An Almost Tight RMR Lower Bound for Abortable Test-And-Set by Eghbali, Aryaz & Woelfel, Philipp
ar
X
iv
:1
80
5.
04
84
0v
1 
 [c
s.D
C]
  1
3 M
ay
 20
18
An Almost Tight RMR Lower Bound for
Abortable Test-And-Set
Aryaz Eghbali
Department of Computer Science, University of Calgary, Canada
aryaz.eghbali@ucalgary.ca
Philipp Woelfel
Department of Computer Science, University of Calgary, Canada
woelfel@ucalgary.ca
Abstract
We prove a lower bound of Ω(log n/ log log n) for the remote memory reference (RMR) complexity
of abortable test-and-set (leader election) in the cache-coherent (CC) and the distributed shared
memory (DSM) model. This separates the complexities of abortable and non-abortable test-and-
set, as the latter has constant RMR complexity [25].
Golab, Hendler, Hadzilacos and Woelfel [27] showed that compare-and-swap can be imple-
mented from registers and TAS objects with constant RMR complexity. We observe that a
small modification to that implementation is abortable, provided that the used TAS objects are
abortable.
2012 ACM Subject Classification Theory of computation → Shared memory algorithms
Keywords and phrases Abortability, Test-And-Set, Leader Election, Compare-and-Swap, RMR
Complexity, Lower Bound
Funding This research was undertaken, in part, thanks to funding from the Canada Research
Chairs program and from the Discovery Grants program of the Natural Sciences and Engineering
Research Council of Canada (NSERC).
1 Introduction
In this paper, we study the remote memory references (RMR) complexity of abortable test-
and-set. Test-and-set (TAS) is a fundamental shared memory primitive that has been widely
used as a building block for classical problems such as mutual exclusion and renaming, and
for the construction of stronger synchronization primitives [35, 39, 19, 14, 8, 7, 6, 27].
We consider a standard asynchronous shared memory system in which n processes with
unique IDs communicate by reading and writing shared registers. A TAS object stores a
bit that is initially 0, and provides two methods, TAS(), which sets the bit and returns
its previous value, and read(), which returns the current value of the bit. TAS is closely
related to mutual exclusion [17]: a TAS object can be viewed as a one-time mutual exclusion
algorithm, where only one process (the one whose TAS() returned 0) can enter the critical
section [18].
TAS objects have consensus-number two, and therefore they have no wait-free imple-
mentations. In particular, in deterministic TAS implementations, processes may have to
wait indefinitely, by spinning (repeatedly reading) variables. It is common to predict the
performance of such blocking algorithms by bounding remote memory references (RMRs).
These are memory accesses that traverse the processor-to-memory interconnect. Local-spin
algorithms achieve low RMR complexity by spinning on locally accessible variables. Two
models are common: In distributed shared memory (DSM) systems, each shared variable
0:2 RMR Lower Bound for Abortable TAS
is permanently locally accessible to a single processor and remote to all other processors.
In cache-coherent (CC) systems, each processor keeps local copies of shared variables in its
cache; the consistency of copies in different caches is maintained by a coherence protocol.
Memory accesses that cannot be resolved locally and have to traverse the processor-to-
memory interconnect are called remote memory references (RMRs).
Golab, Hendler, and Woelfel [25] devised deadlock-free TAS algorithms with O(1) RMR
complexity for the DSM and the CC model, which in turn have been used to construct
equally efficient comparison-primitives, such as compare-and-swap (CAS) objects [27]. These
constructions are particularly useful in the study of the complexity of the mutual exclusion
problem, for which the RMR complexity is the standard performance metric [10, 9, 34, 12,
15, 31, 32, 33, 13, 29, 30, 40, 22, 11, 36, 16, 37, 23].
In the context of mutual exclusion, it has been observed that systems often require locks
to support a “timeout” capability that allows a process waiting too long for the lock, to
abort its attempt [41]. In database systems, such as Oracle’s Parallel Server and IBM’s
DB2, the ability of a thread to abort lock attempts serves the dual purpose of recovering
from a transaction deadlock and tolerating preemption of the thread that holds the lock
[41]. In real time systems, the abort capability can be used to avoid overshooting a deadline.
Solutions to this problem have been proposed in the form of abortable mutual exclusion
algorithms [41, 31, 40, 37, 16, 24]. In such an algorithm, at any point a process may receive
an abort signal upon which, within a finite number of its own steps, it must either enter the
critical section or abort its current attempt to do so, by returning to the remainder section.
The complexity of the mutual exclusion problem is not affected by abortability: The
abortable algorithm by Danek and Lee [16, 38] achieves O(log n) RMR complexity, which
asymptotically matches the known lower bound for non-abortable mutual exclusion [12].
But abortable mutual exclusion algorithms seem to be much more difficult to obtain than
non-abortable ones, and it is not surprising that all such algorithms preceding [16, 38] used
stronger synchronization primitives (e.g., LL/SC objects in [31]). Moreover, no RMR effi-
cient randomized abortable mutual exclusion algorithms are known, unless stronger primit-
ives are used [40, 24]; on the other hand, several non-abortable randomized implementations
use only registers [28, 29, 23, 13].
As mentioned earlier, CAS objects with O(1) RMR complexity can be obtained from
registers [27], but they cannot be used in an abortable mutual exclusion algorithm without
sacrificing its abortability: if a process receives the abort signal while being blocked in an
operation on a CAS object, it has no option to finish that operation in a wait-free manner,
and thus can also not abort its attempt to enter the critical section. In general, implemented
blocking strong objects, cannot be used to obtain abortable mutual exclusion objects.
One way of dealing with this impasse can be to make implementations of strong prim-
itives also abortable, and to devise mutual exclusion algorithms in such a way that they
accommodate operation aborts. Similarly, other algorithms and data structures that may
require timeout capabilities, can potentially be implemented from abortable objects, but not
from non-abortable ones.
We define abortability in the following, natural way: In a concurrent execution, a process
executing an operation on the object may receive an abort signal at any point in time. When
that happens, it must finish its method call within a finite number of its own steps (wait-
free), and as a result the method call may fail to take effect, or it may succeed. The resulting
execution must satisfy the safety conditions of the object (e.g., linearizability), if all failed
operations are removed. Moreover, a process must be able to find out, by looking at the
return value, whether its aborted operation succeeded, and if it did, then the return value
A. Eghbali and P. Woelfel 0:3
must be consistent with a successful operation.
It may be tempting to define a weaker forms of abortability, e.g., where a return value
of an aborted operation does not indicate whether the operation succeeded or not. But
the usefulness of such a weaker notions is not clear. For example, abortable TAS objects
(according to our definition) can easily be used to implement an abortable mutual exclusion
algorithm (TAS-lock): One can store a pointer to a “current” TAS object in a single register
R. To get the lock, a process calls TAS() on the TAS object that R points to, and if the
return value is 0, then the process has the lock, and otherwise it keeps reading R until its
value changes. To release the lock, the process simply swings the pointer R so that it points
to a new, fresh TAS object (this technique was proposed in [5], and [1, 2] showed how to
bound the number of involved TAS objects). This also works in the case of aborts, because
a process knows whether its operation took effect, and thus whether it is allowed to swing
the pointer (and in fact must, to avoid dead-locks).
For the weaker definition of abortability mentioned above, a process whose TAS() aborted
may not be able to find out whether it has the lock or not, and then it can also not swing
the pointer to a new TAS object, even though its TAS() may have set the bit from 0 to 1. In
fact, suppose that two processes call TAS(), and both TAS() calls abort without receiving
the information whether the aborted operation took effect. Then the TAS bit may be set,
but none of the processes has received any information regarding who was successful, and
reading the TAS object also provides no information.
Even though our notion of abortability may seem strong, any abortable mutual exclusion
algorithm can be used to obtain any abortable object from its corresponding sequential im-
plementation, by simply protecting the sequential code in the critical section. An interesting
question is therefore, whether abortable objects can be obtained at a lower RMR cost than
mutual exclusion.
We observe that this is true for implementations of abortable CAS objects from abortable
TAS objects on the CC model: a straight-forward modification of the constant RMR imple-
mentation of non-abortable CAS from TAS objects and registers [27], immediately yields an
abortable CAS object, provided that the used TAS objects are atomic or also abortable.
◮ Theorem 1. There is a deadlock-free implementation of abortable CAS from atomic re-
gisters and deadlock-free abortable TAS objects, which has O(1) RMR complexity on the CC
model.
Note that there are efficient randomized implementations of TAS from registers, where
the maximum number of steps any process takes in a TAS() operation is O(log∗ n) against
an oblivious adversary [21]. In the construction of CAS above, we can use such a randomized
TAS implementation in place of abortable TAS.
◮ Corollary 2. There is a deadlock-free randomized implementation of abortable CAS from
atomic registers, such that on the CC model against an oblivious adversary each abort is
randomized wait-free, and each operation on the object incurs at most O(log∗ n) RMRs.
Recall that there is also a deterministic constant RMR implementation of TAS from
registers [25], and thus making this implementation abortable, would, together with the
result mentioned above, immediately yield deterministic constant RMR abortable imple-
mentations of CAS from registers. Unfortunately, it turns out that a deterministic constant
RMR implementation of abortable TAS from registers cannot exist. In particular, we define
the abortable leader election (LE) problem, which is not harder and possibly easier than
abortable TAS (with respect to RMR complexity). Our main technical result is an RMR
lower bound of Ω(log n/ log logn) for that object.
0:4 RMR Lower Bound for Abortable TAS
In a (non-abortable) LE protocol, every process decides for itself whether it becomes the
leader (it returns win) or whether it loses (it returns lose). At most one process can become
the leader, and not all participating processes can lose. I.e., if all participating processes
finish the protocol, then exactly one of them returns win and all others return lose. Note
that then in an abortable LE protocol all participating processes allowed to return lose,
provided that all of them received the abort signal.
An abortable TAS object immediately yields an abortable LE protocol: Each process
executes a single TAS() operation and returns win if the TAS() call returns 0, and otherwise
lose (i.e., it returns lose also when the TAS() return value indicates a failed abort).
Our main result is the following:
◮ Theorem 3. For both, the DSM and the CC model, any deadlock-free abortable leader
election algorithm has an execution in which at least one process incurs Ω(logn/ log logn)
RMRs.
Leader election is one of the seemingly simplest synchronization primitives that have no
wait-free implementation. In particular, as argued above, the lower bound in Theorem 3
immediately also applies to abortable TAS. This is in stark contrast to the O(1) RMRs
upper bound for non-abortable TAS and even CAS implementations [25, 27]. It shows that
adding abortability to synchronization primitives is almost as difficult as solving abortable
mutual exclusion, which has an RMR complexity of Θ(logn) [16, 38].
In our lower bound proof we identify the crucial reason for why abortable LE is harder
than its non-abortable variant: According to standard bi-valency arguments, for any deadlock-
free LE algorithm, there is an execution in which some process takes an infinite number of
steps. But it is not hard to see that one can design an (asymmetric) 2-process LE protocol
in which one fixed process is wait-free, because the other one waits for the first one to make
a decision if it detects contention. It turns out that this is not the case for abortable LE:
Here, for any process, there is an execution in which that process takes an infinite number
of steps.
Other Related Work.
Aguilera, Frølund, Hadzilacos, Horn, and Toueg [4] define a different notion of abortable
object, where no abort signals are sent by the system, but a process may decide for itself to
abort an ongoing operation, e.g., when it detects contention. According to their definition,
the caller of an aborted operation may not find out whether its operation took effect or not.
Since this uncertainty may not be acceptable, they also introduce query-abortable objects,
where a query operation allows a process to determine additional information about its last
non-query operation.
Note that their notion of abortability is quite different from the one used commonly
for mutual exclusion and adopted by us, where the system, and not the implementation,
dictates when a process needs to abort.
2 Abortable Compare-And-Swap in the CC Model
In this section we consider the cache-coherent (CC) model. Each process obtains a cache-
copy with each read of a register, and the cache-copy gets only invalidated if some process
later writes to the same register. Writes as well as reads of non-cached registers incur RMRs,
while reads of cached registers do not.
A. Eghbali and P. Woelfel 0:5
A CAS object provides two operations, CAS(cmp, new), and read(). Operation read()
returns the current value of the object. Operation CAS(cmp, new) writes new to the object,
if the current value is cmp, and otherwise does not change the value of the object. In either
case it returns the old value of the object.
Golab et. al. [26] gave an implementation of CAS from TAS and registers, which has
constant RMR complexity in the CC model, i.e., each CAS() and reach read() operation
incurs only O(1) RMRs. In this section we show how to make that implementation abortable,
provided that we have access to abortable TAS objects. The pseudocode is in Figure 1. The
original (non-abortable) version of the code is shown in black and our additional code to
make it abortable in red (lines 6 and 20).
Method NameDecide()
1 x := T.TAS()
2 if x = 0 then
3 leader := PID
4 else
5 while leader = ⊥ do
6 if abort then return ⊥
7 return leader
Method CAS(cmp, new)
8 d := D
9 old := d → value
10 if old = cmp ∧ cmp 6= new then
11 winner := d → N.NameDecide()
12 if winner = PID then
13 d′ := getNewPage()
14 d′ → value := new
15 D := d′
16 d→ value := new
17 d→ flag := True
18 else
19 while d → flag 6= True do
20 if abort then return ⊥
21 old := d → value
22 return old
Figure 1 Implementation of (abortable) NameDecide() and CAS(). Without lines 6 and 20 the
algorithms are equivalent to the non-abortable implementations in [26].
2.1 From TAS to Name Consensus
The implementation in [26] first constructs a name consensus object from a single TAS object
T . This implementation provides a method NameDecide(), which each process is allowed to
call at most once. All NameDecide() calls return the same value (agreement), which is the
ID of a process calling NameDecide() (validity).
The non-abortable implementation in [26] uses a TAS object T and a register leader that
is initially ⊥. In a NameDecide() call, a process p first calls T .TAS(). If the TAS() returns
0, then p wins, and writes p to leader. Otherwise, p loses, and so it repeatedly reads leader,
until leader 6= ⊥, upon which p can return the value of leader. It is easy to see (and was
formally proved in [26]) that this is a correct name consensus algorithm.
We now show how this implementation can be made abortable, assuming the TAS object
T is abortable. We assume that when a process receives the abort signal, a static process-
local variable abort, which is initially false, changes to True.
Recall that abortability requires that the return value of a TAS() operation indicates
whether it failed or succeeded. We assume a failed TAS() simply returns⊥. In NameDecide(),
processes are only waiting until leader changes. If a process is receiving the abort signal while
waiting for leader to change, then it can also simply return ⊥. The rest of the algorithm is
the same as the original name consensus algorithm.
0:6 RMR Lower Bound for Abortable TAS
Clearly, the new code (line 6) does not affect RMR complexity, and following an abort
the code is wait-free. Moreover, correctness (validity and agreement) in case of no failed
NameDecide() operations follow immediately from correctness of the original algorithm. If
a NameDecide() operation fails (i.e., returns ⊥), then it did not change any shared memory
object (its TAS() must have either failed, or returned 1). Hence, removing an aborted and
failed NameDecide() operation from the execution does not affect any other processes, and
therefore the resulting execution must be correct.
2.2 From Name Consensus to Compare-And-Swap
We now show how the abortable name consensus algorithm can be used to obtain abortable
CAS. Consider the implementation of CAS(cmp, new) on the right hand side in Figure 1.
The black code is logically identical to the one in [26]. It uses a register D that points to
a page, which stores two registers, value and flag, as well as a name consensus object N .
Register value at the page pointed to by D stores the current value of the object. (Thus,
a read() operation, for which we omit the pseudo code, simply returns D → value.) The
CAS() operation assumes a wait-free method getNewPage(), which returns an unused page
from a pool of pages (for simplicity assume this pool has infinitely many pages, but there
are methods for wait-free memory management that allow using a bounded pool [27, 3]).
