Agreement Functions for Distributed Computing Models
Petr Kuznetsov, Thibault Rieutord

TL;DR
This paper introduces agreement functions to characterize the computational capabilities of various distributed computing models, providing a unified framework to understand task solvability under different adversaries.
Contribution
It presents a novel, simple characterization of distributed models using agreement functions, capturing the computability of a broad class of adversaries.
Findings
Agreement functions precisely characterize task computability.
The framework applies to a wide class of fair adversaries.
Includes models with superset-closed and symmetric adversaries.
Abstract
The paper proposes a surprisingly simple characterization of a large class of models of distributed computing, via an agreement function: for each set of processes, the function determines the best level of set consensus these processes can reach. We show that the task computability of a large class of fair adversaries that includes, in particular superset-closed and symmetric one, is precisely captured by agreement functions.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsDistributed systems and fault tolerance · Optimization and Search Problems · Age of Information Optimization
11institutetext: LTCI, Télécom ParisTech, Université Paris Saclay
Agreement Functions
for Distributed Computing Models
Petr Kuznetsov
Thibault Rieutord Supported by ANR project DISCMAT, grant agreement ANR-14-CE35-0010-01.
Abstract
The paper proposes a surprisingly simple characterization of a large class of models of distributed computing, via an agreement function: for each set of processes, the function determines the best level of set consensus these processes can reach. We show that the task computability of a large class of fair adversaries that includes, in particular superset-closed and symmetric one, is precisely captured by agreement functions.
1 Introduction
In general, a model of distributed computing is a set of runs, i.e., all allowed interleavings of steps of concurrent processes. There are multiple ways to define these sets of runs in a tractable way.
A natural one is based on failure models that describe the assumptions on where and when failures might occur. By the conventional assumption of uniform failures, processes fail with equal and independent probabilities, giving rise to the classical model of -resilience, where at most processes may fail in a given run. The extreme case of , where is the number of processes in the system, corresponds to the wait-free model.
The notion of adversaries [6] generalizes uniform failure models by defining a set of process subsets, called live sets, and assuming that in every model run, the set of correct, i.e., taking infinitely many steps, processes must be a live set. In this paper, we consider adversarial read-write shared memory models, i.e., sets of runs in which processes communicate via reading and writing in the shared memory and live sets define which sets of processes can be correct.
A conventional way to capture the power of a model is to determine its task computability, i.e., the set of distributed tasks that can be solved in it. For example, consider the [math]-resilient adversary defined through a single live set : the adversary says that no process is allowed to fail (by taking only finitely many steps). It is easy to see that the model is strong enough to solve consensus, and, thus, any task [14]. 111In the “universal” task of consensus, every process has a private input value, and is expected to produce an output value, so that (validity) every output is an input of some process, (agreement) no two processes produce different output values, and (termination) every process taking sufficiently many steps returns.
In this paper, we propose a surprisingly simple characterization of the task computability of a large class of adversarial models through agreement functions.
An agreement function maps subsets of processes to positive integers in . For each subset , determines, intuitively, the level of set consensus that processes in can reach when no other process is active, i.e., the smallest number of distinct input values they can decide on.
For example, the agreement function of the wait-free shared-memory model is and the -resilient model, where at most processes may fail or not participate, has .
The agreement function of an adversary can be computed using the notion of set consensus power of an adversary introduced in [13]: . Here is the restriction of to , i.e., the adversary defined through the live sets of that are subsets of .
To each agreement function , corresponding to an existing model, we associate a particular model, the -model. The -model is defined as the set of runs satisfying the following property: the set of participating (taking at least one step) processes in a run is such that and is such that at most processes take only finitely many steps in it. An algorithm solves a task in the -model if processes taking infinitely many steps produces an output.
We show that, for the class of fair adversaries, agreement functions “tell it all” about task computability: a task is solvable in a fair adversarial model with agreement function if and only if it is solvable in the -model. Fair adversaries include notably the class of superset-closed [16, 19] and the class of symmetric [22] adversaries. Intuitively, superset-closed adversaries do not anticipate failures of processes: if and , then . Symmetric adversaries do not depend on processes identifiers: if , then for every set of processes such that , we have .
