66 research outputs found
Anonymous Asynchronous Systems: The Case of Failure Detectors
Due the multiplicity of loci of control, a main issue distributed systems have to cope with lies in the uncertainty on the system state created by the adversaries that are asynchrony, failures, dynamicity, mobility, etc. Considering message-passing systems, this paper considers the uncertainty created by the net effect of three of these adversaries, namely, asynchrony, failures, and anonymity. This means that, in addition to be asynchronous and crash-prone, the processes have no identity. Trivially, agreement problems (e.g., consensus) that cannot be solved in presence of asynchrony and failures cannot be solved either when adding anonymity. The paper consequently proposes anonymous failure detectors to circumvent these impossibilities. It has several contributions. First it presents three classes of failure detectors (denoted AP, Aâ© and Aâ) and show that they are the anonymous counterparts of the classes of perfect failure detectors, eventual leader failure detectors and quorum failure detectors, respectively. The class Aâ is new and showing it is the anonymous counterpart of the class â is not trivial. Then, the paper presents and proves correct a genuinely anonymous consensus algorithm based on the pair of anonymous failure detector classes (Aâ©, Aâ) (âgenuinelyâ means that, not only processes have no identity, but no process is aware of the total number of processes). This new algorithm is not a âstraightforward extensionâ of an algorithm designed for non-anonymous systems. To benefit from Aâ, it uses a novel message exchange pattern where each phase of every round is made up of sub-rounds in which appropriate control information is exchanged. Finally, the paper discusses the notions of failure detector class hierarchy and weakest failure detector class for a given problem in the context of anonymous systems
Solving atomic multicast when groups crash
In this paper, we study the atomic multicast problem, a fundamental abstraction for building faulttolerant systems. In the atomic multicast problem, the system is divided into non-empty and disjoint groups of processes. Multicast messages may be addressed to any subset of groups, each message possibly being multicast to a different subset. Several papers previously studied this problem either in local area networks [3, 9, 20] or wide area networks [13, 21]. However, none of them considered atomic multicast when groups may crash. We present two atomic multicast algorithms that tolerate the crash of groups. The first algorithm tolerates an arbitrary number of failures, is genuine (i.e., to deliver a message m, only addressees of m are involved in the protocol), and uses the perfect failures detector P. We show that among realistic failure detectors, i.e., those that do not predict the future, P is necessary to solve genuine atomic multicast if we do not bound the number of processes that may fail. Thus, P is the weakest realistic failure detector for solving genuine atomic multicast when an arbitrary number of processes may crash. Our second algorithm is non-genuine and less resilient to process failures than the first algorithm but has several advantages: (i) it requires perfect failure detection within groups only, and not across the system, (ii) as we show in the paper it can be modified to rely on unreliable failure detection at the cost of a weaker liveness guarantee, and (iii) it is fast, messages addressed to multiple groups may be delivered within two inter-group message delays only
Failure Detection Lower Bounds on Registers and Consensus (Preliminary Version)
This paper addresses the problem of determining the weakest failure detector to implement consensus in a message passing system when t out of n processes can crash (including when n/2 =< t < n-1), by addressing the problem of determining the weakest failure detector to implement a register. We complement and, in a precise sense, generalise previous results on the implementability of consensus and registers in a message passing model (augmented with the failure detector abstraction)
Relating L-Resilience and Wait-Freedom via Hitting Sets
The condition of t-resilience stipulates that an n-process program is only
obliged to make progress when at least n-t processes are correct. Put another
way, the live sets, the collection of process sets such that progress is
required if all the processes in one of these sets are correct, are all sets
with at least n-t processes.
We show that the ability of arbitrary collection of live sets L to solve
distributed tasks is tightly related to the minimum hitting set of L, a minimum
cardinality subset of processes that has a non-empty intersection with every
live set. Thus, finding the computing power of L is NP-complete.
For the special case of colorless tasks that allow participating processes to
adopt input or output values of each other, we use a simple simulation to show
that a task can be solved L-resiliently if and only if it can be solved
(h-1)-resiliently, where h is the size of the minimum hitting set of L.
