The two-phase commit problem

Some notes about modeling

Definitions

canCommit

canAbort

TM model

tmState

tmState

TMMAYFAIL

RM model

Model checking the two-phase commit

TMMAYFAIL=FALSE

RM=1..3

TMMAYFAIL=TRUE

BTM modeling

unavailable

canCommit

RMstates

canCommit

What if RMs could also fail?

canAbort

Model checking

prepared

commit

unavailable

committed

aborted

committed

aborted

FLP impossibility

Paxos, making the world a better place