Life beyond set agreement

Abstract

The set agreement power of a shared object O describes O’s ability to solve set agreement problems: it is the sequence \((n_1, n_2, {\ldots }, n_k, {\ldots })\) such that, for every \(k\ge 1\), using O and registers one can solve the k-set agreement problem among at most \(n_k\) processes. It has been shown that the ability of an object O to implement other objects is not fully characterized by its consensus number (the first component of its set agreement power). This raises the following natural question: is the ability of an object O to implement other objects fully characterized by its set agreement power? We prove that the answer is no: every level \(n \ge 2\) of Herlihy’s consensus hierarchy has two linearizable objects that have the same set agreement power but are not equivalent, i.e., at least one cannot implement the other. We also show that every level \(n \ge 2\) of the consensus hierarchy contains a deterministic linearizable object \(O_n\) with some set agreement power \((n_1,n_2,\ldots ,n_k,\ldots )\) such that being able to solve the k-set agreement problems among \(n_k\) processes, for all \(k\ge 1\), is not enough to implement \(O_n\).

Appendices

Solving the n-DAC problem using an n-PAC object

In this appendix, we present a detailed proof of Theorem 8, restated here:

Theorem 8For all \(n \ge 2\), the n-DAC problem can be solved using a single n-PAC object.

Proof

Without loss of generality, let the processes be numbered 1 to n, and let p denote the distinguished process. Furthermore, for all \(1 \le q \le n\), let \(v_q\) denote the initial value of process q. To solve the n-DAC problem with a single n-PAC object, each process q executes Algorithm 1.

Henceforth we consider an arbitrary execution of Algorithm 1. Since the n-PAC object is linearizable, we can assume that all operations that are applied to it in this execution are atomic.

Since each process q only performs propose operations with label q and immediately performs the matching decide operations, we have the following:

Observation 8.1

\(\mathcal {D}\) is never upset.

Claim 8.2

(Termination) (a) If the distinguished process p takes infinitely many steps, then p eventually decides or aborts. (b) If any process \(q \ne p\) takes infinitely many steps solo, then q eventually decides.

Proof

(a) is obvious in Algorithm 1. For (b), suppose a process \(q \ne p\) takes infinitely many steps solo. Then eventually, the last operation before each \(\textsc {dec}(q)\) operation invoked by process q on line 8 is a \(\textsc {prop}(-,q)\) operation, namely the one performed by process q on line 7. By Theorem 7(c), a decide operation \(\textit{op}\) returns \(\bot \) only if either (i) the n-PAC object is upset before \(\textit{op}\), or (ii) there is no operation before \(\textit{op}\), or the last operation before \(\textit{op}\) is not a propose operation with the same label. However, the n-PAC object \(\mathcal {D}\) is never upset, each \(\textsc {dec}(q)\) operation (line 8) is clearly invoked after a \(\textsc {prop}(-,q)\) operation is performed (line 7), and eventually the last operation before each \(\textsc {dec}(q)\) operation is a \(\textsc {prop}(-,q)\). Thus the \(\textsc {dec}(q)\) operations (line 8) performed by process q eventually do not return \(\bot \). So the conditional on line 9 eventually evaluates to \(\mathbf{true} \), and q decides (line 10), satisfying (b). \(\square \)

Claim 8.3

(Nontriviality) If the distinguished process p aborts, then some process \(q \ne p\) took at least one step.

Proof

If p aborts, it does so on line 5. Consequently, the conditional on line 3 must have evaluated to \(\mathbf{false} \), meaning the response of the \(\textsc {dec}(p)\) operation invoked by p on \(\mathcal {D}\) (line 2) was \(\bot \). Let \(\textit{op}_p\) be this \(\textsc {dec}(p)\) operation, and let \(\textit{op}'_p\) be the \(\textsc {prop}(-,p)\) operation that p previously performed on line 1. Since \(\textit{op}_p\) returns \(\bot \), by Theorem 7(c), either (i) the n-PAC object is upset before \(\textit{op}_p\), or (ii) there is no operation before \(\textit{op}_p\), or the last operation before \(\textit{op}_p\) is not a propose operation with the same label. However, the n-PAC object \(\mathcal {D}\) is never upset. Furthermore, there is at least one operation before \(\textit{op}_p\), namely \(\textit{op}'_p\). Thus the last operation before \(\textit{op}_p\) is not \(\textit{op}'_p\), a propose operation with the same label as \(\textit{op}_p\). Since \(\textit{op}_p\) and \(\textit{op}'_p\) are the only operations p performs on \(\mathcal {D}\), some process \(q \ne p\) performed the last operation before \(\textit{op}_p\), i.e., q took at least one step. \(\square \)

Claim 8.4

(Agreement) If a process decides v and a process decides \(v'\), then \(v = v'\).

