Ares: Adaptive, Reconfigurable, Erasure coded, Atomic Storage

Distributed Storage Systems (DSSes) store large amounts of data in an affordable manner. Cloud vendors deploy hundreds to thousands of commodity machines, networked together to act as a single giant storage system. Component failures of commodity devices and network delays are the norm, therefore, ensuring consistent data access and availability at the same time is challenging. Vendors often solve availability by replicating data across multiple servers. These services use carefully constructed algorithms that ensure that these copies are consistent, especially when they can be accessed concurrently by different operations. The problem of keeping copies consistent becomes even more challenging when failed servers need to be replaced or new servers are added, without interrupting the service. Any type of service interruption in a heavily used DSS usually translates to immense revenue loss.

The goal of this work is to provide an algorithm for implementing strongly consistent (i.e., atomic/linearizable), fault-tolerant distributed read/write storage, with low storage and communication footprint, and the ability to reconfigure the set of data hosts without service interruptions.

Replication-based Atomic Storage. A long stream of work used replication of data across multiple servers to implement atomic (linearizable) read/write objects in message-passing, asynchronous environments where servers (data hosts) may crash fail [10, 11, 21, 22, 23, 25, 26, 40]. A notable replication-based algorithm appears in the work by Attiya, Bar-Noy, and Dolev [11] (we refer to as the ABD algorithm) which implemented non-blocking atomic read/write data storage via logical timestamps paired with values to order read/write operations. Replication-based strategies, however, incur high storage and communication costs; for example, to store 1,000,000 objects each of size 1 MB (a total size of 1TB) across a 3 server system, the ABD algorithm replicates the objects in all the 3 servers, which blows up the worst-case storage cost to 3TB. Additionally, every write or read operation may need to transmit up to 3 MB of data (while retrieving an object value of size 1 MB), incurring high communication cost.

Erasure Code-based Atomic Storage. Erasure Coded-based DSSes are extremely beneficial to save storage and communication costs while maintaining similar fault-tolerance levels as in replication-based DSSes [16]. Mechanisms using an \([n, k]\) erasure code splits a value v of size, say 1 unit, into k elements, each of size \(\frac{1}{k}\) units, creates n coded elements of the same size, and stores one coded element per server, for a total storage cost of \(\frac{n}{k}\) units. So the \([n = 3, k = 2]\) code in the previous example will reduce the storage cost to 1.5 TB and the communication cost to 1.5 MB (improving also operation latency). Maximum Distance Separable (MDS) codes have the property that value v can be reconstructed from any k out of these n coded elements; note that replication is a special case of MDS codes with \(k=1\). In addition to the potential cost-savings, the suitability of erasure-codes for DSSes is amplified with the emergence of highly optimized erasure coding libraries, that reduce encoding/decoding overheads [3, 12, 46]. In fact, an exciting recent body of systems and optimization works [7, 33, 46, 49, 52, 53, 54, 58] has demonstrated that for several data stores, the use of erasure coding results in lower latencies than replication-based approaches. This is achieved by allowing the system to carefully tune erasure coding parameters, data placement strategies, and other system parameters that improve workload characteristics—such as load and spatial distribution. A complementary body of work has proposed novel non-blocking algorithms that use erasure coding to provide an atomic storage over asynchronous message passing models [13, 15, 16, 20, 34, 35, 56]. Since erasure code-based algorithms, unlike their replication-based counter parts, incur the additional burden of synchronizing the access of multiple pieces of coded-elements from the same version of the data object, these algorithms are quite complex.

Reconfigurable Atomic Storage. Configuration refers to the set of storage servers that are collectively used to host the data and implement the DSS. Reconfiguration is the process of adding or removing servers in a DSS. In practice, reconfigurations are often desirable by system administrators [9], for a wide range of purposes, especially during system maintenance. As the set of storage servers becomes older and unreliable they are replaced with new ones to ensure data durability. Furthermore, to scale the storage service to increased or decreased load, larger (or smaller) configurations may be needed to be deployed. Therefore, in order to carry out such reconfiguration steps, in addition to the usual read and write operations, an operation called reconfig is invoked by reconfiguration clients. Performing reconfiguration of a system, without service interruption, is a very challenging task and an active area of research. RAMBO [39] and DynaStore [8] are two of the handful of algorithms [17, 24, 27, 32, 47, 48] that allow reconfiguration on live systems; all these algorithms are replication-based.