A corollary of our result is a characterization of the -concurrency model [9]. Here we use the fact that the -concurrency model is equivalent, with respect to task solvability, to the -obstruction-freedom [13], a symmetric adversary consisting of live sets of sizes from to . Thus, the agreement function captures the -concurrent task computability. An alternative characterization of -concurrency via a compact affine task was suggested in [11].
There are, however, models that are not captured by their agreement functions. We give an example of a non-fair adversary that solves strictly more tasks than its -model. Characterizing the class of models that can be captured through their agreement function is an intriguing open question.
The rest of the paper is organized as follows. Section 2 gives model definitions. In Section 3, we formally define the notion of an agreement function. In Section 4, we present an -adaptive set consensus algorithm, and in Section 5, we prove a few useful properties of -models. In Section 6, we present the class of fair adversary, show that superset-closed and symmetric adversaries are fair and that fair adversaries are captured by their agreement functions. In Section 7, we give examples of models that are not captured by agreement functions. Section 8 reviews related work, and Section 9 concludes the paper.
2 Preliminaries
Processes, runs, models. Let be a system of asynchronous processes, that communicate via a shared atomic-snapshot memory [1]. The atomic-snapshot (AS) memory is represented as a vector of shared variables, where each process is associated with a distinct position in this vector, and exports two operations: update and snapshot. An update operation performed by replaces position with a new value and a snapshot operation returns the current state of the vector.
We assume that processes run the full-information protocol: the first value each process writes is its input value. A process then alternates between taking snapshots of the memory and writing back the result of its latest snapshot. A run is thus a sequence of process identifiers stipulating the order in which the processes take operations: each odd appearance of corresponds to an update and each even appearance corresponds to a snapshot. A model is a set of runs.
Failures and participation. A process that takes only finitely many steps of the full-information protocol in a given run is called faulty, otherwise it is called correct. A process that took at least one step in a given run is called participating in it. The set of participating processes in a given run is called its participating set. Note that, since every process writes its input value in its first step, the inputs of participating processes are eventually known to every process that takes sufficiently many steps.
Tasks. In this paper, we focus on distributed tasks [18]. A process invokes a task with an input value and the task returns an output value, so that the inputs and the outputs across the processes which invoked the task respect the task specification. Formally, a task is defined through a set of input vectors (one input value for each process), a set of output vectors (one output value for each process), and a total relation associating to each input vector a set of valid output vectors. An input denote a not participating process and an output value denote an undecided process. Check [15] for more details.
In the task of -set consensus, input values are in a set of values (), output values are in , and for each input vector and output vector , if the set of non- values in is a subset of values in of size at most . The special case of -set consensus is called consensus [7].
Solving a task. We say that an algorithm solves a task in a model if ensures that (1) in every run in which processes start with an input vector , all decided values form a vector such that , and (2) if the run is in , then every correct process decides.
This gives rise to the notion of task solvability, i.e., a task is solvable in a model if and only if there exists an algorithm which solves in .
BGG simulation. The principal technical tool in this paper is a simulation technique that we call the BGG simulation, after Borowski, Gafni, Guerraoui, collecting ideas presented in [3, 8, 9, 10]. The technique allows a system of processes that communicate via read-write shared memory and -set consensus objects to simulate a -process system running an arbitrary read-write algorithm.
In particular, we can use this technique to run an extended BG simulation [8] on top of these simulated processes, which gives a simulation of an arbitrary -concurrent algorithm. An important feature of the simulation is that it adapts to the number of currently active simulated processes : if it goes below (after some simulated processes complete their computations), the number of used simulators also becomes . We refer to [11] for a detailed description of this simulation algorithm.
3 Agreement functions
Definition 1 (Agreement function)
The agreement function of a model is a function , such that for each , in the set of runs of in which no process in participates, iterative -set consensus can be solved, but -set consensus cannot. By convention, if contains no (infinite) runs with participating set , then .