For a description of how the algorithm CAS(cmp, new) works, we refer to [26]. We can
prove that the abortable version presented here is correct, provided that the non-abortable
version (with line 20 removed) is: First of all, obviously line 20 does not change the RMR
complexity. Moreover, if a process receives the abort-signal, then its abortable NameDecide()
call terminates within a finite number of steps, and the process also does not wait in the
while-loop, so its CAS() call completes within a finite number of its steps. Finally, notice
that a CAS() call returns ⊥ only if an abort signal was received, and in that case no shared
memory objects are affected (the process cannot have won the NameDecide() call). Hence,
all aborted and failed operations can be removed from the execution without changing
anything for the remaining operations. As a result we obtain Theorem 1.
3 RMR Lower Bound for Abortable Leader Election
In this section, we give an overview of the RMR lower bound proof for abortable leader
election (and thus TAS) as stated in Theorem 3. First, we define some notation, the system
model, RMR complexity, and the abortable leader election problem.
3.1 Lower Bound Preliminaries
System Model and Notation. For a set Q, set Qk, for some non-negative integer k,
denotes the set of all sequences of length k that contain only the elements in Q. Furthermore,
Q∗ denotes the sets of all sequences that contain only elements of set Q.
For the lower bound we assume a set P of n processes, and an arbitrary large but finite
set R of shared registers. Processes are infinite state machines. In each shared memory step
(corresponding to a state transition), a process either reads or writes a register in R. At an
arbitrary point, a process may also receive an abort signal which does not result in a shared
memory access, but in a state change of that process, provided the process has not earlier
received the abort signal. Once a process has reached a halting state, it will remain in that
state forever, and does not execute any further shared memory steps.
A. Eghbali and P. Woelfel 0:7
For each process p ∈ P , we define a special abort symbol p⊤. For a set P ⊆ P let
P⊤ = {p⊤ | p ∈ P}, and P∆ = P ∪ P⊤. A configuration is a sequence that describes the
state of each process in P and each register in R. A schedule is a sequence σ over P∆. Thus,
any schedule σ is in (P∆)∗. The length of an schedule σ is denoted by |σ|. Let σ1 and σ2
be two schedules. Then σ1 ◦ σ2 is the schedule obtained by concatenating σ2 to the end of
σ1, without changing the order within σ1 and σ2. Let Proc(σ) denote the set of processes
p ∈ P that occur in σ at least once, not counting symbols in P⊤.
A configuration C and a schedule σ ∈ P∆ of length one result in a new configuration
Conf(C, σ), obtained from C by process p taking its next step, if σ = p ∈ P , or by pro-
cess p receiving the abort signal, if σ = p⊤ ∈ P⊤. If σ = σ1σ2 . . . σk is a schedule of length
k > 1, then the new configuration is determined inductively as Conf
(
Conf(C, σ1);σ2 . . . σk
)
.
Configuration C and schedule σ = σ1 . . . σk also define an execution Exec(C, σ), which is
a sequence s1s2 . . . sk, where si is the step executed or the abort signal received in the
transition from Ci−1 = Conf(C, σ1 . . . σi−1) to Ci = Conf(Ci−1, σi). To specify that an ex-
ecution starting in C and running by schedule σ is running algorithm A, we use ExecA(C, σ).
The length of an execution E is denoted by |E|. We call si an abort step by process p, if
in si process p receives the abort signal. Let E1 and E2 be two executions. Then E1 ◦ E2
is the execution obtained by concatenating the steps of E2 after the steps of E1, without
changing the order of steps within E1 and E2.
The initial configuration is denoted by Γ. A configuration C is reachable, if there exists
a schedule σ such that Conf(Γ, σ) = C. Since only reachable configurations are important
in our algorithms and proofs, we use configuration instead of reachable configuration from
this point on. For a configuration C we let σ→C denote an arbitrary but unique schedule
such that Conf(Γ, σ→C) = C, and we define E→C = Exec(Γ, σ→C).
The projection of a schedule σ to a set Q ⊆ P∆ is denoted by σ|Q. For an execution E
and a set Q of processes, E|Q denotes the sub-sequence of E that contains all (abort and
shared memory) steps by processes in Q.
Recall that a configuration C determines the state of each process. I.e., for any two
executions E and E′ resulting in the same configuration C, each process is in the same state
at the end of E as at the end of E′, and in particular E|p = E′|p. Therefore, we associate
the state of a process in configuration C with E→C |p. (But note that if two executions
E and E′ are indistinguishable to each process in Q ⊆ P , then this does not in general
imply that E|Q = E|Q′.) The value of register r in configuration C is denoted by valC(r).
Configurations C and D are indistinguishable to some process p, if E→C |p = E→D|p and
valC(r) = valD(r) for every register r ∈ R. For a set Q ⊆ P , we write C ∼Q D to denote
that configurations C and D are indistinguishable to each process in Q; for a set consisting
of a single process p we write C ∼p D instead of C ∼{p} D.
RMR Complexity. Our lower bound applies to both, the standard asynchronous distrib-
uted shared memory (DSM) model and cache-coherent (CC) model. In fact, we use a model
that combines both, caches as well as locally accessible registers for each process.
We assume that set of registers, R, is partitioned into disjoint memory segments Rp, for
p ∈ P . The registers in Rp are local to process p and remote to each process q 6= p. We say
that at the end of execution E a process p has a valid cache copy of register r, if in E process
p reads or writes r at some point, and no other processes writes r after that. Note that the
configuration obtained at the end of an execution starting in Γ uniquely determines whether
p has a valid cache copy of a register r. The reason is that the state of p in configuration C
determines the value that was written to or read from r when p accessed r last, and p has
a valid cache copy of r if and only if valC(r) equals that value. Let Cachep(C) denote the
0:8 RMR Lower Bound for Abortable TAS
union of Rp and the set of registers of which process p has a valid cache copy in configuration
C if p has not terminated in C, and the empty set if p is terminated in C.
A step in an execution E is either local or remote (we say it incurs an RMR if it is
remote). All abort steps are local. A non-abort step by process p is local, if and only if it is
either a read or a write of a register in Rp, or it is a read of a register of which p has a local
cache copy.
For an execution E and a process p, RMRp(E) is the number of RMR steps by process
p in execution E. Further, RMR(E) is the number of RMR steps incurred by all processes
in execution E. For Q ⊆ P we define RMRQ(E) =
∑
q∈Q RMRq(E), which is equal to the
total number of RMRs incurred by processes in Q in E. For the sake of conciseness, we use
RMR(E) instead of RMRP(E).
Abortable Leader Election. An algorithm solves abortable leader election, if for any
schedule σ, in Exec(Γ, σ) each process that terminates returns win or lose, at most one
process returns win, and if all processes in Proc(σ) return lose, then all processes in Proc(σ)
receive the abort signal.
We usually assume without explicitly saying so that an abortable leader election satisfies
deadlock-freedom and bounded abort, defined as follows: Bounded abort means that after a
process received the abort signal it terminates within a finite number of its own steps. An
infinite execution σ is P -fair for P ⊆ P , if each process appears infinitely many times in
σ. An infinite execution E is P -fair for P ⊆ P , if for some configuration C and a P -fair
schedule σ, it holds E = Exec(C, σ). We use fair schedule and fair execution, instead
of P -fair, when P = P . An algorithm is deadlock-free if for any schedule σ all processes
terminate in Exec(Γ, σ), provided this execution is fair.
3.2 Properties of Abortable Leader Election
In this section we derive the critical property that distinguishes non-abortable from abortable
leader election for the purpose of the lower bound. We consider algorithms in which each
process returns either win or lose upon termination. We call such algorithms binary. Note
that any (abortable) leader election algorithm is a binary algorithm.
Several results in this section will concern only two arbitrarily selected processes in the
n-process system for n ≥ 2. For ease of notation, we will call these processes a and b.
For an execution E of a binary algorithm in which a returns x and b returns y, let
(x, y) denote the outcome vector of E. For a binary algorithm A and a configuration C, let
VA(C) denote the set of all outcome vectors of {a, b}-only executions starting in C, in which
processes a and b terminate.
First we observe that the outcome vectors of two indistinguishable configurations are
equal.
◮ Observation 4. For any binary algorithmA, if configurations C andD are indistinguishable
to processes a and b, then VA(C) = VA(D).
Proof. Since C andD are indistinguishable to processes a and b, E→C |a = E→D|a, E→C |b =
E→D|b, and for any register r, valC(r) = valD(r). Thus, for any x in {a, b}∆, we have
(
E→C◦
Exec(C, x)
)
|a =
(
E→D ◦Exec(D,x)
)
|a,
(
E→C ◦Exec(C, x)
)
|b =
(
E→D ◦Exec(D,x)
)
|b, and
for any register r, valConf(C,x)(r) = valConf(D,x)(r). So by induction, for any {a, b}-only
schedule σ, Conf(C, σ) ∼{a,b} Conf(D,σ). Therefore, if in Exec(C, σ) process p ∈ {a, b}
terminates, it also terminates in Exec(D,σ) and it returns the same value in both executions.
Hence, the outcome vector VA(C) is equal to VA(D). ◭
A. Eghbali and P. Woelfel 0:9
For a binary algorithm A, configuration C is bivalent if
{
(win, lose), (lose, win)
}
=
VA(C). This definition of bivalency refers to two fixed but arbitrarily chosen processes, a
and b. In a system with more than two processes, we may write {a, b}-bivalent to indicate
the two processes a and b to which this definition applies. A configuration is strongly bivalent
(or strongly {a, b}-bivalent) if it is bivalent and a solo-run by any process p ∈ {a, b}, starting
in C, results in p winning.
A similar argument to the FLP Theorem [20] implies that for any deadlock-free binary
algorithm and for any reachable bivalent configuration, there exists an infinite execution,
where no process terminates.
◮ Lemma 5. Let A be a deadlock-free binary algorithm and C an {a, b}-bivalent configura-
tion. There exists an infinite schedule σ ∈ {a, b}∗, such that in ExecA(C, σ) none of a and
b terminate.
To prove this lemma we first prove Claim 6 and use the fact that none of a and b can be
terminated in an {a, b}-bivalent configuration.
◮ Claim 6. In any deadlock-free binary algorithm A, if configuration C is {a, b}-bivalent,
then either one of Conf(C, a) and Conf(C, b) is {a, b}-bivalent, or there exists an infinite
{a, b}-only execution, where none of a and b terminates.
Proof. Since configuration C is {a, b}-bivalent, VA(C) =
{
(win, lose), (lose, win)
}
. Sup-
pose neither Conf(C, a) nor Conf(C, b) is {a, b}-bivalent. Then there exist distinct x, y ∈
{win, lose} such that
VA
(
Conf(C, a)
)
= {(x, y)} , and (1)
VA
(
Conf(C, b)
)
= {(y, x)}
We now distinguish two cases.
Case 1: In C, processes a and b are poised to access different registers or poised to read
the same register. Thus,
Conf(C, a ◦ b) = Conf(C, b ◦ a). (2)
By (1), (y, x) /∈ VA
(
Conf(C, a)
)
. Since VA
(
Conf(C, a ◦ b)
)
⊆ VA
(
Conf(C, a)
)
), it holds
(y, x) /∈ VA
(
Conf(C, a◦b)
)
. Thus, by (2), (y, x) /∈ VA
(
Conf(C, b◦a)
)
. Since VA
(
Conf(C, b◦
a)
)
⊆ VA
(
Conf(C, b)
)
= {(y, x)}, this means that VA
(
Conf(C, b ◦ a)
)
= ∅. But this
contradicts deadlock-freedom, as in a fair schedule starting in Conf(C, b ◦ a) both processes
must terminate and output something.
Case 2: In configuration C, both processes are poised to access the same register r,
and at least one of them is poised to write r. Without loss of generality, assume that a
is poised to write register r. If a takes its write step after b’s step, then a’s state and
shared register values are no different than if only a takes its write step and b does not
take its step. So Conf(C, a) ∼a Conf(C, b ◦ a). If process a does not terminate in a
solo-run starting in Conf(C, a), then the claim is true, because there exists an infinite
execution starting in C that neither a nor b terminates. However, if process a terminates in
a solo-run starting in Conf(C, a), by (1), we can conclude that (x, y) ∈ VA
(
Conf(C, b ◦ a)
)
.
Since VA
(
Conf(C, b ◦ a)
)
⊆ VA
(
Conf(C, b)
)
, it holds that (x, y) ∈ VA
(
Conf(C, b)
)
. This
contradicts VA
(
Conf(C, b)
)
= {(y, x)}. ◭
Any deadlock-free (non-abortable) 2-process leader election algorithm has a bivalent
initial configuration. But in any fair schedule, both processes terminate. Therefore, the
0:10 RMR Lower Bound for Abortable TAS
infinite execution that is guaranteed by the above corollary cannot be fair; in particular, it
requires one of the two processes to run solo at some point. However, one can construct a
deadlock-free (non-abortable) leader election algorithm in which one process never takes an
infinite number of steps, no matter what the schedule is. The lemma below shows that this
is not true for abortable two-process leader election algorithm.
◮ Lemma 7. Let A be a deadlock-free abortable 2-process leader election algorithm A with
bounded aborts. For any process p, there exists an execution starting in the initial configur-
ation, in which p takes an unbounded number of steps.
Proof. Let Γ be the initial configuration of A. For the purpose of contradiction, assume
there is a fixed process, a, that terminates within a finite number of its own steps in all
executions. Let b be the other process.
By the safety property of abortable leader election, there is no execution in which both
processes win, i.e.,
(win,win) /∈ VA(Γ). (3)
Let algorithm A′ be the same as A except that during any execution,
(1) if any of the two processes receive the abort signal, the abort signal is ignored; and
(2) if in step s process b reads (a, x), where x 6= ⊥, then b continues its program, as if it
had received the abort signal immediately after step s.
In any execution of A′, a and b can only both lose, if they both receive the abort
signal. Since both ignore the abort signals (and only b possibly simulates having received
an abort signal), there is no execution of A′ in which a and b both lose. Thus, for the initial
configuration Γ′ of A′,
(lose, lose) /∈ VA′(Γ
′). (4)
Consider any execution E′ = Exec(Γ′, σ′) of algorithm A′ starting in Γ′. We now create
an execution E = Exec(Γ, σ) of A starting in Γ, by scheduling the processes in exactly the
same order as in E′, but removing all abort signals. Moreover, when for the first time b
reads a value of (a, x) in E, where x 6= ⊥ (if that happens), then we send process b the abort
signal. By construction of A′, processes a and b execute exactly the same shared memory
steps in execution E of algorithm A as in execution E′ of algorithm A′. Thus, for every
schedule σ′ there is a schedule σ such that processes a and b execute in ExecA′(Γ
′, σ′) the
same shared memory steps as in ExecA(Γ, σ). This implies
VA′(Γ
′) ⊆ VA(Γ). (5)
Note that in the construction above, if σ′ is fair, then so is σ. Hence, the fact that A is
deadlock-free implies
A′ is deadlock-free. (6)
In algorithm A, in a sufficiently long solo-run by a, in which a does not receive the
abort-signal, process a terminates (by deadlock-freedom) and returns win (by the safety
property of abortable leader election). Hence, in A′ process a also terminates and returns
win after a sufficiently long solo-run, because it takes exactly the same steps as in A. Since
A′ is deadlock-free by (6), process b terminates after a sufficiently long solo-run following
a’s solo-run, and by (3) process b returns lose. With a symmetric argument, for algorithm
A. Eghbali and P. Woelfel 0:11
A′, in a sufficiently long solo-run by b followed by a sufficiently long solo-run of a, process b
returns win and process a returns lose. Hence, {(win, lose), (lose, win)} ⊆ VA′(Γ′). Using
(3) and (4) we conclude
VA′(Γ
′) =
{
(win, lose), (lose, win)
}
. (7)
We will now show that A′ is wait-free. This together with (7) contradicts Lemma 5, and
thus proves the lemma.