A related body of work appeared for erasure coded scaling, although there exist important differences that distinguish the two problems. In particular works like [30, 50, 51, 55, 57] consider RAID-based systems with synchronous network communication and local computation. Synchrony allows processes to make assumptions on the time of message delivery, and in turn, help them to infer whether a communicating party has failed or not. On an asynchronous system, similar to the one we consider in this work, messages may be delivered with arbitrary delays. Therefore, it is impossible to distinguish whether a message from a source is in transit or the source has crashed before sending a message. This uncertainty makes it impossible to detect failed from operating nodes, and thus challenging to design algorithms to guarantee atomicity (strong consistency) and completion of reads and writes.

Despite the attractive prospects of creating strongly consistent DSSes with low storage and communication costs, so far, no algorithmic framework for reconfigurable atomic DSS employed erasure coding for fault-tolerance or provided any analysis of bandwidth and storage costs. Our article fills this vital gap in algorithms literature, through the development of a novel reconfigurable approach for atomic storage that uses erasure codes for fault-tolerance. From a practical viewpoint, our work may be interpreted as a bridge between the systems optimization works [7, 33, 46, 49, 52, 53, 54, 58] and non-blocking erasure coded based consistent storage [13, 15, 16, 20, 34, 35, 56]. Specifically, the uses of our reconfigurable algorithm would potentially enable a data storage service to dynamically shift between different erasure coding-based parameters and placement strategies, as the demand characteristics (such as load and spatial distribution) change, without service interruption.

Our Contributions. We develop a reconfigurable, erasure-coded, atomic, or strongly consistent [29, 38] read/write storage algorithm, called Ares. Motivated by many practical systems, Ares assumes clients and servers are separate processes^* that communicate via logical point-to-point channels.

In contrast to the replication-based reconfigurable algorithms [8, 17, 24, 27, 32, 39, 47, 48], where a configuration essentially corresponds to the set of servers that stores the data, the same concept for erasure coding need to be much more involved. In particular, in erasure coding, even if the same set of n servers are used, a change in the value of k defines a new configuration. Furthermore, several erasure coding-based algorithms [15, 20] have additional parameters that tune how many older versions each server stores, which in turn influences the concurrency level allowed. Tuning of such parameters can also fall under the purview of reconfiguration.

To accommodate these various reconfiguration requirements, Ares takes a modular approach. In particular, Ares uses a set of primitives, called data-access primitives (DAPs). A different implementation of the DAP primitives may be specified in each configuration. Ares uses DAPs as a “black box” to: (i) transfer the object state from one configuration to the next during reconfig operations, and (ii) invoke read/write operations on a single configuration. Given the DAP implementation for each configuration we show that Ares correctly implements a reconfigurable, atomic read/write storage.

The DAP primitives provide Ares a much broader view of the notion of a configuration as compared to replication-based algorithms. Specifically, the DAP primitives may be parameterized, following the parameters of protocols used for their implementation (e.g., erasure coding parameters, set of servers, quorum design, and concurrency level). While transitioning from one configuration to another, our modular construction allows Ares to reconfigure between different sets of servers, quorum configurations, and erasure coding parameters. In principle, Ares even allows reconfiguring between completely different protocols as long as they can be interpreted/expressed in terms of the primitives; though in this article, we only present one implementation of the DAP primitives to keep the scope of the article reasonable. From a technical point of view, our modular structure makes the atomicity proof of a complex algorithm (like Ares) easier.

An important consideration in the design choice of Ares is to ensure that we gain/retain the advantages that come with erasure codes—cost of data storage and communication is low—while having the flexibility to reconfigure the system. Towards this end, we present an erasure-coded implementation of DAPs which satisfy the necessary properties and are used by Ares to yield the first reconfigurable, erasure-coded, read/write atomic storage implementation, where read and write operations complete in two-rounds. We provide the atomicity property and latency analysis for any operation in Ares, along with the storage and communication costs resulting from the erasure-coded DAP implementation. In particular, we specify lower and upper bounds on the communication latency between the service participants, and we provide the necessary conditions to guarantee the termination of each read/write operation while concurrent with reconfig operations.

