Project-ASAP:Models and abstractions: dealing with dynamics

Inria / Raweb 2009
Presentation of the Project ASAP

Section: New Results

Models and abstractions: dealing with dynamics

Reducing the cost of Byzantine consensus in synchronous systems

Participant : Achour Mostefaoui.

In a system composed of n processes where at most t can exhibit a Byzantine behavior, it is known since early eighties that t need to be smaller then a third of the total number of process to make the Byzantine consensus problem decidable. Moreover, it has been proved that the minimum number of communication steps needed is t + 1 in the worst case. Yet, this protocol is extremely costly in terms of the size of messages and local computation (this protocol is called EIG for Exponential Information Gathering). So far, lowering this cost has led to consider smaller values of t (such as t<n/4 ) and an increased latency (2t + 2 steps). One protocol exist with a reasonable (polynomial) cost with the initial number of steps but is extremely complex. The goal of this work is to design a simple algorithm that is as simple and resilient as the EIG protocol but with a quadratic number of steps.

Peer-to-peer polling without cryptography

Participants : Kévin Huguenin, Anne-Marie Kermarrec.

This work has been done in collaboration with Rachid Guerraoui and Maxime Monod (EPFL, Switzerland). The emergence of social networks provides a framework for polling a community easily by the mean of peer-to-peer techniques. Polling is not as critical as voting as the accuracy on the tally is less important. Yet, it must provide similar properties to electronic voting, such as voter privacy, fairness, and probabilistic accuracy. The core idea of the work is to build a decentralized protocol without cryptography ensuring this properties with high probability by the mean of peer-to-peer deterrent power : every action in the protocol may be subject to verification by peers . Ensuring that any malicious action is detected with probability one or at least close to one, we increase the accuracy of the tally by limiting the proportion of peers misbehaving. Privacy is ensured probabilistically by using peers as proxies for emitting ballots making vote recovery impossible for reasonable proportion of malicious nodes. This work has been published in 2009 in the international conference OPODIS [45] . We are currently working on extension to n-ary polling.

Bridging the Gap between population and gossip-based protocols

Participants : Marin Bertier, Anne-Marie Kermarrec.

In this work, we establish a correlation between population and gossip-based protocols. Studying the equivalence between them, we propose a classification of gossip-based protocols, based on the nature of the underlying peer-sampling service. First, we show that the class of gossip protocols, where each node relies on an arbitrary sample, is equivalent to population protocols. Second, we show that gossip-based protocols, relying on a more powerful peer sampling providing peers with a clearly identified set of other peers, are equivalent to community protocols, a variant of population protocols. Leveraging the resemblances between these areas enables to provide a theoretical framework for distributed systems where global behaviours emerge from a set of local interactions, both in wired and wireless settings. This work has been presented at SIRROCCO 2009 [31] . We also study the impact of the agents mobility model on the convergence speed of population protocols. We perform our study by considering several mobility models traditionally used in the ad-hoc network community. We propose an augmented population protocol model where each edge of the interaction graph is weighted, representing the probability of two agents to interact.

STAR

Participants : Erwan Le Merrer, Anne-Marie Kermarrec.

STAR is a fully decentralized self-stabilizing randomized membership protocol building a strongly connected overlay graph with sub-logarithmic diameter and almost homogeneous logarithmic degree. STAR is the first protocol to simultaneously maintain the following properties on the resulting graph G : (i) The graph maintains the Eulerian property, i.e., that the in-degree and out-degree of each node are the same, and G is strongly connected. (ii) The out-degree of each node automatically converges to an average of 2ln(n) + O(1) without any node knowing the exact size n of the network. (iii) The diameter of the overlay graph is $Im1 ${\mfrac {lnn}{lnlnn+ln2}+O{(1)}}$$ with high probability. (iv) STAR is self-stabilizing. Starting from an arbitrary graph topology, or after disruptive error, STAR causes the overlay graph to converge to the desired properties. This work has been done in collaboration with Prof. Ajoy Datta, University of Nevada, Las Vegas.

