The Weakest Failure Detector to
Solve Wait-Free Dining under
Eventual Weak Exclusion
Srikanth Sastry*
Scott M. Pike
Jennifer Welch
Texas A&M University
http://parasol.tamu.edu
1
Generalized Dining Philosophers
Diners cycle among three states
Thinking
Eating
• Arbitrary graph topology
• Nodes = processes (diners)
• Edges = potential conflicts
Hungry
• Dining Constraints
‒
‒
Thinking may last forever
Eating must be finite for
correct diners
2
Wait-Free Dining under Eventual
Weak Exclusion
• Wait Freedom (WF)
– Every correct hungry process eventually eats
– Regardless of process crashes

Eventual Weak Exclusion (◊WX)
– Eventually, no two live neighbors eat
simultaneously
– Intuitively, ◊WX permits only finitely many
scheduling mistakes in any run
3
History
• [PSS 08]1
‒Proved ◊P is sufficient to solve WF-◊WX
‒Used forks and dynamic process priorities
• [SP 07]2
‒Also showed that ◊P solves WF-◊WX
‒Additionally, provided eventual k-fairness
‒Used static process priorities with a wait-free
asynchronous doorway
1.
2.
Pike, Song, Sastry, ICDCN 2008
Song, Pike, DSN 2007
4
Eventually Perfect Failure
Detector (◊P)
• Strong Completeness:
– Every crashed process is eventually and
permanently suspected by every correct
process
• Eventual Strong Accuracy:
– Every correct process is eventually and
permanently trusted by every correct
process
5
Related Work
• [GKK 06]3
‒ Proved ◊P is sufficient to solve wait-free
contention management in shared memory
• Also claimed that ◊P is necessary
‒ Claim is correct, but…
‒ The accompanying reduction and proof of
correctness are both flawed
3.
Guerraoui, Kapalka, Kouznetsov, DISC 2006
6
Our Contribution
• We prove ◊P is necessary to solve WF-◊WX
‒ First correct reduction and proof of correctness
‒ Our result also generalizes [GKK 06] from:
‒ Contention management  dining philosophers
‒ Shared memory systems  message passing
• In conjunction with [SP 07] and [PSS 08]
‒ ◊P is the weakest failure detector for WF-◊WX
• Alternatively, ◊P and WF-◊WX encapsulate
equivalent temporal assumptions
7
Methodology to Demonstrate
Necessity of ◊P for WF-◊WX
• Based on results from [CHT 96]
• Suppose D is strictly weaker than ◊P
‒ And D can solve WF-◊WX
• If ◊P can be extracted from WF-◊WX
‒ Then ◊P can be extracted from D
• Contradiction!
D
◊P
WF-◊WX
Assumption
Construction
8
[GKK 06] Construction to Extract ◊P
• Witness W monitors the liveness of subject S
• S and W compete in a (black-box) dining instance
• S: Upon eating, never exit
– Send heartbeats periodically while eating
• W: Upon eating, suspect S and exit
– Upon receiving a heartbeat, trust S and become hungry
S
W
W never eats. Hence,
W stops receiving heartbeats.
◊WX
W trusts S permanently
W suspects S permanently
9
established
Counter-Example Algorithm [PSS 08]
• ◊P-based algorithm for WF-◊WX
• Might not satisfy ◊WX if some correct
process has an infinite eating session
• Each process pair shares a unique fork
• Hungry processes request missing forks
only from trusted neighbors
• Process X can eat if for each neighbor Y
– X holds the fork shared with Y, or
– Y is suspected by the ◊P module at X
10
Counter Example (cont.)


Eventually ◊P stops making mistakes
Weak exclusion guaranteed subsequently
S
!
W

If S eats for an infinite duration, then
◊WX may never be established!
◊P
converges
◊WX
established
11
New Construction: Requirements
• Eating sessions must be finite
• But when subject S is not eating, witness W
can eat unboundedly many times
‒ If so, W could suspect S infinitely often
• Need a mechanism to throttle the witness W
S
W
Trust S ... Suspect S!
◊WX
established
Trust S ... Suspect S!
12
New Construction: Throttling The
Witness
•
•
•
•
Introduce another subject-witness pair
W has two witnesses to detect the liveness of S
Each subject-witness pair throttles the other
Careful hand-off of eating sessions
S0
S1
S
Dining0
Dining1
W0
W1
W
13
Witness Actions
• Wi becomes hungry
• Upon eating
‒Trusts S if alive bit is true
‒Else, suspects S
‒Resets alive bit to false
‒Enables W1-i to become
hungry
‒Exits eating
• Upon receiving ping from Si
‒Set alive bit to true
‒Send an ack to Si
Dining0
S0
S1
S
Thinking
W0
Dining1
Legend
Hungry
W1
W
Eating
14
Witness Actions – Timeline
w0
w1
1
...
...
3
2
...
4
Legend
Thinking
Hungry
Eating
15
Subject Actions
• Si becomes hungry
• Upon eating
‒ Waits until S1-i exits eating
‒ Sends ping to Wi
‒ Waits for ack
‒ Upon receiving ack
‒ Enables S1-i to become
hungry
‒ Waits until S1-i is eating
‒ Exits eating
S0
S1
Dining0
PING
ACK
Dining1
PING
ACK
W0
W1
W
S
Legend
Thinking
Hungry
Eating
16
Subject Actions - Timeline
w0
s0
s1
.
..
1
3
2
5
4
6
..
.
w1
Legend
Enable
Thinking
Hungry
Eating
17
Correctness
• Claim: Proposed construction extracts ◊P
• Proof obligations: Show that the
construction satisfies the following
‒ Strong Completeness
 Every crashed process is eventually and
permanently suspected
‒ Eventual Strong Accuracy
 Every correct process is eventually and
permanently trusted
18
Strong Completeness
Trust S
w0
s0
s1
.
..
Suspect S
...
Suspect S ....
Crash!
w1
Suspect S
Trust S
...
Suspect S ....
Legend
Enable
Thinking
Hungry
Eating
19
Eventual Strong Accuracy
Trust S
1
w0
s0
s1
.
..
1
Trust S
3
3
2
5
4
6
..
.
w1
◊WX
established
2
Trust S
Enable
Legend
Thinking
4
Trust S
Hungry
Eating
20
Conclusion and Significance
• ◊P is necessary and the weakest failure
detector for solving wait-free dining under
◊WX
• The reduction technique itself is of interest
‒ Can be used to reason about other variants of
the dining philosophers problem
• In conjunction with the result in [SP 07]
‒ There exist asynchronous transformations to
convert arbitrary WF-◊WX to boundedovertaking WF-◊WX
21
Thank You!
Srikanth Sastry
[email protected]
http://srikanth.sastry.name
http://parasol.tamu.edu
22