Proof

If a process decides a value v, it does so on line 10 (or line 4 for the distinguished process p). Observe that this line is reached only if the conditional on line 9 (or line 3 for the distinguished process p) evaluated to \(\mathbf{true} \). Thus v is not \(\bot \). By a symmetrical argument, \(v'\) is also not \(\bot \). Since both \(v \ne \bot \) and \(v' \ne \bot \) are the responses of decide operations on the n-PAC object \(\mathcal {D}\), by Theorem 7(a), \(v = v'\). \(\square \)

Claim 8.5

(Validity) If a process decides v, then some process that does not abort has input v.

Proof

As in the proof of Claim 8.4, observe that if a process decides a value v, v is the response value of a decide operation on \(\mathcal {D}\) and is not \(\bot \). By Theorem 7(b) \(v \ne \bot \) is a value proposed by a propose operation on \(\mathcal {D}\) that decides v. Let q be the process that performs this propose operation. From Algorithm 1, it is clear that q proposes v to \(\mathcal {D}\) because its input value for the DAC problem is v. There are two cases:

Case 1\(q \ne p\).

Since q is not the distinguished process p, q does not abort.

Case 2\(q = p\).

Since the decide operation performed by p on \(\mathcal {D}\) returns \(v \ne \bot \) (this occurs in line 2), p evaluates the conditional on line 3 as true. So p does not execute line 5, i.e., it does not abort.

Thus, in both cases, some process that does not abort has input v. \(\square \)

By Claims 8.2, 8.3, 8.4, and 8.5, all the properties of the n-DAC problem hold. So Algorithm 1 solves the n-DAC problem. \(\square \)

Linearizable objects for set agreement

In this appendix, we present the proof of Theorem 17, showing that every set of set agreement problems that contains the 2-consensus problem is “equivalent” to a linearizable object. The proof is similar to the proof of a result shown in [8].

To do so, we first introduce, for all \(n \ge 1\) and \(k \ge 1\), the linearizable (n, k)-set agreement solver (SAS) object that is designed to solve the (n, k)-set agreement problem. The (n, k)-SAS object supports the \(\textsc {prop}(v)\) operation, which intuitively returns at most k of the first n proposed values to the first n operations, and \(\bot \) to all subsequent operations. The state of an (n, k)-SAS object is a tuple \((\textit{count},V_\textit{in},V_\textit{out})\), where \(\textit{count}\) is an integer denoting the number of operations that have been applied, \(V_\textit{in}\) is the set of values proposed by the first n of these operations, and \(V_\textit{out}\) is the set of values returned by the first n of these operations. Thus initially, \(\textit{count}= 0\), \(V_\textit{in}= \{\}\), and \(V_\textit{out}= \{\}\).

Figure 4 gives the sequential behaviour of the (n, k)-SAS object. It is clear that this sequential specification can be given in terms of a set of states, a set of operations, a set of responses, and a state transition relation.

Fig. 4

Sequential specification of the (n, k)-SAS object

The (n, k)-SAS object is linearizable, i.e., the \(\textsc {prop}(-)\) operation appears to be atomic [16].

From the above definition of the (n, k)-SAS object, it is easy to see that:

Observation 23

For all \(n \ge 1\) and \(k \ge 1\), in any history H of an (n, k)-SAS object where there are at most n operations:

• There are at most k distinct return values.

• If an operation returns v, then there is an operation that proposes v.

This implies:

Observation 24

For all \(n \ge 1\) and \(k \ge 1\), the (n, k)-set agreement problem can be solved using an (n, k)-SAS object.

We now show that if fetch & increment objects and registers are available, the converse also holds: for all \(n \ge 1\) and \(k \ge 1\), (n, k)-SAS objects can be implemented using registers, fetch & increment objects, and any solution to the (n, k)-set agreement problem.⁷ This is not obvious because an algorithm that solves the (n, k)-set agreement problem may exhibit non-linearizable behaviour, which is not allowable by the linearizable (n, k)-SAS object. For example, if \(k\ge 2\), an (n, k)-set agreement algorithm allows two processes that concurrently propose different values to each decide the proposal value of the other; this is not linearizable. The linearizability of the (n, k)-set agreement problem is discussed in [5, 6, 8]

Theorem 25

For all \(n \ge 1\) and \(k \ge 1\), the linearizable (n, k)-SAS object can be implemented using registers, fetch & increment objects, and any solution to the (n, k)-set agreement problem.