Table 1 compares Ares with a few well-known erasure-coded and replication-based (static and reconfigurable) atomic memory algorithms. From the table we observe that Ares is the only algorithm to combine a dynamic behavior with the use of erasure codes, while reducing the storage and communication costs associated with the read or write operations. Moreover, in Ares the number of rounds per write and read is at least as good as in any of the remaining algorithms.

We developed a proof-of-concept (PoC) implementation of Ares and deployed it over a set of distributed devices in the experimental testbed Emulab [2]. The most important take-home message from our experimental results is to show that it is possible to implement our algorithm according to the specifications and produces a correct execution and remains available during reconfiguration. Although the correctness of the algorithm is shown analytically, the experimental validation corroborates the correctness. For this purpose, we have chosen simple parameterization (e.g., uniform selection of read/write invocation intervals), and picked ABD [11] as a benchmark algorithm which, despite being proposed more than 25 years ago, is the fundamental algorithm for emulating replicated quorum-based atomic shared memory. For instance, it is adopted in commercial/open-source implementations like Cassandra 36,^† and is being used as a standard benchmark algorithm (as can be seen in other recent works [19]). However, to demonstrate a real-world application we would need to compare with more algoritrhms and utilize a wide range of read/write distributions, and this is planned as a separate work.

Document Structure. Section 2 presents the model assumptions and Section 3, the DAP primitives. In Section 4, we present the implementation of the reconfiguration and read/write protocols in Ares using the DAPs. In Section 5, we present an erasure-coded implementation of a set of DAPs, which can be used in every configuration of the Ares algorithm. Section 7 provides operation latency and cost analysis, and Section 8 the DAP flexibility. Section 9 presents an experimental evaluation of the proposed algorithms. We conclude our work in Section 10. Due to lack of space omitted proofs can be found in [43].

A shared atomic storage, consisting of any number of individual objects, can be emulated by composing individual atomic memory objects. Therefore, herein we aim in implementing a single atomic read/write memory object. A read/write object takes a value from a set \({\mathcal {V}}\). We assume a system consisting of four distinct sets of processes: a set \(\mathcal {W}\) of writers, a set \(\mathcal {R}\) of readers, a set \(\mathcal {G}\) of reconfiguration clients, and a set \(\mathcal {S}\) of servers. Let \(\mathcal {I}= \mathcal {W}\cup \mathcal {R}\cup \mathcal {G}\) be the set of clients. Servers host data elements (replicas or encoded data fragments). Each writer is allowed to modify the value of a shared object, and each reader is allowed to obtain the value of that object. Reconfiguration clients attempt to introduce new configuration of servers to the system in order to mask transient errors and to ensure the longevity of the service. Processes communicate via messages through asynchronous, and reliable channels.

Configurations. A configuration, with a unique identifier from a set \(\mathcal {C}\), is a data type that describes the finite set of servers that are used to implement the atomic storage service. In our setting, each configuration is also used to describe the way the servers are grouped into sets, called quorums, s.t. each pair of quorums intersect, the consensus instance that is used as an external service to determine the next configuration, and a set of DAPs that specify the interaction of the clients and servers in the configuration (see Section 3).

More formally, a configuration, \(c\in \mathcal {C}\), consists of: \((i)\) \(c.Servers\subseteq \mathcal {S}\): a set of server identifiers; \((ii)\) \(c.Quorums\): the set of quorums on \(c.Servers\), s.t. \(\forall Q_1,Q_2\in c.Quorums, Q_1,Q_2\subseteq c.Servers\) and \(Q_1\cap Q_2\ne \emptyset\); \((iii)\) \({DAP(c)}\): the set of primitives (operations at level lower than reads or writes) that clients in \(\mathcal {I}\) may invoke on \(c.Servers\); and \((iv)\) \(c.Con\): a consensus instance with the values from \(\mathcal {C}\), implemented and running on top of the servers in \(c.Servers\). We refer to a server \(s \in c.Servers\) as a member of configuration c. The consensus instance \(c.Con\) in each configuration c is used as a service that returns the identifier of the configuration that follows c.

