Chapter 7

Simulations and Reductions

Abstract

In complexity theory, it is common to prove results by reduction from one problem to another. For example, textbooks typically prove from first principles that satisfiability (SAT) is NP complete. To show that another problem is also NP-complete, it is enough to show that SAT (or some other problem known to be NP-complete) reduces to the problem in question. Reductions are appealing because they are often technically simpler than proving NP completeness directly.

Reductions can also be applied in distributed computing. This chapter describes a general technique for showing that a protocol in one model can be transformed into a protocol in another model. In addition, we describe a specific transformation, called BG simulation.

Keywords

BG simulation; Reduction; Simulation

We present here a general combinatorial framework to translate impossibility results from one model of computation to another. Once one has proved an impossibility result in one model, one can avoid reproving that result in related models by relying on reductions. The combinatorial framework explains how the topology of the protocol complexes in the two models have to be related to be able to obtain a reduction. We also describe an operational framework consisting of an explicit distributed simulation protocol that implements reductions. Although this protocol provides algorithmic intuition behind the combinatorial simulation framework and may even be of practical interest, a key insight behind this chapter is that there is often no need to construct such explicit simulations. Instead, we can treat simulation as a task like any other and apply the computability conditions of Chapter 5 to show when a simulation protocol exists. These existence conditions are given in terms of the topological properties of the models’ protocol complexes instead of devising pair-wise simulations.

7.1 Motivation

Modern distributed systems are highly complex yet reliable and efficient, thanks to heavy use of abstraction layers in their construction. At the hardware level processes may communicate through low-level shared-register operations, but a programmer uses complex shared objects to manage concurrent threads. Also from the theoretical perspective, researchers have devised algorithms to implement higher-level-of-abstraction shared objects from lower-level-of-abstraction objects. We have already encountered this technique to build larger set agreement boxes from smaller ones (Exercise 5.6) or to implement snapshots from single-writer/multireader registers (Exercise 4.12). We say snapshots can be simulated in a wait-free system where processes communicate using single-writer/single-reader registers. Simulations are useful also to deduce the relative power of abstractions; in this case, snapshots are as powerful as single-writer/single-reader registers, but not more powerful. In contrast, a consensus shared black box cannot be simulated in a wait-free system where processes communicate using only read-write registers, as we have already seen.

Software systems are built in a modular fashion using this simulation technique, assuming a black box for a problem has been constructed and using it to further extend the system. However, this technique is also useful to prove impossibility results. In complexity theory, it is common to prove results by reduction from one problem to another. For example, to prove that there is not likely to exist a polynomial algorithm for a problem, one may try to show that the problem is NP-complete. Textbooks typically prove from first principles that satisfiability (SAT) is NP-complete. To show that another problem is also NP-complete, it is enough to show that SAT (or some other problem known to be NP-complete) reduces to the problem in question. Reductions are appealing because they are often technically simpler than proving NP completeness directly.

Reductions can also be applied in distributed computing for impossibility results. For example, suppose we know that a colorless task has no wait-free layered immediate snapshot protocol, and we want to know whether it has a image-resilient protocol for some image. One way to answer this question is to assume that an image-process, image-resilient protocol exists and devise a wait-free protocol where image processes “simulate” the image-resilient image-process protocol execution in the following sense: The image-processes use the code for the protocol to simulate an execution of the image-processes. They assemble mutually consistent final views of an image-process protocol execution during which at most image processes may fail. Each process halts after choosing the output value that would have been chosen by one of the simulated processes. Because the task is colorless, any process can choose any simulated process’s output, so this simulation yields a wait-free image-process layered protocol, contradicting the hypothesis that no such protocol exists. Instead of proving directly that no image-resilient protocol exists, we reduce the image-resilient problem to the previously solved wait-free problem.