Recall that in every execution of algorithm A process a terminates within a finite number
of its own steps. As a result, the same is true for A′.
Hence, it suffices to show that b terminates within a finite number of its own steps.
Suppose there is an execution E∗ of A′ in which b executes an infinite number of steps.
Then b never reads a value of (a, x), where x 6= ⊥, as otherwise it would simulate having
received the abort-signal in A, and then terminate after a finite number of steps. Since b
never reads a value of (a, x), where x 6= ⊥, it cannot distinguish E∗ from a solo-run starting
in Γ′. Hence, b does not terminate in such an infinite solo-run. This contradicts (6). ◭
One of the core properties of the abortable leader election problem that allows us to
prove the lower bound is that there are no reachable strongly bi-valent configurations in any
execution.
◮ Lemma 8. Let A be an abortable n-process leader election algorithm with bounded aborts
for n ≥ 2. Further, let C be a reachable configuration and a, b two distinct processes that
terminate in any {a, b}-fair execution starting in C. For any schedule σ ∈ P∗ configuration
C = Conf(Γ, σ) is not strongly {a, b}-bivalent.
Proof. Suppose C is strongly {a, b}-bivalent. Then it is {a, b}-bivalent, so
VA(C) = {(lose, win), (win, lose)}, (8)
and if a or b runs solo in C, then that process wins. Because σ ∈ P∗, neither a nor
b receives the abort-signal in Exec(Γ, σ). By the assumption that aborts are bounded,
processes a and b both terminate in sufficiently long solo runs starting in Conf(C, a⊤) and
Conf(C, b⊤), respectively. Let x and y be the return values of a in Exec(C, a⊤ ◦ aka) and
of b in Exec(C, b⊤ ◦ bkb), respectively, for sufficiently large integers ka and kb.
Since Conf(C, a⊤) ∼a Conf(C, a
⊤b⊤),
a returns x in Exec(C, a⊤b⊤ ◦ aka). (9)
Similarly, since Conf(C, b⊤) ∼b Conf(C, a⊤b⊤),
b returns returns y in Exec(C, a⊤b⊤ ◦ bkb). (10)
We distinguish the following cases.
Case 1: x = y = win: In a sufficiently long solo-run by b following Exec(C, a⊤b⊤ ◦aka),
process b must terminate (by deadlock-freedom). Since a wins in that execution, b must lose.
Thus,
(win, lose) ∈ VA
(
Conf(C, a⊤b⊤)
)
. (11)
Applying a symmetric argument to a sufficiently long solo-run by a following Exec(C, b⊤a⊤◦
bkb), we obtain
(lose, win) ∈ VA
(
Conf(C, a⊤b⊤)
)
. (12)
0:12 RMR Lower Bound for Abortable TAS
Hence, using (8), we get
{
(win, lose), (lose, win)
}
= VA
(
Conf(C, a⊤b⊤)
)
. Then by Lemma 5,
there exists an infinite execution starting in Conf(C, a⊤b⊤), such that a and b do not ter-
minate. This contradicts bounded aborts.
Case 2: x = y = lose: In a sufficiently long solo-run by b following Exec(C, a⊤b⊤ ◦
aka), process b must terminate (by deadlock-freedom). Since a loses in that execution, by
(8), process b must win. Thus, (lose, win) ∈ VA
(
Conf(C, a⊤b⊤)
)
, and with a symmetric
argument (win, lose) ∈ VA
(
Conf(C, a⊤b⊤)
)
. We get a contradiction for the same reasons
as in Case 1.
Case 3: {x, y} = {win, lose}: Without loss of generality, assume x = win. Then in
Exec(C, a⊤aka) process a wins. On the other hand, since C is strongly bivalent, b wins in
a sufficiently long solo-run starting in C. Since C ∼b Conf(C, a⊤), process b also wins in a
long enough solo-run starting in Conf(C, a⊤). Hence, we have shown that any of the two
processes in {a, b} wins in a solo-run starting in Conf(C, a⊤). By deadlock-freedom and (8)
the other process loses, if it performs a long enough solo-run afterwards. This shows that
Conf(C, a⊤) is strongly bivalent.
Now let A′ be the 2-process algorithm in which a and b act exactly as in algorithm as
A, but the initial configuration is Γ′ = Conf(C, a⊤). Then A′ is a deadlock-free abortable
2-process leader election algorithm with bounded aborts: The bounded abort property is
inherited from A. Deadlock-freedom follows from the assumption that a and b terminate in
any fair execution starting in C. The safety property of abortable leader election follows
from (8) and the fact that each process wins in a long enough solo-run starting in the initial
configuration Conf(C, a⊤) (because that configuration is strongly bivalent).
Moreover, in A′ process a always terminates within a finite number of its own steps. This
follows from the bounded abort property of A and the fact that both processes simulate A
starting in configuration Conf(C, a⊤), in which a has already received the abort-signal. This
contradicts Lemma 7. ◭
3.3 Properties of Executions and Safe Configurations
3.3.1 Additional Assumptions
We make the following assumptions that do not restrict the generality of our results. Recall
that processes are state machines, each using some infinite state space Q. We assume that
during an execution a process never enters the same state twice. Further, we assume that
each register stores a pair in P × (Q∪{⊥}), where ⊥ /∈ Q. The initial value of each register
in Rp is (p,⊥), and when a process p writes to any register, it writes a pair (p, x), where
x is p’s state before its write operation. I.e., we are using a full information model, where
processes write all information they have observed in the past. As a result, no two writes
in an execution write the same value. Each process’s first shared memory step is a read
outside of its local shared memory segment, that we call invocation read, and thus incurs
an RMR. Adding such a step to the beginning of each process’s program does not affect
the asymptotic RMR complexity of the algorithm. We will assume that at the end of its
execution, each process p reads all registers in Rp once. Since those reads do not incur any
RMRs, this assumption can be made without loss of generality. We call p’s last read of
register r ∈ Rp the terminating read of r, and we assume that after p’s last terminating
read, p will immediately enter a halting state.
3.3.2 Terminology and Notation
We define some additional terms and notation.
A. Eghbali and P. Woelfel 0:13
We say process p is visible on register r in configuration C if valC(r) = (p, x), for some
x ∈ Q. Let L(C) be the set of processes that have lost in configuration C.
When we construct our high RMR execution, we need to make sure that whenever a
process gains information about some other process that has not yet lost, someone pays for
that with an RMR. To keep track of who knows who, we define a set K(C) that contains
pairs (p, q) of processes. Informally, (p, q) is in K(C) if p has already gained information
about process q in the execution leading to configuration C, or p can gain such information
for “free” (i.e., without an RMR being paid for that). Gaining information does not only
mean that p reads a register that q has written; it means anything that might affect p’s
execution, e.g., p’s cache copies being invalidated. K(C) is the union of three sets K1(C),
K2(C), and K3(C), defined as follows:
K1(C) is the set of all pairs (p, q), p 6= q, such that in E→C process p reads a register
while process q is visible on that register. I.e., p reads a value of (q, x), where x ∈ Q.
Informally: p has learned about q in E→C .
K2(C) is the set of all pairs (p, q), p 6= q, such that in E→C process q takes at least one
shared memory step and process p reads a register in Rq .
Informally: Process p may have a valid cache copy of a register r ∈ Rq, and by writing
to r process q can invalidate that cache copy without incurring an RMR.
K3(C) is the set of all pairs (p, q), p 6= q, such that in E→C process p takes at least one
shared memory step, and q writes to a register r ∈ Rp before p’s terminating read of r.
Informally: p may learn about q without incurring an RMR by scanning all its registers
in Rp.
Let K(C) = K1(C)∪K2(C)∪K3(C). We say process p knows process q in configuration C
if (p, q) ∈ K(C).
Recall that in our inductive construction of an RMR expensive execution, we will some-
times erase processes from the constructed execution. For that reason, if p knows about
q, i.e., (p, q) ∈ K(C), then we will not remove a process q from the execution E→C . We
achieve this by ensuring that whenever (p, q) ∈ K(C), q ∈ L(C), and as discussed earlier no
lost processes will be erased.
However, we have to be careful about cases in which p does not know directly about q.
For example, suppose process q writes to register r in execution E, and later some process
z overwrites r and finally p becomes poised to read r. In our inductive construction we may
want to remove either z or p from the execution, because we do not want z to be discovered
by p. However, removing z reveals q on register r, and so now p may discover q. To account
for that we introduce the concept of hidden processes.
In particular, for a configuration C and a register r we define a set Hr(C) of processes
hidden on r as follows:
(H1) For r /∈ Rp, p ∈ Hr(C) if and only if either p does not access r in E→C , or p accesses r
in E→C at some point t, and either no process writes r after t, or at least one process
that writes r after t is in L(C);
Idea: If p’s write to r was overwritten by some processes, then at least one of them
has lost and thus will not be erased from the execution. Hence, erasing a process does
not reveal p’s write to any other process.
(H2) For r ∈ Rp, p ∈ Hr(C) if and only if any process other than p that writes to r in E→C
is in L(C).
Idea: If a process q wrote to a register r in p’s local memory segment, then q has lost.
Therefore, q will not be erased from the execution. This is important because p can
0:14 RMR Lower Bound for Abortable TAS
read r for free and we have to assume that it does so frequently, so erasing q from the
execution might change what p observes in the execution.
Let H(C) =
⋂
r∈RHr(C). We say process p is hidden in configuration C, if p ∈ H(C).
We finally define the concept of a safe configuration as follows. Configuration C is safe,
if
(S1) for any pair (p, q) ∈ K(C), q ∈ L(C), and
(S2) if p /∈ H(C), then either p ∈ L(C), or p takes no shared memory step in E→C .
The first property ensures that no process p knows another process q that has not yet lost,
and the second property says that all processes that are not hidden must have lost, or not
even started participation. As a result, in an execution leading to a safe configuration, we
can erase all processes that do not lose, without affecting any other processes. Formally,
we will prove for a schedule σ, a safe configuration C = Conf(Γ, σ) and a set of processes
P ⊇ L(C),
Exec(Γ, σ)|P = Exec(Γ, σ|P∆);
RMRP (Exec(Γ, σ)) = RMRP (Exec(Γ, σ|P∆)); and
Cachep(C) = Cachep(Conf(Γ, σ|P∆)) for all p ∈ P .
Moreover, if C is safe, then Conf(Γ, σ|P∆) is also safe.
3.3.3 Forcing Processes to Lose
Lemma 8 is a core lemma in the construction of an RMR-expensive execution, which states
that we can force two processes to lose starting in a reachable configuration, that the two
processes terminate in any fair execution of those two processes and win in their solo execu-
tion.
◮ Lemma 9. Let C be a reachable configuration, and a, b ∈ P \L(C) two distinct processes
that do not receive the abort signal in E→C . Further, assume that processes a and b both
terminate in any {a, b}-fair execution starting in C. If each process in {a, b} wins in its
solo-run starting in C, then there exists a schedule σ ∈
(
{a, b}∆
)∗
, such that a and b lose in
Exec(C, σ).
Proof. For the purpose of contradiction, assume that for any execution Exec(C, σ), where
σ ∈
(
{a, b}∆
)∗
, in which a and b both terminate, one of the processes wins. Then (lose, lose) /∈
VA(C). Since a solo-run by either a or b, starting in C, results in that process winning, C
is {a, b}-strongly bivalent. This contradicts Lemma 8. ◭
3.3.4 Projections
We continue by proving properties of the projection operation. First, the projection of a
schedule to a superset of lost processes, P , does not change the execution of those processes,
if any process that is known by a process in P is lost.
◮ Claim 10. Let σ be a schedule, C = Conf(Γ, σ), and P ⊆ P . If L(C) ⊆ P , and q ∈ L(C)
for any pair (p, q) ∈ K(C), then
Exec(Γ, σ)|P = Exec(Γ, σ|P∆). (13)
Proof. We prove the claim by induction on the length of σ. If σ is the empty schedule, then
the claim is trivially true.
A. Eghbali and P. Woelfel 0:15
Now suppose that σ = σ′λ, where λ ∈ P∆ is a schedule of length one, and the inductive
hypothesis is true for σ′, i.e.,
Exec(Γ, σ′)|P = Exec(Γ, σ′|P∆). (14)
Let D = Conf(Γ, σ′), and D′ = Conf(Γ, σ′|P∆). We will show that
Exec(D,λ)|P = Exec(D′, λ|P∆). (15)
Then it follows from (14) that Exec(Γ, σ′λ)|P = Exec(Γ, σ′λ|P∆), which completes the
inductive step.
If λ /∈ P∆, then each of the two executions on the left and right hand side of (15) is
the empty execution, so (15) is true. Now suppose λ ∈ {p, p⊤} for some process p ∈ P .
Then in Exec(D,λ) = Exec(D,λ)|P , either process p receives the abort signal or process
p executes a shared memory operation. First assume that p receives the abort signal or
writes some value x to a shared register r in that step. By (14) process p is in the same
state in D as in D′, so p receives the abort signal or writes x to register r, respectively, in
Exec(D′, λ) = Exec(D′, λ|P∆). In either case (15) follows.
Now assume that in Exec(D,λ) = Exec(D,λ)|P , process p = λ reads a register r. Since
p is in the same state in D as in D′, it reads the same register r in Exec(D,λ|P∆). We will
show that valD(r) = valD′(r). As a result, p reads the same value in both executions, and
thus (15) follows.
For the purpose of a contradiction, assume valD(r) 6= valD′(r). First assume Exec(Γ, σ′)
contains no write to register r. Then, by the assumption that valD(r) 6= valD′(r), execution
Exec(Γ, σ′|P∆) contains a write to r by some process q. Since only processes in P take steps
in that execution, q ∈ P . But since q does not write in Exec(Γ, σ′), we have Exec(Γ, σ′)|P 6=
Exec(Γ, σ′|P∆), contradicting (14).
Now assume Exec(Γ, σ′) contains a write to r, and let w be the last such write, executed
by some process q. Thus, valD(r) = (q, x) for some value x ∈ Q. Since in Exec(D,λ)
process p reads register r, (p, q) ∈ K1
(
Conf(D,λ)
)
. Since C = Conf(Γ, σ) = Conf(D,λ),
we have (p, q) ∈ K(C). Therefore, q ∈ L(C) by the assumption of the claim that C is safe.
Because L(C) ⊆ P , it follows that q ∈ P . Therefore, by (14), q’s write w, with value (q, x),
also occurs in Exec(Γ, σ′|P∆), and q does not write to r again after w. By the assumption
that valD(r) 6= valD′(r), Exec(Γ, σ′|P∆) must contain another write w′ that is executed
after w by some process q′ 6= q. All steps in that execution are performed by processes in
P , so q′ ∈ P . But then by (14), w and w′ are executed in the same order in Exec(Γ, σ′),
contradicting that w is the last write to r in that execution. ◭
If C is a safe configuration, then by (S1) q ∈ L(C) for each pair (p, q) ∈ K(C). Hence,
from Claim 10 we immediately get:
◮ Corollary 11. Let σ be a schedule, C = Conf(Γ, σ) and P a set of processes such that
L(C) ⊆ P . If C is safe, then
Exec(Γ, σ)|P = Exec(Γ, σ|P∆). (16)
The projection of a schedule leading to a safe configuration to a superset of lost processes
does not change the cached values of those processes.
◮ Claim 12. Let σ be a schedule, P ⊆ P , C = Conf(Γ, σ), and C′ = Conf(Γ, σ|P∆). If C
is safe and L(C) ⊆ P , then Cachep(C) = Cachep(C′) for each process p ∈ P .
