Rachid Guerraoui, EPFL

Adversary-Oriented Computing

AOC

Adversary-Oriented Computing

Act 1: from centralized to distributed

Act 3: Adversary-Oriented Computing

Act 2: from algorithms to systems

Queue Storage

e-X

Objects

Storage

Queue

enQueue() deQueue()

read() write()

Algorithm

Minimize complexity

C(O)

enQueue() deQueue()

Queue Queue Queue

clients

messages messages

Distributed Algorithm

C(O,A)

P1;P1;P1;P2;P2;P2;P3;P3;P3;..

P1;P2;P3;P1;P2;P3;P1;P2;P3;..

Sequential

P1;P1;P1;P1;P1;P1;P1;..Centralized

Synchronous

P1;P2;P1;P3;P2;P3;P1;P1;P3;.. AsynchronousP1;P3;P1;P3;P2;P3;P1;P1;P3;..

Synchronous-F1P1;P2;P3;P2;P3;P2;P3;P2;P3;.. P1;P2;P3;P1;P2;P1;P2;P1;..

Adversary

Set of runs

The Game

Object (e.g., Queue)

State: a history of requests

A client invokes a request req and delivers a response h(req)

Linearizable Shared Object

Safety: if c1 delivers history h1 and c2 delivers history h2, then one is the

prefix of the other

Liveness: if a correct client c invokes a request req, then c eventually delivers

response h (req)

Asynchronous: infinity

Sequential: 0 step

Concurrency: k steps

Node failures: n steps

What Complexity?

Act 1: from centralized to distributedC(O,A)

Act 2: from algorithms to systems

enQueue() deQueue()

Queue Queue Queue

messages messages

Current Practices?

clients

Polymorphic adversary

C(O,A1,A2,A3,A4) = (2,O(k),O(f),infinity)

What Complexity?

Paxos saga

Tons of examples

X.000 lines of intricate C code

The Distributed System’s Nightmare

In each implementation

Act 1: from centralized to distributed

Act 2: from algorithms to systems

C(O,A)

C(O,A1,A2,..An)

Act 1: from centralized to distributed

Act 3: Adversary-Oriented Computing

Act 2: from algorithms to systems

C(O,A)

C(O,A1,A2,..An)

Dissecting Adversaries

Equivalence classes

Disagreement power (DISC 2010)

Complexity relations (STOC 2009)

Switch(adversary)Case A1: algorithm1();Case A2: algorithm2();

…Case AK: algorithmK();

…Case AN: algorithmN()

Adversary-Oriented Computing

”Premature optimization is the root of all evil”

Knuth

Adversary-Oriented Computing

Queue Queue Queue

Adversary detector

Adversary-Oriented Computing

Progressive abortability

clients

Object

State: a history of requests

A client invokes a request req and delivers a response h(req)

Shared Object (linearizable)

Safety: if c1 delivers history h1 and c2 delivers history h2, then one is the

prefix of the other

Liveness: if a correct client c invokes a request req, then c eventually delivers

response h (req)

AOC Object (A) speculative linearizability

Liveness (1): if a correct client c invokes a request req, then c commits

or aborts h (req)

Liveness (2) : h (req) is committed if the adversary is weaker than A

AOC Object

Safety (1): if c1 commits history h1 and c2 commits h2, then one is prefix of the other

Safety (2): if c1 commits history h1 and c2 aborts h2, then h1 is prefix of h2

Composition Theorem

AOC Object A1 + AOC Object A2

AOC Object (A1 U A2)

=

Examples/References Indulgent algorithms (PODC 00,PODC

02) 700 BFT protocols (Eurosys 10) Test-and-Set (SPAA 12) Speculative Linearizability (PLDI 12) Speculation & Stabilization (PODC 13)

Simplifying

Tests

Revisiting The Paxos Family

Proofs

Optimizations (online)

Act 1: from centralized to distributed

Act 3: Adversary-Oriented Computing

C(O,A)

C(O,A1,A2,..An)

Act 2: from algorithms to systems

C(O,A1) C(O,A2) C(O,An)..

Queue Storagee-X

Dimensions of modularity

control vs. data

AOC

Thank you for your attention

Wandida.com

Internet is an opportunity for teaching

Being recorded while giving a long class

Registering and following a full curriculum