Agreement in anonymous systems

Participants : François Bonnet, Michel Raynal.

This work addresses the consensus problem in asynchronous systems prone to process crashes, where additionally the processes are anonymous (they cannot be distinguished one from the other: they have no name and execute the same code). To circumvent the three computational adversaries (asynchrony, failures and anonymity) each process is provided with a failure detector of a class denoted $\psi$ , that gives it an upper bound on the number of processes that are currently alive (in a non-anonymous system, the classes $\psi$ and $Im2 $\#119979 $$ -the class of perfect failure detectors- are equivalent).

After having designed a simple $\psi$ -based consensus algorithm where the processes decide in 2t + 1 asynchronous rounds (where t is an upper bound on the number of faulty processes), we have shown that 2t + 1 is a lower bound for consensus in the anonymous systems equipped with $\psi$ . Then addressing early-decision, we have designed and proved correct an early-deciding algorithm where the processes decide in min(2f + 2, 2t + 1) asynchronous rounds (where f is the actual number of process failures). This leads to think that anonymity doubles the cost (wrt. synchronous systems) and it is conjectured that min(2f + 2, 2t + 1) is the corresponding lower bound. These results have then been extended to k -set agreement problem, for which we have introduced a family of failure detector classes $Im3 ${{\#968 _\#8467 }}_{0\#8804 \#8467 \lt k}$$ that generalizes the class $\psi$ ( = $\psi$ ₀) and designed an algorithm that solves the k -set agreement in $Im4 ${R_{t,\#8467 }=2\mfenced o=⌊ c=⌋ \mfrac t{k-\#8467 }+1}$$ asynchronous rounds. This last formula relates the cost ( $Im5 $R_{t,\#8467 }$$ ), the coordination degree of the problem (k ), the maximum number of failures (t ) and the the strength ( $\ell$ ) of the underlying failure detector.

Looking for weakest failure detectors

Participants : François Bonnet, Michel Raynal.

In the k -set agreement problem, each process (in a set of n processes) proposes a value and has to decide a proposed value in such a way that at most k different values are decided. While this problem can easily be solved in asynchronous systems prone to t process crashes when k>t , it cannot be solved when k $\le$ t . Since several years, the failure detector-based approach has been investigated to circumvent this impossibility. While the weakest failure detector class to solve the k -set agreement problem in read/write shared-memory systems has recently been discovered (PODC 2009), the situation is different in message-passing systems where the weakest failure detector classes are known only for the extreme cases k = 1 (consensus) and k = n-1 (set agreement). We have introduced introduces a candidate for the general case. It presents a new failure detector class, denoted $\upper_pi$ _k , and shows $\upper_pi$ ₁ = $\upper_sigma$ × $\upper_omega$ (the weakest class for k = 1 ), and $Im6 ${\#928 _{n-1}=\#8466 }$$ (the weakest class for k = n-1 ). Then, we have investigated the structure of $\upper_pi$ _k and shows it is the combination of two failures detector classes denoted $\upper_sigma$ _k and $\upper_omega$ _k (that generalize the previous “quorums” and “eventual leaders” failure detectors classes). Finally, we have proved that $\upper_sigma$ _k is a necessary requirement (as far as information on failure is concerned) to solve the k -set agreement problem in message-passing systems. This work has obtained the Best Paper Award at SSS 2009.

Implementing a register in a dynamic distributed system

Participants : François Bonnet, Michel Raynal, Anne-Marie Kermarrec.

This work was carried out in collaboration with S. Bonomi and R. Baldoni, Universita' di Roma, La Sapienza, Roma, Italy. Providing distributed processes with concurrent objects is a fundamental service that has to be offered by any distributed system. The classical shared read/write register is one of the most basic ones. Several protocols have been proposed that build an atomic register on top of an asynchronous message-passing system prone to process crashes. In the same spirit, we have addressed the implementation of a regular register (a weakened form of an atomic register) in an asynchronous dynamic message-passing system. The aim is here to cope with the net effect of the adversaries that are asynchrony and dynamicity (the fact that processes can enter and leave the system). Our work focuses on the class of dynamic systems the churn rate c of which is constant. It presents two protocols, one applicable to synchronous dynamic message passing systems, the other one to eventually synchronous dynamic systems. Both protocols rely on an appropriate broadcast communication service (similar to a reliable broadcast). Each requires a specific constraint on the churn rate c . Both protocols are first presented in an as intuitive as possible way, and are then proved correct (ICDCS 2009, SIROCCO 2009).

The extended Boroswky-Gafni simulation

Participants : Damien Imbs, Michel Raynal.

The Borowsky-Gafni (BG) simulation algorithm is a powerful tool that allows a set of t + 1 asynchronous sequential processes to wait-free simulate (i.e., despite the crash of up to t of them) a large number n of processes under the assumption that at most t of these processes fail (i.e., the simulated algorithm is assumed to be t -resilient). The BG simulation has been used to prove solvability and unsolvability results for crash-prone asynchronous shared memory systems. In its initial form, the BG simulation applies only to colorless decision tasks, i.e., tasks in which nothing prevents processes to decide the same value (e.g., consensus or k -set agreement tasks). Said in another way, it does not apply to decision problems such as renaming where no two processes are allowed to decide the same new name. Very recently (STOC 2009), Eli Gafni has presented an extended BG simulation algorithm (GeBG) that generalizes the basic BG algorithm by extending it to “colored” decision tasks such as renaming. His algorithm is based on a sequence of sub-protocols where a sub-protocol is either the base agreement protocol that is at the core of BG simulation, or a commit-adopt protocol.

We have designed a core algorithm for the extended BG simulation algorithm that is particularly simple. This algorithm is based on two underlying objects:the base agreement object used in the BG simulation (as does GeBG), and (differently from GeBG) a new simple object that we call arbiter . As in GeBG, while each of the n simulated processes is simulated by each simulator, each of the first t + 1 simulated processes is associated with a predetermined simulator that we called its “owner”. The arbiter object is used to ensure that the permanent blocking (crash) of any of these t + 1 simulated processes can only be due to the crash of its owner simulator (SSS 2009).

Software transactional systems

Participants : Damien Imbs, Michel Raynal.

The aim of a Software Transactional Memory (STM) is to discharge the programmers from the management of synchronization in multiprocess programs that access concurrent objects. To that end, a STM system provides the programmer with the concept of a transaction. The job of the programmer is to decompose each sequential process the application is made up of into transactions. A transaction is a piece of code that accesses concurrent objects, but contains no explicit synchronization statement. It is the job of the underlying STM system to provide the illusion that each transaction appears as being executed atomically. For efficiency, a STM system allows transactions to execute concurrently. Consequently, due to the underlying STM concurrency management, a transaction commits or aborts. Our work on STM has several facets. We have designed a new STM consistency condition, called virtual world consistency. This condition states that no transaction reads object values from an inconsistent global state. It is similar to opacity for the committed transactions but weaker for the aborted transactions. More precisely, it states that (1) the committed transactions can be totally ordered, and (2) the values read by each aborted transaction are consistent with respect to its causal past only. Hence, virtual world consistency is weaker than opacity while keeping its spirit. Then, assuming the objects shared by the processes are atomic read/write objects, the paper presents a STM protocol that ensures virtual world consistency (while guaranteeing the invisibility of the read operations). From an operational point of view, this protocol is based on a vector-clock mechanism. Finally, the paper considers the case where the shared objects are regular read/write objects. It also shows how the protocol can be weakened to satisfy the causal consistency condition (that is weaker than virtual world consistency) (SIROCCO 2009, PaCT 2009).

Logo Inria