0:16 RMR Lower Bound for Abortable TAS
Proof. Let E = Exec(Γ, σ), and E′ = Exec(Γ, σ|P∆). Since C is safe, and L(C) ⊆ P , by
Theorem 11,
E|P = E′. (17)
Fix a process p ∈ P . First assume p ∈ L(C). Thus, since L(C′) ⊆ L(C), we have p ∈ L(C′).
By definition, Cachep(C) = Cachep(C
′) = ∅.
Now assume p /∈ L(C). We first show Cachep(C) ⊆ Cachep(C′). Let r ∈ Cachep(C).
Then in some step s of E process p accesses r, and no process writes to r after step s. By
(17), p also executes step s in E′. For the purpose of a contradiction assume r /∈ Cachep(C′).
Then in E′ some process q writes to r after step s. Since only processes in P take steps in
E′, q ∈ P . But then by (17) process q also writes to r after step s in E|P and thus in E—a
contradiction.
We now prove Cachep(C
′) ⊆ Cachep(C). Let r ∈ Cachep(C′). If r ∈ Rp, then by
definition r ∈ Cachep(C). So assume r /∈ Rp. Then
in E′ process p accesses r and no process writes to r after p’s last access. (18)
By (17), p also accesses r in E|P , and thus in E. For the purpose of a contradiction assume
r /∈ Cachep(C). Therefore, some process writes to r in E after p’s last access of r. Since C
is safe, p /∈ L(C), and p takes at least one shared memory step in E→C , we obtain from (S2)
that p ∈ H(C). Thus, by the assumption that r /∈ Rp, by (H1) at least one process, q, that
writes to r in E after p’s last access of r, must be in L(C). Therefore, q ∈ P . Since p ∈ P ,
by (17), q writes r after p’s last access in E′. This contradicts (18). ◭
Removing a winning process from a schedule that leads to a safe configuration does not
affect the state and cache values of other processes.
◮ Claim 13. Let σ be a schedule, such that C = Conf(Γ, σ) is safe. Further, let p ∈ P
and P = P \ {p}. If p wins in Exec(Γ, σ), then Exec(Γ, σ)|P = Exec(Γ, σ|P∆), and
Cacheq
(
Conf(Γ, σ)
)
= Cacheq
(
Conf(Γ, σ|P )
)
, for all q ∈ P .
Proof. Because p wins in Exec(Γ, σ), we have L(C) ⊆ P ⊆ P . Now the claim follows
immediately from tje fact hat C is safe and Theorem 11 and Claim 12. ◭
3.3.5 Safe Configurations
The following claims and lemmas describe the properties of safe configurations. First we
show that if starting in a safe configuration, a process that has not yet received the abort
signal takes a step which does not incur an RMR, then the resulting configuration is also
safe.
◮ Claim 14. Let C be a safe configuration and x ∈ Proc(σ→C), such that x⊤ does not
appear in σ→C . If RMR
(
Exec(C, x)
)
= 0, then C′ = Conf(C, x) is safe.
Proof. Let s be the single step Exec(C, x), and r the register accessed in s. Since x takes
at least one shared memory step in E→C (because x ∈ Proc(σ→C) and x⊤ does not appear
in σ→C),
s is not x’s first shared memory step in E→C ◦ s. (19)
A. Eghbali and P. Woelfel 0:17
Suppose s does not incur an RMR. To prove that C′ is safe, we will first show that C′
satisfies (S1). Suppose not. Then there exists a pair (p, q) ∈ K(C′), such that q /∈ L(C′).
Since L(C) ⊆ L(C′)
q /∈ L(C). (20)
Since C is safe, (p, q) /∈ K(C), i.e.,
(p, q) ∈ K(C′) \K(C). (21)
By Claim 22,
x ∈ {p, q}. (22)
By (21) there is an index j ∈ {1, 2, 3} such that (p, q) ∈ Kj(C′) \ Kj(C). For each of
j ∈ {1, 2, 3} we will show that this is impossible.
If (p, q) ∈ K1(C′) \K1(C), then in step s process p reads a register r while process q is
visible on r. Therefore, the last write to r in E→C is by q. If r ∈ Rp, then (p, q) ∈ K3(C),
which contradicts (21). Hence, r /∈ Rp. Because (p, q) /∈ K1(C), p does not read r in E→C
at a point when q is visible on r. More specifically, p does not read the value valC(r) from
r in E→C . Thus, in C process p does not have a valid cache copy of r. Hence, step s incurs
an RMR, which is a contradiction.
Now assume (p, q) ∈ K2(C′) \ K2(C). Since by (19), s is not q’s first shared memory
step in E→C ◦ s, in step s process p reads r ∈ Rq, and p does not read any register in Rq
throughout E→C . Hence,
q takes at least one shared memory step in E→C . (23)
Since s does not incur an RMR, r ∈ Cachep(C), and so p reads or writes r in E→C , and no
other process writes r after that. If p reads r ∈ Rq during E→C , then by (23) (p, q) ∈ K2(C),
which is a contradiction. Hence, in E→C process p writes r, and no other process writes r
after that. Since r ∈ Rq and p /∈ L(C) (as in C process p is poised to executes step s), we
have q /∈ Hr(C) according to (H2), and thus, q /∈ H(C). By (20), q /∈ L(C) and by the
claim assumption q takes at least one step in E→C . Therefore, (S2) is not satisfied, which
contradicts the assumption that C is safe.
If (p, q) ∈ K3(C′) \K3(C), then either s is a write by process q and r ∈ Rp, or s is p’s
first shared memory step. The latter is not possible because of (19). And if the former is the
case, then s incurs an RMR, which contradicts the assumption that RMR
(
Exec(C, x)
)
= 0.
Thus, we have shown that C′ satisfies (S1).
We will now prove that C′ also satisfies (S2). Suppose not. Then there exists a process
p /∈ H(C′), such that p /∈ L(C′) and p takes at least one shared memory step in E→C′ . Since
L(C) ⊆ L(C′), we have p /∈ L(C).
Recall that C is safe. If p /∈ H(C), then by (S2) process p takes no shared memory steps
in E→C . As p takes a shared memory step in E→C′ = E→C ◦ s we have x = p, and in
particular s is x’s first shared memory step. This contradicts (19).
If p ∈ H(C), then p ∈ H(C) \ H(C′), which means there exists some register v, such
that p ∈ Hv(C) \Hv(C′). If v ∈ Rp, then since p /∈ H(C′), by (H2) in E→C′ some process
z /∈ L(C′), z 6= p, writes to v. Then z /∈ L(C), and so since p ∈ H(C), by (H2) process z
does not write v in E→C . Hence, Exec(C, x) is a write to v ∈ Rp by z 6= p, and this write
incurs an RMR. This contradicts the claim assumption, RMR
(
Exec(C, x)
)
= 0.
0:18 RMR Lower Bound for Abortable TAS
Now suppose v /∈ Rp. Let q′ 6= p be the process such that v ∈ Rq′ . Because p ∈ Hv(C),
there is a non-empty set Z of processes that write v after p’s last access of v during E→C ,
and Z ∩L(C) 6= ∅. Since L(C) ⊆ L(C′), we have Z ∩L(C′) 6= ∅. If step s is not an access of
register v, Z is also the set of processes that write to v after p’s last access of v during E→C′ .
So p is in Hv(C
′). If step s is an access of register v, then because RMR
(
Exec(C, x)
)
= 0,
process p is not the process performing step s. Thus, Z is a subset of processes that write
to v after p’s last access of v during E→C′ . Hence, p is in Hv(C
′). ◭
We now show that a process p, which executes a solo-run starting from a safe configura-
tion, must eventually either terminate or incur an RMR.
◮ Claim 15. Let C be a safe configuration, and let p be an arbitrary process in Proc(σ→C )\
L(C), such that p⊤ does not appear in σ→C . There exists a non-negative integer k, such
that in Exec(C, pk), process p terminates or incurs an RMR.
Proof. Assume that there exists a process p that does not terminate and does not incur any
RMRs in an infinite solo-run starting in C. Let P = L(C) ∪ {p} and σ = σ→C . Since C is
safe, p ∈ Proc(σ→C ), and p incurs no RMRs in its solo-run starting in C, the conditions of
Claim 14 are met. Hence, for any non-negative integer t, by applying Claim 14 t times,
Ct = Conf(C, p
t) = Conf(Γ, σ ◦ pt) is safe. (24)
Since only p takes steps in Exec(C, pt), and p does not terminate in its solo-run starting
in C, we obtain L(Conf(C, pt)) = L(C) ⊆ P . This together with (24) allows us to apply
Theorem 11 to obtain
Exec(Γ, σ ◦ pt)|P
Theorem 11
= Exec
(
Γ, (σ ◦ pt)|P∆
)
= Exec
(
Γ, (σ|P∆) ◦ pt
)
. (25)
Therefore, if process p does not terminate or incur any RMRs in its t-step solo-run start-
ing in C, then p does not terminate or incur any RMRs in its t-step solo-run starting in
Conf(Γ, σ|P∆). Since this is true for all t ≥ 0, in the infinite execution Exec(Γ, σ′), where
σ′ = (σ|P∆) ◦ p ◦ p ◦ ..., process p does not terminate. But schedule σ′ is fair, because each
process in Proc(σ′) \ {p} is in L(C) and thus loses in Exec(Γ, σ′), and p performs infinitely
many shared memory steps. This contradicts deadlock-freedom. ◭
If at the end of an execution, which starts in a safe configuration, a process that termin-
ates knows the same set of processes as in the beginning of that execution, then that process
returns win.
◮ Claim 16. Let C be a safe configuration, p ∈ P \ L(C), and σ a schedule, such that p⊤
does not appear in σ→C ◦ σ, and
for any (p, q) ∈ K
(
Conf(C, σ)
)
either q ∈ L(C) or (p, q) ∈ K(C). (26)
If p terminates in Exec(C, σ), then p wins.
Proof. Let C′ = Conf(C, σ) and P = L(C)∪{p}. First note that for any pair (p, q) ∈ K(C′)
either q ∈ L(C) or (p, q) ∈ K(C) by (26), and since C is safe, q ∈ L(C) according to (S1).
Thus, we can apply Claim 10 to configuration C′ and obtain
Exec(Γ, σ→C′ |P
∆) = E→C′ |P.
If p terminates in Exec(C, σ), then p also terminates in Exec(Γ, σ→C ◦σ) = E→C′ , and thus
by the above in Exec(Γ, σ→C′ |P∆). Thus, it suffices to show that p does not lose in that
A. Eghbali and P. Woelfel 0:19
execution. Suppose it does lose. Since Exec(Γ, σ→C) is a prefix of Exec(Γ, σ→C′ |P∆), and
all processes in P \ {p} lose in Exec(Γ, σ→C) (we defined P = L(C)∪{p}), all processes lose
in Exec(Γ, σ→C′ |P∆). By the safety property of abortable leader election, then all processes
that take at least one step in that execution must receive the abort signal. In particular,
p receives the abort signal in Exec(Γ, σ→C′ |P∆), and thus p⊤ appears in σ→C′ = σ→C ◦ σ.
This contradicts the claim assumption. ◭
Starting in a safe configuration, if a process does not get to know any process in its solo
execution, then that process wins in its solo-run.
◮ Lemma 17. Let C be a safe configuration, and p ∈ Proc(σ→C ) \L(C), such that p
⊤ does
not appear in σ→C , and
for any k ∈ N and any (p, q) ∈ K
(
Conf(C, pk)
)
it holds (p, q) ∈ K(C). (27)
Then process p wins in its solo-run starting in C.
Proof. We prove that p terminates in Exec(C, pk), for some positive integer k. Then by
(27), and Claim 16, p wins in its solo-run starting in C, and the lemma follows.
Let P = L(C) ∪ {p}. Since C is safe, by Theorem 11,
Exec(Γ, σ→C |P
∆) = E→C |P. (28)
We will show by induction for all k ≥ 0 that
Exec
(
Γ, σ→C ◦ p
k
)
|p = Exec
(
Γ, (σ→C |P
∆) ◦ pk
)
|p. (29)
Note that in Exec
(
Γ, (σ→C |P∆)◦pk
)
all processes in P\{p} = L(C) lose. Hence, by deadlock-
freedom, there is an integer k0 ∈ N such that p terminates in Exec
(
Γ, (σ→C |P∆)◦pk0
)
. Then
by (29) p also terminates in Exec
(
Γ, σ→C ◦ p
k0
)
, and by Claim 16 it wins in that execution.
Thus, p wins in a solo-run starting in C.
It remains to prove the inductive hypothesis (29). By (28) the hypothesis is true for
k = 0. Now assume (29) is true for some integer k ≥ 0. Let x be the the last step in
Exec(Γ, σ→C ◦ p
k+1), and y the last step in Exec
(
Γ, (σ→C |P
∆) ◦ pk+1
)
. To complete the
inductive step, it suffices to show that x = y. By the inductive hypothesis, p is in the same
state in Conf(Γ, σ→C ◦ pk) as in Conf(Γ, (σ→C |P∆) ◦ pk
)
. Thus, either x and y are both
read steps, or they are both write steps, and in the latter case, the value written in step x
also gets written in step y. Thus, if x and y are both write steps, then x = y.
Hence, assume x and y are both read steps. In that case, p reads the same register r in
x as in y. Let (a, b) be the value p reads in x, and (c, d) the value p reads in y. It suffices
to show that (a, b) = (c, d).
First assume that r gets written in the last k steps of Exec(Γ, σ→C ◦ pk). Then it must
be p that writes (a, b) to r itself (i.e., a = p), and by the inductive hypothesis (29), p writes
the same pair in the last k steps of Exec(Γ, (σ→C |P∆) ◦ pk). Moreover, in neither execution
it writes to r after writing (a, b) to that register. Hence, (a, b) = (c, d).
Now assume that r does not get written in the last k steps of Exec(Γ, σ→C ◦pk). Then by
the inductive hypothesis, r does not get written in the last k steps of Exec(Γ, (σ→C |P∆)◦pk).
In particular, r has value (a, b) in configuration C = Conf(Γ, σ→C), and value (c, d) in
configuration D = Conf(Γ, (σ→C |P∆)).
First assume no process writes to r in Exec(Γ, σ→C). Then by (28) no process writes to
that register in Exec(Γ, σ→C |P∆), so (a, b) = (c, d) is the initial value of r.
0:20 RMR Lower Bound for Abortable TAS
Hence, suppose r gets written in Exec(Γ, σ→C), and thus the last process writing to
r in that execution is a. Recall that in step x process p reads (a, b) from register r, so
(p, a) ∈ K1(C1) ⊆ K(C1). Then (p, a) ∈ K(C) by (27). Since C is safe and by (S1),
a ∈ L(C) ⊆ P . Since a ∈ P is the last process to write to r in Exec(Γ, σ→C), by (28), it
is also the last process to write r in Exec(Γ, σ→C |P∆), and in both executions it writes the
value (a, b). Hence, r has the same value (a, b) in configuration C as in D. ◭
Starting in a safe configuration, if the executions of two schedules from two disjoint sets
of processes do not incur any RMRs, then the execution made up of the concatenation of
those schedules does not incur any RMRs and the ordering does not matter.
◮ Claim 18. Let C be a safe configuration, and Q0, Q1 ⊆ Proc(σ→C ) two disjoint sets of
processes, such that for any j ∈ {0, 1} there exists σj ∈ (Q∆j )
∗ with RMR
(
Exec(C, σj)
)
= 0.
Then
(a) Exec(C, σ0 ◦ σ1)|Qj = Exec(C, σj), for all j ∈ {0, 1}, and
(b) RMR
(
Exec(C, σ0 ◦ σ1)
)
= 0.
Proof. In Exec(C, σ0 ◦ σ1) all the steps by processes in Q0 are executed before any of the
steps by processes in Q1. Thus, using Q0 ∩ Q1 = ∅, we obtain Exec(C, σ0 ◦ σ1)|Q0 =
Exec(C, σ0). Hence, Part (a) is true for j = 0. We now use induction on |σ1| to prove
Part (a) for j = 1, as well as to prove Part (b).