Proof

Algorithm 2 is a linearizable implementation of an (n, k)-SAS object that uses:⁸

• \(P[1 .. \,n]\): any algorithm that solves the (n, k)-set agreement problem, where for all \(i \in [1 ..\, n]\), P[i] is the protocol of process i.

• \(\mathcal {F}\): a fetch & increment object, initially 1, used to ensure that for all \(i \in [1 ..\, n]\), at most one operation executes P[i].

• \(R[1 .. \,n]\): An array of registers, initially all \(\textsc {nil}\). For all \(i \in [1 .. \,n]\), R[i] stores the proposal value of the operation that receives i from \(\mathcal {F}\).

• \(X[1 ..\, n]\): An array of registers, initially all 0. For all \(i \in [1 ..\, n]\), X[i] stores 1 if for some \(i' \in [1 ..\, n]\), \(P[i']\) has returned i.

To perform an operation \(\textsc {prop}(v)\), a process executes the following steps:

1. 1.

   It gets an integer \(i \ge 1\) from the fetch & increment object \(\mathcal {F}\) (line 2).

2. 2.

   If i is greater than n, it simply returns \(\bot \) (line 3) since n other operations have already been invoked on the (n, k)-SAS object.

3. 3.

   It writes its proposal value v to R[i] (line 4), letting the other processes know that v is the proposal value of the operation that received i from \(\mathcal {F}\).

4. 4.

   It executes P[i] with proposal value \(i \in [1 ..\, n]\), and receives a decision value j (line 5).

5. 5.

   It writes 1 to X[j] (line 6), letting the other processes know that j is the decision value of some protocol of \(P[1 ..\, n]\).

6. 6.

   It reads X[i] (line 7) to check whether i was decided by any protocol of \(P[1 .. \, n]\): if so, it returns its own proposal value v; otherwise it returns the value it reads from R[j] (line 8).

Note that, for every \(i \in [1 ..\, n]\), protocol P[i] is only executed by the operation that receives i from \(\mathcal {F}\), and thus P[i] is executed at most once.

Also note that in line 5 of Algorithm 2 j is set to an integer in \([1 ..\, n]\). This is because all calls to the given solution \(P[1 ..\, n]\) of the (n, k)-set agreement problem are made with inputs \(i\in [1 ..\, n]\), and so the decision values of \(P[1 ..\, n]\) are also integers in \([1 ..\, n]\).

Let H be any history of Algorithm 2. We must prove that H is linearizable with respect to the sequential specification of the (n, k)-SAS object. We first establish some facts about H.

Claim 25.1

For all \(j \in [1 ..\, n]\), every read of R[j] (line 8) returns the proposal value of the operation in H that receives j from \(\mathcal {F}\).

Proof

Let j be an integer in \([1 ..\, n]\). In Algorithm 2, an operation \(\textit{op}\) reads R[j] (line 8) only after it completes executing a protocol of \(P[1 ..\, n]\) with decision value j (line 5). Since \(P[1 ..\, n]\) is a solution for the (n, k)-set agreement problem, there exists an operation \(\textit{op}'\) that begins executing a protocol of \(P[1 ..\, n]\) with proposal value j before or at the same time as \(\textit{op}\) completes executing a protocol of \(P[1 ..\, n]\) with decision value j.

In Algorithm 2, only the operation that receives j from \(\mathcal {F}\) (line 2) can execute a protocol of \(P[1 ..\, n]\) with proposal value j (line 5). Thus \(\textit{op}'\) is the operation in H that receives j from \(\mathcal {F}\) (line 2).

Furthermore, \(\textit{op}'\) writes its own proposal value to R[j] (line 4) before executing any protocol of \(P[1 ..\, n]\) (line 5), and so before \(\textit{op}\) reads R[j]. Finally, observe that in Algorithm 2, only the operation that receives j from \(\mathcal {F}\) (line 2) can write to R[j]. Thus when \(\textit{op}\) reads R[j], it still contains the proposal value of \(\textit{op}'\), the operation in H that receives j from \(\mathcal {F}\). \(\square \)

Claim 25.2

If an operation in H returns a non-\(\bot \) value v, then there is an integer \(j \in [1 ..\, n]\) such that: (a) some protocol of \(P[1 ..\, n]\) decides j, and (b) v is the proposal value of the operation in H that receives j from \(\mathcal {F}\).