Intuitively, for each , we consider a model consisting of runs of in which only processes in participate and determine the best level of set consensus that can be reached in this model, with [math] corresponding to a model that consists of finite runs only.
Note the agreement function of a model is monotonic: . Indeed, the set of runs of where the processes in do not take any step is a subset of the set of runs of where the processes in do not take any step. Moreover, -set consensus is trivially solvable in any model by making processes return their own proposal directly. In this paper, we only consider monotonic functions .
Definition 2 (-model)
Given a monotonic agreement function , the -model is the set of runs in which, the participating set satisfies: (1) ; and, (2) at most participating processes take only finitely many steps.
We say that a model is characterized by its agreement function if and only if it solves the same set of task as the -model.
Definition 3 (-adaptive set consensus)
The -adaptive set consensus task is an agreement task satisfying the validity and termination properties of consensus and the -agreement property: if at some time , distinct values have been returned, then the current participating set is such that .
4 Adaptive set consensus
We can easily show that any model with agreement function can solve the -adaptive set consensus task, i.e., to achieve the best level of set consensus without this an priori knowledge of the set of processes that are allowed to participate.
Let be a model and let be its agreement function. Recall that, by definition, assuming that subsets of participate, there exists an algorithm that solves -set consensus, let - be such an algorithm.
We describe now an -adaptive set consensus algorithm providing the “best” level of consensus available in every participating set, without prior knowledge of who may participate. The algorithm adaptively ensures that if the participating set is , then at most distinct input values can be decided.
The algorithm is presented in Algorithm 1. The idea is the following: every process writes its input in shared memory (line 1), and then takes a snapshot to get the current set of participating processes (lines 1–1).
Then processes adopt a value “locked” by a process associated to the largest participation (lines 1–1). It uses this new value as proposal for a simulated agreement solving (feasible as it is accessed only by processes in and only increases with participation). The decision value obtained is then “locked” in memory by writing the value together with the current participation estimation size, , to the shared memory (line 1). If after locking the value, the updated participating set (lines 1–1), has not changed (line 1), the process returns its current decision estimate, (line 1). Otherwise, if participation has changed, then the same construction is applied again and again until it has been executed with an observed stable participation (lines 1–1).
Theorem 4.1
In any run with a participating set , Algorithm 1 satisfies the following properties:
- –
Termination:* All correct processes eventually decide.*
- –
-Agreement:* if at some time , distinct values have been returned, then the current participating set is such that .*
- –
Validity:* Each decided value has been proposed by some process.*
Proof
Let us show that Algorithm 1 satisfies the following properties:
- –
Validity: Processes can only decide on their current estimated decision value (line 1). This value is first initialized to their own input proposal (line 1), and it can then only be replaced by adopting another process’s current, initialized, estimated decision value. Adaopting this value can either be done directly (line 1), or through an agreement protocol (line 1) satisfying the same validity property.
- –
Termination: Assume that a correct process never decides. Then it must be blocked executing the while loop indefinitely often (at lines 1–1). So the participation observed must have changed at each iteration (line 1). But, as participation can only increase, it must have been strictly increased infinitely often – a contradiction with the finiteness of the system size.
- –
-Agreement: We say that a process returns at level if it exited the while loop (line 1) with a last participation observed of size . Let be the smallest level at which a process returns, and let the set of values ever written to at level , i.e., values such that ever appears in . We shall show that for all , .
Indeed, let be the first process to write a value (in line 1), such that , in . Thus, the immediately preceding snapshot, taken before this write in lines 1 or 1, witnessed a participating set of size . Hence, the snapshot of succeeds the last snapshot (of size ) taken by any process that returned at level . But immediately before taking this last snapshot, every such process has written in R (line 1) for some . Therefore must see in its snapshot of size and, since, by assumption, the snapshot contains no values written at levels higher than , must have adopted some value written at level , i.e., . Inductively, we can derive that any subsequent process will have to adopt a value in .
We have shown that every returned value must appear in , where is the smallest level at which some process exits the while loop (line 1).