First consider the base case, |σ1| = 0. Then σ0 ◦ σ1 = σ0 and
Exec(C, σ0 ◦ σ1) = Exec(C, σ0). (30)
Therefore, Exec(C, σ0 ◦ σ1)|Q0 = Exec(C, σ0). Since Q0 ∩ Q1 = ∅ and σ0 ∈ (Q∆0 )
∗,
Exec(C, σ0)|Q1 is the empty execution, which is equal to Exec(C, σ1). Thus Exec(C, σ0 ◦
σ1)|Q1 = Exec(C, σ1)|Q1. This proves Part (a). From the claim’s assumptionRMR
(
Exec(C, σ0)
)
=
0, and (30) we obtain RMR
(
Exec(C, σ0 ◦ σ1)
)
= 0. This proves Part (b).
Now suppose |σ1| > 0, and the inductive hypothesis has been proven for the prefix σ′1 of
σ1 of length |σ1| − 1. I.e.,
Exec(C, σ0 ◦ σ
′
1)|Q1 = Exec(C, σ
′
1); and (31)
RMR
(
Exec(C, σ0 ◦ σ
′
1)
)
= 0, (32)
First, assume that σ1 = σ
′
1◦p
⊤, for p ∈ Q1. Then RMR
(
Exec(C, σ0◦σ1)
)
= RMR
(
Exec(C, σ0◦
σ′1)
)
. Thus, by (32), Part (b) is true. Moreover,
Exec(C, σ0 ◦ σ1)|Q1 = Exec(C, σ0 ◦ σ
′
1 ◦ p
⊤)|Q1
(31)
= Exec
(
C, ((σ0 ◦ σ
′
1)|Q1) ◦ p
⊤
)
= Exec(C, σ′1 ◦ p
⊤) = Exec(C, σ1).
This proves Part (a) for j = 1.
Now assume σ1 = σ
′
1 ◦ p, for p ∈ Q1. Let s be the last step in Exec(C, σ0 ◦ σ1), and s
′
the last step in Exec(C, σ1). We will show:
s = s′; and (33)
step s incurs no RMR in execution Exec(C, σ0 ◦ σ1) = Exec(C, σ0 ◦ σ
′
1) ◦ s. (34)
A. Eghbali and P. Woelfel 0:21
Then Part (b) follows immediately from (32) and (34), and Part (a) for j = 1 from
Exec(C, σ0 ◦ σ1)|Q1 =
(
Exec(C, σ0 ◦ σ
′
1)|Q1
)
◦ s
(31)
= Exec(C, σ′1) ◦ s
(33)
= Exec(C, σ′1) ◦ s
′ = Exec(C, σ1).
First note that using (31) and because p ∈ Q1 we have
in Conf(C, σ′1) process p is in the same state as in Conf(C, σ0 ◦ σ
′
1). (35)
We separately consider the case that s is a read and that s is a write.
Case 1: Step s is a write. By (35) process p writes the same value to the same register
in s as in s′. This implies (33). Moreover,
RMR
(
Exec(C, σ′1) ◦ s
′
)
= RMR
(
Exec(C, σ′1 ◦ p)
)
= RMR
(
Exec(C, σ1)
)
= 0,
where the last equality follows from the claim’s assumption. Hence, s′ does not incur an
RMR, which is only possible if in s′ process p writes a register in Rp. Because s = s′, s does
not incur an RMR either, and so (34) follows.
Case 2: Step s is a read. Let r be the register process p reads in step s, and thus by
(35), also in s′.
We first prove (33). To that end we will show that the value of r is the same in
Conf(C, σ0 ◦ σ′1) as in Conf(C, σ
′
1). As a result, in step s process p reads the same value
from r as in step s′, and so s = s′.
All writes to r in Exec(C, σ′1) are by processes in Q1 and thus they occur also in
Exec(C, σ0 ◦ σ′1) in the same order. Hence if there is a write to r in Exec(C, σ
′
1), then
the value at the end of Exec(C, σ′1) is the same as at the end of Exec(C, σ0 ◦ σ
′
1). In that
case p reads the same value in s as in s′.
Therefore, assume that r does not get written in Exec(C, σ′1). If it also does not get
written in Exec(C, σ0 ◦ σ′1), then r has the same value at the end of both executions, and
p reads that value in both, s and s′. So suppose r gets written in Exec(C, σ0) but not in
Exec(C, σ0 ◦ σ′1), and for the last time it gets written by a process q. Then q ∈ Q0, and
since RMR
(
Exec(C, σ0)
)
= 0, r ∈ Rq.
Since p ∈ Q1, we have p 6= q, and thus r 6∈ Rp. Process p reads r during Exec(C, σ1)
at least once (in its last step s). By the claim’s assumption no such read by p incurs an
RMR, so r ∈ Cachep(C). But then in E→C process p reads or writes register r ∈ Rq
before q’s terminating read (because q writes r in Exec(C, σ0). If p reads r in E→C , then
(p, q) ∈ K2(C), and if p writes r in E→C , then (q, p) ∈ K3(C). Hence, we have either
(p, q) ∈ K(C) or (q, p) ∈ K(C). Since C is safe, (S1) implies either q ∈ L(C) or p ∈ L(C).
But neither is possible, as q takes a step in Exec(C, σ0) (its write to r) and p a step in
Exec(C, σ1) (step s). This is a contradiction, and completes the proof of (33).
Thus, it remains to show (34), i.e., that s incurs no RMR in Exec(C, σ0 ◦ σ′1) ◦ s. If
r ∈ Rp, then this is obviously true, so assume r /∈ Rp. Since s′ = s does not incur an
RMR in Exec(C, σ′1) ◦ s
′ process p reads r during Exec(C, σ′1), and r does not get written
afterwards. By (31) the same is true in Exec(C, σ0 ◦σ′1). Hence, at the end of that execution
p has a valid cache copy of r, so s does not incur an RMR in Exec(C, σ0 ◦ σ′1) ◦ s. ◭
Starting in a safe configuration, if a process terminates without incurring any RMR steps,
it does not gain information and hence wins.
0:22 RMR Lower Bound for Abortable TAS
◮ Claim 19. Let C be a safe configuration, and p a process in Proc(σ→C)\L(C), such that p⊤
does not appear in σ→C . If p terminates without incurring any RMRs in E = Exec(C, p
k),
for some positive integer k, then p wins in E.
Proof. Let C′ = Conf(C, pk
′
), for arbitrary k′ ∈ {1, ..., k}. Because p is the only process
that takes steps in E, it is true that
(
K3(C
′)\K3(C)
)
∩({p}×P) = ∅ (remember that K3(C)
is the set of all pairs (a, b), a 6= b, such that in E→C process a takes at least one shared
memory step, and b writes to a register r ∈ Ra before a’s terminating read of r). Since p
does not incur any RMRs in E, if p reads some register r during E, then either r ∈ Rp, or
r ∈ Cachep(C). Thus,
(
K2(C
′)\K2(C)
)
∩({p}×P) = ∅, and
(
K1(C
′)\K1(C)
)
∩({p}×P) =
∅. Hence,
(
K(C) \ K
(
Conf(C, pk
′
)
))
∩ ({p} × P) = ∅, for any k′ ∈ {1, ..., k}. Thus, by
Lemma 17, p wins in E. ◭
As long as the set of knowing relations does not change during an execution starting
from a safe configuration, at most one process terminates.
◮ Claim 20. Let C be a safe configuration, such that if p⊤ ∈ P⊤ appears in σ→C , then
p ∈ L(C). Then for any schedule σ ∈ P∗, when K(C) = K
(
Conf(C, σ)
)
, at most one
process terminates in Exec(C, σ).
Proof. Let σ ∈ P∗, such that K(C) = K
(
Conf(C, σ)
)
. Assume that in E = Exec(C, σ)
two distinct processes, p and q, terminate. Since we assumed that p terminates in E, process
p is not terminated in C, and hence, p ∈ P \ L(C). Because K(C) = K
(
Conf(C, σ)
)
, the
set K(C) \K
(
Conf(C, σ)
)
∩ ({p} × P) = ∅. Further, by the claim statement, p⊤ does not
appear in σ→C and σ. Thus, by Claim 16, p wins in Exec(C, σ), and by symmetry, q wins
in Exec(C, σ). This contradicts the safety property of abortable leader election. ◭
Projecting a schedule, that leads to a safe configuration, to a superset of all lost processes
leads to a safe configuration.
◮ Claim 21. Let σ be a schedule, such that C = Conf(Γ, σ) is safe. Let P be a set of
processes, such that L(C) ⊆ P ⊆ Proc(σ). Then C′ = Conf(Γ, σ|P∆) is safe.
Proof. For the purpose of contradiction assume that C′ is not safe. First assume there
exists a process p /∈ H(C′), such that p takes at least one shared memory step in E→C′ and
p /∈ L(C′). Because p takes at least one shared memory step in E→C′ , p ∈ P . Since C is
safe, for any pair (p, q) ∈ K(C), process q is in L(C). Hence, by Claim 10, Exec(Γ, σ)|P =
Exec(Γ, σ|P∆). Therefore, p takes at least one shared memory step in E→C and p /∈ L(C).
Because p /∈ H(C′), there exists a register r ∈ R, such that p /∈ Hr(C′).
If r ∈ Rp, then at least one process that writes to r in E→C′ , is not in L(C′). Let q be
one of the processes that write to r in E→C′ and are not in L(C
′). Since q takes a step in
E→C′ , process q is in P , and by Claim 10, takes the same write step to r and is not in L(C).
Therefore, p /∈ Hr(C), which contradicts C being safe.
If r /∈ Rp, then in E→C′ process p writes to r, and at least one process, q, writes to r
after p’s write, such that q /∈ L(C′). Since q takes a step in E→C′ , process q is in P , and by
Claim 10, takes the same write step to r and is not in L(C). Therefore, p /∈ Hr(C), which
contradicts C being safe.
Now assume that for any p /∈ H(C′), either p ∈ L(C′) or p does not take any shared
memory steps in E→C′ . Then there exists a pair (p, q) ∈ K(C
′)\K(C), such that q /∈ L(C′).
If (p, q) ∈ K1(C′) \K1(C), then both p and q take steps in E→C′ (p takes at least a read
step, and q takes at least a write step), and thus, are in P . If (p, q) ∈ K2(C′) \K2(C), then
A. Eghbali and P. Woelfel 0:23
both p and q take steps in E→C′ (p takes at least a read step, and q takes at least a shared
memory step), and thus, are in P . If (p, q) ∈ K3(C′) \K3(C), then both p and q take steps
in E→C′ (p takes at least a shared memory step, and q takes at least a write step), and
thus, are in P . Hence, by Claim 10, p and q take the same steps in E→C and E→C′ . This
contradicts (p, q) ∈ K(C′) \K(C).
◭
3.3.6 Auxiliary Claims
We now show that during an execution, the knowing relations can only change as a result of
a shared memory step by one of the processes, that is in the difference of the relation sets.
◮ Claim 22. Let σ ∈ P∆, C a configuration, and C′ = Conf(C, σ). If there exists a pair (p, q)
in the symmetric set difference of K(C′) and K(C), then Exec(C, σ) is a shared memory
step by p or by q.
Proof. Let s = Exec(C, σ), and (p, q) be a pair in the symmetric set difference of K(C)
and K(C′). Step s causes the difference between K1(C) ∪ K2(C) ∪ K3(C) and K1(C′) ∪
K2(C
′) ∪K3(C′). If K1(C) 6= K1(C′), then in step s process p reads a register on which q
is visible. If K2(C) 6= K2(C′), then either s is q’s first shared memory step, or in s process
p reads a register in Rq. Finally, if K3(C) 6= K3(C′), then s is p’s first shared memory step,
or in s process q writes to a register in r ∈ Rp. In all cases, s is a shared memory step by p
or q. ◭
If two executions are equal when projected to a set of processes, P , then each process in
P takes the same number of RMR steps and knows the same set of processes in P at the
end of the execution.
◮ Claim 23. Let P be a set of processes, σ and σ′ schedules, and define E = Exec(Γ, σ),
E′ = Exec(Γ, σ′), C = Conf(Γ, σ), and C′ = Conf(Γ, σ′). If E|P = E′|P , then
(a) RMRp(E) = RMRp(E
′), for any process p ∈ P , and
(b) K(C) ∩ (P × P ) = K(C′) ∩ (P × P ).
Proof. Recall that we assume without loss of generality, that a value does not get written
twice in the same execution. Hence, if p reads a value v from register r in execution E, then
that read incurs no RMR if and only if p accessed r earlier, and in its preceding access of r
process p either read or wrote the same value v. Therefore, E|p uniquely determines which
of p’s steps are RMRs, and in particular RMRp(E). This proves Part (a).
We will show that K(C) ∩ (P × P ) ⊆ K(C′) ∩ (P × P ). By symmetry, this implies
K(C′)∩ (P ×P ) ⊆ K(C)∩ (P ×P ), and thus Part (b). Let (a, b) ∈ K(C)∩ (P ×P ). Then
a, b ∈ P , and (a, b) ∈ K1(C) ∪K2(C) ∪K3(C).
If (a, b) ∈ K1(C), then in some step of execution E process a reads a value of (b, x),
where x ∈ Q, from some register r. Since E|P = E′|P , in E′ process a reads (b, x) from r.
Thus, (a, b) ∈ K(C′).
If (a, b) ∈ K2(C), then in E process a reads a register r ∈ Rb, and b takes at least one
shared memory step. As E|P = E′|P , process b takes at least one shared memory step in
E′ and a reads r in E′. Therefore, (a, b) ∈ K(C′).
If (a, b) ∈ K3(C), then in E process a takes at least one shared memory step, and b
writes a register, r ∈ Ra, before a’s terminating read of r. Since E|P = E′|P , process a
takes at least one shared memory step in E′, and b writes r in E′, before a’s terminating
read of r. Hence, (a, b) ∈ K(C′).
Thus, K(C) ∩ (P × P ) ⊆ K(C′) ∩ (P × P ). ◭
0:24 RMR Lower Bound for Abortable TAS
3.4 Constructing an RMR-Expensive Execution
We now consider an abortable leader election algorithm. We will construct a schedule
such that in an execution starting in the initial configuration at least one process takes
Ω(logn/ log logn) RMR steps, where n is the number of processes.
3.4.1 Overview of the Construction
Let n ≥ 4, ℓ = ⌊logn/c log logn⌋ for some sufficiently large constant c (which we determine
in the appendix). We inductively construct a schedule σi and a set of processes Pi ⊆ P , for
all i ∈ {0, ..., ℓ}. For the sake of conciseness, let Ei = Exec(Γ, σi), Ci = Conf(Γ, σi), and
Li = L(Ci).
The construction will satisfy the following invariants for i ∈ {0, ..., ℓ}:
(I1) Ci is safe.
(I2) |Pi \ Li| ≥ (n− 1)/(logn)ci.
(I3) RMRPi\Li(Ci) ≥ i |Pi \ Li| − i.
(I4) For each process p ∈ Pi \ Li : RMRp(Ci) ≤ i.
(I5) For each process p ∈ Pi \ Li, p⊤ does not appear in σi.
Invariant (I2) for i = ℓ implies |Pℓ \Lℓ| ≥ 2. Hence, by (I3) there are at least two processes
that each incur Ω(ℓ) = Ω(logn/ log logn) RMRs. Theorem 3 follows.
We now sketch how we construct σi and Pi inductively so that the invariants are satisfied.
We start with P0 = P and the initial configuration C0. We then schedule processes in rounds.
In round i, we choose a subset Pi+1 of the processes in Pi \ Li and remove all processes in
P \ (Pi+1 ∪ Li) from the execution constructed so far. This does not affect any of the
remaining processes, because Ci is safe. Then we schedule the processes in Pi+1 in such a
way that each of them incurs an RMR, and only a small fraction of them lose.