Proof

Let \(\textit{op}\) be an operation in H that returns a non-\(\bot \) value v. Note that \(\textit{op}\) receives an integer i from \(\mathcal {F}\) on line 2 before it returns the non-\(\bot \) value v. There are two cases: either \(\textit{op}\) returns on line 7 or \(\textit{op}\) returns on line 8.

Case 1\(\textit{op}\) returns on line 7.

Thus v is the proposal value of \(\textit{op}\), and when \(\textit{op}\) reads X[i] on line 7, X[i] contains 1. Since X[i] is initially 0, there exists a (not necessarily distinct) operation \(\textit{op}'\) that previously writes 1 to X[i] (line 6). Before doing so, this operation \(\textit{op}'\) must have completed an execution of a protocol of \(P[1 ..\, n]\) with decision value i. Thus some protocol of \(P[1 ..\, n]\) decides i, and v is the proposal value of \(\textit{op}\), the operation in H that receives i from \(\mathcal {F}\).

Case 2\(\textit{op}\) returns on line 8.

Thus \(\textit{op}\) returns the value it reads from R[j], where j is the decision value of the protocol P[i] that \(\textit{op}\) executed on line 5. By Claim 25.1, \(\textit{op}\) returns the proposal value of the operation in H that received j from \(\mathcal {F}\). Thus some protocol of \(P[1 ..\, n]\), namely P[i], decides j, and v is the proposal value of the operation in H that receives j from \(\mathcal {F}\).\(\square \)

Claim 25.3

In H, there are at most k distinct non-\(\bot \) return values.

Proof

By Claim 25.2, if an operation in H returns a non-\(\bot \) value v, then some protocol of \(P[1 ..\, n]\) decides an integer j such that v is the proposal value of the operation in H that receives j from \(\mathcal {F}\). Since the algorithm \(P[1 ..\, n]\) solves the (n, k)-set agreement problem, it decides at most k distinct values. Thus there are at most k distinct non-\(\bot \) return values in H. \(\square \)

Claim 25.4

If an operation \(\textit{op}\) returns some value in H, then \(\textit{op}\) returns \(\bot \) if and only if \(\textit{op}\) receives an integer greater than n from \(\mathcal {F}\).

Proof

Let \(\textit{op}\) be an operation that returns some value in H. From Algorithm 2, \(\textit{op}\) returns on either line 3, line 7, or line 8. If \(\textit{op}\) returns on line 7, then \(\textit{op}\) returns its own non-\(\bot \) proposal value. If \(\textit{op}\) returns on line 8, then \(\textit{op}\) returns the value that it reads from some register of \(R[1 ..\, n]\), which by Claim 25.1, is the non-\(\bot \) proposal value of some operation. Thus \(\textit{op}\) returns \(\bot \) if and only if \(\textit{op}\) returns on line 3. Note that \(\textit{op}\) returns on line 3 if and only if it receives an integer greater than n from \(\mathcal {F}\) on line 2. \(\square \)

An operation \(\textit{op}\) is complete in H if H contains the response step of \(\textit{op}\); otherwise, \(\textit{op}\) is incomplete in H. A completion\(H'\) of H is a history obtained from H by adding response steps (with associated return values) to a (possibly empty) subset of incomplete operations of H and removing the steps of all other incomplete operations.

To prove that H is linearizable with respect to the sequential specification of (n, k)-SAS we must show that there is a completion \(H'\) of H such that the operations of \(H'\) can be arranged in a sequential order \(\mathcal {L}\) (called a linearization of \(H'\) such that:

1. (L1)

   For every pair of operations \(\textit{op}\) and \(\textit{op}'\) in \(H'\), if \(\textit{op}\) is completed before \(\textit{op}'\) is invoked in \(H'\), then \(\textit{op}\) precedes \(\textit{op}'\) in \(\mathcal {L}\), and

2. (L2)

   The sequence of values returned by the operations in \(\mathcal {L}\) respects the sequential specification of the (n, k)-SAS object.

We now prove that H is linearizable. There are two cases, depending on whether H contains operations that return values different from \(\bot \).