Participation can only grow due to snapshots inclusion property, thus there is a single participating set of size , , which can be observed in a given run. A value in has been adopted as the decision returned by the -agreement, that can return at most values as it was only accessed by processes in . Therefore the set of returned decisions, as included in , is smaller or equal to . Last, it easy to see that for any process returning at a time , the participation at time is such that and thus that . Therefore, the number of distinct returned decisions returned at any time is smaller or equal to .
This adaptive agreement is simple but central for all our model simulations. All reductions are constructed with a common simulation structure. Processes write their input, then use their access to shared memory and their ability to solve this adaptive agreement to simulate an adaptive BGG simulation where the number of active BG simulators is equal at any time to at most , with the participating set at time , with at least one of these BG simulators taking infinitely many steps.
5 Properties of the -model
We now relate task solvability in the -model and in . More precisely, we show that (1) the agreement function of the -model is and (2) any task solvable in the -model is also solvable in every model with agreement function .
Theorem 5.1
The agreement function of the -model is .
Proof
Take such that and consider the set of runs of the -model in which no process in participates and, thus, according to the monotonicity property, at most processes are faulty. To solve -set consensus, we use the safe-agreement protocol [2], the crucial element of BG simulation. Safe agreement solves consensus if every process that participates in it takes enough steps. The failure of a process then may block the safe-agreement protocol. In our case as at most processes in can fail, so we can simply run safe agreement protocols: every process goes through the protocols one by one using its input as a proposed value, if the protocol blocks, it proceeds to the next one in the round-robin manner. The first protocol that returns gives the output value. Since at most processes are faulty, at least one safe agreement eventually terminates, and there are at most distinct outputs. To see that cannot be solved in this set of runs, recall that one cannot solve -set consensus -resiliently [2, 18, 21].
The following result is instrumental in our characterizations of fair adversaries:
Theorem 5.2
For any task solvable in an -model, is solvable in any read-write shared memory model which solves the -adaptive set consensus task.
Proof
Using -adaptive set consensus and read-write shared memory, we can run -simulation so that, when the participating set is , at most BG simulators are activated and at least one is live (i.e., takes part in infinitely many simulation steps). Moreover, we make a process provided with a (simulated) task output to stop proposing simulated steps to BGG simulation. Hence, the number of active simulators is also bounded by the number of participating processes without an output, with at least one live BG simulator if there is a correct process without a task output.
These BG simulators are used to simulate an execution of a protocol solving in the -model. And so, since any finite run can be extended to a valid run of the -model, the protocol can only provide valid outputs.
We make BG simulators execute the breadth-first simulation: every BG simulator executes an infinite loop consisting of (1) updating the estimated participating set , then (2) try to execute a simulation step of every process in , one by one.
Now assume that there exist correct processes that are never provided with a task output. BGG simulation ensure that we eventually have at most active simulators, with at least one live among them. Let be such a live simulator. After every process in have taken their first steps, tries to simulate steps for every process of infinitely often. A process simulation step can be blocked forever only due to an active but not live BG simulator222 Note that the extended BG-simulation provides a mechanism which ensures that a simulation step is not blocked forever by a no longer active BG simulator., thus there are at most simulated processes in taking only finitely many steps.
As at most processes have a finite number of simulated steps, the simulated run is a valid run of the -model. Moreover, as at most processes have a finite number of simulated steps, there is one process never provided with a task output simulated as a correct process. But, a protocol solving a task eventually provides task outputs to every correct process — a contradiction.
Using Theorem 4.1 in combination with Theorem 5.2, we derive that:
Corollary 1
Let be any model, be its agreement function, and be any task that is solvable in the -model. Then solves .
6 Characterizing fair adversaries
An adversary is a set of subsets of , called live sets, . An infinite run is -compliant if the set of processes that are correct in that run belongs to . An adversarial -model is thus defined as the set of -compliant runs.
An adversary is superset-closed [19] if each superset of a live set of is also an element of , i.e., if , , . Superset-closed adversaries provide a non-uniform generalization of the classical -resilient adversary consisting of sets of or more processes.
An adversary is a symmetric adversary if it does not depend on process identifiers: , , . Symmetric adversaries provides another interesting generalization of the classical -resilience condition and -obstruction-free progress condition [9] which was previously formalized by Taubenfeld as its symmetric progress conditions [22].
