica. In the operation-based case the
update decoder has access to the performed operations
α0
(
β0
) only. The reconciler receives the
information provided by the update detectors and generates the synchronizing instructions
α1
and
β1
, respectively. These instructions, applied to the replicas
Φ1
and
Φ2
, create the identical
merged state Ψ.
In order to reach such a common synchronized state, existing theoretical and practical
filesystem synchronizers, such as [
7
,
9
,
12
,
16
,
20
,
21
], apply some conflict-resolution strategy.
They identify all (or some) of the conflicts, then apply their strategy to the conflicts one at
a time. These algorithms are typically fixed and defined by some rationale or heuristics, or
dictated by the underlying technology. In contrast, we define what comprises a synchronized state.
Intuitively, it is a maximal consistent merger of the replicas, meaning that no further changes
can be applied to the merged state from those that were applied to the replicas during the
update phase. Then we proceed to prove that every such maximal state (and only these states)
can be reached by resolving the conflicts in some order.
In the meticulous survey [
16
] of existing theoretical and practical filesystem synchronizers
it has been observed that “resolving conflicts is an open problem where [. .. ] most academic
works present arbitrary resolution methods that lack a rationale for their decisions” (page i),
and that “a file system can be affected by more than one conflict at once, which has not been
Data Synchronization: A Complete Theoretical Solution for Filesystems 3 of 22
discussed in related academic works” (page 65). By presenting, for the first time, a complete
analysis of the synchronization process for two replicas of a theoretical filesystem model, we
fill these gaps.
1.1. Our contribution
This paper is a complete analysis of the synchronization process of two replicas of a
theoretical filesystem. Our filesystem model together with the commands considered – such as
create,rmdir, or edit – are discussed in Secion 3. The changes between the original replica and
the locally updated versions are captured by a special command set as defined in Section 4,
which also defines algorithms generating this update information.
The important question of which filesystems can, in general, be considered to be a synchro-
nized state of two divergent replicas is tackled in Section 5. Our definition captures this notion
in its full generality without prescribing how the synchronized state can be reached. Providing
such a declaration-based definition of the synchronized state is one of our main contributions.
Section 6presents the generic synchronization algorithm based on conflict resolution. By using
different strategies to resolve conflicts, any of the synchronized states allowed by our definition,
and only those, can be the result of the algorithm. Finally, Section 7summarizes the results and
lists open problems and directions for future research.
2. Methodology
Our filesystem model, defined in Section 3, is arguably simple, but it retains all important
structural properties of real filesystems. It is this simplicity that allows us to exploit a rich and
intriguing algebraic structure [
3
,
4
] which eventually leads to the claimed theoretical results. In
Section 7we discuss some possible extensions of the filesystem model.
Depending on the data communicated by the replicas, synchronizers are categorized as
either state-based or operation-based [
13
,
16
]. In state-based synchronization replicas send their
current versions of the filesystem, or merely the differences (called diff s) between the current
states and the last known synchronized state [
1
]. Operation-based synchronizers transmit the
complete log (or trace) of all operations performed by the user [
7
]. The synchronization method
of this paper is reminiscent of operation-based one, but can also be considered, with similar
overhead, to be state-based. A set of virtual filesystem operations (commands) will be defined
in Section 3. Each of these commands have a clear and intuitive operational meaning, but are
not necessarily available to the end-user. The current state of the filesystem is described by
a special – called canonical – sequence of virtual commands, which transforms the original
filesystem to the actual replica. The update detector can generate this canonical sequence from
the operations performed by the user on the replica (operation-based) as well as from the
differences between the original and final state (state-based). On Figure 1these sequences
correspond to the information in αand βpassed to the reconciler.
