22
http://parasol.tamu.edu The Weakest Failure Detector to Solve Wait-Free Dining under Eventual Weak Exclusion Srikanth Sastry * Scott M. Pike Jennifer Welch Texas A&M University 1
http://parasol.tamu.edu
The Weakest Failure Detector to Solve Wait-Free Dining under
Eventual Weak Exclusion
Srikanth Sastry*
Scott M. PikeJennifer Welch
Texas A&M University
1
Generalized Dining Philosophers
2
• Arbitrary graph topology• Nodes = processes (diners)• Edges = potential conflicts
Thinking
HungryEating
Diners cycle among three states
• Dining Constraints‒ Thinking may last forever‒ Eating must be finite for
correct diners
Wait-Free Dining under Eventual Weak Exclusion
• Wait Freedom (WF)– Every correct hungry process eventually eats– Regardless of process crashes
Eventual Weak Exclusion (◊WX)– Eventually, no two live neighbors eat
simultaneously– Intuitively, ◊WX permits only finitely many
scheduling mistakes in any run
3
History
• [PSS 08]1
‒Proved ◊P is sufficient to solve WF-◊WX‒Used forks and dynamic process priorities
• [SP 07]2
‒Also showed that ◊P solves WF-◊WX ‒Additionally, provided eventual k-fairness‒Used static process priorities with a wait-free
asynchronous doorway
41. Pike, Song, Sastry, ICDCN 20082. Song, Pike, DSN 2007
Eventually Perfect Failure Detector (◊P)
• Strong Completeness: – Every crashed process is eventually and
permanently suspected by every correct process
• Eventual Strong Accuracy: – Every correct process is eventually and
permanently trusted by every correct process
5
Related Work
• [GKK 06]3
‒ Proved ◊P is sufficient to solve wait-free contention management in shared memory
• Also claimed that ◊P is necessary‒ Claim is correct, but…‒ The accompanying reduction and proof of correctness are both flawed
63. Guerraoui, Kapalka, Kouznetsov, DISC 2006
Our Contribution
• We prove ◊P is necessary to solve WF-◊WX‒ First correct reduction and proof of correctness‒ Our result also generalizes [GKK 06] from:
‒ Contention management dining philosophers‒ Shared memory systems message passing
• In conjunction with [SP 07] and [PSS 08]‒ ◊P is the weakest failure detector for WF-◊WX
• Alternatively, ◊P and WF-◊WX encapsulate equivalent temporal assumptions
7
Methodology to Demonstrate Necessity of ◊P for WF-◊WX
• Based on results from [CHT 96]
• Suppose D is strictly weaker than ◊P‒ And D can solve WF-◊WX
• If ◊P can be extracted from WF-◊WX‒ Then ◊P can be extracted from D
• Contradiction!
D WF-◊WXAssumption
◊PConstruction
8
[GKK 06] Construction to Extract ◊P
• Witness W monitors the liveness of subject S• S and W compete in a (black-box) dining instance• S: Upon eating, never exit
– Send heartbeats periodically while eating
• W: Upon eating, suspect S and exit– Upon receiving a heartbeat, trust S and become hungry
9
S
W
◊WXestablished
W never eats. Hence,W trusts S permanently
W stops receiving heartbeats. W suspects S permanently
Counter-Example Algorithm [PSS 08]
• ◊P-based algorithm for WF-◊WX • Might not satisfy ◊WX if some correct
process has an infinite eating session
• Each process pair shares a unique fork• Hungry processes request missing forks
only from trusted neighbors• Process X can eat if for each neighbor Y
– X holds the fork shared with Y, or– Y is suspected by the ◊P module at X
10
Counter Example (cont.)
Eventually ◊P stops making mistakes Weak exclusion guaranteed subsequently
11
S
W
◊Pconverges
◊WXestablished
Ψ
!If S eats for an infinite duration, then ◊WX may never be established!
New Construction: Requirements
12
S
W◊WX
establishedSuspect S! Trust S... Suspect S!Trust S...
• Eating sessions must be finite• But when subject S is not eating, witness W
can eat unboundedly many times‒ If so, W could suspect S infinitely often
• Need a mechanism to throttle the witness W
New Construction: Throttling The Witness
13
S0
S1
W0
W1
S W
Dining0
Dining1
• Introduce another subject-witness pair• W has two witnesses to detect the liveness of S• Each subject-witness pair throttles the other• Careful hand-off of eating sessions
Witness Actions
• Wi becomes hungry• Upon eating
‒Trusts S if alive bit is true‒Else, suspects S‒Resets alive bit to false‒Enables W1-i to become
hungry‒Exits eating
• Upon receiving ping from Si‒Set alive bit to true‒Send an ack to Si
14
S0
S1
W0
W1
S W
Dining0
Dining1
LegendThinking Hungry Eating
Witness Actions – Timeline
15
w0
w1
1
2
3
. . . 4 . . .
. . .
Enable
Ena
ble
Ena
ble
Enable
LegendThinking Hungry Eating
Subject Actions
• Si becomes hungry• Upon eating
‒ Waits until S1-i exits eating
‒ Sends ping to Wi
‒ Waits for ack‒ Upon receiving ack‒ Enables S1-i to become
hungry‒ Waits until S1-i is eating‒ Exits eating
16
S0
S1
W0
W1
S W
Dining0
Dining1
LegendThinking Hungry Eating
PINGACK
PINGACK
Subject Actions - Timeline
17
6
1s0
s1
2
3
4
5
. .. . .
.
PIN
G
AC
K
PIN
G
AC
K
AC
K
PIN
G
PIN
G
AC
K
AC
K
AC
K
PIN
G
PIN
G
w0
w1
LegendThinking Hungry EatingEnable
Correctness
• Claim: Proposed construction extracts ◊P• Proof obligations: Show that the
construction satisfies the following‒ Strong Completeness
Every crashed process is eventually and permanently suspected
‒ Eventual Strong Accuracy Every correct process is eventually and
permanently trusted
18
Strong Completeness
19
s0
s1 . ..
. . .
. . .
PIN
G
AC
K
PING AC
K
w0
w1
LegendThinking Hungry EatingEnable
Trust S Suspect S ....
Trust S Suspect S ....
Crash!
Suspect S
Suspect S
Eventual Strong Accuracy
20
2 4
1 3
6
1s
0
s1 2
3
4
5
. .. . .
.
PIN
G
AC
K
PIN
G
AC
K
AC
K
PIN
G
PIN
G
AC
K
AC
K
AC
K
PIN
G
PIN
G
w0
w1
LegendThinking Hungry EatingEnable
Trust S Trust S
Trust S Trust S◊WX
established
Conclusion and Significance
• ◊P is necessary and the weakest failure detector for solving wait-free dining under ◊WX
• The reduction technique itself is of interest‒ Can be used to reason about other variants of the dining philosophers problem
• In conjunction with the result in [SP 07] ‒ There exist asynchronous transformations to convert arbitrary WF-◊WX to bounded-overtaking WF-◊WX
21