6.1 Set consensus power
The notion of the set consensus power [12] was originally proposed to capture the power of adversaries in solving colorless tasks [3, 4], i.e., tasks that can be defined by relating sets of inputs and outputs, independently of process identifiers.
Definition 4
The set consensus power of , denoted by , is defined as follows:
- –
If , then
- –
Otherwise, 333 is the adversary consisting of all live sets of that are subsets of .
Thus, for a non-empty adversary , is determined as where is an element of and is a process in that “max-minimize” . Note that for , .
It is shown in [12] that is the smallest such that can solve -set consensus.
It was previously shown in [13] that for a superset-closed adversary , the set consensus power of is equal to , where denote the minimal hitting set size of , i.e., a minimal subset of that intersects with each live set of . Therefore if is superset-closed, then . For a symmetric adversary , it can be easily derived from the definition of that .
Theorem 6.1
The agreement function of adversary is .
Proof
An algorithm that solves -set consensus, assuming that the participating set is a subset of , is a straightforward generalization of the result of [12]. It is shown in [12] that -set consensus can be solved in . But if we restrict the runs to assume that the processes in do not take a single step, then the set of possible live sets reduces to . Thus using the agreement algorithm of [12] for the adversary , we obtain a -set consensus algorithm, or equivalently, an -set consensus algorithm.
It is immediate from Theorem 6.1 that implies .
6.2 Fair adversaries
In this paper we propose a class of adversaries which encompasses both classical classes of super-set closed and symmetric adversaries. Informally, an adversary is fair if its set consensus power does not change if only a subset of the processes are participating in an agreement protocol.
More precisely, consider -compliant runs with participating set and assume that processes in want to reach agreement among themselves: only these processes propose inputs and are expected to produce outputs. We can only guarantee outputs to processes in when the set of correct processes include some process in , i.e., when the current live set intersect with . Thus, the best level of set consensus reachable by is defined the set consensus power of adversary , unless .
Definition 5
[Fair adversary] An adversary is fair if and only if:
[TABLE]
Property 1
[TABLE]
Proof
For any and , is a subset of and, thus, . Moreover, , as -set consensus can be solved in as follows: every process waits until some process in writes its input and decides on it.
Theorem 6.2
Any superset-closed adversary is fair.
Proof
Suppose that there exists a superset-closed adversary that is not fair, i.e., by Property 1, . Clearly and are also superset-closed and, thus, and .
Since , a minimal hitting set of is such that , and therefore there exists a process , . Also, since , is not a hitting set of . Thus, there exists such that . Hence, . Since is superset closed, we have and, since , . But —a contradiction with being a hitting set of .
Theorem 6.3
Any symmetric adversary is fair.
Proof
The set consensus power of a generic adversary is defined recursively through finding and which max-minimize the set consensus power of . Let us recall that if then . Therefore, can always be selected to be locally maximal, i.e., such that there is no live set in with .
Suppose by contradiction that is symmetric but not fair, i.e., by Property 1, for some and , . We show that if the property holds for and such that then it also holds for some and .
First, we observe that , otherwise and, thus, we have .
Since is symmetric, is also symmetric. Thus, for every and such that , any such that and for any , we also have . Since we can always choose to be a maximal set, we derive that the equality holds for every maximal set in and every .
Let us recall that, by the definition of , there exists and such that . Since is symmetric, for all , and , we have . Indeed, modulo a permutation of process identifiers, contains all the live sets of plus live sets in that overlap with . Since and , we have . Therefore, for any , .
In particular, for with , . Note that , otherwise, and, thus, , contradicting our assumption.
Thus, let us assume that . Note that , and since , , we have for and , . Furthermore, since , we have .
By applying this argument inductively, we end up with a live set and such that , and . By the definition of , and . But is symmetric and , so for every , there exists such that and , i.e., —a contradiction.
Note that not all adversaries are fair. For example, the adversary is not fair. On the other hand, not all fair adversaries are either super-set closed or symmetric. For example, the adversary is fair but is neither symmetric not super-set closed. Understanding what makes an adversary fair is an interesting challenge.