Case 1Hcontains no operations that return non-\(\bot \)values.

If H contains only incomplete operations, then it is trivial to show that H is linearizable: The empty history \(H'\) is a completion of H, and the empty sequence \(\mathcal {L}\) is a linearization of \(H'\). Now assume that there is an operation \(\textit{op}\) in H that returns \(\bot \) (line 3). Before doing so, \(\textit{op}\) receives an integer from \(\mathcal {F}\) (line 2) and finds the integer to be greater than n (line 3). Thus for all \(i \in [1 ..\, n]\), there is an operation \(\textit{op}_i\) that previously received i from \(\mathcal {F}\). By Claim 25.4, \(\textit{op}_1, \textit{op}_2, \ldots , \textit{op}_n\) do not return \(\bot \), and so they are incomplete in H.

Let \(v_1\) be the proposal of \(\textit{op}_1\), and let \(H'\) be the completion of H defined as follows: (a) remove all incomplete operations other than \(\textit{op}_1, \textit{op}_2, \ldots , \textit{op}_n\), and (b) for each \(i\in [1 ..\, n]\), complete \(\textit{op}_i\) with return value \(v_1\) immediately after the last step of \(\textit{op}_i\) in H.

Note that every operation in \(H'\) receives an integer from \(\mathcal {F}\). Let \(\mathcal {L}\) be the sequence of operations in \(H'\) in the order they execute the \(\textsc {increment}()\) operation on \(\mathcal {F}\). Thus in this linearization: (i) \(\mathcal {L}\), the first n operations are \(\textit{op}_1, \textit{op}_2,\ldots , \textit{op}_n\), and they return \(v_1\), and (ii) all subsequent operations return \(\bot \). Furthermore, \(\textit{op}_1\) is the first operation in \(\mathcal {L}\). Thus the first n operations in \(\mathcal {L}\) all return \(v_1\), the proposal value of the first operation in \(\mathcal {L}\).

We now show that \(\mathcal {L}\) is a linearization of \(H'\), i.e., it satisfies (L1) and (L2). It is clear that \(\mathcal {L}\) satisfies (L1): if operation \(\textit{op}\) completes before operation \(\textit{op}'\) is invoked in \(H'\), \(\textit{op}\) receives from \(\mathcal {F}\) a smaller integer than \(\textit{op}'\), so \(\textit{op}\) appears before \(\textit{op}'\) in \(\mathcal {L}\). Next we show that \(\mathcal {L}\) also satisfies (L2). Let \(\textit{op}\) be an arbitrary operation in \(H'\). There are two cases:

Case A\(\textit{op}= \textit{op}_i\) for some \(i \in [1 ..\, n]\).

By (i), \(\textit{op}\) returns \(v_1\). Let v be the value proposed by \(\textit{op}\). According to the sequential specification of the (n, k)-SAS object, since \(\textit{op}\) is one of the first n operations in the linearization L of \(H'\), the return value \(v_1\) of \(\textit{op}\) should be such that the following hold:

1. (a)

   \(v_1 \ne \bot \),

2. (b)

   \(v_1\) is in \(V_\textit{in}\cup \{v\}\), and

3. (c)

   \(|V_\textit{out}\cup \{v_1\}| \le k\),

where \(V_\textit{in}\) and \(V_\textit{out}\) refer to the state of the (n, k)-SAS object after the sequence of operations preceding \(\textit{op}\) in \(\mathcal {L}\) is applied to the object.

By definition, \(v_1\) is the proposal value of some operation, so (a) holds since no operation can propose \(\bot \). By the sequential specification of the (n, k)-SAS object, \(V_\textit{in}\cup \{v\}\) is the set of all values proposed by \(\textit{op}\) and the operations that precede \(\textit{op}\) in \(\mathcal {L}\). So (b) holds since \(v_1\) is the proposal value of the first operation in \(\mathcal {L}\). By the sequential specification of the (n, k)-SAS object, \(V_\textit{out}\cup \{v_1\}\) is the set of all non-\(\bot \) values returned by \(\textit{op}\) and the operations that precede \(\textit{op}\) in \(\mathcal {L}\). So (c) holds since \(k \ge 1\) and \(v_1\) is the only non-\(\bot \) value returned by operations in \(H'\).

Case B\(\textit{op}\ne \textit{op}_i\) for any \(i \in [1 ..\, n]\).