For general tasks, we characterize L-resilient solvability of tasks with
respect to a limited notion of weak solvability: in every execution where all
processes in some set in L are correct, outputs must be produced for every
process in some (possibly different) participating set in L. Given a task T, we
construct another task T_L such that T is solvable weakly L-resiliently if and
only if T_L is solvable weakly wait-free
A Superstabilizing -Approximation Algorithm for Dynamic Steiner Trees
In this paper we design and prove correct a fully dynamic distributed
algorithm for maintaining an approximate Steiner tree that connects via a
minimum-weight spanning tree a subset of nodes of a network (referred as
Steiner members or Steiner group) . Steiner trees are good candidates to
efficiently implement communication primitives such as publish/subscribe or
multicast, essential building blocks for the new emergent networks (e.g. P2P,
sensor or adhoc networks). The cost of the solution returned by our algorithm
is at most times the cost of an optimal solution, where is the
group of members. Our algorithm improves over existing solutions in several
ways. First, it tolerates the dynamism of both the group members and the
network. Next, our algorithm is self-stabilizing, that is, it copes with nodes
memory corruption. Last but not least, our algorithm is
\emph{superstabilizing}. That is, while converging to a correct configuration
(i.e., a Steiner tree) after a modification of the network, it keeps offering
the Steiner tree service during the stabilization time to all members that have
not been affected by this modification
Global Versus Local Computations: Fast Computing with Identifiers
This paper studies what can be computed by using probabilistic local
interactions with agents with a very restricted power in polylogarithmic
parallel time. It is known that if agents are only finite state (corresponding
to the Population Protocol model by Angluin et al.), then only semilinear
predicates over the global input can be computed. In fact, if the population
starts with a unique leader, these predicates can even be computed in a
polylogarithmic parallel time. If identifiers are added (corresponding to the
Community Protocol model by Guerraoui and Ruppert), then more global predicates
over the input multiset can be computed. Local predicates over the input sorted
according to the identifiers can also be computed, as long as the identifiers
are ordered. The time of some of those predicates might require exponential
parallel time. In this paper, we consider what can be computed with Community
Protocol in a polylogarithmic number of parallel interactions. We introduce the
class CPPL corresponding to protocols that use , for some k,
expected interactions to compute their predicates, or equivalently a
polylogarithmic number of parallel expected interactions. We provide some
computable protocols, some boundaries of the class, using the fact that the
population can compute its size. We also prove two impossibility results
providing some arguments showing that local computations are no longer easy:
the population does not have the time to compare a linear number of consecutive
identifiers. The Linearly Local languages, such that the rational language
, are not computable.Comment: Long version of SSS 2016 publication, appendixed version of SIROCCO
201
Strong Equivalence Relations for Iterated Models
The Iterated Immediate Snapshot model (IIS), due to its elegant geometrical
representation, has become standard for applying topological reasoning to
distributed computing. Its modular structure makes it easier to analyze than
the more realistic (non-iterated) read-write Atomic-Snapshot memory model (AS).
It is known that AS and IIS are equivalent with respect to \emph{wait-free
task} computability: a distributed task is solvable in AS if and only if it
solvable in IIS. We observe, however, that this equivalence is not sufficient
in order to explore solvability of tasks in \emph{sub-models} of AS (i.e.
proper subsets of its runs) or computability of \emph{long-lived} objects, and
a stronger equivalence relation is needed. In this paper, we consider
\emph{adversarial} sub-models of AS and IIS specified by the sets of processes
that can be \emph{correct} in a model run. We show that AS and IIS are
equivalent in a strong way: a (possibly long-lived) object is implementable in
AS under a given adversary if and only if it is implementable in IIS under the
same adversary. %This holds whether the object is one-shot or long-lived.
Therefore, the computability of any object in shared memory under an
adversarial AS scheduler can be equivalently investigated in IIS
TrustedPals: Secure Multiparty Computation Implemented with Smart Cards
We study the problem of Secure Multi-party Computation (SMC) in a model where individual processes contain a tamper-proof security module, and introduce the TrustedPals framework, an efficient smart card based implementation of SMC for any number of participating entities in such a model. Security modules can be trusted by other processes and can establish secure channels between each other. However, their availability is restricted by their host, that is, a corrupted party can stop the computation of its own security module as well as drop any message sent by or to its security module. We show that in this model SMC can be implemented by reducing it to a fault-tolerance problem at the level of security modules. Since the critical part of the computation can be executed locally on the smart card, we can compute any function securely with a protocol complexity which is polynomial only in the number of processes (that is, the complexity does not depend on the function which is computed), in contrast to previous approaches
Fault Tolerant Network Constructors
In this work, we consider adversarial crash faults of nodes in the network
constructors model Michail and Spirakis, 2016. We first show that,
without further assumptions, the class of graph languages that can be (stably)
constructed under crash faults is non-empty but small. In particular, if an
unbounded number of crash faults may occur, we prove that (i) the only
constructible graph language is that of spanning cliques and (ii) a strong
impossibility result holds even if the size of the graphs that the protocol
outputs in populations of size need only grow with (the remaining nodes
being waste). When there is a finite upper bound on the number of faults,
we show that it is impossible to construct any non-hereditary graph language.
On the positive side, by relaxing our requirements we prove that: (i)
permitting linear waste enables to construct on nodes, any graph
language that is constructible in the fault-free case, (ii) partial
constructibility (i.e. not having to generate all graphs in the language)
allows the construction of a large class of graph languages. We then extend the
original model with a minimal form of fault notifications. Our main result here
is a fault-tolerant universal constructor: We develop a fault-tolerant protocol
for spanning line and use it to simulate a linear-space Turing Machine .
This allows a fault-tolerant construction of any graph accepted by in
linear space, with waste , where is the number of
faults in the execution. We then prove that increasing the permissible waste to
allows the construction of graphs accepted by an
-space Turing Machine, which is asymptotically the maximum simulation
space that we can hope for in this model. Finally, we show that logarithmic
local memories can be exploited for a no-waste fault-tolerant simulation of any
such protocol
- âŠ