6.3 Task computability in fair adversarial models
In this section, we show that the task computability of a fair adversarial -model is fully grasped by its associated agreement function .
Using BGG simulation, we show that the -model can be used to solve any task solvable in the -model. In the simulation, up to BG simulators execute the given algorithm solving , where is the participating set of the current run.
We adapt the currently simulated live set to include processes not yet provided with a task output, and ensure that the chosen live set is simulated sufficiently long until some active processes are provided with outputs of . The simulation terminates as soon as all correct processes are provided with outputs.
The code for BG simulator is given in Algorithm 2. It consists of two parts: (1) selecting a live set to simulate (lines 2–2), and (2) simulating processes in the selected live set (lines 2–2).
Selecting a live set. This is the most involved part. The idea is to select a participating live set such that: (1) the set consensus power of , with the set of participating processes not yet provided with a task output, is greater than or equal to the BG simulator identifier ; (2) is a subset of the live sets currently selected by live BG simulators with greater identifiers; (3) does not contain the processes currently simulated by live BG simulators with greater identifiers.
The live set selection in Algorithm 2 consists in two phases. First, BG simulators determine a selection window , , i.e., the largest set of processes which is a subset of the live sets selected by live BG simulators with greater identifiers, and which excludes the processes currently selected by live BG simulators with greater identifiers (lines 2–2). This is done iteratively on all BG simulators with greater identifiers, from the greatest to the lowest. At each iteration, if the targeted BG simulator appears live, the current window is restricted to the live set selected by , but excluding the process selected by . Determining if appears live is simply done by checking whether, with the current simulation status observed, the live set selected by is valid, i.e., satisfies conditions (1), (2) and (3) above.
The second phase (lines 2–2), consists in checking if the currently selected live set is valid (line 2). If not, the BG simulator tries to select a live set which belongs to the selection window , and hence satisfies (2) and (3), but also such that the set consensus power of is greater than , the BG simulator identifier (line 2). If the simulator does not find such a live set, it simply selects any available live set (line 2).
Simulating a live set. The idea is that, if the selected live set does not change, the BG simulator simulates steps of every process in its selected live set infinitely often. Unlike conventional variations of BG simulations, a BG simulator here does not skip a blocked process simulation, instead it aborts and re-tries the same simulation step until it is successful.
Intuitively, this does not obstruct progress because, in case of a conflict, there are two live BG simulators blocked on the same simulation step, but the BG simulator with the smaller identifier will eventually change its selected live set and release the corresponding process.
Pseudocode. The protocol executed by processes in the -model is the following: Processes first update their status in by replacing with their initial state. Then, processes participate in an -adaptive BGG simulation (i.e., BGG simulation runs on top of an -adaptive set consensus protocol), where BG simulators use Algorithm 2 to simulate an algorithm solving a given task in the adversarial -model. When a process observes that has been set to (“termination state”), it stops to propose simulation steps.
Proof of correctness. Let be the participating set of the -model run, and let be the set of processes such that is never set to .
Lemma 1
There is a time after which variables and in Algorithm 2 become constant and equal to and for all live BG simulators.
Proof
Since is finite, the set of processes such that eventually corresponds to as the first step of is to set to its initial state and can only be updated to afterwards. As after is set to , it cannot be set to another value, eventually, the set of processes from such that is equal to . Live BG simulators update and infinitely often, so eventually their values of and are equal to and respectively.
Lemma 2
If contains a correct process, then there is a correct BG simulator with an identifier smaller or equal to .
Proof
In our protocol, eventually only correct processes in are proposing BGG simulation steps. Thus eventually, at most distinct simulations steps are proposed. The -adaptive set consensus protocol used for BGG simulation ensures that at most distinct proposed values are decided. But as there is a time after which only processes in propose values, eventually, -set consensus is solved. Thus BGG simulation ensures that, when this is the case, there is a live BG simulator with an identifier smaller or equal to .