To decide which processes to remove and to schedule the remaining processes, we proceed
as follows: First we let each process in Pi \ Li take sufficiently many steps until it is poised
to incur an RMR. It is not hard to see that in an execution in which no process incurs an
RMR, processes do not learn about each other, so the resulting configuration, Di, is again
safe. Moreover, in a safe configuration processes only know about lost processes, so they
cannot lose.
We then distinguish between a high contention write case, where a majority of processes
are poised to write to few registers, and a low contention write case, where either many
registers are poised to being accessed or a majority of processes are poised to read. Let Si
be the set of registers processes in Pi \Li are poised to access in configuration Di. The high
contention write case occurs if there are few such registers and a majority of processes are
poised to write, i.e., |Si| = O(|Pi \ Li|/ logn), and otherwise the low contention write case
occurs.
In the low contention write case, we choose a set Qi of processes, which contains for each
register r ∈ Si at most one process poised to write to r in Di. We consider the step sp
each process p ∈ Qi is poised to take. We then create a directed graph G with processes
as vertices, and an edge from p to q if in the resulting configuration (I) due to sp or sq
process p knows q, or (II) due to step sp process q is not hidden. Each application of rule
(I) must be paid for by RMRs in the execution, and for each application of (II) a process p
must overwrite some process q. As a result graph G is sufficiently spares, and by Turán’s
theorem [42] we obtain a large independent set J . We let each process p ∈ J take one step,
sp, and erase all remaining processes that haven’t lost yet from the execution. It is not hard
to see that no process loses in any of the steps added, the resulting configuration is safe
A. Eghbali and P. Woelfel 0:25
(this follows from how we added edges to G) and, because of the sparsity of the graph, a
sufficiently large number of processes survive. From that we obtain Invariants (I1) and (I2).
Since each process p performs an RMR in step sp and only local steps before that, we get
(I3) and (I4). Moreover, we don’t abort any processes, so (I5) is true.
In the high contention write case, we erase all readers from the execution. For each
register r ∈ Si, let Wr denote the set of processes poised to write to r. Since this is a high
contention case, |Wr| is large for most registers r. For each register r with sufficiently large
|Wr|, we choose two distinct processes a, b ∈ Wr.
We then argue that, after erasing some O(logn) processes, we obtain a configuration D′i
and an {a, b}-only schedule σ such that in execution Exec(D′i, σ) processes a and b both lose
and see no process other than those in Li, which have lost already. The argument is based
on Lemma 8, but quite involved. We now let, starting from D′i, all processes in Wr \ {a, b}
execute one step, in which they write to r. After that we schedule a and b as prescribed by σ.
Then a and b will both first write to r, and thus overwrite the writes by all other processes
in Wr , then continue to take steps and lose without seeing any processes that haven’t lost,
yet. As a result, all processes in Wr \ {a, b} have taken a step but are now hidden, two
processes (a and b) have lost, and O(log n) processes have been removed. It is not hard to
see that the resulting configuration is safe again. We repeat this for all registers r for which
|Wr| is large enough. Then, we let Pi+1 denote the set of all surviving processes and Ci+1
the resulting configuration.
Configuration Ci+1 is safe, and sufficiently few processes are removed or have lost so that
(I1) and (I2) remain true. Moreover, each process that does not lose performs exactly one
RMR, so (I3) and (I4) are true. (I5) is true because all processes that received the abort
signal lost.
3.4.2 Partial Execution Constructions
One of the critical properties that results in constructing a long enough execution, is that
we can keep many processes running while keeping them from gaining information. What
follows are the formal description and proofs of this property.
First, we claim that the information exchanged during specific executions is bounded.
◮ Claim 24. Let C be a safe configuration, P = Proc(σ→C ) \ L(C), and σ ∈ P ∗, such that
in C each process in P is poised to perform an RMR step, and in Exec(C, σ) each process
takes at most one step and each register gets written at most once. Then
(a) |K
(
Conf(C, σ)
)
∩ (P × P )| ≤ 2RMR
(
Exec(C, σ)
)
.
(b) Let M be the set of pairs (p, q) ∈ (P × P ), p 6= q, such that in Exec(C, σ), process q
writes a register in Rp ∪ Cachep(C). Then |M | ≤ RMR(E→C) + RMR
(
Exec(C, σ)
)
.
Proof. Since C is safe, by (S1), K(C) ∩ (P × P ) is the empty set. Thus, to prove Part (a)
it is sufficient to show that each step in Exec(C, σ) adds at most two pairs of processes to(
K
(
Conf(C, σ)
)
\ K(C)
)
∩ (P × P ). Let σ′ be a proper prefix of σ, and p a process so
that σ′ ◦ p is also a prefix of σ. Since p’s state is the same in Conf(C, σ′) as in C, and p is
poised to perform an RMR step in C, the step Exec
(
Conf(C, σ′), p
)
incurs an RMR. Now
let C1 = Conf(C, σ
′) and C2 = Conf(C, σ
′ ◦ p).
First assume step Exec(C1, p) is a read from some register r ∈ Rq2 , q2 ∈ P . Let
(q1, x) = valC1(r) (if r is in its initial state, then x = ⊥ and q1 = q2). We prove that no
pair other than (p, q1) and (p, q2) is in K(C2) \K(C1). Suppose (p′, q′) ∈ K(C2) \K(C1),
p′, q′ ∈ P . Hence, (p′, q′) is in one of the sets K1(C2) \ K1(C1), K2(C2) \ K2(C1), and
0:26 RMR Lower Bound for Abortable TAS
K3(C2) \ K3(C1). If (p′, q′) ∈ K1(C2) \ K1(C1), then in Exec(C1, p) process p′ reads a
register on which q′ is visible. Since p takes the step Exec(C1, p) and only q1 can be the
process visible on r, we have p = p′ and q′ = q1. If (p
′, q′) ∈ K2(C2) \K2(C1), then since q′
takes at least one shared memory step in E→C1 , in Exec(C1, p) process p
′ reads a register
in Rq′ . Since p takes the step Exec(C1, p) and r ∈ Rq2 , we have p = p
′ and q′ = q2. If
(p′, q′) ∈ K3(C2) \ K3(C1), then since p′ takes at least one shared memory step in E→C1 ,
process q′ writes a register in Rp′ during Exec(C1, p). This contradicts Exec(C1, p) being a
read step.
Now assume step Exec(C1, p) is a write to register r ∈ Rq. We prove no pair other than
(q, p) is in K(C2) \ K(C1). Suppose (q′, p′) ∈ K(C2) \ K(C1). Hence, (q′, p′) is in one of
the sets K1(C2) \ K1(C1), K2(C2) \ K2(C1), or K3(C2) \ K3(C1). Since Exec(C1, p) is a
write step, no process reads a register in that step and thus, (q′, p′) /∈ K1(C2) \K1(C1). If
(q′, p′) ∈ K2(C2) \K2(C1), then in E→C2 process p
′ takes at least one shared memory step
and q′ reads a register in Rp′ . Since Exec(C1, p) is a write step, it must be the first shared
memory step by p′ and p = p′. This contradicts p ∈ P . If (q′, p′) ∈ K3(C2) \K3(C1), then
in Exec(C1, p) process p
′ writes a register in Rq′ . Thus, p′ = p, and since r ∈ Rq, we have
q′ = q. Therefore, (q, p) is the only pair in K(C2) \K(C1).
In order to prove Part (b), we map each pair in M to an RMR step in E→C ◦Exec(C, σ)
in such a way that the mapping is injective. Consider a pair (p, q) ∈ M . I.e., during
Exec(C, σ), process q writes to a register r ∈ Rp∪Cachep(C). If r ∈ Rp, then we map (p, q)
to q’s write step to r. Recall that in Exec(C, σ) each process executes at most one step, and
that step incurs an RMR. So (p, q) is mapped to a unique RMR step. Now suppose r /∈ Rp,
so r ∈ Cachep(C). Then there exists a step in E→C or in Exec(C, σ), prior to q’s write, in
which p caches r. Let (p, q) be mapped to the last such step. That step incurs an RMR,
so it suffices to show that the mapping is injective. First note that if (p, q) is mapped to a
step s, then in its unique step in Exec(C, σ) process q writes to the register that is accessed
in step s. Suppose two distinct pairs, (p1, q1) and (p2, q2) are mapped to the same step s.
Let r be the register accessed in s. Then in their steps in Exec(C, σ), processes q1 and q2
must both write to r. Since only one process writes to r during Exec(C, σ), we have q1 = q2.
Therefore, p1 6= p2, and so r /∈ Rpj for some j ∈ {1, 2}. Without loss of generality assume
j = 1. Then r ∈ Cachep1(C), and step s is by p1. If r /∈ Rp2 , then (p2, q) would not be
mapped to s (it would be mapped to a step by p2). Thus, r ∈ Rp2 , so (p2, q2) is mapped to
q2’s step in Exec(C, σ). This means that step s is performed by process q2. Hence, p2 = q2,
which contradicts the definition of M . ◭
Then, we construct and prove the properties of an execution where we have a low-
contention write case (where either most processes are poised to read, or many registers are
poised to being accessed).
◮ Lemma 25. Let ℓ be a positive integer, C a safe configuration, and P = Proc(σ→C)\L(C),
such that in E→C each process in P takes at most ℓ RMR steps and does not receive the
abort signal, and in C each process in P is poised to perform an RMR step. If in C at
least half of the processes in P are poised to read or at least |P |/(10ℓ) different registers are
poised to being accessed by processes in P , then there exists a set of processes Q ⊆ P and a
schedule σ ∈
(
(Q ∪ L(C))∆
)∗
, such that
(a) |Q| ≥ |P |/(60ℓ2)− 1,
(b) Conf(Γ, σ) is safe,
(c) RMRQ
(
Exec(Γ, σ)
)
= RMRQ(E→C) + |Q|, and
(d) no process in Q receives the abort signal in Exec(Γ, σ).
A. Eghbali and P. Woelfel 0:27
Proof. Let V = {x1, ..., xm} be a maximal subset of P such that for each register r, set V
contains none of the processes that are poised to write to r in C, or V contains at most one
process that is poised to access r in configuration C. Let C′ = Conf
(
Γ, σ→C |
(
V ∪L(C)
)∆)
.
Hence, by Theorem 11 processes in V are in the same state in C′ as they are in C, and by
Claim 12 have the same cache. Therefore, all processes in V are poised to perform an RMR
step and access the same registers in C′ as in C. Create a directed graph G, where each
process in V forms a vertex, and where there is an edge from p to q, p 6= q, if one of the
following is true:
(i) in Conf(C′, x1 ◦ ... ◦ xm), process p knows process q
(
I.e. (p, q) ∈ K
(
Conf(C′, x1 ◦
... ◦ xm)
))
; or
(ii) in Exec(C′, x1 ◦ ... ◦ xm), process q writes to a register r ∈ Rp ∪ Cachep(C′).
Let M be the set of edges in G because of (ii). Since each process in V is poised to perform
an RMR step in C′, each process takes at most one step, and each register gets written at
most once in Exec(C′, x1 ◦ ... ◦ xm), by Claim 24 Part (a), the number of edges in G from
condition (i) is at most 2RMR
(
Exec(C′, x1 ◦ ...◦xm)
)
. From Claim 24 Part (b), the number
of edges in G from condition (ii) is |M | ≤ RMR
(
Exec(C′, x1 ◦ ... ◦ xm)
)
+RMR(E→C′). Let
Q′ be a largest independent set in graph G, where the direction of edges are ignored.
By Theorem 11, E→C |
(
Q′∪L(C)
)
= Exec
(
Γ, σ→C |
(
Q′∪L(C)
)∆)
. Further, since no two
processes in Q′ satisfy condition (i), by Claim 16 if a process terminates in Exec
(
C′, (x1◦ ...◦
xm)|Q′
)
it wins. LetX be the set containing any process that terminates in Exec
(
C′, (x1◦...◦
xm)|Q′
)
. Let Q = Q′\X , O = Q∪L(C′), and σ =
(
σ→C′ |(O∆)∗
)
◦
(
(x1◦...◦xm)|Q
)
. Because
at most one process wins in a leader election algorithm |X | ≤ 1, and thus, |Q| ≥ |Q′| − 1.
By Turán’s theorem[42], the size of the largest independent set in a graph with average
degree d and k vertices, is at least k/(d+ 1). The number of edges in G is at most
2RMR
(
Exec(C′, x1 ◦ ... ◦ xm)
)
+ RMR
(
Exec(C′, x1 ◦ ... ◦ xm)
)
+ RMR(E→C′) =
3RMR
(
Exec(C′, x1 ◦ ... ◦ xm)
)
+ RMR(E→C′). (36)
Since each step in Exec(C′, x1 ◦ ... ◦ xm) incurs an RMR and each process takes at most
ℓ RMR steps during E→C′ , the number of edges in G is 3m +mℓ. Because |V | = m, the
average degree of G is at most 2(3m+mℓ)/m. Hence, the size of Q′ is at least
m
2(3m+mℓ)
m + 1
=
m
6 + 2ℓ+ 1
=
m
7 + 2ℓ
. (37)
The assumption is that in C either at least |P |/2 processes are poised to read, or at least
|P |/(10ℓ) registers are poised to being accessed. Hence, m ≥ min
{
|P |/2, |P |/(10ℓ)
} ℓ≥2
=
|P |/(10ℓ) and so by (37)
|Q′| ≥
m
7 + 2ℓ
≥
|P |
(7 + 2ℓ)10ℓ
ℓ≥2
≥
|P |
(4ℓ+ 2ℓ)10ℓ
=
|P |
60ℓ2
. (38)
Since |Q| ≥ |Q′| − 1, Part (a) is proven.
First, we observe that C′ is safe by Claim 21. Hence, each process p ∈ Q, we have
E→C′ |p = Exec
(
Γ, σ→C′ |(Q ∪ L(C′))∆
)
|p (this is true by C′ being safe and Theorem 11).
Further by Claim 12, process p has the same cache in Conf
(
Γ, σ→C′ |(Q ∪ L(C′))∆
)
as in
C′. Hence, each process in Q is poised to take the exact same step that incurs an RMR in
Conf
(
Γ, σ→C′ |(Q ∪ L(C′))∆
)
. Therefore, since no two processes that satisfy (i) or (ii) are
0:28 RMR Lower Bound for Abortable TAS
in Q, we have
Exec(C′, x1 ◦ ... ◦ xm)|Q = Exec
(
Conf
(
Γ, σ→C′ |(Q ∪ L(C
′))∆
)
, x1 ◦ ... ◦ xm
)
|Q. (39)
Let C′′ = Conf
(
Γ, σ→C′ |O∆
)
. By Claim 21, C′′ is safe. Let D = Conf(Γ, σ) and
E = Exec(Γ, σ). Remember that σ =
(
σ→C |O∆
)
◦
(
(x1◦...◦xm)|Q
)
. Let E′ = Exec
(
C′′, (x1◦
... ◦ xm)|O∆
)
. We prove Part (b) by contradiction. Assume that D is not safe. Hence, at
least one of (S1) or (S2) is violated. First assume that (S1) is not true for D. Thus, there
exists a pair (p, q) ∈ K(D), such that q /∈ L(D). Then q /∈ L(C′) ⊆ L(D), and since C′′ is
safe, we have (p, q) /∈ K(C′′). Hence, p gets to know q in E′. From (39) and (i), there is
an edge between p and q in G, which contradicts p and q both being in an independent set
of graph G. Now assume that (S2) is not true for D. Hence, there exists a process p ∈ O,
such that p /∈ H(D), p /∈ L(D), and p takes at least one shared memory step in E→D. Since
C′′ is safe, (S2) is true for C′′. Because p ∈ Proc(C′′) \ L(C′′), process p takes at least one
shared memory step in E→C′′ . Hence, because process p /∈ L(D), it holds p ∈ H(C′′). Since
any process that takes at least one shared memory step in E→D and is not in L(D) is in
Q, it holds p ∈ Q. Hence, since there is no edge from p to any process in Q, by (39) and
(i) no process in Q \ {p} writes to a register in Rp during E′. Thus, if (S2) is not satisfied
for D, then (H2) is true for p. Therefore, the reason that p is not hidden in D is because
of (H1). Hence, there exists a register r /∈ Rp, such that process p accesses r in E→D at
some point t and at least one other process writes to r after t, but none of the processes
that write to r after t are in L(D). If p’s last access to r is in E→C′′ , then since C
′′ is safe
and L(C′′) ⊆ L(D), all the processes that write to r after t write during E′. Therefore,
r ∈ CacheC′′(p), and if there exists a process q ∈ Q that is poised to write to r in C′′, then
there is an edge from p to q in G, which contradicts p, q ∈ Q. If p’s last access to r is during
E′, then no other process writes r after that. This, completes the proof of Part (b).