Executions. An algorithm A is a collection of processes, where process \(A_p\) is assigned to process \(p\in \mathcal {I}\cup \mathcal {S}\). The state, of a process \(A_p\) is determined over a set of state variables, and the state \(\sigma\) of A is a vector that contains the state of each process. Each process \(A_p\) implements a set of actions. When an action \(\alpha {}\) occurs it causes the state of \(A_p\) to change, say from some state \(\sigma _p\) to some different state \(\sigma _p^{\prime }\). We call the triple \(\langle \sigma _p, \alpha {}, \sigma _p^{\prime } \rangle\) a step of \(A_p\). Algorithm A performs a step, when some process \(A_p\) performs a step. An action \(\alpha {}\) is enabled in a state \(\sigma\) if \(\exists\) a step \(\langle \sigma , \alpha {}, \sigma ^{\prime } \rangle\) to some state \(\sigma ^{\prime }\). An execution is an alternating sequence of states and actions of A starting with the initial state and ending in a state. An execution \({\xi }\) is fair if enabled actions perform a step infinitely often. In the rest of the article, we consider executions that are fair and well-formed. A process p crashes in an execution if it stops taking steps; otherwise p is correct or non-faulty. We assume a function \(c.\mathcal {F}\) to describe the failure model of a configuration c.

Reconfigurable Atomic Read/Write Objects. A reconfigurable atomic object supports three operations: \({\sf read}()\), \({\sf write}(v)\) and \({\sf reconfig}(c)\). A read() operation returns the value of the atomic object, \({\sf write}(v)\) attempts to modify the value of the object to \(v\in {\mathcal {V}}\), and the \({\sf reconfig}(c)\) that attempts to install a new configuration \(c\in \mathcal {C}\). We assume well-formed executions where each client may invoke one operation (\({\sf read}()\), \({\sf write}(v)\) or \({\sf reconfig}(c)\)) at a time.

An implementation of a read/write or a reconfig operation contains an invocation action (such as a call to a procedure) and a response action (such as a return from the procedure). An operation \(\pi\) is complete in an execution, if it contains both the invocation and the matching response actions for \(\pi\); otherwise \(\pi\) is incomplete. We say that an operation \(\pi\) precedes an operation \(\pi ^{\prime }\) in an execution \({\xi }\), denoted by \(\pi \rightarrow \pi ^{\prime }\), if the response step of \(\pi\) appears before the invocation step of \(\pi ^{\prime }\) in \({\xi }\). Two operations are concurrent if neither precedes the other. An implementation A of a read/write object satisfies the atomicity (linearizability [29]) property if the following holds [38]. Let the set \(\Pi\) contain all complete read/write operations in any well-formed execution of A. Then there exists an irreflexive partial ordering \(\prec\) satisfying the following:

Storage and Communication Costs. We are interested in the complexity of each read and write operation. The complexity of each operation \(\pi\) invoked by a process p, is measured with respect to three metrics, during the interval between the invocation and the response of \(\pi\): \((i)\) number of communication round, accounting the number of messages exchanged during \(\pi\), \((ii)\) storage efficiency (storage cost), accounting the maximum storage requirements for any single object at the servers during \(\pi\), and \((iii)\) message bit complexity (communication cost) which measures the size of the messages used during \(\pi\).

We define the total storage cost as the size of the data stored across all servers, at any point during the execution of the algorithm. The communication cost associated with a read or write operation is the size of the total data that gets transmitted in the messages sent as part of the operation. We assume that metadata, such as version number, process ID, and so on used by various operations is of negligible size, and is hence ignored in the calculation of storage and communication cost. Furthermore, we normalize both costs with respect to the size of the value v; in other words, we compute the costs under the assumption that v has size 1 unit.

Erasure Codes. We use an \([n, k]\) linear MDS code [31] over a finite field \(\mathbb {F}_q\) to encode and store the value v among the n servers. An \([n, k]\) MDS code has the property that any k out of the n coded elements can be used to recover (decode) the value v. For encoding, v is divided into k elements \(v_1, v_2, \ldots v_k\) with each element having size \(\frac{1}{k}\) (assuming size of v is 1). The encoder takes the k elements as input and produces n coded elements \(e_1, e_2, \ldots , e_n\) as output, i.e., \([e_1, \ldots , e_n] = \Phi ([v_1, \ldots , v_k])\), where \(\Phi\) denotes the encoder. For ease of notation, we simply write \(\Phi (v)\) to mean \([e_1, \ldots , e_n]\). The vector \([e_1, \ldots , e_n]\) is referred to as the codeword corresponding to the value v. Each coded element \(c_i\) also has size \(\frac{1}{k}\). In our scheme, we store one coded element per server. We use \(\Phi _i\) to denote the projection of \(\Phi\) on to the ith output component, i.e., \(e_i = \Phi _i(v)\). Without loss of generality, we associate the coded element \(e_i\) with server i, \(1 \le i \le n\).