In general, we can use simulations and reductions to translate impossibility results from one model of computation to another. As in complexity theory, once one has proved an impossibility result in one model, one can avoid reproving that result in related models by relying on reductions. One possible problem with this approach is that known simulation techniques, such as the BG-simulation protocol presented in Section 7.4, are model-specific, and a new, specialized simulation protocol must be crafted for each pair of models. Moreover, given two models, how do we know if there is a simulation before we start to try to design one?

The key insight behind this chapter is that there is often no need to construct explicit simulations. Instead, we can treat simulation as a task like any other and apply the computability conditions of Chapter 5 to show when a simulation protocol exists. These existence conditions are given in terms of the topological properties of the models’ protocol complexes and are likely to be easier to determine in general than devising pair-wise simulations. Once it is known that a simulation exists, one may then concentrate on finding an efficient one that might be of practical interest.

7.2 Combinatorial setting

So far we have considered several models of computation. Each one is given by a set of process names, image; a communication medium, such as shared memory or message-passing; a timing model, such as synchronous or asynchronous; and a failure model, given by an adversary, image. For each model of computation, once we fix a colorless input complex image, we may consider the set of final views of a protocol. We have the combinatorial definition of a protocol (Definition 4.2.2), as a triple image where image is an input complex, image is a protocol complex (of final views), and image is an execution map. For each image, a model of computation may be represented by all the protocols on image.

Definition 7.2.1

A model of computation image on an input complex image is a (countably infinite) family of protocols image.

Consider for instance the image-process, colorless layered immediate snapshot protocol of Chapter 4. If we take the wait-free adversary and any input complex image, the model image obtained consists of all protocols image, corresponding to having the layered immediate snapshot protocol execute image layers, where image is the complex of final configurations and image the corresponding carrier map. Similarly, taking the image-resilient layered immediate snapshot protocol of Figure 5.1 for image processes and input complex image consists of all protocols image, corresponding to executing the protocol for image layers.

Definition 7.2.2

A model of computation image solves a colorless task image if there is a protocol in image that solves that task.

Recall that a protocol image solves a colorless task image if there is a simplicial map image carried by image. Operationally, in each execution, processes end up with final views that are vertices of the same simplex image of image. Moreover, if the input simplex of the execution is image, then image. Each process finishes the protocol in a local state that is a vertex of image and then applies image to choose an output value. These output values form a simplex in image.

For example, the model image solves the iterated barycentric agreement task image for any image. To see this, we must verify that there is some image such that the protocol image solves image.

A reduction is defined in terms of two models of computation: a model image (called the real model) and a model image (called the virtual model). They have the same input complex image, but their process names, protocol complexes, and adversaries may differ. The real model reduces to the virtual model if the existence of a protocol in the virtual model implies the existence of a protocol in the real model.

For example, the image-resilient layered immediate snapshot model image for image processes trivially reduces to the wait-free model image. Operationally it is clear why. If a wait-free image-process protocol solves a task image it tolerates failures by image processes. The same protocol solves the task if only image out of the image may crash. Combinatorially, the definition of reduction is as follows.

Definition 7.2.3

Let image be an input complex and image be two models on image. The (real) model image reduces to the (virtual) model image if, for any colorless task image with input complex image, a protocol for image in image implies that there is a protocol for image in image.

We typically demonstrate reduction using simulation.

Definition 7.2.4

Let image be a protocol in image and image a protocol in image. A simulation is a simplicial map

image

such that for each simplex image in image maps image to image.

The operational intuition is that each process executing the real protocol chooses a simulated execution in the virtual protocol, where each virtual process has the same input as some real process. However, from a combinatorial perspective, it is sufficient to show that there exists a simplicial map image as above. Note that image may be collapsing: Real processes with distinct views may choose the same view of the simulated execution.