So \(\textit{op}\) is not one of the first n operations in \(\mathcal {L}\). Thus, according to the sequential specification of the (n, k)-SAS object \(\textit{op}\) should return \(\bot \), which it does by (ii).

Since \(\mathcal {L}\) satisfies (L1) and (L2), we have shown that, in Case 1, H is linearizable with respect to the sequential specification of (n, k)-SAS.

Case 2Hcontains an operation that returns a non-\(\bot \)value.

Then let \(v_{\textit{first}}\) be the earliest non-\(\bot \) value returned in H, and \(t_{\textit{final}}\) be the latest time when an operation in H receives an integer in \([1 ..\, n]\) from \(\mathcal {F}\). Note that \(t_{\textit{final}}\) exists, since the complete operation that returns \(v_{\textit{first}}\) in H does so on either line 7 or 8, after it receives an integer from \(\mathcal {F}\) on line 2.

We construct a completion \(H'\) of H where for each incomplete operation \(\textit{op}\) in H:

1. 1.

   If \(\textit{op}\) does not receive an integer in \([1 ..\, n]\) from \(\mathcal {F}\) (line 2), then we remove \(\textit{op}\).

2. 2.

   Otherwise, we complete \(\textit{op}\) at an arbitrary time that is after its last step in H and after \(t_{\textit{final}}\), as follows:

   • If some operation \(\textit{op}'\) in H returns the proposal value of \(\textit{op}\), \(\textit{op}\) returns its own proposal value (i.e., the same return value as \(\textit{op}'\)).

   • Otherwise \(\textit{op}\) returns \(v_{\textit{first}}\).

Next, we partition the operations in \(H'\) into three sets:

• \(\mathcal {S}_1\) is the set of operations that return \(\bot \) in \(H'\).

• \(\mathcal {S}_2\) is the set of operations that do not return \(\bot \) in \(H'\), and (a) are incomplete in Hand (b) do not return their own proposal value in \(H'\).

• \(\mathcal {S}_3\) is the set of operations that do not return \(\bot \) in \(H'\), and (a) are complete in Hor (b) return their own proposal value in \(H'\).

Claim 25.5

Every operation in \(\mathcal {S}_2\) returns \(v_{\textit{first}}\) in \(H'\).

Proof

By the definition of \(\mathcal {S}_2\), every operation in \(\mathcal {S}_2\) is incomplete in H, and does not return its own proposal value in \(H'\). Thus in the completion \(H'\) of H, every operation in \(\mathcal {S}_2\) is completed with return value \(v_{\textit{first}}\) in \(H'\). \(\square \)

Claim 25.6

Every operation \(\textit{op}\) in \(\mathcal {S}_1\) is complete in H and receives an integer greater than n from \(\mathcal {F}\).

Proof

By the definition of \(\mathcal {S}_1\), \(\textit{op}\) returns \(\bot \) in \(H'\). Recall that in the completion \(H'\) of H, every incomplete operation in H that is completed in \(H'\) returns the proposal value of some operation in H. Thus, since \(\textit{op}\) returns \(\bot \) and no operation can propose \(\bot \), \(\textit{op}\) cannot be an incomplete operation in H.

So \(\textit{op}\) is a complete operation that returns \(\bot \) in H. Thus by Claim 25.4, \(\textit{op}\) receives an integer greater than n from \(\mathcal {F}\) in H. \(\square \)

Claim 25.7

Every operation \(\textit{op}\) in \(\mathcal {S}_2 \cup \mathcal {S}_3\) receives an integer in \([1 ..\, n]\) from \(\mathcal {F}\) in H.

Proof

There are two cases: either \(\textit{op}\) is incomplete in H, or \(\textit{op}\) is complete in H.

Case A\(\textit{op}\) is incomplete in H.

Recall that in the completion \(H'\) of H, incomplete operations in H are removed if they do not receive an integer in \([1 ..\, n]\) from \(\mathcal {F}\). Since \(\textit{op}\) is in \(\mathcal {S}_2 \cup \mathcal {S}_3\), \(\textit{op}\) was not removed in the completion \(H'\) of H. Thus \(\textit{op}\) receives an integer in \([1 ..\, n]\) from \(\mathcal {F}\).

Case B\(\textit{op}\) is complete in H.