Tags. We use logical tags to order operations. A tag \(\tau _{}\) is defined as a pair \((z, w)\), where \(z \in \mathbb {N}\) and \(w \in \mathcal {W}\), an ID of a writer. Let \(\mathcal {T}\) be the set of all tags. Notice that tags could be defined in any totally ordered domain and given that this domain is countably infinite, then there can be a direct mapping to the domain we assume. For any \(\tau _{1}, \tau _{2} \in \mathcal {T}\) we define \(\tau _{2} \gt \tau _{1}\) if \((i)\) \(\tau _{2}.z \gt \tau _{1}.z\) or \((ii)\) \(\tau _{2}.z = \tau _{1}.z\) and \(\tau _{2}.w \gt \tau _{1}.w\).

For ease of reference, Table 2 presents the key notation used in this article. Notice that some of the symbols shown are defined and used in the following sections.

In this section we introduce a set of primitives, we refer to as DAP, which are invoked by the clients during read/write/reconfig operations and are defined for any configuration c in Ares. The DAPs allow us: \((i)\) to describe Ares in a modular manner, and \((ii)\) a cleaner reasoning about the correctness of Ares.

We define three DAPs for each \(c\in \mathcal {C}\): \((i)\) \({c}.{{\sf put-data}(\langle \tau _{},v \rangle)}\), via which a client can ingest the tag value pair \(\langle \tau _{},v \rangle\) in to the configuration c; \((ii)\) \({c}.{{\sf get-data}()}\), used to retrieve the most up to date tag and vlaue pair stored in the configuration c; and \((iii)\) \({c}.{{\sf get-tag}()}\), used to retrieve the most up to date tag for an object stored in a configuration c. More formally, assuming a tag \(\tau _{}\) from a set of totally ordered tags \({\mathcal {T}}\), a value v from a domain \({\mathcal {V}}\), and a configuration c from a set of identifiers \(\mathcal {C}\), the three primitives are defined as follows:

In order for the DAPs to be useful in designing the Ares algorithm we further require the following consistency properties. As we see later in Section 6, the safety property of Ares holds, given that these properties hold for the DAPs in each configuration.

In Section 5, we show how to implement a set of DAPs, where erasure-codes are used to reduce storage and communication costs. Our DAP implementation satisfies Property 1.

As noted earlier, expressing Ares in terms of the DAPs allows one to achieve a modular design. Modularity enables the usage of different DAP implementations per configuration, during any execution of Ares, as long as the DAPs implemented in each configuration satisfy Property 1. For example, the DAPs in a configuration c may be implemented using replication, while the DAPs in the next configuration say \(c^{\prime }\), may be implemented using erasure-codes. Thus, a system may use a scheme that offers higher fault tolerance (e.g., replication) when storage is not an issue while switching to a more storage efficient (less fault-tolerant) scheme when storage gets limited.

In Section 8, we show that the presented DAPs are not only suitable for algorithm Ares, but can also be used to implement a large family of atomic read/write storage implementations. By describing an algorithm A according to a simple algorithmic template (see Algorithm 1), we show that A preserves safety (atomicity) if the used DAPs satisfy Property 1, and A preserves liveness (termination), if every invocation of the used DAPs terminates, under the failure model assumed.

In this section, we describe Ares. In the presentation of Ares algorithm we decouple the reconfiguration service from the shared memory emulation, by utilizing the DAPs presented in Section 3. This allows Ares, to handle both the reorganization of the servers that host the data, as well as utilize a different atomic memory implementation per configuration. It is also important to note that Ares adopts a client-server architecture and separates the reader, writer and reconfiguration processes from the server processes that host the object data. More precisely, Ares algorithm comprises of three major components: \((i)\) The reconfiguration protocol which consists of invoking, and subsequently installing new configuration via the reconfig operation by recon clients. \((ii)\) The read/write protocol for executing the read and write operations invoked by readers and writers. \((iii)\) The implementation of the DAPs for each installed configuration that respect Property 1 and which are used by the reconfig, read and write operations.