Since each process in Q has the same cache in C′′ as in C and in E′ each process in Q
takes the step that it is poised to take in C, each process in Q performs an RMR step in E′.
Hence, E′ incurs |Q| RMRs, which proves Part (c).
Since processes in Q do not receive the abort signal in E→C′′ , and no process receives
the abort signal in E′, Part (d) is true. ◭
For a high-contention write case on a specific register (where many processes are poised
to write to it), we present a way to construct an execution that can be used to construct
our desirable execution.
◮ Claim 26. Let C be a safe configuration, such that for a fixed register r each process
in Pr ⊆ Proc(σ→C) \ L(C) is poised to perform an RMR write step to r in C, for any
execution E starting in C, no process incurs more than ℓ RMRs during E→C ◦ E, and any
process that receives the abort signal in E→C is in L(C). There exists a set of processes
Q ⊆ Proc(σ→C ) \ L(C), and a schedule σ ∈ (P∆r )
∗, such that for configuration C′ =
Conf
(
Γ, σ→C |(Q ∪ L(C))∆
)
,
(a) Conf(C′, σ) is safe,
(b) |Q| ≥ |Proc(σ→C ) \ L(C)| − (8ℓ− 1),
(c) in Exec(C′, σ) each process in (Q ∩ Pr) \ L
(
Conf(C′, σ)
)
takes exactly one RMR step,
(d) any process that receives the abort signal in Exec(C′, σ) is in L
(
Conf(C′, σ)
)
, and
(e) |L
(
Conf(C′, σ)
)
\ L(C)| ≤ 2.
Proof. By Theorem 11, processes in Q are in the same state in C′ as in C. Further, by
Claim 21, configuration C′ is safe.
A. Eghbali and P. Woelfel 0:29
If |Pr| < 8ℓ− 1, then let Q = Proc(σ→C ) \ Pr, and σ be the empty schedule. Since σ is
the empty schedule, Conf(C′, σ) = C′, which is a safe configuration. This proves Part (a).
Because Q = Proc(σ→C) \ Pr, we have
Q\L
(
Conf(C′, σ)
)
= Proc(σ→C )\
(
L
(
Conf(C′, σ)
)
∪Pr
)
= Proc(σ→C)\
(
L(C)∪Pr
)
. (40)
This means
|Q \ L
(
Conf(C′, σ)
)
| ≥ |Proc(σ→C ) \ L(C)| − |Pr|
|Pr|<8ℓ−1
≥
|Proc(σ→C) \ L(C)| − (8ℓ− 1), (41)
which proves Part (b). Since Q ∩ Pr = ∅, Part (c) is true. Further, no process receives the
abort signal in Exec(C′, σ), which proves Parts (d) and (e).
Now suppose |Pr| ≥ 8ℓ − 1. Let P = Proc(σ→C) \ L(C). For each process p ∈ Pr, let
Zp ⊆ P \ {p} be the set of all processes q, such that process p reads a register r′ in its
solo-run starting in C, where either r′ ∈ Rq or in C process q is visible on r′. Note that
because C is safe and p ∈ Pr ⊆ P , for any process q visible on a register in Rp, we have
(p, q) ∈ K3(C). Hence, none of the processes in Zp are visible on any register in Rp. Since
C is safe and Zp ∩ L(C) = ∅, for any process q ∈ Zp, we have (p, q) /∈ K(C). Hence, p does
not have a cache copy of any register that q is visible on (otherwise, (p, q) ∈ K1(C)) or any
register in Rq (otherwise, (p, q) ∈ K2(C)). Thus, in a solo-run by p starting in C the first
read from a register on which q is visible or a register in Rq incurs an RMR. Hence, since
each process incurs at most ℓ RMRs during any execution, |Zp| ≤ 2ℓ, for any p ∈ Pr. We
want to choose two processes a and b from Pr, such that a /∈ Zb and b /∈ Za. We have
(
|Pr|
2
)
many possibilities to choose 2 processes. However, for each process p at most |Zp| many
choices need to be removed. Therefore, by
(
|Pr|
2
)
−|Pr|·max
p∈Pr
{|Zp|}
|Pr |≥8ℓ−1,|Zp|≤2ℓ
≥ (8ℓ−1)(8ℓ−2)/2−(8ℓ−1)2ℓ= 16ℓ2−10ℓ+2
ℓ≥1
≥ 8 > 1,
(42)
we have at least one pair of processes a and b, such that b /∈ Za and a /∈ Zb. Fix a pair of
processes a and b, such that b /∈ Za and a /∈ Zb. Let D = Conf
(
Γ, σ→C |
(
L(C) ∪ {a, b}
)∆)
.
By Claim 21, configuration D is safe. Hence, because for any pair (p, q) ∈ K
(
Conf(D, pk)
)
,
for any p ∈ {a, b} and any positive integer k, we have q ∈ L(D), by Claim 16, in a solo-run
by p starting in D, in which p does not receive the abort signal p wins. Hence, a solo run by
p ∈ {a, b}, in which p does not receive the abort signal, starting in Conf(D, a) also results
in p winning. That is because when p = a, we have Exec(D, ak) = Exec
(
Conf(D, a), ak−1
)
,
for any positive integer k, and when p = b, in Exec
(
Conf(D, a), bk
′
)
, for any positive
integer k′, the value written by process a is overwritten by b and thus, D and Conf(D, a)
are indistinguishable to process b. Since a and b have not received the abort signal in
Conf(D, a) and in any fair execution starting in Conf(D, a) both a and b terminate (because
the algorithm that we are running is deadlock-free), by Lemma 9,
there exists a schedule λ ∈ ({a, b}∆)∗, such that in Exec
(
Conf(D, a), λ
)
both a and b lose.
(43)
Let R be the set of registers that are being read during Exec
(
Conf(D, a), λ
)
by any process
in {a, b}. Further, let Y ⊆ P \ {a, b} be a set of all processes q, such that q is visible on at
0:30 RMR Lower Bound for Abortable TAS
least one register in R in configuration C or R ∩ Rq 6= ∅. Since C is safe, for any process
y ∈ Y , we have (a, y) /∈ K(C) and (b, y) /∈ K(C). Thus,
(
Cachea(C) ∪Cacheb(C)
)
∩R = ∅.
Hence, in any {a, b}-only execution starting in C, for each register r ∈ R on which a process
q ∈ Y is visible or r ∈ Rq, the first read by each process in {a, b} from r incurs an RMR.
Thus, because a and b incur at most ℓ RMRs in Exec
(
Conf(C, a), λ
)
, it is true that |Y | ≤ 4ℓ.
Let w be the process, such that r ∈ Rw. Note that since all processes in Pr are poised
to perform an RMR step on r, we have w /∈ Pr. Further let X = Za ∪ Zb ∪ Y ∪ {w}, and
D′ = Conf
(
Γ, σ→C |(L(C)∪(P \X))
∆
)
. Since C is safe, by Theorem 11, processes in Pr \X
are in the same state in D′ as they are in C, which means they are poised to write to r. Let
{q1, ..., qk} = Pr \(X∪{a, b}), Q = (P ∪{a, b})\X , and σ = q1 ◦ ...◦qk ◦a◦λ. Configurations
Conf(D, a), Conf(C′, a), and Conf(C′, q1 ◦ ... ◦ qk ◦ a) are indistinguishable to processes a
and b. Hence, by (43),
a, b ∈ L
(
Conf(C′, σ)
)
. (44)
We now show that (S1) and (S2) are satisfied for Conf(C′, σ). For (S1) we need to
show for any pair (p, q) ∈ K
(
Conf(C′, σ)
)
, that q ∈ L
(
Conf(C′, σ)
)
. Fix a pair (p, q) ∈
K
(
Conf(C′, σ)
)
. If (p, q) ∈ K(C′), then since C′ is safe, q ∈ L(C′). Because L(C′) ⊆
L
(
Conf(C′, sigma)
)
, we have q ∈ L
(
Conf(C′, sigma)
)
. If (p, q) /∈ K(C′), then since
any visible process on a register read by a or b in Exec(C′, σ) is lost (otherwise, it is a
process in Y , which does not take any steps in E→C′ ◦ Exec(C
′, σ)), we have (p, q) /∈
K1
(
Conf(C′, σ)
)
\K1(C′). Further, because P ⊆ Proc(σ), no process takes its first shared
memory step in Exec(C′, σ). Hence, (p, q) /∈ K2
(
Conf(C′, σ)
)
\ K2(C′). Thus, (p, q) ∈
K3
(
Conf(C′, σ)
)
\ K3(C′). Therefore, since Q ⊆ Proc(σ), during Exec(C′, σ) process q
writes to a register in Rp. Because of (44), if q ∈ {a, b}, then q ∈ L
(
Conf(C′, σ)
)
. Since
each process in Pr is poised to preform an RMR step in C
′ and both a and b are poised
to write to r in C′, we have r /∈ Ra ∪ Rb. Thus, p /∈ {a, b}. Since for the process w that
r ∈ Rw, it holds w /∈ Q, we have p /∈ Q. Hence, (S1) is satisfied. Since C′ is safe, for any
p /∈ H(C′), either p does not take any shared memory steps in E→C′ , or p ∈ L(C′). Thus,
because any register that is accessed in Exec(C′, σ) is last accessed by either a or b, and by
(44), (S2) is also satisfied. This proves Part (a).
From Q = (P ∪ {a, b}) \X we get
|Q| ≥ |Proc(σ→C) \ L(C)|+ 2− |X |. (45)
Thus, to prove Part (b) is suffices to prove |X | ≤ 8ℓ+ 1. As X = Za ∪Zb ∪ Y ∪ {w}, where
w is the process that r ∈ Rw, it holds |X | ≤ |Za|+ |Zb|+ |Y |+ 1 ≤ 8ℓ+ 1.
In Exec(C′, σ), each process in {q1, ..., qk} takes a single write step to r. Since (Pr ∩Q)\
L
(
Conf(C′, σ)
)
= {q1, ..., qk}, Part (c) is true.
Processes a and b are the only processes that receive the abort signal in Exec(C′, σ), and
they both lose. Thus, Parts (d) and (e) are true. ◭
We use the execution constructed in Claim 26 to create an execution to handle the high-
contention write case (where most processes are poised to write and few registers are poised
to being accessed).
◮ Lemma 27. Let C be a safe configuration and P = Proc(σ→C) \L(C), such that in E→C
each process in P does not receive the abort signal, and is poised to perform an RMR step.
Also no process takes more than ℓ RMR steps in any execution. If in C more than |P |/2
processes are poised to write and at most |P |/(10ℓ) registers are poised to being accessed,
then there exists a set of processes Q ⊆ P and schedule σ ∈
((
Q ∪ L(C)
)∆)∗
, such that
A. Eghbali and P. Woelfel 0:31
(a) configuration C′ = Conf(Γ, σ) is safe,
(b) |Q \ L(C′)| ≥ |P |/10,
(c) RMRQ\L(C′)
(
Exec(Γ, σ)
)
= RMRQ\L(C′)(E→C) + |Q \ L(C
′)|, and
(d) any process that receives the abort signal in Exec(Γ, σ) is in L(C′).
Proof. Let P0 ⊆ P be the set of processes that are poised to write in configuration C, and
C0 = Conf
(
Γ, σ→C |
(
P0∪L(C)
)∆)
. Let {r1, ..., rk} be the set of registers that are poised to
being written in C. We inductively construct schedule σi, for i ∈ {1, ..., k}. Our inductive
hypothesis is that for i ∈ {1, ..., k},
(IH1) configuration Ci = Conf(Γ, sigmai) is safe,
(IH2) |Pi| ≥ |P | − i(8ℓ− 1),
(IH3) any process that receives the abort signal in E→Ci is in L(Ci).
Since C is safe, by Claim 21, configuration C0 is safe. By Claim 10, it holds E→C |P =
E→C0 |P . Therefore, any process that receives the abort signal in E→C0 is in L(C0). Thus,
by (IH3) it holds that any process in Proc(Ci) \ L(Ci), for i ∈ {0, ..., k}, does not receive
the abort signal in E→Ci . Hence, by (IH1) and the fact that no process takes more than
ℓ RMR steps in any execution starting in Γ, we can apply Claim 26 to Ci−1, where ri is
the fixed register. For i ∈ {1, ..., k}, let σ′ and Pi be the schedule and set of processes
achieved by applying Claim 26 to configuration Ci−1 and the fixed register ri. Then let
σi =
(
σ→Ci−1 |
(
Pi ∪ L(Ci−1)
))
◦ σ′.
By Claim 26 Part (a), (b), and (d), the inductive hypothesis is true.
Let σ = σk+1, and Q = Pk \ L(C). (IH1) implies Part (a). Since at most |P |/(10ℓ)
registers are poised to being accessed in C, we have k ≤ |P |/(10ℓ). Further, by Claim 26
Part (e), for each i ∈ {1, ..., k} at most 2 processes are in L(C′) \ L(C). Hence, by the
inductive hypothesis,
|Q\L(C′)| ≥ |P |−k(8ℓ−1)−2k
ℓ≥1
≥ |P |−9kℓ
k≤|P |/(10ℓ)
≥ |P |−
|P |
10ℓ
9ℓ ≥ |P |−
9
10
|P | ≥
|P |
10
. (46)
This proves Part (b). From Part (c) of Claim 26, Part (c) follows. Since any process that
receives the abort signal in E→C is in L(C), and by Part (d) of Claim 26, Part (d) follows. ◭
3.4.3 Detailed Construction
Let n ≥ 4, c = 10, and ℓ = ⌊logn/(c log logn)⌋. We inductively construct a schedule σi and a
set of processes Pi ⊆ P , for all i ∈ {0, ..., ℓ}. For the sake of conciseness, let Ei = Exec(Γ, σi),
Ci = Conf(Γ, σi), and Li = L(Ci).
The following invariants are satisfied for i ∈ {0, ..., ℓ}:
(I1) Ci is safe.
(I2) |Pi \ Li| ≥ (n− 1)/(logn)ci.
(I3) RMRPi\Li(Ei) ≥ i |Pi \ Li| − i.
(I4) For each process p ∈ Pi \ Li : RMRp(Ei) ≤ i.
(I5) For each process p ∈ Pi \ Li, p⊤ does not appear in σi.
We now describe our inductive construction in detail.
Base Case:
Schedule σ0 is a schedule in which each process scans its own shared memory segment, and
P0 = P . Note that Proc(σ0) = P .
0:32 RMR Lower Bound for Abortable TAS
Inductive Step:
In Ci, we let each process in Pi \ Li that does not win in a solo-run take solo-steps until
it is poised to perform an RMR. By Claim 19, there is at most one process that wins in a
solo-run starting in Ci, so in our execution all but one process participate. By Claim 10
each process performs the same steps in the solo-run starting in Ci as in the constructed
execution, and by Claim 15 each process will eventually become poised to perform an RMR.