Filesystem synchronization must resolve all conflicts between the replicas. Conflict resolu-
tion, however, should be “intuitively correct,” i.e. discarding all changes made by both replicas
is not a viable alternative. The majority of commercially or theoretically available synchroniz-
ers do not present a rationale to explain their concrete conflict resolution approach [
16
]. Two
notable exceptions are [
20
] and [
10
] which describe high-level consistency philosophies. In
[
20
] the main principles are 1) no lost update: preserve all updates on all replicas because these
updates are equally valid; and 2) no side effects: such as a merge where objects unexpectedly
disappear. While these principles intuitively make sense, it is easy to see that neither could
possibly be upheld for every conflict; even the authors provide counterexamples. In [
10
] the
relevant consistency requirements are worded as follows:
R1
intention-confined effect: operations applied to the replicas by the synchronizer must be
based on operations generated by the end-user; and
Data Synchronization: A Complete Theoretical Solution for Filesystems 4 of 22
R2
aggressive effect preservation: the effect of compatible operations should be preserved fully;
and the effect of conflicting operations should be preserved as much as possible.
These requirements are in fact variations of the OT consistency model, see for example the
notion of intention preservation in [
18
]. (We note that the other two OT principles – convergence
and causality preservation – do not apply to filesystem synchronizers.)
In agreement with R1 and R2 we declare what a synchronized state is, rather than present
an algorithm which generates it. Our declaration can be outlined as follows. Suppose that the
two replicas
Φ1
and
Φ2
are represented by the canonical sequences
α
and
β
, respectively, that is,
Φ1=αΦ
and
Φ2=βΦ
, where
αΦ
is the result of applying the command sequence
α
to
Φ
. The
synchronized or merged state Ψis determined by the canonical sequence µas Ψ=µΦsuch that
C0 µis applicable to the original filesystem Φ,
C1 every command in µcan be found either in α, in β, or in both, and
C2 µ
is maximal, i.e. no canonical sequence adding more commands to
µ
can satisfy both C0
and C1.
Condition C0 is the obvious requirement that the synchronizer must not cause errors. Condition
C1 ensures that the synchronization satisfies the intention-confined effect (no surprise changes
in the merged filesystem) requirement R1 as
µ
should consist only of commands which were
supplied by the replicas. The other consistency requirement R2 is guaranteed by C2 as
µ
is
maximal, therefore it preserves as much of the intention of the users as possible. Note that this
definition of a synchronized state is never vacuous. There are only finitely many sequences
which satisfy C0 and C1 as every command in
µ
comes from either
α
or
β
and no repetitions
are allowed, and there are at least two, namely
α
and
β
. Because of this, the empty sequence
(undoing all changes) will not satisfy C2 (assuming one of
α
and
β
is not empty), in line with
our requirements.
The declaration-based synchronization is intuitively clear, easy to understand, and does
not use any predetermined conflict-resolving policy. An operational characterization is proved
in Theorem 2. The essence of this theorem is that any merged filesystem
Ψ
can be generated
from the replica, say Φ1, by
1. rolling back some of the commands in α, followed by (1)
2. applying some commands from the other sequence β,
and vice versa for the other replica. The commands rolled back represent a minimal set whose
removal resolves all conflicts. These commands also give users a clear understanding of the
changes the synchronizer wants to perform on their filesystem. They are also helpful when
some of the rolled-back commands should be introduced again after the merging (doing a redo
of the undo).
Turning to traditional conflict-based synchronization, Section 6proves that any declaration-
based merged state, and only those states, can be the result of a conflict-based synchronization
algorithm. For each pair of canonical sequences describing the replicas to be synchronized
we define what the conflicting command pairs are. Their resolution uses the winner/loser
paradigm: the winner command is accepted while the loser command is discarded. It turns out
that resolving a conflict may automatically resolve some of the subsequent conflicts, but no new
conflicts are created. Using this result the outcomes of different conflict resolving policies can
be investigated easily. In particular, the iterative approach [
16
] always works, which applies all