In this section, we present an implementation of the DAPs, that satisfies the properties in Property 1, for a configuration c, with n servers using a \([n, k]\) MDS coding scheme for storage. Notice that the total number of servers in the system can be larger than n; however, we can pick a subset of n servers to use for this particular key and instance of the algorithm. We store each coded element \(c_i\), corresponding to an object at server \(s_i\), where \(i=1, \ldots , n\). The implementations of DAP primitives used in Ares are shown in Algorithm 5, and the servers’ responses in Algorithm 6.

Each server \(s_i\) stores one state variable, List, which is a set of up to \((\delta + 1)\) (tag, coded-element) pairs. Initially the set at \(s_i\) contains a single element, \(List = \lbrace (t_0, \Phi _i(v_0)\rbrace\). Below we describe the implementation of the DAPs.

\({c}.{{\sf get-tag}()}\): A client, during the execution of a \({c}.{{\sf get-tag}()}\) primitive, queries all the servers in \(c.Servers\) for the highest tags in their Lists, and await responses from \(\lceil \frac{n+k}{2} \rceil\) servers. A server upon receiving the get-tag request, responds to the client with the highest tag, as \(\tau _{max} \equiv \max _{(t,c) \in List}t\). Once the client receives the tags from \(\lceil \frac{n+k}{2}\) servers, it selects the highest tag t and returns it.

\(c.{\sf put-data}(\langle t_w, v \rangle)\): During the execution of the primitive \(c.{\sf put-data}(\langle t_w, v \rangle)\), a client sends the pair \((t_w, \Phi _i(v))\) to each server \(s_i\in c.Servers\). When a server \(s_i\) receives a message \((\text{put-data}, t_w, c_i)\), it adds the pair in its local List, trims the pairs with the smallest tags exceeding the length \((\delta +1)\) of the List, and replies with an ack to the client. In particular, \(s_i\) replaces the coded-elements of the older tags with \(\bot\), and maintains only the coded-elements associated with the \((\delta +1)\) highest tags in the List (see Line Algorithm 6:16). The client completes the primitive operation after getting acks from \(\lceil \frac{n+k}{2} \rceil\) servers.

\({c}.{{\sf get-data}()}\): A client, during the execution of a \({c}.{{\sf get-data}()}\) primitive, queries all the servers in \(c.Servers\) for their local variable List, and awaits responses from \(\lceil \frac{n+k}{2} \rceil\) servers. Once the client receives Lists from \(\lceil \frac{n+k}{2} \rceil\) servers, it selects the highest tag t, such that: \((i)\) its corresponding value v is decodable from the coded elements in the lists; and \((ii)\) t is the highest tag seen from the responses of at least k Lists (see lines Algorithm 5:11–14) and returns the pair \((t, v)\). Note that in the case where anyone of the above conditions is not satisfied the corresponding read operation does not complete.

In this section, we prove that Ares correctly implements an atomic, read/write, shared storage service. The correctness of Ares highly depends on the way the configuration sequence is constructed at each client process. Also, atomicity is ensured if the DAP implementation in each configuration \(c_i\) satisfies Property 1.

As a roadmap, we begin by showing that some critical properties are preserved by the reconfiguration service proposed in Section 6.1. In particular, we show that the configuration sequence maintained in two processes is either the same or one is the prefix of the other. This in turn helps us to proove the correctness of Ares in Section 6.2 by showing that all the properties of atomicity (see Section 2) are satisfied, given the properties on the configuration sequence hold, and that the DAPs used in each configuration satisfy Property 1.

We proceed by first introducing some definitions and notation, that we use in the proofs that follow.

Notations and definitions. For a server s, we use the notation \(s.var|_{\sigma }\) to refer to the value of the state variable var, in s, at a state \(\sigma\) of an execution \({\xi }\). If server s crashes at a state \(\sigma _f\) in an execution \({\xi }\) then \(s.var|_{\sigma }\triangleq s.var|_{\sigma _f}\) for any state variable var and for any state \(\sigma\) that appears after \(\sigma _f\) in \({\xi }\) (i.e., the value of the variable remains unchanged).