The left-hand diagram of Figure 7.1 illustrates how a protocol solves a task. Along the horizontal arrow, image carries each input simplex image of image to a subcomplex of image. Along the diagonal arrow, a protocol execution, here denoted image, carries each image to a subcomplex of its protocol complex, denoted by image, which is mapped to a subcomplex of image along the vertical arrow by the simplicial map image. The diagram semi-commutes: The subcomplex of image reached through the diagonal and vertical arrows is contained in the subcomplex reached through the horizontal arrow.

image

Figure 7.1 Carrier maps are shown as dashed arrows, simplicial maps as solid arrows. On the left, image via image solves the colorless task image. In the middle, image simulates image via image. On the right, image via the composition of image and image solves image.

Simulation is illustrated in the middle diagram of Figure 7.1. Along the diagonal arrow, image carries each input simplex image of image to a subcomplex of its protocol complex image. Along the vertical arrow, image carries each input simplex image of image to a subcomplex of its own protocol complex image, which is carried to a subcomplex of image by the simplicial map image. The diagram semi-commutes: The subcomplex of image reached through the vertical and horizontal arrows is contained in the subcomplex reached through the diagonal arrow. Thus, we may view simulation as solving a task. If we consider image as a task, where image is input complex and image is output complex, then image solves this task with decision map image carried by image.

Theorem 7.2.5

If every protocol in image can be simulated by a protocol in image, then image reduces to image.

Proof

Recall that if image has a protocol image for a colorless task image, then there is a simplicial map image carried by image, that is, image for each image. If model image simulates model image, then for any protocol image has a protocol image in image and a simplicial map image such that for each simplex image in image.

Let image be the composition of image and image. To prove that image solves image with image, we need to show that image. By construction,

image

so image also solves imageimage

Theorem 7.2.5 depends only on the existence of a simplicial map. Our focus in the first part of this chapter is to establish conditions under which such maps exist. In the second part, we will construct one operationally.

7.3 Applications

In Chapters 5 and 6, we gave necessary and sufficient conditions for solving colorless tasks in a variety of computational models. Table 7.1 lists these models, parameterized by an integer image. We proved that the colorless tasks that can be solved by these models are the same and those colorless tasks image for which there is a continuous map

image

carried by image. Another way of proving this result is showing that these protocols are equivalent in the simulation sense of Definition 7.2.4.

Lemma 7.3.1

Consider any input complex image and any two models image and image with image. For any protocol image in image there is a protocol image in image and a simulation map

image

carried by image.

Table 7.1

Models that solve the same colorless tasks for each image.

Image

Here are some of the implications of this lemma, together with Theorem 7.2.5:

• A image-process wait-free model can simulate an image-process wait-free model, and vice versa. We will give an explicit algorithm for this simulation in the next section.

• If image, an image-process image-resilient message-passing model can simulate an image-process image-resilient layered immediate snapshot model, and vice versa.

• Any adversary model can simulate any other adversary model for which the minimum core size is the same or larger. In particular, all adversaries with the same minimum core size are equivalent.

• An adversarial model with minimum core size image can simulate a wait-free image-set layered immediate snapshot model.

• A image-resilient Byzantine model can simulate a image-resilient layered immediate snapshot model if image is sufficiently small: image.

7.4 BG simulation

In this section, we construct an explicit shared-memory protocol by which image processes running against adversary image can simulate image processes running against adversary image, where image and image have the same minimum core size. We call this protocol BG simulation after its inventors, Elizabeth Borowsky and Eli Gafni. As noted, the results of the previous section imply that this simulation exists, but the simulation itself is an interesting example of a concurrent protocol.

7.4.1 Safe agreement

The heart of the BG simulation is the notion of safe agreement. Safe agreement is similar to consensus except it is not wait-free (nor is it a colorless task; see Chapter 11). Instead, there is an unsafe region during which a halting process will block agreement. This unsafe region encompasses a constant number of steps. Formally, safe agreement satisfies these conditions:

• Validity. All processes that decide will decide some process’s input.

• Agreement. All processes that decide will decide the same value.

To make it easy for processes to participate in multiple such protocols simultaneously, the safe agreement illustrated in Figure 7.2 is split into two methods: propose(v)and resolve(). When a process joins the protocol with input image, it calls propose(v)once. When a process wants to discover the protocol’s result, it calls resolve(), which returns either a value or image if the protocol has not yet decided. A process may call resolve()multiple times.

image

Figure 7.2 Safe Agreement protocol: Code for image.