Suppose that contains a correct process, and let be the greatest live BG simulator such that (by Lemma 2). Let denote the value of and let denote the value of at simulator at time . Let also be the time after which every active but not live BG simulators have taken all their steps, and after which and have become constant and equal to and for every live BG simulator (by Lemma 1).
Lemma 3
For every live BG simulator , with , eventually, cannot fail the test on line 2.
Proof
Consider a correct BG simulator starting a round after time . Let be the value of at the end of line 2. Two cases may arise:
-
If , as is fair, then . Thus, .
-
Otherwise, is set on line 2 to some at some iteration , with for . We have which, by the definition of , is greater or equal to , so we have .
By the definition of , as , there exists such that . So, eventually will always succeed the test on line 2.
Lemma 4
For every live BG simulator , with , eventually, the value of computed at the end of iteration (at lines 2–2) is equal to some constant value .
Proof
No BG simulator , with , executes lines 2–2 after time . Therefore is constant after time , . As the computation of , on lines 2–2, only depends on the value of , and , for , all constant after time , then the value of computed at the end of line 2 for iteration is the same at every round initiated after time for any live BG simulator , with .
Lemma 5
If contains a correct process, then the set of processes with an infinite number of simulated steps is a live set of containing a process of .
Proof
As is live, it proceeds to an infinite number of rounds. By Lemma 4, eventually computes the same window in every round. By Lemma 3, if does not have a valid live set selected, then it eventually selects a valid one for . Thus, eventually never changes its selected live set. Let be this live set. Afterwards, in each round, tries to complete a simulation step of and, if successfully completed, changes in a round robin manner among . Two cases may arise:
-
If never stabilizes, then the set of processes with an infinite number of simulated steps includes . By Lemma 4, every other live BG simulator with a smaller identifier computes the same value of at the end of round (of the loop at lines 2–2). Thus, after the is selected by , as is valid, every BG simulator will select a subset of for its window value in every round. Moreover, by Lemma 3, these BG simulators will always find valid live sets to select, and so they will eventually simulate only processes in . Thus, the set of processes with infinitely many simulated steps is equal to , a live set intersecting with .
-
Otherwise, eventually stabilizes on some . Therefore, attempts to complete a simulation step of infinitely often. Two sub-cases may arise:
-
–
Either and, therefore, is the only one live BG simulator performing simulation steps, and thus, the set of processes with an infinite number of simulated steps is equal to , a live set intersecting with .
- –
Otherwise, by Lemma 4, every live BG simulator with a smaller identifier eventually selects a window, and thus a live set (Lemma 3), which is a subset of . Thus every live BG simulator with a smaller identifier eventually selects processes to simulate distinct from and, thus, cannot block infinitely often—a contradiction.
Lemma 6
If is fair, then any task solvable in the -model is solvable in the -model.
Proof
Let us assume that it is not the case: there exists a task and a fair adversary such that is solvable in the adversarial -model but not in the -model. As every finite run of the -model can be extended to and -compliant run, the simulated algorithm can only provide valid outputs to the simulated processes. Thus, it can only be the case that a correct process is not provided with a task output, i.e., belongs to .
Therefore, by Lemma 5, the simulation provides an -compliant run, i.e., the set of processes with an infinite number of simulated steps is a live set. As the run is -compliant then each process with an infinite number of simulated steps is eventually provided with a task output and thus is set to . Thus, they cannot belong to — a contradiction.
Combining Corollary 1 and Lemma 6 we obtain the following result:
Theorem 6.4
For any fair adversary , the adversarial -model and the -model are equivalent regarding task solvability.
7 Agreement functions do not always tell it all
We observe that agreement functions are not able to characterize the task computability power of all models. In particular there are non-fair adversaries not captured by their agreement functions.
Consider for example the adversary . It is easy to see that , but that which is strictly smaller than . Therefore, is non-fair.
Consider the task consisting in consensus among and : every process in proposes a value and every correct process in decides a proposed value, so that and cannot decide different values. is solvable in the adversarial -model: every process in simply waits until writes its proposed value and decides on it. Indeed, this protocol solves in the -model as if is correct, is also correct.