If \(\textit{op}\) is complete in H, then from Algorithm 2 \(\textit{op}\) receives an integer \(i \ge 1\) from \(\mathcal {F}\) on line 2 before completing. If \(i > n\), then the complete operation \(\textit{op}\) would return \(\bot \) on line 3, contradicting the definitions of \(\mathcal {S}_2\) and \(\mathcal {S}_3\) as sets containing only operations that do not return \(\bot \) in \(H'\). So \(i \in [1 ..\, n]\).\(\square \)

For each operation \(\textit{op}\) in \(\mathcal {S}_3\), if \(\textit{op}\) returns its own proposal value, then let \(t_\textit{op}\) be the invocation time of \(\textit{op}\) in \(H'\); otherwise let \(t_\textit{op}\) be the time when \(\textit{op}\) reads some register of \(X[1 ..\, n]\) (line 7) in H.

Claim 25.8

For each operation \(\textit{op}\) in \(\mathcal {S}_3\), \(t_\textit{op}\) is a well-defined time within the execution interval of \(\textit{op}\) in \(H'\).

Proof

If \(\textit{op}\) returns its own proposal value, then \(t_\textit{op}\) is the invocation time of \(\textit{op}\) in \(H'\), which is clearly a well-defined time within the execution interval of \(\textit{op}\) in \(H'\). So suppose \(\textit{op}\) does not return its own proposal value. Then by the definition of \(\mathcal {S}_3\), \(\textit{op}\) is complete in H and \(\textit{op}\) does not return \(\bot \). So \(\textit{op}\) returns on either line 7 or line 8 in H. Thus \(\textit{op}\) reads a register of \(X[1 ..\, n]\) (line 7) in H before completing. So \(t_\textit{op}\) is a well-defined time within the execution interval of \(\textit{op}\) in \(H'\). \(\square \)

We now construct a total ordering \(\mathcal {L}\) of the operations in \(H'\) as follows:

• Let \(\mathcal {L}_3\) be the total ordering of the operations in \(\mathcal {S}_3\) from the earliest \(t_\textit{op}\) time to the latest.

• Let \(\mathcal {L}_2\) be a total ordering of the operations in \(\mathcal {S}_2\) in some arbitrary order.

• Let \(\mathcal {L}_1\) be the total ordering of the operations in \(\mathcal {S}_1\) from the earliest completion time to the latest in \(H'\).

Then \(\mathcal {L} = \mathcal {L}_3 \mathcal {L}_2 \mathcal {L}_1\).

We next show that the ordering \(\mathcal {L}\) satisfies property (L1).

Claim 25.9

For every pair of operations \(\textit{op}\) and \(\textit{op}'\) in \(H'\), if \(\textit{op}\) is completed before \(\textit{op}'\) is invoked in \(H'\), then \(\textit{op}\) precedes \(\textit{op}'\) in \(\mathcal {L}\).

Proof

Let \(\textit{op}\) and \(\textit{op}'\) be operations in \(H'\) such that \(\textit{op}\) is completed before \(\textit{op}'\) is invoked in \(H'\). It suffices to show that \(\textit{op}\) precedes \(\textit{op}'\) in \(\mathcal {L}\). There are three cases: either \(\textit{op}\) is in \(\mathcal {S}_1\), \(\textit{op}\) is in \(\mathcal {S}_2\), or \(\textit{op}\) is in \(\mathcal {S}_3\).

Case A\(\textit{op}\) is in \(\mathcal {S}_1\).

Then by Claim 25.6, \(\textit{op}\) receives an integer greater than n from \(\mathcal {F}\) and is complete in H. So \(\textit{op}'\), which is invoked after \(\textit{op}\) completes, cannot receive an integer in \([1 ..\, n]\) from \(\mathcal {F}\). Thus by Claim 25.7, \(\textit{op}'\) is not in \(\mathcal {S}_2\) or \(\mathcal {S}_3\). So \(\textit{op}'\) is also in \(\mathcal {S}_1\).

By definition, the ordering \(\mathcal {L}_1\) of \(\mathcal {S}_1\) orders operations from the earliest completion time to the latest. So \(\textit{op}\) precedes \(\textit{op}'\) in \(\mathcal {L}_1\), since \(\textit{op}\) is completed before \(\textit{op}'\) is invoked in \(H'\). Thus \(\textit{op}\) precedes \(\textit{op}'\) in \(\mathcal {L} = \mathcal {L}_3 \mathcal {L}_2 \mathcal {L}_1\).

Case B\(\textit{op}\) is in \(\mathcal {S}_2\).