The processes share two arrays: announce[]holds each process’s input, and level[]holds each process’s level, which is 0, 1, or 2. Each image starts by storing its input in announce[i], making that input visible to the other processes (Line 9). Next, image raises its level from 0 to 1 (Line 10), entering the unsafe region. It then takes a snapshot of the level[]array (Line 11). If any other process is at level 2 (Line 12), it leaves the unsafe region by resetting its level to 0 (Line 13). Otherwise, it leaves the unsafe region by advancing its level to 2 (Line 15). This algorithm uses only simple snapshots because there is no need to use immediate snapshots.

To discover whether the protocol has chosen a value and what that value is, image calls resolve(). It takes a snapshot of the level[]array (Line 18). If there is a process still at level 1, then the protocol is unresolved and the method returns image. Otherwise, image decides the value announced by the processes at level 2 whose index is least (Line 22).

Lemma 7.4.1

At Line 18, once image observes that level[j]image for all image, then no process subsequently advances to level 2.

Proof

Let image be the least index such that level[k]= 2. Suppose for the sake of contradiction that image later sets level[ent]to 2. Since level[ent]= 1 when the level is advanced, image must have set level[ent]to 1 after image’s snapshot, implying that image’s snapshot would have seen that level[k]is 2, and it would have reset its level to 0, a contradiction. image

Lemma 7.4.2

If resolve()returns a value v distinct from image, then all such values are valid and they agree.

Proof

Every value written to announce[]is some process’s input, so validity is immediate. Agreement follows from Lemma 7.4.1image

If a process fails in its unsafe region, it may block another process from eventually returning a value different from image, but only if it fails in this region.

Lemma 7.4.3

If all processes are nonfaulty, then all calls to resolve()eventually return a value distinct from image.

Proof

When each process finishes propose(), its level is either 0 or 2, so eventually no process has level 1. By Lemma 7.4.1, eventually no processes sees another at level 1. image

7.4.2 The simulation

For BG simulation, the real model image is an image-resilient snapshot protocol with image processes, image. (It is not layered; see “Chapter notes” section.) The virtual model image is the image-resilient layered snapshot protocol with image processes, image. They have the same colorless input complex image, and both adversaries have the same minimum core size image. For any given image-layered protocol image in image, we need to find a protocol image in image and a simplicial map

image

such that, for each simplex image in image maps image to image. We take the code for protocol image (as in Figure 5.5) and construct image explicitly, with a shared-memory protocol by which the image processes can simulate image. Operationally, in the BG simulation, an image-resilient, image-process protocol produces output values corresponding to final views an image-layered, image-resilient, image-process protocol. The processes image start with input values, which form some simplex image. They run against adversary image and end up with final views in image. If image has final view image, then image produces as output a view image, which could have been the final view of a process image in an image-layer execution of the virtual model under adversary image, with input values taken from image.

The BG-simulation code is shown in Figure 7.3. In the simulated computation, image processes image share a two-dimensional memory mem[0..R][0..m]. At layer 0, the state of each image is its input. At layer image, for image writes its current state to mem[r][i], then waits until the set of processes that have written to mem[r][·]constitutes a survivor set for image. image then takes a snapshot of mem[r][·], which becomes its new state. After completing image steps, image halts.

image

Figure 7.3 BG Simulation Protocol: Code for image.

This computation is simulated by image processes image. Each image starts the protocol by proposing its own input value as the input initially written to memory by each image (Line 8). Because the task is colorless, the simulation is correct even if simulated inputs are duplicated or omitted. Thus, if image is the (colorless) input simplex of the image processes, then each simulated image will take a value from image as input, and altogether the simplex defined by the image processes’ inputs will be a face of image.