We define as the tag of a configuration c the smallest tag among the maximum tags found in each quorum of c. This is essentially the smallest tag that an operation may witness when receiving replies from a single quorum in c. More formally:

Next we provide the notation to express the configuration sequence witnessed by a process p in a state \(\sigma\) (as \(p.cseq|_{\sigma }\)), the last finalized configuration in that sequence (as \(\mu (\mathbf {c}^{p}_{\sigma })\)), and the length of that sequence (as \(\nu (\mathbf {c}^{p}_{\sigma })\)). More formally:

Last, we define the prefix operation on two configuration sequences.

Table 3 summarizes the new notation for ease of reference.

A major challenge in reconfigurable atomic services is to examine the latency of terminating read and write operations, especially when those are invoked concurrently with reconfiguration operations. In this section, we provide an in-depth analysis of the latency of operations in Ares. Additionally, a storage and communication analysis is shown when Ares utilizes the erasure-coding algorithm presented in Section 5, in each configuration.

In this section, we argue that various implementations of DAPs can be used in Ares. In fact, via reconfig operations, one can implement a highly adaptive atomic DSS: replication-based can be transformed into erasure-code-based DSS; increase or decrease the number of storage servers; study the performance of the DSS under various code parameters, and so on. The insight to implementing various DAPs comes from the observation that the simple algorithmic template A (see Algorithm 1) for reads and writes protocol combined with any implementation of DAPs, satisfying Property 1 gives rise to a MWMR atomic memory service. Moreover, the read and writes operations terminate as long as the implemented DAPs complete.

A read operation in A performs \({c}.{{\sf get-data}()}\) to retrieve a tag-value pair, \(\langle \tau _{},v \rangle\) from a configuration c, and then it performs a \(c.{\sf put-data}(\langle \tau _{},v \rangle)\) to propagate that pair to the configuration c. A write operation is similar to the read but before performing the \({\sf put-data}\) action it generates a new tag which associates with the value to be written. The following result shows that A is atomic and live, if the DAPs satisfy Property 1 and live.

The theoretical findings suggest that Ares is an algorithm to provide robustness and flexibility on shared memory implementations, without sacrificing strong consistency. In this section, we present a PoC implementation of Ares and we run preliminary experiments to get better insight on the efficiency and adaptiveness of Ares. In particular, our experiments measure the latency of each read, write, and reconfig operations, and examine the persistence of consistency even when the service is reconfigured between configurations that add/remove servers and utilize different shared memory algorithms.

We presented an algorithmic framework suitable for reconfigurable, erasure code-based atomic memory service in asynchronous, message-passing environments. In particular, we provide a new modular framework, called Ares, which abstracts the implementation of the underlying shared memory within a set of DAPs with specific correctness properties. Using these structures, Ares may implement a large class of atomic shared algorithms (those that can be expressed using the proposed DAPs) allowing any such algorithm to work in a reconfigurable environment. A set of erasure-coded-based atomic memory algorithms are included in this class. To demonstrate the use of our framework, we provided a new two-round erasure code-based algorithm that has near optimal storage cost, implemented in terms of the proposed DAPs. Such implementation gave rise to the first (to our knowledge) reconfigurable erasure-coded atomic shared memory object. We provided a PoC implementation of our framework and obtained initial experimental results proving the feasibility of the presented approach, demonstrating its correctness, and comparing its performance with traditional approaches.

Ares is designed to address the real-world problem of system migration from a replicated system to a system that uses erasure codes and vice-versa. Ares can also enable replacing of failed nodes with new non-failed nodes. Its key difference with the existing state-of-the-art systems is that it can perform such reconfigurations with relatively minimal interruption of service unlike current implementations that would block ongoing operations for reconfiguration. We anticipate that Ares will be very useful for workloads that are prone to fast changes in properties, and have stringent constraints on the latencies. For such workloads, Ares enables the system to adapt itself to the changes in the workload in an agile manner—utilizing the full flexibility that EC brings to the system—without causing latency constraints or consistency violations due to interruptions.

Our main goal was to establish that non-blocking reconfiguration is feasible and compatible with EC-based atomic data storage.Our experimental study is designed as a PoC prototype to verify the correctness properties we have developed and show some benefits. It must be emphasized that a full-fledged system study of our algorithms—albeit an interesting area of future work that is motivated by our article—is outside our current scope. In particular, although our study provides some initial hints, we anticipate such a future study would examine the following questions in more detail: