Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors Michel Raynal, Julien Stainer
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 2 / 22 Outline Classic Models and Problems Classic Problems Difficulties and Impossibilities Failure Detectors: Enriching Asynchronous Models Preventing Partitioning: Σ Breaking Symmetry: Ω Message Adversaries: Weakening Synchronous Crash-free Models Shared Memory from Synchrony: the Adversary TOUR Ω from Synchrony: the Adversary SOURCE Σ from Synchrony: the Adversary QUORUM Equivalence Results Elements of Proof
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 3 / 22 The Synchronous Message-passing Model: SMP[ ] execution stripped in a sequence of rounds
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 3 / 22 The Synchronous Message-passing Model: SMP[ ] execution stripped in a sequence of rounds each round is made of three phasis: processes send messages to each other
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 3 / 22 The Synchronous Message-passing Model: SMP[ ] execution stripped in a sequence of rounds each round is made of three phasis: processes send messages to each other they receive the round messages addressed to them
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 3 / 22 The Synchronous Message-passing Model: SMP[ ] execution stripped in a sequence of rounds each round is made of three phasis: processes send messages to each other they receive the round messages addressed to them they compute locally their new states
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 3 / 22 The Synchronous Message-passing Model: SMP[ ] execution stripped in a sequence of rounds each round is made of three phasis: processes send messages to each other they receive the round messages addressed to them they compute locally their new states The messages are all received during the round they are sent It models the use of timeouts. Relative speeds of processes are bounded. They synchronize on the slowest in heterogeneous environments.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 3 / 22 The Synchronous Message-passing Model: SMP[ ] execution stripped in a sequence of rounds each round is made of three phasis: processes send messages to each other they receive the round messages addressed to them they compute locally their new states without message losses, failures are easy to detect The messages are all received during the round they are sent It models the use of timeouts. Relative speeds of processes are bounded. They synchronize on the slowest in heterogeneous environments.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 4 / 22 The Asynchronous Message-passing Model: AMP[ ] processes are prone to failures
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 4 / 22 The Asynchronous Message-passing Model: AMP[ ] processes are prone to failures relative speeds of processes are (finite but) unbounded
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 4 / 22 The Asynchronous Message-passing Model: AMP[ ] processes are prone to failures relative speeds of processes are (finite but) unbounded message delivery durations are (finite but) unbounded
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 4 / 22 The Asynchronous Message-passing Model: AMP[ ] processes are prone to failures relative speeds of processes are (finite but) unbounded message delivery durations are (finite but) unbounded Crashed and slow processes are undistinguishable.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 5 / 22 The Asynchronous Shared Memory Model: ASM[ ] processes are prone to failures
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 5 / 22 The Asynchronous Shared Memory Model: ASM[ ] processes are prone to failures relative speeds of processes are (finite but) unbounded
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 5 / 22 The Asynchronous Shared Memory Model: ASM[ ] processes are prone to failures relative speeds of processes are (finite but) unbounded processes share an array of single-writer multi-readers atomic registers
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 5 / 22 The Asynchronous Shared Memory Model: ASM[ ] processes are prone to failures relative speeds of processes are (finite but) unbounded processes share an array of single-writer multi-readers atomic registers Crashed and slow processes are undistinguishable.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 5 / 22 The Asynchronous Shared Memory Model: ASM[ ] processes are prone to failures relative speeds of processes are (finite but) unbounded processes share an array of single-writer multi-readers atomic registers Crashed and slow processes are undistinguishable. But... The memory offers a more powerful communication medium than asynchronous messages.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 6 / 22 Simulating a Shared Memory simulating read and write operations in a linearizable manner: each operation executes with the same consequences as if it happens instantaneously between its invocation and its end.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 6 / 22 Simulating a Shared Memory simulating read and write operations in a linearizable manner: each operation executes with the same consequences as if it happens instantaneously between its invocation and its end.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 6 / 22 Simulating a Shared Memory simulating read and write operations in a linearizable manner: each operation executes with the same consequences as if it happens instantaneously between its invocation and its end.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 6 / 22 Simulating a Shared Memory simulating read and write operations in a linearizable manner: each operation executes with the same consequences as if it happens instantaneously between its invocation and its end.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 6 / 22 Simulating a Shared Memory simulating read and write operations in a linearizable manner: each operation executes with the same consequences as if it happens instantaneously between its invocation and its end.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 6 / 22 Simulating a Shared Memory simulating read and write operations in a linearizable manner: each operation executes with the same consequences as if it happens instantaneously between its invocation and its end.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 6 / 22 Simulating a Shared Memory simulating read and write operations in a linearizable manner: each operation executes with the same consequences as if it happens instantaneously between its invocation and its end.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 6 / 22 Simulating a Shared Memory simulating read and write operations in a linearizable manner: each operation executes with the same consequences as if it happens instantaneously between its invocation and its end.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 6 / 22 Simulating a Shared Memory simulating read and write operations in a linearizable manner: each operation executes with the same consequences as if it happens instantaneously between its invocation and its end.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 6 / 22 Simulating a Shared Memory simulating read and write operations in a linearizable manner: each operation executes with the same consequences as if it happens instantaneously between its invocation and its end.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 6 / 22 Simulating a Shared Memory simulating read and write operations in a linearizable manner: each operation executes with the same consequences as if it happens instantaneously between its invocation and its end.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 7 / 22 Consensus: Reaching Agreement each participating process proposes a value a process that doesn t crash eventually decides a value all decided values are proposed values the decided values are all the same Solving Consensus Allows to Solve State Machine Replication allows to solve any task with a sequential specification can be used to replicate services in a resilient manner
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 8 / 22 Simulating a Memory is Impossible in AMP[ ] as soon as a majority of processes can crash
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 8 / 22 Simulating a Memory is Impossible in AMP[ ] as soon as a majority of processes can crash since messages can be arbitrarily delayed, two parts of the system can execute as if the processes of the other part were crashed
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 8 / 22 Simulating a Memory is Impossible in AMP[ ] as soon as a majority of processes can crash since messages can be arbitrarily delayed, two parts of the system can execute as if the processes of the other part were crashed
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 8 / 22 Simulating a Memory is Impossible in AMP[ ] as soon as a majority of processes can crash since messages can be arbitrarily delayed, two parts of the system can execute as if the processes of the other part were crashed
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 8 / 22 Simulating a Memory is Impossible in AMP[ ] as soon as a majority of processes can crash since messages can be arbitrarily delayed, two parts of the system can execute as if the processes of the other part were crashed if messages are delayed for too long, the situation is undistinguishable from the previous one: processes behave as before
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 8 / 22 Simulating a Memory is Impossible in AMP[ ] as soon as a majority of processes can crash since messages can be arbitrarily delayed, two parts of the system can execute as if the processes of the other part were crashed if messages are delayed for too long, the situation is undistinguishable from the previous one: processes behave as before
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 8 / 22 Simulating a Memory is Impossible in AMP[ ] as soon as a majority of processes can crash if the system splits for too long, it is impossible to maintain read and write linearizable semantic
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 9 / 22 Solving Consensus is impossible in both AMP[ ] and ASM[ ] the possible executions of an algorithm in ASM can be represented by a subdivided complex
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 9 / 22 Solving Consensus is impossible in both AMP[ ] and ASM[ ] the possible executions of an algorithm in ASM can be represented by a subdivided complex
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 9 / 22 Solving Consensus is impossible in both AMP[ ] and ASM[ ] the possible executions of an algorithm in ASM can be represented by a subdivided complex
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 9 / 22 Solving Consensus is impossible in both AMP[ ] and ASM[ ] the possible executions of an algorithm in ASM can be represented by a subdivided complex
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 9 / 22 Solving Consensus is impossible in both AMP[ ] and ASM[ ] the possible executions of an algorithm in ASM can be represented by a subdivided complex
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 9 / 22 Solving Consensus is impossible in both AMP[ ] and ASM[ ] the possible executions of an algorithm in ASM can be represented by a subdivided complex the processes have to decide in a finite number of steps, the complex subdivision is consequently finite
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 9 / 22 Solving Consensus is impossible in both AMP[ ] and ASM[ ] the possible executions of an algorithm in ASM can be represented by a subdivided complex the processes have to decide in a finite number of steps, the complex subdivision is consequently finite the states can be tagged with the corresponding decided values
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 9 / 22 Solving Consensus is impossible in both AMP[ ] and ASM[ ] the possible executions of an algorithm in ASM can be represented by a subdivided complex the processes have to decide in a finite number of steps, the complex subdivision is consequently finite the states can be tagged with the corresponding decided values impossibility result comes from combinatorial topology
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 9 / 22 Solving Consensus is impossible in both AMP[ ] and ASM[ ] the possible executions of an algorithm in ASM can be represented by a subdivided complex the representation can be used with more than two processes
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 10 / 22 Failure Detectors failure detectors provide each process with an externally controlled variable the value of this variable depends on the system global state it informs processes about crashes Failure Detectors reinforce Asynchronous Models AMP[ ] and ASM[ ]
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 11 / 22 Preventing Partitioning: Σ Σ provides each process with a set of process identities called quorum any two quorum taken at any time on any processes intersect eventually quorums only contain correct processes Σ is Minimal to Simulate a Memory in AMP[ ]
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 12 / 22 Breaking Symmetry: Ω Ω provides each process with the identity of a process considered as the leader the leader is eventually the same for each process correct Ω is Minimal to Solve the Consensus in ASM[ ] Σ, Ω is Minimal to Solve the Consensus in AMP[ ]
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 13 / 22 Message Adversaries the adversary removes messages in SMP[ ] properties define the patterns of messages that can be removed during a round across the execution Message Adversaries weaken the Synchronous Crash-free Model SMP[ ]
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 14 / 22 Shared Memory from Synchrony: the Adversary TOUR TOUR can remove any message but it preserves a tournament in any round in any round and between any pair of processes, it has to let one of the two messages exchanged untouched
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 14 / 22 Shared Memory from Synchrony: the Adversary TOUR TOUR can remove any message but it preserves a tournament in any round in any round and between any pair of processes, it has to let one of the two messages exchanged untouched
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 15 / 22 Ω from Synchrony: the Adversary SOURCE SOURCE can remove any message but it eventually preserves all messages sent by a given source
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 15 / 22 Ω from Synchrony: the Adversary SOURCE SOURCE can remove any message but it eventually preserves all messages sent by a given source
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 15 / 22 Ω from Synchrony: the Adversary SOURCE SOURCE can remove any message but it eventually preserves all messages sent by a given source
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 15 / 22 Ω from Synchrony: the Adversary SOURCE SOURCE can remove any message but it eventually preserves all messages sent by a given source
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 15 / 22 Ω from Synchrony: the Adversary SOURCE SOURCE can remove any message but it eventually preserves all messages sent by a given source
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 15 / 22 Ω from Synchrony: the Adversary SOURCE SOURCE can remove any message but it eventually preserves all messages sent by a given source
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 15 / 22 Ω from Synchrony: the Adversary SOURCE SOURCE can remove any message but it eventually preserves all messages sent by a given source
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 15 / 22 Ω from Synchrony: the Adversary SOURCE SOURCE can remove any message but it eventually preserves all messages sent by a given source
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 16 / 22 Σ from Synchrony: the Adversary QUORUM QUORUM can remove any message but in each round each process receives messages from an entire quorum in any two rounds r 1 and r 2, for any two processes p 1 and p 2, there is a process p 3 such that: p1 receives the message of p 3 during r 1 and p2 receives the message of p 3 during r 2 and p 3 is infinitely often able to send messages (directly or not) to any other process
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 18 / 22 Simulating SMP[SOURCE, TOUR] in ASM[Ω] Each process waits to be the leader or to receive a message from the leader. It writes its round messages to the other processes. It scans the memory and delivers the round messages.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 18 / 22 Simulating SMP[SOURCE, TOUR] in ASM[Ω] Each process waits to be the leader or to receive a message from the leader. It writes its round messages to the other processes. It scans the memory and delivers the round messages. Everything happens as if all the other messages were removed by the adversary. The eventual leader s messages are eventually all received The atomic registers entail the TOUR property
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 19 / 22 Simulating ASM[Ω] in SMP[SOURCE, TOUR] Full information protocol. To complete an operation (read or write), a process inject it with a sequence number and its name and count as informed: the processes from which it didn t received any messages during the round; those from which it received its own message. It continues its execution when each other process is informed. The eventual leader is elected by counting the number of rounds missed by each process.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 19 / 22 Simulating ASM[Ω] in SMP[SOURCE, TOUR] Full information protocol. To complete an operation (read or write), a process inject it with a sequence number and its name and count as informed: the processes from which it didn t received any messages during the round; those from which it received its own message. It continues its execution when each other process is informed. The eventual leader is elected by counting the number of rounds missed by each process. In two tournaments, at least one process reaches every other, it learns it in the next round. Some processes stay stuck on a communication operation, analog to crashed ones for the other. (The simulation is only non blocking)
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 20 / 22 Wrap Up Message adversaries offer a way to model asynchrony, crashes and shared memory in the simple synchronous crash-free system. Some important failure detectors have corresponding message adversaries. Representing these model properties through a single abstraction allows to compare them.
Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 21 / 22 Perspectives Do all failure detectors have their message adversary counterpart? Can we easily obtain the message adversaries matching t-resilient asynchronous models? What is the strongest message adversary allowing consensus to be solved? How could be the notion of Byzantine failure be ported to this model? Some messages adversaries have a natural topological representation, how does it compare to the usual barycentric one? Is the notion of message adversary the key to reveal the Grand Unified Model of distributed computability?
Thank you for your attention! Synchrony Weakened by Message Adversaries vs Asynchrony Enriched with Failure Detectors 22 / 22