The agreement function of , , is equal to [math] for or , to for , and to for all other values. It is easy to see that only differs from , the agreement function of the -resilient adversary, for where . Therefore, , and thus any task solvable in the -model is solvable in the -resilient model.
The impossibility of solving such a task -resiliently can be directly derived from the characterization of task solvable -resiliently from [8]. Indeed, let wait for some process to output in order to decide the same value. Processes and use the ability to solve consensus among themselves to output a unique value. As there are two correct processes in the system, or will eventually terminate and thus will not wait indefinitely. This gives a -process -resilient consensus algorithm—a contradiction[7, 20]. Thus, the -model is not equivalent with the -model, even though they have the same agreement function.
8 Related work
Adversarial models were introduced by Delporte et al. in [6]. With respect to colorless tasks, Herlihy and Rajsbaum [17] characterized a class superset-closed [19] adversaries (closed under the superset operation) via their minimal core sizes. Still with respect to colorless tasks, Gafni and Kuznetsov [12] derived a characterization of general adversary using its consensus power function . A side result of this present paper is an extension of the characterization in [12] to any (not necessarily colorless) tasks.
Taubenfeld introduced in [22] the notion of a symmetric progress conditions, which is equivalent to our symmetric adversaries.
The BG simulation establishes equivalence between -resilience and wait-freedom with respect to task solvability [3, 4, 8]. Gafni and Guerraoui [10] showed that if a model allows for solving -set consensus, then it can be used to simulate a -concurrent system in which at most processes are concurrently invoking a task. In our simulation, we use the fact that a model associated to an agreement function allows to solve an -adaptive set consensus, using the technique proposed in [5], which enables a composition of the ideas in [3, 4, 8] and [10]. Running BG simulation on top of a -concurrent system, we are able to derive the equivalence between fair adversaries and their corresponding -models.
9 Concluding remarks
By Theorem 6.4, task computability of a fair adversary is characterized by its agreement function : a task is solvable with if and only if it is solvable in the -model. The result implies characterizations of superset-closed [16, 19] and symmetric [22] adversaries and, via the equivalence result established in [9], the model of -concurrency.
As a corollary, for all models and characterized by their agreements functions, such that , we have that is stronger than , i.e., the set of tasks solvable in contains the set of tasks solvable in . In particular, if the two agreement functions are equal, then and solve exactly the same sets of tasks. Note that if a model is characterized by its agreement function , then it belongs to the weakest equivalence class among the models whose agreement function is .
An intriguing open question is therefore how to precisely determine the scope of the approach based on agreement functions and if it can be extended to capture larger classes of models.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] Y. Afek, H. Attiya, D. Dolev, E. Gafni, M. Merritt, and N. Shavit. Atomic snapshots of shared memory. J. ACM , 40(4):873–890, 1993.
- 2[2] E. Borowsky and E. Gafni. Generalized FLP impossibility result for t 𝑡 t -resilient asynchronous computations. In STOC , pages 91–100. ACM Press, May 1993.
- 3[3] E. Borowsky and E. Gafni. Immediate atomic snapshots and fast renaming. In PODC , pages 41–51, New York, NY, USA, 1993. ACM Press.
- 4[4] E. Borowsky, E. Gafni, N. A. Lynch, and S. Rajsbaum. The BG distributed simulation algorithm. Distributed Computing , 14(3):127–146, 2001.
- 5[5] C. Delporte-Gallet, H. Fauconnier, E. Gafni, and P. Kuznetsov. Wait-freedom with advice. Distributed Computing , 28(1):3–19, 2015.
- 6[6] C. Delporte-Gallet, H. Fauconnier, R. Guerraoui, and A. Tielmann. The disagreement power of an adversary. Distributed Computing , 24(3-4):137–147, 2011.
- 7[7] M. J. Fischer, N. A. Lynch, and M. S. Paterson. Impossibility of distributed consensus with one faulty process. J. ACM , 32(2):374–382, Apr. 1985.
- 8[8] E. Gafni. The extended BG-simulation and the characterization of t-resiliency. In STOC , pages 85–92, 2009.