In the main loop (Line 10), image tries to complete a step on behalf of each image in round-robin order. For each image tries to resolve the value image wrote to memory during its previous layer (Line 13). If the resolution is successful, image writes the resolved value on image’s behalf to the simulated memory (Line 15). Although multiple processes may write to the same location on image’s behalf, they all write the same value. When image observes that all image simulated layers have been written by simulated survivor sets (Line 16), then image returns the final state of some image.

Otherwise, if image did not return, image checks (Line 18) whether a survivor set of simulated processes for image has written values for that layer (Figure 7.4). If so, it takes a snapshot of those values and proposes that snapshot (after discarding process names, since the simulated protocol is colorless) as image’s state at the start of the next layer. Recall that adversaries image have minimum core size image. Thus, when image takes a snapshot in Line 19, at least image entries in image have been written, and hence the simulated execution is image-resilient.

Theorem 7.4.4

The BG simulation protocol is correct if image, the maximum survivor set size for the adversaries image is less than or equal to image.

Proof

At most image of the image processors can fail in the unsafe zone of the safe agreement protocol, blocking at most image out of the image simulated processes, leaving image simulated processes capable of taking steps. If image, there are always enough unblocked simulated processes to form a survivor set, ensuring that eventually some process completes each simulated layer. image

image

Figure 7.4 Testing whether a simulated survivor set has reached a layer.

7.5 Conclusions

In this chapter we have once more seen the two faces of distributed computing: algorithmic and combinatorial. If we know a task is unsolvable in a certain model image and we want to show it is unsolvable in another model image, then it is natural to try to reduce model image to model image instead of proving the impossibility result from scratch in image, especially if model image seems more difficult to analyze than model image. The end result of a reduction is a simplicial map from protocols in image to protocols in image. We can produce such a simplicial map operationally using a protocol in image, or we can show it exists, reasoning about the topological properties of the two models.

The first reduction studied was for image-set agreement. It was known that it is unsolvable in a (real) wait-free model image even when image for image processes. Proving directly that image-set agreement is unsolvable in a (virtual) image-resilient model, image, when image seemed more complicated. Operationally, one assumes (for contradiction) that there is a image-set agreement protocol in image. Then a generic protocol in image is used to simulate one by one the instructions of the protocol to obtain a solution for image-set agreement in image.

This operational approach has several benefits, including the algorithmic insights discovered while designing a simulation protocol, and its potential applicability for transforming solutions from one model of computation to another. However, to understand the possible reductions among a set of image models of computation, we would have to devise image explicit pair-wise simulations, each simulation intimately connected with the detailed structure of two models. Each simulation is likely to be a protocol of nontrivial complexity requiring a nontrivial operational proof.

By contrast, the combinatorial approach described in this chapter requires analyzing the topological properties of the protocol complexes for each of the image models. Each such computation is a combinatorial exercise of the kind that has already been undertaken for many different models of computation. This approach is more systematic and, arguably, reveals more about the underlying structure of the models than explicit simulation algorithms. Indeed, in the operational approach, once a simulation is found, we also learn why it existed, but this new knowledge is not easy to formalize; it is hidden inside the correctness proof of the simulation protocol.

We note that the definitions and constructions of this chapter, both the combinatorial and the operational, work only for colorless tasks. For arbitrary tasks, we can also define simulation in terms of maps between protocol complexes, but these maps require additional structure (they must be color-preserving, mapping real to virtual processes in a one-to-one way). See Chapter 14.

7.6 Chapter notes

Borowsky and Gafni [23] introduced the BG simulation to extend the wait-free set agreement impossibility result to the image-resilient case. Later, Borowsky, Gafni, Lynch, and Rajsbaum [27] formalized and studied the simulation in more detail.

Borowsky, Gafni, Lynch, and Rajsbaum [27] identified the tasks for which the BG simulation can be used as the colorless tasks. This class of tasks was introduced in Herlihy and Rajsbaum [80,81], under the name convergence tasks, to study questions of decidability.

