Reconfigurable Lattice Agreement and Applications

Petr Kuznetsov, Thibault Rieutord, Sara Tucci-Piergiovanni, Michael Wagner
2020 International Conference on Principles of Distributed Systems  
Reconfiguration is one of the central mechanisms in distributed systems. Due to failures and connectivity disruptions, the very set of service replicas (or servers) and their roles in the computation may have to be reconfigured over time. To provide the desired level of consistency and availability to applications running on top of these servers, the clients of the service should be able to reach some form of agreement on the system configuration. We observe that this agreement is naturally
more » ... ured via a lattice partial order on the system states. We propose an asynchronous implementation of reconfigurable lattice agreement that implies elegant reconfigurable versions of a large class of lattice abstract data types, such as max-registers and conflict detectors, as well as popular distributed programming abstractions, such as atomic snapshot and commit-adopt. ACM Subject Classification Theory of computation → Distributed algorithms A decentralized service [6, 14, 25, 28] runs on a set of fault-prone servers that store replicas of the system state and run a synchronization protocol to ensure consistency of concurrent data accesses. In the context of a storage system exporting read and write operations, several proposals [2, 3, 18, 20, 23, 31] came out with a reconfiguration interface that allows the servers to join and leave while ensuring consistency of the stored data. Early proposals of reconfigurable storage systems [20] were based on using consensus [16, 21] to ensure that replicas agree on the evolution of the system membership. Consensus, however, is expensive and difficult to implement, and recent solutions [2, 3, 18, 23, 31] replace consensus with weaker abstractions capturing the minimal coordination required to safely modify the system configuration. These solutions, however, lack a uniform way of deriving reconfigurable versions of static objects. Lattice objects. In this paper, we propose a universal reconfigurable construction for a large class of objects. Unlike a consensus-based reconfiguration proposed earlier for generic state-machine replication [26], our construction is purely asynchronous, at the expense of assuming a restricted object behavior. More precisely, we assume that the set L of the object's states can be represented as a (join semi-) lattice (L, ), where L is partially ordered by the binary relation such that for all elements of x, y ∈ L, there exists the least upper bound in L, denoted x y, where , called the join operator, is an associative, commutative, Roadmap. The rest of the paper is organized as follows. We give basic model definitions in Section 2. In Section 3, we define our type of reconfigurable objects, followed by the related notion of reconfigurable lattice agreement in Section 4. In Section 5, we describe our implementation of reconfigurable lattice agreement, and, in Section 6, we show how to use it to implement a reconfigurable L-ADT object. In Section 7 we describe some possible applications. We conclude with, in Section 8, an overview of the related work, and, in Section 9, a discussion on algorithms complexity and possible trade-offs. The full version of this paper, with detailed proofs, is available at [24] . O P O D I S 2 0 1 9 31:4 Reconfigurable Lattice Agreement and Applications 2 Definitions Replicas and clients. Let Π be a (possibly infinite) set of potentially participating processes. A subset of the processes, called replicas, are used to maintain a replicated object. A process can also act as a client, invoking operations on the object and proposing system reconfigurations. Both replicas and clients are subject to crash failures: a process fails when it prematurely stops taking steps of its algorithm. A failure model stipulates when and where failures might occur. We present our failure model in Section 4, where we formally define reconfigurable lattice agreement. Abstract data types. An abstract data type (ADT) is a tuple T = (A, B, Z, z 0 , τ, δ). Here A and B are countable sets called the inputs and outputs. Z is a countable set of abstract object states, z 0 ∈ Z being the initial state of the object. The map τ : Z × A → Z is the transition function, specifying the effect of an input on the object state and the map δ : Z × A → B is the output function, specifying the output returned for a given input and object local state. The input represents an operation with its parameters, where (i) the operation can have a side-effect that changes the abstract state according to transition function τ and (ii) the operation can return values taken in the output B, which depends on the state in which it is called and the output function δ (for simplicity, we only consider deterministic types here, check, e.g., [27] , for more details.) Interval linearizability. We now briefly recall the notion of interval-linearizability [12], a recent generalization of linearizability [22] . Let us consider an abstract data type T = (A, B, Z, z 0 , τ, δ). A history of T is a sequence of inputs (elements of A) and outputs (elements of B), each labeled with a process identifier and an operation identifier. An interval-sequential history is a sequence:
doi:10.4230/lipics.opodis.2019.31 dblp:conf/opodis/KuznetsovRP19 fatcat:4sflycd5ircaxfjvhqadgcy4om