If there is a process that wins in a solo-run starting from Ci, we remove that process from
the entire execution constructed so far.
More precisely, let {q1, ..., qk} = Pi \ Li and let tj be the largest integer, such that
RMR
(
Exec(Ci, q
tj
j )
)
= 0 and qj does not terminate in Exec(Ci, q
tj
j ), for j ∈ {1, ..., k} (since
by (I1), Ci is safe, and by (I5) qj does not receive the abort signal in E→Ci , such an integer
tj exists according to Claim 15). By (I5), no process in Pi \ Li receives the abort signal in
E→Ci . Thus, by Claim 19, any process that starting in Ci terminates in its solo-run wins.
Hence, by the safety property of leader election, at most one process terminates in its solo-
run starting in Ci. If such a process does not exist, then let λi = q
t1
1 q
t2
2 ...q
tk
k , and P
′
i = Pi. If
such a process exists, we assume, without loss of generality (by renaming variables q1, ..., qk),
that qk is the process that wins in its solo-run starting in Ci without incurring any RMRs.
Then let λi = q
t1
1 q
t2
2 ...q
tk−1
k−1 , P
′
i = Pi \ {qk}. Finally, let Di = Conf
(
Conf(Γ, σi|P ′i ), λi
)
.
We define for register r, set Ri(r) as the set of processes that are poised to read r in
Di, and set Wi(r) as the set of processes that are poised to write r in Di. Let Si = {r ∈
R |Wi(r) ∪Ri(r) 6= ∅}.
First, we prove some properties of configuration Di.
◮ Claim 28. The following are true for configuration Di.
(a) Configuration Di is safe.
(b) For any process p ∈ P ′i \ Li, RMRp(E→Ci) = RMRp(E→Di).
(c) For any process p in Ri(r) ∪Wi(r), it is true that r /∈ Rp.
Proof. Let k′ = |P ′i \ Li|. Since Ci is safe, by Claim 10,
Exec(Γ, σi|P
′
i ) = E→Ci |P
′
i . (47)
Further, by Claim 12, for each process p ∈ P ′i , it holds thatCachep(Ci) = Cachep
(
Conf(Γ, σi|P ′i )
)
.
Therefore, whenRMR
(
Exec(Ci, q
tj
j )
)
= 0, for j ∈ {1, ..., k′}, it is true thatRMR
(
Exec
(
Conf(Γ, σi|P ′i ), q
tj
j
))
=
0. Thus, by applying Claim 18 Part (b) several times (first Q1 = {q1} and Q2 = {q2}, the
next time, Q1 = {q1, q2} and Q2 = {q3}, and so on),
RMR
(
Exec
(
Conf(Γ, σi|P
′
i ), λi
))
= 0. (48)
Hence, since by (I5) none of the processes in P ′i \Li receive the abort signal in Conf(Γ, σi|P
′
i )
or during Exec
(
Conf(Γ, σi|P ′i ), q
tj
j
)
, by applying Claim 14 multiple times, Di is safe. This
proves Part (a).
By (47), for each process p ∈ P ′i , it holds that RMRp(E→Ci) = RMRp
(
Exec(Γ, σi|P ′i )
)
.
Thus, Part (b) follows from (48).
By Claim 13, each process in P ′i \Li has the same cache in Ci and Conf(Γ, σi|P
′
i ). Hence,
by (47) and the construction of λi, each process in Ri(r) ∪Wi(r) is poised to perform an
RMR step in Di. Therefore, the register that each process p ∈ Ri(r) ∪Wi(r) is poised to
access is not in its own memory segment. ◭
Let Xi =
⋃
r∈Si
Wi(r), and Yi =
⋃
r∈Si
Ri(r). We distinguish the following cases to
complete the inductive step of our construction:
A. Eghbali and P. Woelfel 0:33
Case 1: |Si| ≥ |Pi \ Li|/(10ℓ) or |Xi| < |Yi|:
Let σi+1 = σ and Pi+1 = Q∪L(Di), where Q and σ are the set of processes and the schedule
we know from Lemma 25. From Part (b), we get that Ci+1 is safe. By Part (a),
|Pi+1 \ Li+1| ≥
|Pi|
60ℓ2
(I2)
≥
n− 1
(logn)ci60ℓ2
ℓ≤logn
≥
n− 1
60(logn)ci+2
c=10,n≥4
≥
n− 1
(logn)c(i+1)
. (49)
Hence, (I2) is true. From (I3), (I4), and Part (c), it immediately follows that (I3) and (I4)
are true for i+ 1. Invariant (I5) directly follows Part (d).
Case 2: |Si| < |Pi \ Li|/(10ℓ) and |Xi| ≥ |Yi|:
Applying Lemma 27 to configuration Di, results in a set of processes Q, and a schedule
σ. Let Pi+1 = Q ∪ L(Di) and σi+1 = σ. From Lemma 27 we prove Invariants (I1)-(I5).
Invariant (I1) follows Part (a). From Part (b), we have
|Pi+1 \ Li+1| ≥ |Pi \ Li|/10
(I2)
≥
n− 1
10(logn)ci
n≥4,c=10
≥
n− 1
(log n)c(i+1)
, (50)
which proves (I2). From (I3), (I4), and Part (c), Invariants (I3) and (I4) are true. Part (d)
and (I5) immediately imply (I5).
Proof of Theorem 3
Using Invariants (I1)-(I5), we obtain our main theorem. As shown above, for any abortable
leader election algorithm, there exists an execution Exec(Γ, σℓ−1) that satisfies (I1)-(I5). We
have
n− 1
(log n)c(ℓ−1)
≥
n− 1
(logn)(logn/ log logn)−c
≥
(n− 1)(logn)c
n
n≥4
≥ 2. (51)
Hence, by (I2) in Exec(Γ, σℓ−1) at least two processes participate and don’t lose. By (I3) at
least one of these processes incurs Ω(ℓ) = Ω(logn/ log logn) RMRs.
0:34 RMR Lower Bound for Abortable TAS
References
1 Zahra Aghazadeh, Wojciech Golab, and Philipp Woelfel. Making objects writable. Under
review, 2014.
2 Zahra Aghazadeh and Philipp Woelfel. Space- and time-efficient long-
lived test-and-set objects. In Proceedings of 18th International Con-
ference On Principles Of Distributed Systems (OPODIS), pages 404–
419, 2014. URL: https://doi.org/10.1007/978-3-319-14472-6_27 ,
doi:10.1007/978-3-319-14472-6_27.
3 Zahra Aghazadeh and Philipp Woelfel. Upper bounds for boundless tagging with bounded
objects. In Proceedings of the 30th International Symposium on Distributed Computing
(DISC), pages 442–457, 2016. URL: https://doi.org/10.1007/978-3-662-53426-7_32 ,
doi:10.1007/978-3-662-53426-7_32.
4 Marcos Kawazoe Aguilera, Svend Frølund, Vassos Hadzilacos, Stephanie Lorraine Horn,
and Sam Toueg. Abortable and query-abortable objects and their efficient implementa-
tion. In Proceedings of the 26th SIGACT-SIGOPS Symposium on Principles of Distributed
Computing (PODC), pages 23–32, 2007.
5 Dan Alistarh and James Aspnes. Sub-logarithmic test-and-set against a weak adversary. In
Proceedings of the 25th International Symposium on Distributed Computing (DISC), pages
97–109, 2011.
6 Dan Alistarh, James Aspnes, Keren Censor-Hillel, Seth Gilbert, and Morteza Zadimoghad-
dam. Optimal-time adaptive strong renaming, with applications to counting. In Proceedings
of the 30th SIGACT-SIGOPS Symposium on Principles of Distributed Computing (PODC),
pages 239–248, 2011.
7 Dan Alistarh, James Aspnes, Seth Gilbert, and Rachid Guerraoui. The complexity of re-
naming. In Proceedings of the 52nd Annual IEEE Symposium on Foundations of Computer
Science (FOCS), pages 718–727, 2011.
8 Dan Alistarh, Hagit Attiya, Seth Gilbert, Andrei Giurgiu, and Rachid Guerraoui. Fast
randomized test-and-set and renaming. In Proceedings of the 24th International Symposium
on Distributed Computing (DISC), pages 94–108, 2010.
9 James H. Anderson and Yong-Jik Kim. Adaptive mutual exclusion with local spinning. In
Proceedings of the 14th International Symposium on Distributed Computing (DISC), pages
29–43, 2000.
10 James H. Anderson and Yong-Jik Kim. An improved lower bound for the time complexity
of mutual exclusion. Distributed Computing, 15:221–253, 2002.
11 T. Anderson. The performance of spin lock alternatives for shared-memory multiprocessors.
IEEE Transactions on Parallel and Distributed Systems, 1:6–16, 1990.
12 Hagit Attiya, Danny Hendler, and Philipp Woelfel. Tight RMR lower bounds for mutual
exclusion and other problems. In Proceedings of the 40th Annual ACM Symposium on
Theory of Computing (STOC), pages 217–226, 2008.
13 Michael Bender and Seth Gilbert. Mutual exclusion with O(log2 log n) amortized work.
In Proceedings of the 52nd Annual IEEE Symposium on Foundations of Computer Science
(FOCS), pages 728–737, 2011.
14 Harry Buhrman, Alessandro Panconesi, Riccardo Silvestri, and Paul M. B. Vitányi. On the
importance of having an identity or, is consensus really universal? Distributed Computing,
18(3):167–176, 2006.
15 Robert Danek and Wojciech M. Golab. Closing the complexity gap between FCFS mutual
exclusion and mutual exclusion. Distributed Computing, 23(2):87–111, 2010.
16 Robert Danek and Hyonho Lee. Brief announcement: Local-spin algorithms for abortable
mutual exclusion and related problems. In Proceedings of the 22nd International Symposium
on Distributed Computing (DISC), pages 512–513, 2008.
A. Eghbali and P. Woelfel 0:35
17 E. W. Dijkstra. Solution of a problem in concurrent programming control. Communications
of the ACM, 8:569, 1965.
18 Cynthia Dwork, Maurice Herlihy, and Orli Waarts. Contention in shared memory al-
gorithms. Journal of the ACM, 44(6):779–805, 1997. doi:10.1145/268999.269000.
19 Wayne Eberly, Lisa Higham, and Jolanta Warpechowska-Gruca. Long-lived, fast, wait-
free renaming with optimal name space and high throughput. In Proceedings of the 12th
International Symposium on Distributed Computing (DISC), pages 149–160, 1998.
20 Michael J. Fischer, Nancy A. Lynch, and Mike Paterson. Impossibility of distributed
consensus with one faulty process. Journal of the ACM, 32(2):374–382, 1985.
21 George Giakkoupis and Philipp Woelfel. On the time and space complexity of randomized
test-and-set. In Proceedings of the 31st SIGACT-SIGOPS Symposium on Principles of
Distributed Computing (PODC), pages 19–28, 2012.
22 George Giakkoupis and Philipp Woelfel. A tight RMR lower bound for randomized mutual
exclusion. In Proceedings of the 44th Annual ACM Symposium on Theory of Computing
(STOC), pages 983–1002, 2012.
23 George Giakkoupis and PhilippWoelfel. Randomized mutual exclusion with constant amort-
ized RMR complexity on the DSM. In Proceedings of the 55nd Annual IEEE Symposium
on Foundations of Computer Science (FOCS), 2014. To appear.
24 George Giakkoupis and Philipp Woelfel. Randomized abortable mutual exclusion
with constant amortized RMR complexity on the CC model. In Proceedings
of the 36th SIGACT-SIGOPS Symposium on Principles of Distributed Computing
(PODC), pages 221–229, 2017. URL: http://doi.acm.org/10.1145/3087801.3087837,
doi:10.1145/3087801.3087837 .
25 Wojciech Golab, Danny Hendler, and Philipp Woelfel. An O(1) RMRs leader election
algorithm. SIAM Journal on Computing, 39(7):2726–2760, 2010.
26 Wojciech M. Golab, Vassos Hadzilacos, Danny Hendler, and Philipp Woelfel. Constant-
RMR implementations of cas and other synchronization primitives using read and write
operations. In Proceedings of the 26th SIGACT-SIGOPS Symposium on Principles of
Distributed Computing (PODC), pages 3–12, 2007.
27 Wojciech M. Golab, Vassos Hadzilacos, Danny Hendler, and Philipp Woelfel. RMR-efficient
implementations of comparison primitives using read and write operations. Distributed
Computing, 25(2):109–162, 2012.
28 Danny Hendler and Philipp Woelfel. Randomized mutual exclusion in O(logN/ log logN)
RMRs. In Proceedings of the 28th SIGACT-SIGOPS Symposium on Principles of Distrib-
uted Computing (PODC), pages 26–35, 2009.
29 Danny Hendler and Philipp Woelfel. Adaptive randomized mutual exclusion in sub-
logarithmic expected time. In Proceedings of the 29th SIGACT-SIGOPS Symposium on
Principles of Distributed Computing (PODC), pages 141–150, 2010.
30 Danny Hendler and Philipp Woelfel. Randomized mutual exclusion with sub-
logarithmic RMR-complexity. Distributed Computing, 24(1):3–19, 2011. URL:
http://dx.doi.org/10.1007/s00446-011-0128-6 .
31 Prasad Jayanti. Adaptive and efficient abortable mutual exclusion. In Proceedings of
the 22nd SIGACT-SIGOPS Symposium on Principles of Distributed Computing (PODC),
pages 295–304, 2003. doi:http://doi.acm.org/10.1145/872035.872079 .
32 Prasad Jayanti, Srdjan Petrovic, and Neha Narula. Read/write based fast-path transform-
ation for FCFS mutual exclusion. In 31st Conference on Current Trends in Theory and
Practice of Informatics (SOFSEM), pages 209–218, 2005.
33 Y.-J. Kim and J. Anderson. A time complexity bound for adaptive mutual exclusion. In
Proceedings of the 15th International Symposium on Distributed Computing (DISC), pages
1–15, 2001.
0:36 RMR Lower Bound for Abortable TAS
34 Yong-Jik Kim and James H. Anderson. Nonatomic mutual exclusion with local spinning.
Distributed Computing, 19(1):19–61, 2006.
35 Clyde P. Kruskal, Larry Rudolph, and Marc Snir. Efficient synchronization on multipro-
cessors with shared memory. ACM Transactions on Programming Languages and Systems,
10(4):579–601, 1988.
36 Hyonho Lee. Transformations of mutual exclusion algorithms from the cache-coherent
model to the distributed shared memory model. In Proceedings of the 25th International
Conference on Distributed Computing Systems (ICDCS), pages 261–270, 2005.
37 Hyonho Lee. Fast local-spin abortable mutual exclusion with bounded space. In Proceed-
ings of 14th International Conference On Principles Of Distributed Systems (OPODIS),
pages 364–379, 2010. URL: https://doi.org/10.1007/978-3-642-17653-1_27 ,
doi:10.1007/978-3-642-17653-1_27.
38 Hyonho Lee. Local-spin Abortable Mutual Exclusion. PhD thesis, 2011.
39 Alessandro Panconesi, Marina Papatriantafilou, Philippas Tsigas, and Paul M. B. Vitányi.
Randomized naming using wait-free shared variables. Distributed Computing, 11(3):113–
124, 1998.
40 Abhijeet Pareek and Philipp Woelfel. RMR-efficient randomized abortable mutual exclu-
sion. In Proceedings of the 26th International Symposium on Distributed Computing (DISC),
pages 267–281, 2012.
41 Michael L Scott. Non-blocking timeout in scalable queue-based spin locks. In Proceedings
of the twenty-first annual symposium on Principles of distributed computing, pages 31–40.
ACM, 2002.
42 Paul Turán. Eine extremalaufgabe aus der graphentheorie. Mat. Fiz. Lapok, 48(436-452):61,
1941.