Borowsky and Gafni [25] and later Chaudhuri and Reiners [41] used the BG simulation to define and study the set agreement partial order [79]. Gafni and Kuznetsov [65] used the simulation to reduce solvability of colorless tasks under adversaries to wait-free solvability (see Exercise 7.3). Imbs and Raynal [97] consider a variant of the BG simulation where processes communicate through objects that can be used by at most image processes to solve consensus as well as read-write registers. More broadly, BG simulation can be used to relate the power of different models to solve colorless tasks (see Exercise 7.10). Gafni, Guerraoui, and Pochon [60] use BG simulation to derive a lower bound on the round complexity of image-set agreement in synchronous message-passing systems.

Gafni [62] extends the BG simulation to certain colored tasks, and Imbs and Raynal [96] discuss this simulation further.

The BG-simulation protocol we described is not layered (though the simulated protocol is layered). This protocol can be transformed into a layered protocol (see Chapter 14 and the next paragraph). Herlihy, Rajsbaum, and Raynal [87] present a layered safe agreement protocol (see Exercise 7.6).

Other simulations [26,67] address the computational power of layered models, where each shared object can be accessed only once. In Chapter 14 we consider such simulations between models with the same sets of processes, but different communication mechanisms.

Chandra [35] uses a simulation argument to prove the equivalence of image-resilient and wait-free consensus protocols using shared objects.

Exercise 7.1 is based on Afek, Gafni, Rajsbaum, Raynal, and Travers [4], where reductions between simultaneous consensus and set agreement are described.

7.7 Exercises

Exercise 7.1

In the image-simultaneous consensus task a process has an input value for image independent instances of the consensus problem and is required to decide in at least one of them. A process decides a pair image, where image is an integer between image and image, and if two processes decide pairs image and image, with image, then image, and image was proposed by some process to consensus instance image and image. State formally the image-simultaneous consensus problem as a colorless task, and draw the input and output complex for image. Show that image-set agreement and image-simultaneous consensus (both with sets of possible input values of the same size) are wait-free equivalent (there is a read-write layered protocol to solve one using objects that implement the other).

Exercise 7.2

Prove that if there is no protocol for a task using immediate snapshots, then there is no protocol using simple snapshots.

Exercise 7.3

Using the BG simulation, show that a colorless task is solvable by an image-resilient layered snapshot protocol if and only if it is solvable by a image-resilient layered immediate snapshot protocol, where image is the size of the minimum core of image (and in particular by a image process wait-free layered immediate snapshot protocol).

Exercise 7.4

Explain why the wait-free safe agreement protocol does not contradict the claim that consensus is impossible in the wait-free layered immediate snapshot memory.

Exercise 7.5

The BG simulation uses safe agreement objects that are not wait-free. Suppose consensus objects are available. What would be the simulated executions if the BG-simulation used consensus objects instead of safe agreement objects?

Exercise 7.6

Describe an implementation of safe agreement using two layers of wait-free immediate snapshots. Explain why your protocol is not colorless.

Exercise 7.7

Prove Lemma 7.3.1.

Exercise 7.8

In the BG simulation, what is the maximum number of snapshots a process can take to simulate an image-round layered protocol?

Exercise 7.9

For the BG simulation, show that the map image, carrying final views of the simulating protocol to final views of the simulated protocol, is onto: every simulated execution is produced by some simulating execution.

Exercise 7.10

Consider Exercise 5.6, where we are given a “black box” object that solves image-set agreement for image processes. Define a wait-free layered model that has access to any number of such boxes as well as read-write registers. Use simulations to find to which of the models considered in this chapter it is equivalent in the sense that the same colorless tasks can be solved.

Exercise 7.11

We have seen that it is undecidable whether a colorless task has a image-resilient layered snapshot protocol for image (Corollary 5.6.12). Use simulations to conclude undecidability results in other models. More generally, suppose that in a virtual model image colorless task solvability is undecidable. State a theorem that allows us to conclude undecidability in a real model image.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset