Bounds on the shared memory requirements for Long-Lived &
Adaptive objects
(Extended Abstract)
Yehuda Afek Pazi Boxery Dan Touitouz
Abstract
In this paper we prove:
For any constant d there is a large enough n such that there is no long-lived adaptive im-
plementation of collect or renaming in the read write model with n processes that uses no
more than d MWMR register.
In other words, there is no implementation of a long-lived and adaptive renaming or col-
lect object in the atomic read/write model that uses O(1) multi-writer-multi-reader registers.
In 1989 Burns and Lynch 1] proved that at least n single-writer-multi-reader (SWMR) reg-
isters are necessary in any mutual exclusion algorithm. It is relatively easy to see that any
adaptive non-trivial algorithm uses at least one multi-writer-multi-reader (MWMR) regis-
ter. Here we extend the techniques of Burns and Lynch and prove that adaptive algorithms
such as, collect and renaming, need in addition to the (n) SWMR registers a non-constant,
F (n) number of MWMR registers.
Contact Author: Dan Touitou, dant@il.ibm.com
Tracks: long presentation.
Student paper: Yes, Pazi Boxer is a full-time student
Computer Science Department, Tel-Aviv University and IDC, Herzelia, Israel 69978. afek@math.tau.ac.il
972-3-6408952.
y Computer Science Department, Tel-Aviv University, Israel 69978.
z IBM Tel-Aviv and IDC Herzeliya, dant@il.ibm.com
1 Introduction
Several di erent long-lived adaptive algorithms whose operation complexity is a function of
the actual number of processes running concurrently with the operation execution, have been
presented in recent years 2, 3, 4]. Regardless of the type of adaptiveness and which object was
implemented, they all require (n) MWMR registers in their implementation, where n is the
total number of processes that may participate in the algorithm/implementation. Motivated
by the question whether n MWMR registers are a necessity we prove here that the number
of MWMR registers used by long-lived adaptive renaming (and collect) must be a function of
n. Speci cally, for any constant d there is a large enough n0 such that there is no long-lived
adaptive implementation of collect (and renaming) in the read write model with n0 processes
that uses no more than c MWMR register.
The key proof in this paper is given for a simple object called weak test and set 5], or WT&S
in short. Below we give long lived and adaptive reductions from collect and adaptive renaming
to the WT&S object thus proving our main theorem. A weak test and set object (fully speci ed
in Subsection 2.1) behaves like a test-and-set object except that if a process tries to acquire
the test-and-set bit and it is not alone, then it may fail. That is, if several processes invoke a
weak-test-and-set operation concurrently, they may all fail, leaving the test-and-set bit vacant,
un-captured. Using such a weak and simple object for our proof enables to easily reduce the
result to other objects, as we demonstrate here for renaming and collect.
In proving the impossibility for a WT&S object we follow the Burns and Lynch proof method
which is extended in a non-trivial way here. The proof constructs a run in which two processes
p and q win the test-and-set bit. At some point in the constructed run process p captures the
test-and-set bit, then a set of processes write on all the MWMR registers written by p erasing
all traces of p. This enables another process q to acquire the test-and-set bit, violating the
exclusion property of weak-test-and-set.
A collect object is non-sequentially speci ed as follows: There are n single-writer-multi-
reader registers C1 : : : Cn, one for each process. To write in the collect object process Pi
writes its value in Ci . To perform a collect operation a concurrent process simply reads the n
registers (this is a speci cation!) one at a time and returns the vector of values read.
Reduction from collect to WT&S: To implement a WT&S object from an adaptive collect
object a process simply writes \hungry" in the collect object and performs an (adaptive) collect
operation. If it is the only process that wrote \hungry" it wins the test and set bit. Otherwise
it writes \thinking" and fails in the WT&S operation. A winning process later releases the test
and set bit by writing \thinking" in the collect object.
Reduction from renaming to WT&S: In the long-lived adaptive renaming problem, pro-
cesses repeatedly acquire and release distinct names the names must be in the range f1 : : : f (k)g,
where k is the number of processes that hold names or are actively acquiring a name concur-
rently with a process that acquires a new name. In particular, for any adaptive renaming the
size of a name acquired when a process runs alone (i.e., when no process holds a name or tries
to acquire a name) is bounded by some constant f (1). In a long lived and adaptive WT&S
implementation from adaptive renaming we use one copy of the adaptive renaming object and
an array of f (1) boolean MWMR registers. A process performs the WT&S operation by rst
acquiring a name and checking if the name size is smaller or equal to f (1). If the name size is
larger the process has failed the WT&S and releases the name it has acquired. Otherwise, it
1
veri es that it is the only process holding a name smaller or equal to f (1). For this it writes
true to the MWMR register that corresponds to the name it got, and reads all the f (1) MWMR
registers. If all other registers were read false the process safely wins the WT&S operation.
To reset the test and set bit a process writes false in the corresponding MWMR register, and
releases the name it had acquired.
Another by product of our proof is that there is no adaptive implementation of a multi-
writer-multi-reader register from a system of single-writer-multi-reader registers. Such an im-
plementation would contradict our main theorem with d = 1.
Notice that the long-lived and adaptive implementation of collect in 3] uses O(n) MWMR
registers, thus leaving a rather small gap between the upper and lower bound on the number
of MWMR registers necessary for their adaptive implementation of a collect object.
The formal proof of the main theorem is given in the appendices. In the body of the paper,
Section 2 we make an attempt to describe the proof in a non-formal way. In Subsection 2.1 we
de ne the weak test and set object. In Subsection 2.2 we state the theorem, and in Subsection
2.3 we intuitively provide the de nitions necessary for the informal description of the proof. In
Subsection 2.4 the grand plan of the proof is described, while the informal description of the
proof of the main lemma is given in Subsection 2.5.
2 Informal description of the theorem and its proof
In this section, we informally describe the out-line of the proof. The formal proof is given in
the appendices.
2.1 WT&S
The following program models the behavior of each process that accesses the WT&S object
(TS denotes the WT&S object). This process-program of WT&S has four sections: thinking,
WT&SET, eating and RESET, which are the process states. Every process starts the execution
in the thinking state.
Process p:
repeat forever
thinking sectionp
tbit := WT&SETp (TS)
if tbit=0 f
eating sectionp
RESETp (TS) g
end repeat forever
A WT&S object satis es the following three properties:
Exclusion: If process p is eating at a state s, then all other processes q 6= p are not eating
in s. We refer to the eating section as a critical section.
Solo: If process p becomes hungry (goes out of thinking state), while all other processes
are thinking and no other process becomes hungry, then p must eventually start eating.
Wait-free/ No lockout: If process p performs operation, either WT&SET or RESET in
a WT&S run, then p completes its WT&S operation after a nite number of steps.
2
2.2 The Theorem
Theorem 2.1 For any constant d, there is a large enough nd s.t., there is no long-lived adaptive
WT&S implementation in the read/write shared memory model, in a system with nd processes,
and with no more than d Multi-Writer Multi-Reader registers.
Corollary 2.2 For any constant d, there is a large enough nd s.t., there is no long-lived adap-
tive Renaming and Collect implementations in the read/write shared memory model, in a system
with nd processes, and which no more than d Multi-Writer Multi-Reader registers.
Proof of Corollary 2.2: The corollary follows from Theorem 2.1 and via the reductions
from Renaming and Collect objects to WT&S object.
2.3 Preliminaries
When we say that a condition or property holds in run (segment), we mean that it holds at the
end of the run (segment), unless we speci cally say otherwise.
Consider the following de nition:
A state consists of the state of all processes and the value of all registers in the system.
We say that a system-state s is an idle-state, if all the processes are in the thinking state
at s.
A solo run segment of p is a run segment starting in an idle-state, in which only p takes
steps.
An in-isolation run segment of p is a run segment starting at state s, in which p is
thinking and in which only p takes steps, (unlike solo run, here other processes may not
be thinking).
A system-state s is transparent to process p, if p is thinking in s, and p can not distinguish
its in-isolation run segment starting at s from some solo run segment of p starting at an
idle-state.
Similarly, we de ne state s is transparent to a set of processes Q, if s is transparent
8p 2 Q.
A read/write register r in run segment x, is covered by process p provided that a write
by pto register r is enabled in x.
Whenever we concatenate a run segment x after a state s, we mean the concatenation of
x after some run which ends at s.
W.l.o.g, we assume that each process has only one Single-Writer Multi-Reader register.
All the SWMR registers of a process can always be replaced by one large SWMR register.
A WT&S implementation is adaptive to the interval contention as de ned in 6, 7], if the
number of primitive operations (i.e., read/write operations) is bounded by a function of the
contention during the high-level operation (either WT&SET or RESET) execution. Since we
are proving an impossibility, the weaker notion of contention gives us a stronger result. Here
we consider the contention to be the total number of processes active concurrently with the
high-level operation execution.
We use the term a large enough set, when we refer to a size of a set that goes to 1 when
nd goes to 1.
3
2.4 Sketch of Proof of the theorem
Informal Out-line of the Proof of Theorem 2.1.
The proof is by contradiction. Assume there is a WT&S implementation with d MWMR
registers for a system with more than nd processes. In the proof, we show that under these
conditions there is a run in which two processes p & q are in the critical section (i.e. eating),
at the same time. There are 6 steps in the construction of this run, where by far, the most
di cult step is the rst step:
1. Construct a run pre x 0 s.t., 0 is transparent to p and for every MWMR register written
by p in its in-isolation run segment starting at 0 , is covered.
2. Let iixp be the in-isolation run segment of process p, starting at 0 . Hence p starts eating
in 0 iixp . Let fr1 ::: rkg be the set of MWMR registers written by p in iixp.
3. Construct run segment x clean by enabling the covering writes. I.e., 8ri i = 1 ::: k, let
the process pi that covers ri at 0 iixp write. After all registers in fr1 ::: rkg are written,
let each process pi continue its execution until they all reach the thinking state. I.e.,
run segment x clean cleans all MWMR registers written in iixp and leaves the MWMR
registers in a state equivalent to their state in some idle-state.
4. In the full proof, the set fpig i = 1 ::: k is carefully selected in such a way that none of
the processes pi reads the Single-Writer Multi-Read register RSW that p wrote during
p
iixp. Thus the MWMR registers p wrote are erased and the only trace of p, its SWMR
register is ignored.
5. In the proof, we show how to construct 0 iixp x clean s.t., it is transparent with respect
to q . Therefore, there is an in-isolation run segment iixq at the end of 0 iixp x clean
in which q is eating.
6. At the end of 0 iixp x clean iixq, both p & q are in the critical section, a contradiction.
The sketch of proof for the inductive construction of run 0 , is described in the next section.
This proof is associated to lemma B.1 and the full proof is provided in appendix B.
2.5 Sketch of Proof of the Main Lemma
In the main lemma we construct the required run 0, by using several techniques and methods.
For explanatory reasons only and only in this section, we separate these techniques by
de ning assumptions, starting with very strong assumptions, which are later relaxed until
removing all the assumptions. This is done in three phases, where in each phase we de ne the
lemma again in an informal manner. The formal proof of the lemma without any assumption
is provided in the appendices.
Henceforth in the rest of this paper, we use the following notations. For any constant d,
we consider W to be an adaptive implementation of WT&S in the Read/Write shared memory
model, with a set of d Multi-Writer Multi-Reader registers, RMW . Let k be the length of the
longest solo run segment i.e., the worst case step complexity when there is no contention. Note
that by the de nition of adaptiveness, k is a constant.
Phase 1:
Assumption A:
4
There are no writing operations to SWMR registers in all legal runs (i.e., we assume for the
moment that there are no SWMR registers).
Assumption B: There is a large enough set of processes G s.t., in each transparent state s,
each process p 2 G writes to the same MWMR registers and in the same order.
The sketch of proof under assumption A is somewhat ridiculous. First, under this assump-
tion the result immediately follows from Burns & Lynch 1]. Second, in the rst phase the proof
that relies on this assumption shows that there is no wait-free algorithm. Nevertheless, it is an
important explanatory starting point to understand the complications of the rest of our proof.
Lemma 2.3 For any adaptive WT&S algorithm W under assumptions A & B, let G be as
in assumption B, and s a transparent state with respect to G, then there is run k s.t., s k
is transparent with respect to a large enough Gk G and all the MWMR registers fr1 ::: rkg
written in the in-isolation run segments that follow s k are covered in s k .
Sketch of proof of Lemma 2.3: The proof is by induction on i, the inductive claim is:
Lemma 2.4 For any adaptive WT&S algorithm W under assumptions A & B, let G be as in
assumption B, and s a transparent state with respect to G, then 8i 0 i k, there is run i
s.t., s i is transparent with respect to a large enough Gi G and the rst MWMR registers
fr1 ::: rig written in the in-isolation run segments that follow s i are covered in s i.
1. In the inductive step i = j + 1, our goal is to construct a run j +1 s.t., a write on each
MWMR register of (r1 ::: rj rj +1) is enabled by processes q1 ::: qj +1 at the end of j +1
and the state at j +1 is a transparent state with respect to Gj +1 .
COVER technique: We use the cover technique introduced in Burns & Lynch as follows:
2. From the hypothesis assumption, by the end of j , a write to r1 ::: rj is enabled by j
processes q1 ::: qj and the state of j is a transparent state with respect to Gj .
3. Select any process p 2 Gj and an in-isolation run segment iixp of p starting in j . From
the hypothesis assumption and since p 2 G, p cannot distinguish run segment iixp from
some solo run of p.
4. If p has no j + 1 writing operations to MWMR registers in iixp, then the lemma follows
from the hypothesis assumption, for i = j and assumption B. (I.e., if p does not have a
j + 1 writing operation to a MWMR register, then none of the processes in G has a j + 1
writing operation to a MWMR register, since they all write to the same MWMR registers
at the same order).
5. Otherwise, p has a writing operation to a MWMR register rj +1 on its j + 1 writing
operation in iixp. Consider a pre x of iixp denoted iixp(j + 1) s.t., p is enabled to write
in rj +1 after writing in r1 ::: rj. Currently, any in-isolation run segment after j iixp(j +1)
can read p's writing operations to r1 ::: rj and the state is not transparent. Note that
because of assumption B, p is enabled to write in the same MWMR register rj +1 as all
processes in G.
6. Therefore, we let each process q1 ::: qj write in r1 ::: rj and let them run until all processes
q1 ::: qj are thinking, since WT&S is a wait-free implementation. We denote this run
segment as x clean(j ). By the end of run j iixp(j + 1) x clean(j ) the state is a
5
transparent state with respect to G ; fthe participating processes i.e., pg, since there are
no writing operations by any active (i.e., not thinking) process. Here we use assumption
A, which permits writing operations only to MWMR registers.
7. By the end of run j iixp(j + 1) x clean(j ), only one process p is enabled to write in
rj +1, while the registers r1 ::: rj were written by processes q1 ::: qj which are now back
to thinking.
8. We can activate the hypothesis assumption again, since the new system state is a trans-
parent state with respect to G, as explained in 6. By the hypothesis assumption there
are new j registers r1 ::: rj that a write by processes q1 ::: qj0 is enabled, at the end of
0 0 0
run segment j0 in the following run: j +1 = j iixp(j + 1) x clean(j ) j0 .
REPEATE-COVER technique:
9. To complete our construction out-line, if in-isolation run segments pre xes, with up to
j + 1 writing operations in MWMR registers of all processes in G, starting at j+1 are
writing in the registers r1 r2 ::: rj rj +1, then we are done. Note that by assumption B,
0 0 0
if one process in G is writing to these registers in j +1 , then all processes in G do. The
state at the end of j +1 is a transparent state by following the hypothesis assumption.
10. If the j + 1 register rj +1 in j +1 is not covered, then we repeat steps 3- 10 above, but
0
starting at j +1 . I.e., we keep process p that covers rj +1 alive, each time we repeat and
construct a new cover on the j + 1 register, until either we nish in step 9, or we repeat
till all MWMR registers are covered, i.e. up to d times. In order to simplify our proof, we
do not allow using a cover that was built on induction step j + 1 by lower steps. Thus,
it is a simple calculation of repeating up to d times on step j + 1. By the termination
condition of this loop, there is a cover on all j +1 registers and since d is a constant, there
are enough processes to construct with the repeating covers, since Gj is large enough.
11. We de ne 0 to be the concatenation of all repeating run segments constructed in steps
3- 10 and Gj +1 to be the set Gj without the processes participating in 0 .
Phase 2:
Here we relax the assumptions previously introduced, by removing assumption A.
For the next lemmas we need to de ne the notion of equivalent runs with respect to a set
G. Intuitively, we say that two runs and 0 are equivalent with respect to a set of processes
G if (1) and 0 are both transparent with respect to each process in G, (2) the set of MWMR
registers covered in and 0 are the same, and (3) any process that participates in both and
0 cannot distinguish between the two runs. In particular, for the purpose of the proof we are
interested in equivalent runs in which the set of participating processes are di erent. That is,
at some point of the proof a particular process may \miss-behave" in a way that destroys the
proof, and in such a case we will \replace" it with another process by simply considering an
equivalent run in which the problematic process does not participate.
We rewrite lemma 2.3 as follows:
Lemma 2.5 For any adaptive WT&S algorithm W under assumption B, let G be as in as-
sumption B, and s a transparent state with respect to G, then there is a run k s.t., s k is
transparent with respect to a large enough Gk G and all the MWMR registers fr1 ::: rkg writ-
ten in the in-isolation run segments that follow s k are covered in s k . And in addition there
is a large set of runs equivalent to k with respect to a large enough set of processes G0k Gk .
6
Sketch of proof of Lemma 2.5: The proof is by induction on i, the inductive claim is:
Lemma 2.6 For any adaptive WT&S algorithm W under assumption B, let G be as in as-
sumption B, and s a transparent state with respect to G, then 8i 0 i k, there is run i
s.t., s i is transparent with respect to a large enough Gi G and the rst MWMR registers
fr1 ::: rig written in the in-isolation run segments that follow s i are covered in s i. And
in addition there is a large set of runs equivalent to i with respect to a large enough set of
processes G0i Gi .
Here we will use the explanations of the previous sketch of proof and elaborate, when needed.
1. On the induction step i = j + 1, our goal is to construct a run j +1 , s.t., a write on each
MWMR register in fr1 r2 ::: rj rj +1g is enabled by processes q1 ::: qj +1, at the end of
j +1 and to construct a large enough set of equal runs that holds the same properties as
j.
2. All steps, but step 6 are as in phase 1 (sketch of proof).
RUN GENERATOR/ Equivalent set of runs: By removing assumption A, processes are
allowed to write in SWMR registers. The method we use not to read active processes writing
operations in SWMR registers is by generating instead of one run as in phase 1, a large enough
set of equal runs. The new runs involve other processes than the original run, but the writing
operations to MWMR registers remain the same. By this technique, we can select a run in
which the writing operations are not read afterward, by a large enough set of processes Gj .
The set of these equal runs is large enough, even though in the inductive step, we shrink the
set, but relatively most of the processes are kept. This set of runs correlates to the new set of
processes Gj +1 , as explained in the next paragraph, when describing step 6 again.
The problematic step in which we should reconsider our construction after removing as-
sumption A, is step 6. In this step, the following cases should be addressed:
1. If any of the processes q1 ::: qj reads the SWMR register RSW , p wrote, then the state
p
will not be transparent with respect to Gj , after j iixp x clean. But, if previously we
have chosen from Gj other processes, we could reach a transparent state. Here we use
the adaptive property of algorithm W , to say that the number of operations in x clean
is relatively a low bound (depends on k & d, which are constants). Therefore, q1 ::: qj
can read only few (l) writing operations of SWMR registers written before x clean, when
l 0 is a function of k & d. By de nition, SWMR registers have a one-to-one correlation
with the processes that are writing in them, in any legal run. Removing (up to l) processes
that correspond to the registers q1 ::: qj read in x clean, from Gj , leaves us with a large
enough of the best candidates set G0j +1 . Then, we can repeat the last construction of
steps 3- 6 and this time select p0 instead of p, wisely, i.e. from a large enough set G0j +1 .
2. In x clean there may be also reading operations to the SWMR registers written in j ,
by active processes at the end of j . In this case, again processes q1 ::: qj may revile
the active processes and the state will not be transparent. First, beside q1 ::: qj , there
may be other processes active in j , as a result of the repeating on the construction in
each inductive step. Second, j may involve processes that write in those l registers that
q1 ::: qj read in x clean, because in the j step and before the set of processes to chose
from was larger than G0j +1 . Constructing a new run j from j , from G0j +1 , is possible, as
will be explained in the appendices. In the new run j iixp0 x clean, we just have been
generated, none of the processes q1 ::: qj reads any SWMR register written in j iixp0 .
7
3. TRANSPARENT state : After run j iixp0 x clean the state may still not be a transparent
with respect to G0j +1 , since most of the processes in G0j +1 , when starting their in-isolation
run segment after this run, may read SWMR registers written in j iixp0 x clean. It
seems the same problem we had with q1 ::: qj, but this time we want that most of the
processes in G0j +1 , will not read any writing operation in SWMR that was written by
active processes and not just j processes. We use the adaptiveness property to say that
there is such a set and it is large enough. First, the processes after any transparent
state are limited to k operations, when running an in isolation run segment. I.e., that
each process can read at most k SWMR registers. Second, as showed previously, run j
(as j ) is bound by a function of k & d operations i.e., the number of SWMR writing
operations in j is limited at the same bound. By a calculation that is explained in the
appendices, we reduce the number of best candidates processes by relatively small portion
depends on k & d, and the new set Gj +1 is the set that we should reselect active processes
when reconstructing j iixp0 .
4. Important issues regarding the correctness of this proof, are that processes which were
involved in j and are thinking at the end of j are not replaced (because reading op-
erations of a thinking process, maintain the transparency property) and we do not reuse
processes after involved once in the run, as showed in the step 11 in phase 1.
Phase 3:
Here we delete all the assumptions previously introduced and revile the last technique.
We rewrite lemma 2.3 & 2.5 as follows:
Lemma 2.7 For any adaptive WT&S algorithm W , let G be as large as needed set of processes,
and s a transparent state with respect to G, then there is run k s.t., s k is transparent with
respect to a large enough Gk G and all the MWMR registers fr1 ::: rkg written in the in-
isolation run segments that follow s k are covered in s k . And in addition there is a large
set of runs equivalent to k with respect to a large enough set of processes G0k Gk .
Sketch Proof Lemma 2.7:
Here we will use the explanations of the previous sketch of proof and elaborate, when needed.
1. On the induction step i = j + 1, our goal is to construct a run j +1 , s.t., a write on each
MWMR register in fr1 r2 ::: rj rj +1g is enabled by processes q1 ::: qj +1, at the end of
j +1 and to construct a large enough set of equivalent runs that holds the same properties
as j .
2. All steps, but steps 3 & 5 are as in phase 1 and 2 (sketch of proof).
MULTI/SINGLE: Here we introduce a technique of nding a large as needed set of processes
that are writing in the same MWMR registers with the same order at a transparent state s.
For a given transparent state s, we can calculate a large set as needed from Gj s.t., all pro-
cesses write in the same MWMR registers at the same order in their in-isolation run segments
starting at s. Here we use the assumptions that there is only a constant number of MWMR
registers, d and that W is an adaptive algorithm i.e., the length of all in-isolation run segments
starting at s is bounded by k. Therefore, the number of combinations of a large set of pro-
cesses, where each is writing at most k operations in a constant number of MWMR registers,
8
is relatively small. Thus, there is a large enough set of processes that are writing in the same
MWMR registers in the same order at s.
In step 3 of phase 1, before covering with process p, we shrink the set Gj s.t., the new
set is writing to the same MWMR registers in the same order at j . In step 5, we have only
explained why the construct cover is constructed.
References
1] James E. Burns and Nancy A. Lynch. Bounds on shared memory for mutual exclusion.
Information and Computation, 107(2):171{184, December 1993.
2] H. Attiya and A. Fouren. Adaptive long-lived renaming with read and write oper-
ations. Technical Report 0956, Faculty of Computer Science, Technion, Haifa, 1999.
http://www.cs.technion.ac.il/ hagit/pubs/tr0956.ps.gz.
3] Y. Afek, G. Stupp, and D. Touitou. Long lived adaptive collect with applications. In Proc.
of the 40th IEEE Ann. Symp. on Foundation of Computer Science, pages 262{272, October
1999.
4] Y. Afek, H. Attiya, G. Stupp, and D. Touitou. Adaptive long-
lived renaming using bounded memory. Submitted to DISC99.
ftp://ftp.math.tau.ac.il/pub/stupp/PAPERS/name99.ps.gz, 1999.
5] James H. Anderson and Jae-Heon Yang. Time/contention trade-o s for multiprocessor
synchronization. Information and Computation, 124(1):68{84, 10 January 1996. Also in
STOC94, 224-233.
6] H. Attiya and A. Fouren. Adaptive long-lived renaming with read and write operations.
Extended Abstract, November 1998.
7] Y. Afek, H. Attiya, A. Fouren, G. Stupp, and D. Touitou. Long-lived renaming made
adaptive. In Proc. 18th Annual ACM Symp. on Principles of Distributed Computing, pages
91{103, May 1999.
8] Merritt and Taubenfeld. Knowledge in shared memory systems. DISTCOMP: Distributed
Computing, 7, 1994.
A Preliminaries
A.1 Asynchronous Shared Memory Systems
We assume the standard asynchronous atomic read/write shared-memory model of computation
e.g., 8], 5].
The shared memory R consists of a set RMW of Multi-Writer Multi-Reader registers (MWMR)
and a set RSW of Single-Writer Multi-Reader registers (SWMR).
Without loss of generality, we assume that each process has only one Single-Writer Multi-
Reader register. All the SWMR registers of a process can always be replaced by one large
SWMR register.
9
De nition A.1 An n-process protocol W = (C P R) consists of a non-empty set C of runs,
an n-tuple P = (p1 : : : pn ) of processes and an m-tuple R = (r1 : : : rm) of registers.
A run 2 C is a pair = (I y ) where I is a function assigning initial values to the
registers and y is a nite or in nite sequence of events. When y is nite, we also say that
the run is nite.
Each event corresponds to an atomic step performed by a process. Here we consider only
the following types of events:
readp(r v) - process p reads the value v from register r,
writep(r v ) - process p writes the value v into register r.
A state is the state of all processes and the value of all registers in the system. s = system( )
is the state at the end of run .
De nition A.2 Let = (I y ) and = (I y ) be runs. Run is a pre x of (and is
an extension of ), if y is a pre x of y and I = I .
Our protocol model de nes that for any protocol W = (C P R), 2 C i all nite pre xes
of are also in C .
De nition A.3 Suppose x and y are sequences of events. Let x y be the sequence obtained by
concatenating y after x.
De nition A.4 A run segment x of run = (I y ) is a nite, continuous subsequence of
events s.t., y = y1 x y2 . When y = y1 y2 , we say that x is the empty run segment and
denote it by .
Whenever we concatenate a run segment after a system-state, we mean the concatenation
of some run which ends at that state with the run segment.
De nition A.5 The length of a run segment x denoted jx j, is the number of events in x .
The length of run = (I y ) denoted j j is jy j.
De nition A.6 value(r ) is the value of a register r at the end of a nite run = (I y )
and is the last value that was written into r, or its initial value (determined by I ) if no process
wrote to r in .
Let p be a process, then e(p) denotes an instance of an arbitrary event of p (i.e., readp (r v )
or writep(r v )). We say that e(p) involves process p. Whenever event e(p) is in a run segment
x or in a run , we say that x (or ) involves p, and p participates in x (or ).
Let F (nd ) denote a function of nd s.t., F (nd ) goes to 1 when nd goes to 1. We also use
the term a large enough set, when we refer to a size of a set that goes to 1 when nd goes to 1.
A.2 Additional De nitions & Notations
When we say that a condition or property holds in run (segment), we mean that it holds at the
end of the run (segment), unless we speci cally say otherwise.
When we use a run as a state, we mean the state at the end of the run.
state(p ) 2 fthinkingp WT &SETp eatingp RESETpg is the state of a process p at the
end of run .
10
De nition A.7 We say that a system-state s is an idle-state, if all the processes are in the
thinking state in s.
De nition A.8 A solo run segment of p is a run segment starting in an idle-state, in which
only p takes steps.
De nition A.9 An in-isolation run segment of p is a run segment starting at state s, in which
p is thinking and in which only p takes steps, (unlike solo run here other processes may not be
thinking).
De nition A.10 A system-state s is transparent to process p, if p is thinking in s, and p can
not distinguish an in-isolation run segment that starts at s from some solo run segment of p
starting at an idle-state.
Similarly, we de ne state s is transparent to a set of processes Q, if s is transparent 8p 2 Q.
The set TRANS (Q) is the set of all transparent system-states with respect to Q.
De nition A.11 A read/write register r in run segment x, is covered by process p provided
that a write to register r by p is enabled in x.
De nition A.12 A run segment x is a clean run segment of MWMR registers fr ::: rjg starts
1
at state s, if a set of processes fq1 ::: qj g cover fr1 ::: rjg at s and x is as follows: each process
qi writes in ri, for each i 0 i j , and when all the registers are written, all processes continue
the execution until reaching the thinking state. Only q1 ::: qj participate in x.
De nition A.13 We identify the sequence of l registers that process p writes during an in-
isolation run segment iixp, starting at a transparent state s with respect to p as RIIl(p s) =
freg1(p s) ::: regl(p s)g. This sequence of registers is in theSorder that p writes in iixp. We
extend this notation to a set of processes Q s.t., regi(Q s) = p2Qfregi (p s)g, for i = 1 2 ::: l
and RIIl (Q s) is the sequence (reg1(Q s) reg2(Q s) ::: regl(Q s)). RIIi (p s) & RIIi(Q s)
are the length i pre xes of these sequences respectively.
Similarly, we de ne regMW (p s), regMW (Q s), RIIMW (p s) and RIIMW (Q s) as above,
i i l l
when we consider only the MWMR registers.
The set RII as de ned above, is a set of registers that are written on the rst l writing
operations during an in-isolation run segment of process p, when starting at a state s.
Given a process p and i 0, we say that IISOLp(i + 1) is the set of in-isolation run
segments iixp, that start at some state s transparent to p and iixp contains write operations
regMW (p s) ::: regMW (p s) and at the end of iixp p is enabled to write regMW (p s).
1 i i+1
The Multi/Single de nition below, captures the fact that there is a set of processes that are
writing to the same MWMR registers and at the same order, in their in-isolation run segments,
starting at transparent state s. From this set of processes, we can choose any process and the
same MWMR registers will be written.
De nition A.14 Multi/Single]. We say that a set of processes Q satis es the Multi/Single
property at a transparent state s, if for each MWMR register r, when r is written by a process
p 2 Q, in the j writing operation in the in-isolation run segment starting at s, for some j , then
r is written in the j writing operation in the in-isolation run segments of all processes in Q,
staring at s. (In such a case, we say that register r is Multi, otherwise, we say that register r
is Single).
11
A set of processes Q satis es Multi/Single-i property at a transparent state s, denoted
MSi (Q s), for i 0, if Q satis es the Multi/Single property only for in-isolation run pre-
xes starting at s, for the rst i write operations.
De nition A.15 Continues-Participating]. An active process p is continuously participat-
ing in a run p if p = 1 xp 2 , s.t., xp is an in-isolation run segment of p and p is not
participating in 1 , 2 .
De nition A.16 Transition]. For a continues participating process p in p = 1 xp 2, we
de ne a transition to another continues participating process q 6= p to q s.t., q = 1 xq 2 ,
xq is an in-isolation run segment of q, q does not participate in either 1 or 2 , and q 2 C .
De nition A.17 Equivalence]. If runs and are continues-participating then we say that
they are equivalent with respect to a set of processes Q i , , are transparent with respect to
Q and there are f 0 transitions from to , denoted by f .
De nition A.18 Replaceable]. For a run pre x in which all active processes are con-
tinuous participating we say that is Replaceable with respect to a set of processes Q if is
transparent with respect to Q and if 8q 2 Q there are some equivalent runs s.t., each equivalent
run q to with respect to Qq Q, f q with up to f 0 transitions and jQq j ; g (f ) = jQj,
where g (f ) is a function of f . We simply call it REP ( Q).
Alternate-run (de nition A.19) as will be proved later, is an example of a run that is
replaceable according to de nition A.18. The alternate run consists alternating of in-isolation
and clean run segments as described below.
De nition A.19 Alterate-Run]. Given a run with a constant execution length c and a
large enough set of processes Q, we say that is alternate-run with respect to Q denoted as
ALT ( Q), if consists of alternating run segments i.e, = solo1 clean1 solo2 clean2
soloc cleanc, and for each run pre x (i) = (i ; 1) soloi cleani and (0) = , and the
following conditions hold:
1. (i) is transparent with respect to Q.
2. The property Multi/Single holds for all processes in Q in (i ; 1)
3. Run segment soloi is a pre x of an in-isolation run segment of process p 2 Q, that starts
in (i ; 1) s.t., the rst j MWMR registers fr1 ::: rjg that p writes in soloi are covered
in (i ; 1), for some j 0. (Note that j can be di erent from one run segment to another
in i.e., in soloi there may be j such writing operations and in soloi0 , j 0). And p covers
the j + 1st' MWMR register.
4. Process p 2 Q participates in at most one soloi .
5. Run segment cleani is a clean run segment for registers fr1 ::: rjg according to de nition
A.12 i.e., registers fr1 ::: rj g are written by the covering processes which at the end of
cleani are thinking.
12
B Theorem Proof
Proof of Theorem 2.1. We prove this theorem, via lemma B.6 as will be shown below,
which in turn uses the cover constructed in lemma B.1. By using lemma B.6, for each adaptive
WT&S protocol W = (C P R) with a constant number of Multi-Writer registers, there is a
run 2 C s.t., exists a violation of the exclusion property in . At the end of run , there are
two processes p q 2 P p 6= q , that satisfy state(p ) = eatingp and state(q ) = eatingq . This
violation is a contradiction to the assumption that W is an adaptive WT&S protocol with a
constant number of Multi-Writer Multi-Reader registers.
B.1 The main Lemma
This inductive lemma is not just constructing a run that covers the rst i MWMR registers,
at the current state , but it is also providing a replacement tool which allow us to generate
equivalent runs with respect to MWMR registers and with di erent SWMR registers written in
each new run. Since the proof of this lemma is complicated, we rst give a high level description,
then explain the additional lemmas and nally we provide a full proof.
Lemma B.1 Main - Cover]
Let W be an adaptive WT&S protocol with jRMW j = d, d is a constant and k is the maximum
length of any solo run in W . For a run that satis es the alternate with respect to a set of
processes G, then 8i 0 i k, there are: a run i 2 C , a run segment i and a set Gi G
f
s.t., i = i where, for some f 0 and the following conditions are satis ed:
1. Run i is alternate-run with respect to Gi i.e., ALT ( i Gi).
2. Gi holds the Multi/Single property in i.
3. The set of registers RIIMW (Gi i) are covered in i (i.e., the in-isolation run segments
i
pre xes with up to i writing operations to MWMR registers, starting at i , of all processes
in Gi are covered in i ).
.
B.1.1 Main Lemma high level description
Proof High level description.
Proof is by induction on i. The induction step i = j + 1 k outline is as follows:
(I) By the induction hypothesis, at the end of run j = j , for all in-isolation run
segments of processes in Gj , the rst j writing operations in MWMR registers are covered.
(II) Construct a cover on the j + 1'th register in RMW as follows. If there is a j + 1'th
writing in MWMR register for a large enough set of processes Q(1) Gj , then for a
j +1
process p 2 Q(1) , there is a run segment iixp 2 IISOLp(j + 1) s.t., j iixp is a valid
j +1
run.
(If not - nish and j +1 = j )
13
(III) Construct a run segment x clean(j ) according to clean speci cation in de nition
A.12 s.t., x clean(j ) cleans the MWMR registers p wrote in iixp, and jx clean(j )j =
g (k d), since W is an adaptive protocol.
(IV) Replace processes in j s.t., no process in x clean(j ) reads any SWMR registers
written in j . We denote j to be the run constructed by replacing processes from j
and a set of potential replaceable processes as Q(2) Q(1) . Then we will show that
j +1 j +1
j x clean(j ) is a valid run and Qj +1 is large enough.
(2)
(V) Remove processes from Q(2) and replace processes in j s.t., the new set Q(6) is
j +1 j +1
large enough and the system state at the end of run j x clean(j ) is transparent with
respect to Q(6) . Note that j is replaced again here, but we denote it still with one star.]
j +1
(VI) Remove processes from Q(6) , but still keep a large enough set Q(7) s.t., for each
j +1 j +1
process p 2 Qj +1 Qj +1 , a valid run is constructed from j , x clean(j ) and in-isolation
(7) (6)
run segment of p iixp, where iixp 2 IISOLp(j + 1). Denote the run of p by (p) =
j iixp x clean(j ) and the state by the end of each run (p) is transparent with respect
to Q(7) . This means that whatever process p 2 Q(7) is chosen, at the end of the run (p),
j +1 j +1
the state is always transparent with respect to the set Q(7) . Suppose a process p 2 Q(7)
j +1 j +1
and denote j +1 = (p).
(VII) ALT ( j +1 Q(8) ) is satis ed for a large enough set Q(8) Q(7) .
j +1 j +1 j +1
(VIII) Currently, only the j + 1'th Multi register is covered, while we used the cover on
the rst j registers and their processes are thinking. We activate the induction hypothesis
again. Thus, a new cover on the rst j Multi registers is constructed. We denote the
new run by j +1 = j +1 ] 0j and the new set of processes Gj +1 Q(8) . (Note j +1
that j +1 = j iixp x clean(j )] 0j ). ALT ( j +1 Gj +1) immediately follows from the
induction hypothesis.
(IX) If the j + 1'th Multi register at the new system state sj +1 = system( j +1 ) is already
covered - nish.
Else, repeat building a cover on the j + 1'th Multi register as previously described on
steps (II-IX). We denote j v as a run built on induction step j , in the v 'th repeating time
of steps (II-IX).
(X) ALT ( j +1 v Gj +1 v ): (Term 1 of this lemma). See step (VIII) for j +1 .
(XI) We will show that there is a cover on j + 1 Multi registers and MSk (Gj +1 v sj +1 v )
-conditions 2 & 3 of this lemma. Each time repeating steps (II-IX) of building a cover
on the j + 1'th Multi register, additional one cover on a new j + 1'th Multi register is
achieved. After v = d times, all registers in RMW are covered, unless we nished before,
on step (IX). In order to simplify our proof, we do not allow using a cover that was built
on induction step j + 1 by lower steps. Thus, it is a simple calculation of repeating up
to d times on step j + 1. By the termination condition of this loop, there is a cover on
j + 1 registers. The Multi/Single property immediately follows the induction hypothesis,
in step (IX) on the v 'th interaction.
14
B.1.2 Main Lemma B.1- Additional Claims & Lemmas:
Lemma B.2 argues that given a transparent state s with respect to a large enough set of
processes, then there is a large enough sub-set of processes satisfying the Multi/Single property
at s. We use this lemma to construct a run that covers Multi registers s.t., the last process
which wrote in MWMR register is thinking.
Lemma B.2 Multi/Single]. For any adaptive WT&S protocol W = (C P R) with jRMW j =
d, d is a constant and k is the maximum length of any solo run in W . Suppose a set of processes
G and a state s where, jGj F (nd ) and s is transparent with respect to G. Then 8i (0 i k)
there is Gi G s.t., the following conditions are satis ed:
1. jGij F (nd )
2. MSi (Gi s) for Gi .
Proof Out-line:
Proof is done by induction on the i'th (0 i k) writing operation in all in-isolation
run segment of processes in Gi , starting at s. The induction step (i = j + 1) is divided into
three main steps. First, we prove that the set registers regj +1 (G00+1 s) is the same register
j
in RMW or di erent registers in RSW , where G00+1 Gj and jG00+1 j F (nd ). Then by the
j j
hypothesis assumption on j , which says that there is MSj (Gj s), it is immediately shown that
MSj (G00+1 s) is also true 1. The last step is proving that previous steps can be combined
j
together for Gj +1 , which is actually equal to G00+1 and jGj +1 j F (nd ). (It is simply because
j
Multi registers are from RMW and allowed to be written on several steps, as long as they are
written by all processes in Gj +1 , while Single registers are from RSW , where only one process
can write in each register by de nition.) Then Gj +1 satis es the MSj +1 (Gj +1 s) property.
Lemma B.3 proves the existence of a replacement for a speci c state s. It shows how we
can replace one process and generate a new legal run for each process in a large enough set
Grep s.t., state at the end of each new run is transparent with respect to Grep,
Lemma B.3 One Replacement]. For any adaptive WT&S protocol W = (C P R) with
jRMW j = d, d is a constant and k is the maximum length of any solo run in W . Suppose a set
of processes G, 1 i k, 2 C and a run segment x clean(i) s.t., = x clean(i) and
1. Runs & are Multi/Single and transparent with respect to the set of processes G, where
jGj F (nd ).
2. x clean(i) is a clean run segment as by the speci cation of de nition A.12, for registers
in RIIMW (G ) and in x clean(i) none of the involved processes reads SWMR registers
i
written in .
3. jx clean(i)j t, t is a constant.
Then 8i, there is a large enough set Grep G s.t., for every q 2 Grep there are: a run segment
iixq 2 IISOLq(i + 1), a run q = iixq x clean(i) 2 C and the state at q is transparent
with respect to Grep.
1
Because G00
j +1 G. j
15
Proof Out-line:
Proof technique is to remove processes from G, when their in-isolation run segment , starting
at , includes writing operations to SWMR registers, in which are read later. Reading is either
in run segment x clean(i) or after run segment x clean(i), when executing in-isolation run
segment by processes in G. By the end of this removal-process, the new set Grep is large
enough.
In lemma B.4, we will prove that alternate is an example of a replaceable run. The
motivation is to construct from a given alternate run, a new run s.t., di erent SWMR registers
are written in the new run. This lemma is used by the main lemma B.1.
Lemma B.4 Alternate Replacement] : Suppose a run 2 C is alternate with respect to a
set of processes G i.e., ALT ( G). Then, there is a set Grep G where jGrepj F (nd ) and
is replaceable with respect to Grep i.e., REP ( Grep).
Proof Out-line:
Proof is done by induction on the i'th pre x of run where, each pre x (i +1) is (i) xi+1,
xi+1 = soloi+1 cleani+1 , soloi+1 and cleani+1 are as de ned by the alternate property. On
induction step i + 1, we assume that (i) is REP ( (i) Gi) and prove for (i + 1). In the
induction step, we use lemma B.3 with input (i) cleani+1. As a result of lemma B.3, every
process in Gi+1 Gi can be replaced in the extension xi+1 by any process p 2 Gi+1 . By
induction hypothesis, each active process in (i) can be replaced with processes in Gi. Since,
Gi+1 Gi then we can combine the two results into REP ( (i + 1) Gi+1). The number of
induction steps is bound and the last step is t j j = constant, since j j is a constant by
alternate de nition. Thus, Grep = Gt and jGrepj F (nd ).
Claim B.5 : Suppose a run 2 C is an alternate run with respect to a set of processes G,
(ALT ( G)). Then there is a set of processes Gf G s.t., is alternate run with respect to
Gf (i.e., ALT ( Gf )), for f , some f 0, if for each process p that participates in
and not in , the events of p are of the run segment iixp, where iixp 2 IISOLp(j + 1), for
j 0 and j is the same number of writing operations to MWMR registers and the events are
at the same location as the replaced process (i.e., maintaining the alternate structure of as
speci ed in condition 3 of alternate de nition).
Proof. See appendix C.4.
B.1.3 Proof of lemma B.1.
Proof is by induction on i.
Induction Basis (step i = 0):
(II) Our goal is to construct a cover on rst MWMR register, which is written by most of
the processes during their in-isolation run segments, starting at the current system-state
(by the end of run ), but without writing in this register i.e., i = 0.
By lemma B.2, there is a large as needed set of processes s.t., each process is writing
Multi/Single as all other processes in the set. We activate this lemma for i = k and there
is a set of processes Q1 that is writing into a Multi/Single registers in all in-isolation run
segments of processes in Q1 , starting at the end of . If there is no writing in a Multi
register, then this lemma holds for 1 = , because ALT ( G) and there is no register
16
in RMW to be covered. Multi/Single is satis ed for Q1 and as explained above. If there
is a writing operation in a Multi register, select the in-isolation run segment iixp of a
process p 2 Q1 s.t., iixp 2 IISOLp(1)
(V) Remove processes from Q1 s.t., the new set of processes denoted by Q01 is large enough
and the system state after run 1 is transparent with respect to Q01 as follows:
The same proof as in the induction step (V) sub-steps 1,2. (Use the proof on step (V) of
the induction step for: j = 1 = iixp and x clean(j ) = .) Then we nd Q01 Q1 s.t.,
jQ01j (kjQ j F (nd ). We can replace p with any other process in Q01 and the state by
1
+1) 2
the end of this run is transparent with respect to (Q01 ).
(VII) ALT ( 1 Q01) is immediately true, because ALT ( G) and (V), which says that the
state remains transparent with respect to a smaller set (Q01 ).
(IX) If the rst register at the new system state after run 1 is already covered - nish.
This is the only possible case, since none of the registers in RMW were written and the
current state is transparent for all processes in (Q01 ). Denote G1 = Q01 .
(X) ALT ( 1 G1): (Term 1 of this lemma). See step (VII).
(XI) We will show that there is cover on rst register and there is Multi/Single at the
current system state- conditions 2 & 3 of this lemma. See steps (II) & (IX).
Induction hypothesis on i:Suppose the lemma is true for i = j , 0 j k ; 1.
Induction step i=j+1:
(I) From the induction hypothesis, at the end of run j = j , for all in-isolation
run segments of processes in Gj , the rst j writing operations in MWMR registers are
covered.
(II) Construct a cover on the j + 1'th register in RMW as follows:
1. Finding the j + 1'th register in RMW to be covered: By lemma B.2, there is a
large as needed set of processes s.t., each process is writing Multi/Single as all other
processes in the set. We use this lemma for i = k i.e., till the last writing operation
and let Q(1) Gj denote the set of processes that ful ll the Multi/Single property,
j +1
at the current system state. If processes in Q(1) are writing at least j + 1 writing
j +1
operations into Multi registers, when starting at the end of , then suppose any
p 2 Q(1) and its in-isolation run segment iixp with j + 1 writing operations to
j +1
MWMR registers s.t., iixp 2 IISOLp(j + 1).
2. If there is not a j + 1'th writing operation to RMW ( nished):
If there is no writing operation to RMW by a large enough set of processes denoted as
Q(1) , then the terms of the lemma holds: (We mark j+1 = j and Gj+1 = Q(1) ).
j +1 j +1
(a) ALT ( j +1 Gj +1 ) as follows:
By the induction hypothesis, ALT ( j Gj ) is satis ed for j . This property holds
also for a subset Gj +1 Gj , since jGj +1 j = jQ(1) j F (nd ) and j +1 = j .
j +1
(b) MSk ( j +1 Gj +1) as follows:
As showed above for Q(1) and we de ned Gj +1 = Q(1) .
j +1 j +1
17
(c) There is a cover on j + 1 Multi registers at the current system state, since there
is no j + 1 Multi registers to be covered, the cover on the rst j Multi registers
is the required cover.
(III) Construct a run segment x clean(j ) according to clean speci cation in de nition
A.12 s.t., x clean(j ) cleans the MWMR registers p wrote in iixp, and jx clean(j )j =
g (k d), since W is an adaptive protocol as follows:
1. From the hypothesis assumption, all j writing operations of any process in Q(1) to j +1
MWMR registers are covered by processes involved in j . Construct a run segment
x clean(j ) s.t., for each process q , if q covers a register r 2 RIIMW (Q(1) sj ) (i.e.,
j j +1
registers that are the rst j Multi registers at the current state ), where sj is the state
by the end of j , then activate q to write in r. When all registers in RIIMW (Q(1) sj )
j j +1
are written, let each process q to continue its execution till the thinking state. Note
that each process q can read SWMR registers written during j , because q is not
running an in-isolation run segment or solo run segment.
2. jx clean(j )j = g (k d): We will show that the run execution j iixp until x clean(j )
has a bound execution, then because W is an adaptive protocol and since only j k
processes are involved in x clean(j ), the number of operations allowed is bound by a
function of those bounds, named g (k d). Run j has a bound execution, by alternate
de nition. Since run segment iixp is executed after a transparent state , it is bound
by k like any solo run in protocol W .
(IV) Replace processes in j s.t., no process in x clean(j ) reads any SWMR registers
written in j . We denote j to be a run constructed by replacing processes from j and
we will show that j x clean(j ) is a valid run as follows: First the run j is a valid
run, since ALT ( j Gj ) by induction hypothesis and Q(1) Gj is a large enough set of
j +1
processes to maintain this property. Then a new run denoted by j can be constructed
from j with a set Q(2) j +1 Q(1) and jQ(2) j F (nd ) as of lemma B.4, which says
j +1 j +1
that alternate run is replaceable. On step (III), we proved that jx clean(j )j = g (k d)
therefore, at most g (k d) processes are replaced and there are enough processes to select
from, jQ(2) j F (nd ). The new run is a valid run, by replacement de nition. Clearly,
j +1
none of the involved processes in x clean(j ) are replaced and the concatenation of them
(i.e., j x clean(j )) is a valid run.
(V) Remove processes from Q(2) and replace processes in j s.t., the new set of processes
j +1
denoted by Qj +1 is large enough and the system state at the end of run j x clean(j )
(6)
is transparent with respect to Q(6) as follows: Note that j is replaced here again, but
j +1
we denote it still with one star.] In step (IV) above, we showed that run j is replaceable
with respect to set of processes Q(2) ) and after replacing processes and constructing a
j +1
new run named j , then the state by the end of this run is transparent with respect to
the set of processes Q(2) .
j +1
When concatenating run segment x clean(j ), the system-state may be changed. Processes
in Q(2) may read other processes writing operations to SWMR registers done during j ,
j +1
which they did not before.
18
The proof has similar calculation to lemma B.3, but without adding a process p and here
we also replace processes.
1. In general, each process in its in-isolation run segment can read up to k registers,
when executed in-isolation run segment after transparent state . Therefore, at most
there are k jQ(2) j possible reading operations after the run j by processes from
j +1
Q(2) , since system( j ) 2 TRANS (Q(2) ). Suppose the worst case, in which all the
j +1 j +1
reading operations are only to SWMR registers.
Mark registers in RSW that are potentially read by more than k processes after run
j . Since each register in RSW is written by only one process in protocol W through
all the runs in C , there is a one-to-one correlation from the registers to processes.
At most there are k kQ j processes (and registers in RSW ) that are read by k + 1
(2)
j
j +1
+1
processes or more during possible in-isolation run segments after run j . Then at
least jQ+1 j registers are read by at most k processes and the corresponding set of
(2)
j +1
k
processes is large enough and denoted by Q(3) Q(2) .
j +1 j +1
2. The remained registers in RSW are potentially read by at most k processes from
Q(3) after run j . Each register is also mapped to a process in Q(3) that is the
j +1 j +1
only process that can write in it in protocol W . For each register r of these registers,
select a process p out of k +1 processes in Q(3) s.t., p is not reading register r during
j +1
j . The selected processes (and their corresponding registers in RSW ) are marked by
Q(4) and jQ(4) j jQ+1 j F (nd ). Note that if p is reading SWMR registers where
(3)
j +1
j +1 j +1 k
are written in x clean(j ) it is meaningless, since all involved processes in x clean(j )
are thinking before p starts its execution.
3. Since the active (not in thinking state) processes in j may be not in Q(4) , thenj +1
processes are able to read registers written in this run. We construct a new run, which
is equivalent in the MWMR registers, but with other SWMR registers written. This
is by replacing active processes from j .
We can replace processes from j , because there is a subset of processes named Q(6) j +1
s.t., j is replaceable with respect to this set i.e., REP ( j Q(6) ) as follows. On step
j +1
(IV), we showed that exists a replacement for run j . But here, we have to show that
it is also possible for j . The alternate property exists from the induction hypothesis
for run j and set of processes Gj . When reducing the set of processes size, but still
keeping it large enough the alternate property remains i.e., ALT ( j Q(4) ). Then
j +1
even if replacing processes, but keeping the rules of alternate-replacement, by claim
B.5, the alternate is satis ed for j , but with smaller set of processes, which is still
large enough and denoted by Q(5) . As showed previously, via lemma B.4, a run
j +1
that is alternate is replaceable with respect to a smaller set of processes, which is
still large enough, denoted as Q(6) .
j +1
(VI) Remove processes from Q(6) , but still keep a large enough set Q(7) s.t., for each
j +1 j +1
process p 2 Qj +1 Qj +1 , a valid run is constructed from j , x clean(j ) and in-isolation
(7) (6)
run segment of p iixp, where iixp 2 IISOLp(j + 1). Denote the run of p by (p) =
j iixp x clean(j ) and the state by the end of each run (p) is transparent with respect
19
to Q(7) . This means that whatever process p 2 Q(7) is chosen, at the end of the run (p),
j +1 j +1
the state is always transparent with respect to the set Q(7) . This is possible as a result of
j +1
lemma B.3, which all the conditions are ful lled as proved in previous steps (III), (IV),
(V) and induction hypothesis on i = j .
Suppose a process p 2 Q(7) and denote j +1 = (p).
j +1
(VII) ALT ( j +1 Q(8) ) is satis ed for a large enough set Q(8) Q(7) . The following
j +1 j +1 j +1
terms of ALT de nition hold:
jQ(7) j F (nd ) from (VI) and j j+1j c, where c is constant number as proved (III).
j +1
system( j+1 ) 2 TRANS (Q(7) ) by (VI).
j +1
By the induction hypothesis on j Multi/Single is satis ed for each pre x of run j and
by the end of j with set Gj . Set Q(7) Gj , therefore the Multi/Single remains. Note
j +1
that it remains also after the replacements, since we choose only from subsets of Gj .
For each run segment x = iixp(t + 1) x clean(t) for some t 0 and p 2 G, the following
holds: Consider a process p is involved in the in-isolation run segment of x.
1. Run segment iixp(t + 1) 2 IISOLp(t + 1), by construction during all run j +1 and
even when replacing processes it is maintained.
2. Every process p is involved in only one iixp (j + 1) run segment during , by con-
u
struction.
3. x clean(j ) is a run segment as by the speci cation of de nition A.12, because of the
construction of clean(j ) and the replacements we did in step (IV) above.
The extension of j is the last run segment iixp x clean(j ). On step (VI), we showed
that j +1 is transparent with respect to Q(7) , where j +1 = j iixp x clean(j ).
j +1
At j +1 also Multi/Single is satis ed. Since, the state by the end of run j +1 is transparent
, we can use lemma B.2 again and the new set of processes, denoted by Q(8) is large
j +1
enough.
(VIII) Currently, only the j +1'th Multi register is covered, while we used the cover on the
rst j registers and their processes are thinking. We activate the induction hypothesis
again and by thus build a new cover on the rst j Multi registers. It can be done as
follows:
Run j +1 is alternate run with respect to Q(8) as proved in (VII). Therefore, we can
j +1
activate the induction hypothesis for i = j again and construct a new run with additional
cover on the rst j Multi registers. We denote this run by j +1 = j +1 ] 0j and
the new set of processes Gj +1 Q(8) . (Note that j +1 = j iixp x clean(j )] 0j ).
j +1
ALT ( j +1 Gj+1) immediately follows from the induction hypothesis.
(IX) If the j + 1'th Multi register at the new system state sj +1 = system( j +1 ) is already
covered - nish. The same proof as on (II) for j +1 and Gj +1 .
Else, repeat building a cover on the j + 1'th Multi register as previously described on
steps (II-IX). We denote j v as a run built on induction step j , in the v 'th repeating time
of steps (II-IX).
20
(X) ALT ( j +1 v Gj +1 v ): (Term 1 of this lemma). See step (VIII) for j +1 .
(XI) We will show that there is a cover on j +1 Multi registers and there is MSk (Gj +1 v sj +1 v )
-conditions 2 & 3 of this lemma.
Each time repeating steps (II-IX) of building a cover on the j + 1'th Multi register,
additional one cover on a new j + 1'th Multi register is achieved. After v = d times, all
registers in RMW are covered, unless we nished before, on step (IX). In order to simplify
our proof, we do not allow using a cover that was built on induction step j + 1 by lower
steps. Thus, it is a simple calculation of repeating up to d times on step j + 1.
By the termination condition of this loop, the the required cover on j + 1 registers exists.
The Multi/Single property immediately follows the induction hypothesis, in step (IX) on
the v 'th interaction.
B.2 Building the WT&S violation run
Lemma B.6 Let W be an adaptive WT&S protocol with jRMW j = d and d is a constant and
k is the maximum length of any solo run in W . Then there is a run 2 C and there are two
processes p q P (p 6= q ), that satisfy state(p ) = eatingp and state(q ) = eatingq .
Proof Strategy : Proof is similar to lemma B.1 for i = k + 1, but simpler.
Proof :
By lemma B.1, for = , G = P and i = k then there are k = k and Gk P s.t.,
the following properties hold:
1. ALT ( k Gk ) i.e., run k is an alternate run regarding Gk .
2. Gk satis es the Multi/Single at k .
3. The set of registers RIIMW (Gk k ) is covered in k .
k
In the following steps we construct run :
Select any process p 2 Gk . By condition 1, part of the alternate property is that k is
transparent state with respect to set Gk and particularly to process p 2 Gk . Suppose
iixp is the in-isolation run segment of p starting at k . Since k is transparent with
respect to p, then iixp is equivalent to some solo run segment in which, p eats i.e.,
state(p k iixp) = eatingp .
Constructing x clean(k) as follows: By condition 3 above, all writing operations of p to
MWMR registers are covered in k . We construct a run segment x clean(k) s.t., for each
process u, if u covers a register r 2 RIIMW (Gk k ), then activate u to write in r. When
k
all registers in RIIMW (Gk k ) are written, let each process u to continue its execution
k
until thinking. In case processes in x clean(k) read SWMR register RSW that p wrote
p
in iixp, or they read SWMR registers written during k (by active processes in k ), then
we can replace p, or other active process w participates in k , with processes in Gk as
follows. Since ALT ( k Gk ), then run k is a replaceable run, by lemma B.4 for a large
enough set G0k Gk . Run segment x clean(k) is bound by f 0 (f is a function of d
& k) operations, resulting from the assumption that W is an adaptive protocol and since
k iixp is a run with at most a function of k d events. Therefore, in x clean there are at
21
most f reading operations to SWMR registers. By the alternate de nition, jGk j F (nd )
and G0k is relatively a large set of Gk . By this, there are processes p0 6= p w0 6= w 2 G0k
s.t., their SWMR registers RSW 0 and RSW 0 are not read in x clean(k). We construct a
new run from k , by replacing each process w with w0 . At most we replaced f processes,
p w
and the new run is k f k .
We add a new process q as follows: If by the end of run 0 = k iixp0 x clean(k), there
is a process q 2 P s.t., 0 is transparent with respect to q , then let iixq be in-isolation
run segment of q starting at 0 and q eats in 0 iixq , (the same argument as explained
above for p).
Otherwise, select any process q 2 P . For each q , the number of writing operations in
a solo run is bound in an adaptive WT&S protocol W by k. Then q reads at most k
SWMR registers in an in-isolation run segment starting at a transparent state. In the
worst case, there are k active processes in k (and process p0) s.t., their corresponding
SWMR registers are read by q in iixq , starting at 0 . By condition 1, run k is alternate
run with respect to Gk i.e., ALT ( k Gk ) and before we constructed k from k with
G0k Gk . By lemma B.5, k is also alternate run, for a smaller but still a large enough
set G00 G0k i.e., ALT ( k G00). By lemma B.4, k is replaceable with respect to a
k k
smaller but large enough set G000 G00 i.e., REP ( k G000), and it means that any active
k k k
process participating in k can be replaced by other process from a large enough set G000. k
By replacing the k processes that write in SWMR in 0 in which q read, with others in
G000 ; fp0g, then the new run k iixp0 x clean(k) has no writing operations of SWMR
k
registers that are read by q in iixq after this run (but p0 ).
In case q reads the SWMR register RSW 0 p0 writes in iixp0 , we can select other p00 2 G000 k
s.t., the SWMR register RSW 00 , p00 writes in iixp00 starting at k , is not read by q , (we can
p
select p00 from any k + 1 processes in G000). Mark p as the process that we nally selected.
p
k
By the end of run = k iixp x clean(k) iixq , there are two processes in their critical
section (eating) i.e., state(p ) = eatingp and state(q ) = eatingq .
C Additional Lemma's and claims proofs
C.1 Exists Multi/Single - Lemma B.2:
Proof of lemma B.2.
Proof is done by induction on the i'th (0 i k) writing operation to registers in R of all
in-isolation run segments of processes in Gi, starting at system state s.
Basis: i = 0. Since the de nition Multi/Single for no writing operations is meaningless, we
de ne it to zero writing operations i.e., no writing operations. Therefore, G0 = G and R0 =
satisfy all the terms.
Hypothesis: Suppose the lemma is true for i = j , 0 j k ; 1.
Induction step: We prove the lemma for i = j + 1.
Using the inductive hypothesis on i = j , there is a set of processes Gj s.t., jGj j F (nd )
and MSj (Gj s).
If more than half of the processes do not have an in-isolation run segment with j + 1'th
writing operation to MWMR registers, starting after system-state s, then we de ne Gj +1 to
be those processes (i.e., jGj +1 j 2 jGj j F (nd )) and the lemma follows immediately from the
1
hypothesis assumption on i = j . Otherwise, there is j + 1'th writing operation, to registers in
22
R written by each process in a set G0j+1 s.t., jG0j +1j jG j . We nd Gj+1 in the following three
2
j
steps:
1. regj +1 (G0j +1 s) is writing to the same register in RMW or to di erent registers in RSW ,
as follows:
If there is a set of size jG+2 j that do not write to any register in RMW , then exists
0
j +1
d
Single or None cases. If at least half of processes (i.e., 2jGd+2) ) are writing to registers
0 j
j +1
(
in RSW , this is a Single case. Otherwise, more than half of the processes do not have
any j + 1'th writing operation - None case. If these two cases are not chosen, then at
least a set of jG0j +1 j ; jG+2 j = (d + 1) jG+2 j of the processes writes on their j + 1'th
0 0
j +1 j +1
d d
writing operation to a MWMR register. If there is a set of the size jG+2 j that writes to
0
j +1
d
the same register in RMW , then it0 is a Multi case. If none of these cases is valid, then at
least jG0j +1j ; d ( jG+2 j ; 1) jG+2 j processes that are not writing any j + 1'th writing
0
j +1 j +1
d d
operation to MWMR registers. But, these processes also do not write to Single or None
options- contradiction.
Choosing one of the cases (Multi, Single or None) guarantees that at least there are 2jG(d+2)
0 j
j +1
processes which behave as required i.e., jG00+1j 2 2jGdj+2) F (nd ).
j (
j
2. MSj (G00+1 s) as follows:
j
From the hypothesis assumption on i = j , MSj (Gj s) is satis ed for Gj s.t., any register
r 2 RIIj (Gj s) is written by one or all processes in Gj . Obviously, any sub-set G00+1 Gj ,
j
maintains the same property of one or all processes are writing to r.
3. MSj +1 (Gj +1 s) for Gj +1 = G00+1 :
j
On this step, we will show how previous steps can be combined together and allow us to
achieve the required result.
(a) Removing overlapping between Multi and Single sets :
This case is impossible, since we are selecting Multi registers only from RMW and
Single from RSW . There is no overlapping of writing operations between those sets
of registers.
(b) Removing overlapping of writing to the same Single register on step j + 1 and on
previous steps by di erent processes:
This case is also impossible, since the set of single writing operations are chosen only
from RSW . I.e., exactly one process can write to register r 2 RSW in protocol W.
We de ne Gj +1 = G00+1 and jGj +1j F (nd ).
j
C.2 One Replacement- Lemma B.3:
Proof of lemma B.3.
By lemma conditions, consider = x clean(i) and set of processes G. Finding a set of
processes Grep G is in the following steps:
In steps 1 & 2 below, we observe in-isolation run segments which start at the end of =
x clean(i) and we select a set of processes G00 G s.t., none of these in-isolation run segments
contains any reading operations of SWMR registers written by processes in G00, at any time.
23
1. In general, each process in its in-isolation run segment can read up to k registers, when
executing in-isolation run segment after a transparent state . Therefore, at most there are
k jGj possible reading operations after the run , by processes from G, since system( ) 2
TRANS (G). Suppose the worst case, in which all the reading operations are only to
SWMR registers.
Mark registers in RSW that are potentially read by more than k processes after run .
Since each register in RSW is written by only one process in protocol W through all runs
in C , there is a one-to-one correlation from the registers to processes. At most there are
k jGj processes (and registers in R ) that are read by k + 1 processes or more during
k+1 SW
in-isolation run segments after run . Then at least kjGj registers are read by at most k
+1
processes and the corresponding set of processes is large enough and denoted G0 G.
2. The remained registers in RSW are potentially read by at most k processes from G0 after
run . Each register is also mapped to a process in G0 that is the only process that can
write in it in protocol W . For each register r of these registers, select a process p out of
k + 1 processes in G0 s.t., p is not reading r during iixp, starting at the end of run .
The selected processes (and their corresponding registers in RSW ) are marked by G00 and
jG00j kG0 j F (nd ).
j
+1
3. When selecting any process q 2 G00, then q has a WT&S in-isolation run segment iixq 2
IISOLq(i + 1) after a transparent state s = system( ), (by condition 1 of this lemma)
and iixq 2 C . During in-isolation run segment iixq , q writes to the same registers in
RMW as covered by x clean(i) and only to those registers in RMW .(This is by conditions 1
& 2 of this lemma). It is immediately from the Multi/Single property and the speci cation
of run segment x clean(i).
By the end of run iixq x clean(i), process q has no writing operations to MWMR
registers and other processes can read q 's writing operations only to SWMR registers. By
condition 3 of this lemma, jx clean(i)j <= t. The worst case is that x clean(i) consists
of reading operations to registers only in RSW and there are at most t registers that
may be read. RSW consists SWMR registers, which means that each process in G00 is
writing to di erent registers in RSW . At most there are t processes that are writing to
Gj
those t registers. Let Grep be the rest of processes and jGrepj jG00j ; t (kj+1) ; t 2
F (nd ). Any q that is chosen from Grep can achieve an equal run segment to with
corresponding writing operations to MWMR registers, by concatenation of iixq after .
Run q = iixq x clean(i) 2 C , since writing operations to SWMR registers of processes
in Grep are not read during run segment x clean(i) and since x clean(i) 2 C .
4. In steps 1 & 2, we showed that none of in-isolation run segments of processes in Grep,
at the end of = x clean(i) contains any reading operations to any SWMR registers
written by processes in Grep, at any time. From the condition 1 of this lemma, the end of
run is transparent with respect to G. Therefore, 8q 2 Grep, when adding run segment
iixq to run s.t., q = iixq x clean(i), we maintain the transparent property and the
state at the end of each q is transparent with respect to processes in Grep.
C.3 Alternate Replacement- Lemma B.4:
Proof of lemma B.4.
24
Let (i) be the pre x of , for some i 0. According to alternate de nition, we denote the
following:
Run pre x (i +1) = (i) xi+1, (0) = and run segment xi+1 = iixp x clean(t) for some
0 t < k, iixp 2 IISOLp(t + 1), x clean(t) is a a clean run segment of the t MWMR registers
as speci ed in de nition A.12.
Proof is done by induction on the i'th run pre x (i).
Basis: (i = 0). For i = 0, by de nition (0) = and each run can be replaced with all
the processes i.e., G0 = G.
Hypothesis: Suppose the lemma is true for i = j , 1 j j j ; 1.
Induction step: We prove the lemma for i = j + 1, similarly to steps (III)-(VI) of lemma
B.1. Our goal is to show that exists REP ( (j + 1) Gj +1) for a large set Gj +1 Gj .
1. Via alternate de nition, xj +1 = iixp x clean(t) where iixp 2 IISOLp(t + 1) and run
segment x clean(t) cleans the t MWMR registers that are written in iixp by process p.
2. Exists (j ) x clean(t) 2 C : From the alternate de nition, for each pre x of and
particularly for (j + 1), the state is transparent with respect to G and obviously to
Gj G. When removing run segment iixp, there are less writing operations to SWMR
registers than with run segment iixp and because (j + 1) = (j ) iixp x clean(t) 2 C
then (j ) x clean(t) 2 C . Note that p is not involved in any operation during x clean(t),
or in any other run segment of . Therefore, this removal does not a ect run segment
x clean(t), which does not read register RSW written during iixp (by alternate de nition)
p
and can not read any MWMR register p wrote, since they are overwritten.
3. system( (j ) x clean(t) 2 TRANS (Gj ) as follows: As explained in 2, by alternate
de nition exists system( (j +1)) 2 TRANS (Gj ). Because system( (j ) iixp x clean(t) 2
TRANS (Gj) then removing run segment iixp removes the writing operations in register
RSW , which is not read in x clean(t), but without any change on MWMR registers
therefore, system( (j ) x clean(t) 2 TRANS (Gj ).
p
4. From all previous steps, all conditions of lemma B.3 are ful lled for (j ) x clean(t) and
Gj . Then exists Gj+1 Gj s.t., 8p 2 Gj +1 there is (j +1)p = (j ) iixp x clean(t) 2 C ,
where iixp 2 IISOLp(t + 1), jGj +1 j F (nd ) and system( (j + 1)p) 2 TRANS (Gj +1).
This is the replacement property for the last run segment xj +1 of run (j + 1).
5. From the induction hypothesis on i = j , REP ( (j ) Gj ) is satis ed. We showed that
iixp 2 IISOLp(t + 1) can be replace by any process in Gj +1 and the state by the end of
run (j + 1) is transparent with respect to processes in Gj +1 . Combining these two runs
into (j + 1) is possible, because Gj +1 Gj and none of the processes which are involved
in (j ) are involved in xj +1 , or via versa. This results with REP ( (j + 1) Gj +1).
The number of induction steps is bound by a constant c, immediately by alternate-replacement
de nition that bounds run with a constant length of execution. Therefore, Grep = Gc is large
as needed i.e., jGrepj F (nd ) and REP ( Grep) is satis ed.
C.4 Claim B.5:
Proof of claim B.5.
Suppose in a run segment xi of run , there was a replacement from to of process p
to p0. The conditions of alternate are satis ed by p0 and G0 G as follows:
25
1. iixp0 2 IISOLp0(j + 1), for some j 0: By the claim condition, the added process events
are from its in-isolation run segment and with the same number of writing operations to
MWMR registers, denoted here by j .
2. By replacement de nition, we can replace only processes which did not participate in .
Therefore p0 participates only in run segment iixp0 .
3. By alternate de nition, ( (i ; 1)) holds the MSk (G i ; 1). Since p0 2 G and by the
condition of this claim that p0 events are in the same location as p, then it writes in the
same j +1 MWMR registers in iixp0 as the process it replaced, p. Run segment x clean(j )
is the same in and , since we replaced only active processes (by the replacement
de nition), and involved processes in x clean(j ) are thinking, at . Then the MWMR
registers p0 writes during iixp0 are covered and overwritten by run segment x clean(j ).
But, SWMR registers of p0 can be read by x clean(j ) or by any other active process in
the extension of xi i.e., if we mark the extension by xi+1 xi+2 xc , the number of
SWMR registers that can be read is bound by a function of c, f (c) which is a constant,
since is alternate run. Removing those f (c) SWMR registers written by f (c) processes
in G, guarantees that no matter what process is selected from a set G0 G, where
jG0j jGj; f (c) F (nd ), none of the processes involved in the extension of (i) contains
reading operations to SWMR registers written by processes in G0, at any time.
We have showed that all alternate conditions are satis ed for xi . Since is of a constant
length, then at most a constant number of replacements are from to . Repeat the above
steps of xi , for each run segment where a process was replaced. After at most f replacements,
where f is a constant, Gf is the set of processes s.t., Gf ::: G0 G. Then jGf j F (nd )
and run is ALT ( Gf ).
26