non-conflicting commands, resolves, in any way, the first conflict (which might automatically
resolve other existing conflicts), and iterates.
Data Synchronization: A Complete Theoretical Solution for Filesystems 5 of 22
3. Definitions
This section defines the basic notation which will be used throughout the rest of the paper.
The exposition follows [
3
] and [
4
] with some substantial modifications. Some results from these
papers are included without proof.
3.1. Namespace and filesystems
Our filesystem model is arguably simplistic, nevertheless it captures all important aspects
of real-word implementations. In spirit, it is a mixture of identity- and path-based models
[
16
,
20
]. Objects are stored in nodes, which are uniquely identified by fixed and predetermined
paths. The set of available nodes is fixed in advance, and no path operations are considered.
Filesystems are required to have the tree-property at all times: in a given filesystem along any
branch starting from any of the root nodes, there must be zero or more directories, zero or one
file, followed by empty nodes. Our model does not support links (but see Section 7.4), thus the
namespace – the set of available nodes or paths – forms a collection of rooted trees. Filesystems
are defined over and populate this fixed namespace.
Formally, the namespace is a set
N
endowed with the partial function
:NN
returning
the parent of every non-root node (it is not defined on roots). If
n=m
then
n
is the parent of
m
, and
m
is a child of
n
. For two nodes
n
,
mN
we say that
n
is above
m
, or
n
is an ancestor of
m
, and write
nm
if
n=i(m)
for some
i
1. As usual,
n4m
means
nm
or
n=m
. As
the parent function induces a tree-like structure,
4
is a partial order. Two nodes
n
,
mN
are
comparable if either n4mor m4n, and they are uncomparable or independent otherwise.
Afilesystem
Φ
populates the nodes of the namespace with values. The value stored at
node
nN
is denoted by
Φ(n)
. This value can be
O
indicating that the node is empty (no
content, not to be confused with the empty file); can be
D
indicating that the node is a directory;
otherwise it is a file storing the complete content (which could happen to be “no content”). We
use
O
,
D
and
F
to denote the type of the content corresponding to these possibilities. While
there is only one value of type
O
and one value of type
D
(see Section 7.3 for a discussion on
lifting this limitation), there are many different file values of type
F
representing different file
contents.
3.2. Internal filesystem commands
The synchronizer operates using a specially designed and highly symmetrical set of
internal filesystem commands. They each modify the filesystem at a single node only, and contain
additional information usually not thought of as part of a command which allows them to be
inverted, and makes them amenable to algebraic manipulation. Inventing such a command set
was one of the main contributions of [3].
The commands basically implement creating and deleting files and directories. Modifying
a part of a file only is not available as a command; whenever a file is modified, the new content
must be supplied in its entirety. Still, commands issued by a real-life user or system can be
easily transformed into the internal commands; for example, the move or rename operation can
be modeled as a sequence of a delete and a create.
The set of the internal commands is denoted by
, and each command
σ
has three
components, written as σ=hn,x,yi, as follows:
nNis the node on which the command acts,
xis the content at node nbefore the command is executed (precondition), and
yis the content at node nafter the command was executed.
Thus rmdir
(n)
corresponds to the internal command
hn
,
D
,
Oi
, which replaces the directory
value at
n
by the empty value. The command
hn
,
O
,
Di
creates a directory at
n
, but only if the
node
n
has no content, i.e., there is no directory or file at
n
(a usual requirement for mkdir
(n)
).
摘要:

Citation:Csirmaz,E.P;Csirmaz,LDataSynchronization:ACompleteTheoreticalSolutionforFilesystems.2022,1,0.ArticleDataSynchronization:ACompleteTheoreticalSolutionforFilesystemsElodP.Csirmaz1,andLaszloCsirmaz21elod@epcsirmaz.com2RényiInstitute,Budapest,andUTIA,Prague;csirmaz@renyi.hu*Correspondence:elod@...

收起<<
Data Synchronization A Complete Theoretical Solution for Filesystems_2.pdf

共22页,预览5页

还剩页未读, 继续阅读

声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!

相关推荐

更多
立即下载
分类:图书资源 价格:10玖币 属性:22 页 大小:367.24KB 格式:PDF 时间:2025-04-27

开通VIP享超值会员特权

  • 多端同步记录
  • 高速下载文档
  • 免费文档工具
  • 分享文档赚钱
  • 每日登录抽奖
  • 优质衍生服务

作者详情

相关内容

更多

热门标签

人际关系 配电装置 动力学连接体 力的合成 高考理综 全宋诗作者索引 公务员考试
/ 22
评分 收藏
分享
立即下载
客服
关注