Then by the definition of \(\mathcal {S}_2\), \(\textit{op}\) is incomplete in H. Recall that in the completion \(H'\) of H, the incomplete operations of H are either removed or completed after time \(t_{\textit{final}}\). So \(\textit{op}\) is completed after time \(t_{\textit{final}}\) in \(H'\).

Since \(\textit{op}\) is completed before \(\textit{op}'\) is invoked in \(H'\), this implies that \(\textit{op}'\) is invoked after time \(t_{\textit{final}}\). By definition, time \(t_{\textit{final}}\) is the latest time when an operation receives an integer in \([1 ..\, n]\) from \(\mathcal {F}\). So \(\textit{op}'\) does not receive an integer in \([1 ..\, n]\) from \(\mathcal {F}\). Thus by Claim 25.7, \(\textit{op}'\) cannot be in \(\mathcal {S}_2\) or \(\mathcal {S}_3\). So \(\textit{op}'\) is in \(\mathcal {S}_1\). Thus \(\textit{op}\) is in the ordering \(\mathcal {L}_2\) of \(\mathcal {S}_2\), while \(\textit{op}'\) is in the ordering \(\mathcal {L}_1\) of \(\mathcal {S}_1\). So \(\textit{op}\) precedes \(\textit{op}'\) in \(\mathcal {L} = \mathcal {L}_3 \mathcal {L}_2 \mathcal {L}_1\).

Case C\(\textit{op}\) is in \(\mathcal {S}_3\).

If \(\textit{op}'\) is in \(\mathcal {S}_2\) or \(\mathcal {S}_1\), then clearly \(\textit{op}\) precedes \(\textit{op}'\) in \(\mathcal {L} = \mathcal {L}_3 \mathcal {L}_2 \mathcal {L}_1\). So suppose \(\textit{op}'\) is in \(\mathcal {S}_3\). Then both \(\textit{op}\) and \(\textit{op}'\) are in the ordering \(\mathcal {L}_3\) of \(\mathcal {S}_3\), which orders operations from the earliest \(t_\textit{op}\) time to the latest.

By Claim 25.8, \(t_\textit{op}\) and \(t_{\textit{op}'}\) are within the execution intervals of \(\textit{op}\) and \(\textit{op}'\) respectively in \(H'\). So, since \(\textit{op}\) is completed before \(\textit{op}'\) is invoked in \(H'\), \(t_\textit{op}< t_{\textit{op}'}\). Thus \(\textit{op}\) precedes \(\textit{op}'\) in \(\mathcal {L}_3\), and hence in \(\mathcal {L} = \mathcal {L}_3 \mathcal {L}_2 \mathcal {L}_1\). \(\square \)

Claim 25.10

In \(H'\), if an operation \(\textit{op}\) in \(\mathcal {S}_3\) returns a value v, then v was proposed by \(\textit{op}\) or by an operation that precedes \(\textit{op}\) in the ordering \(\mathcal {L}_3\) of \(\mathcal {S}_3\).

Proof

Suppose an operation \(\textit{op}\) in \(\mathcal {S}_3\) proposes \(v'\) and returns v. If \(v' = v\), the claim holds. So suppose \(v' \ne v\).

Then by the definition of \(\mathcal {S}_3\), \(\textit{op}\) is a complete operation in H that returns \(v \ne \bot \). In Algorithm 2, every complete operation returns on line 3, 7, or 8. If \(\textit{op}\) returns on line 3, it would return \(\bot \), contradicting the fact that \(v \ne \bot \). If \(\textit{op}\) returns on line 7, it would return its own proposal value, contradicting the fact that \(v \ne v'\). So \(\textit{op}\) returns on line 8.

By Claim 25.7, since \(\textit{op}\) is in \(\mathcal {S}_3\), \(\textit{op}\) receives some integer \(i \in [1 ..\, n]\) from \(\mathcal {F}\) (line 2). Then since \(\textit{op}\) returns on line 8, from Algorithm 2 it is clear that:

1. (1)

   At some time \(t_1\), \(\textit{op}\) completed executing protocol P[i] of \(P[1 ..\, n]\) with some decision value \(j \in [1 ..\, n]\) on line 5.

2. (2)

   At some time \(t_2 > t_1\), \(\textit{op}\) wrote 1 into X[j] on line 6.

3. (3)

   At some time \(t_3 > t_2\), \(\textit{op}\) read a non-1 value from X[i] on line 7. By the definition of \(t_\textit{op}\), \(t_3 = t_\textit{op}\).

4. (4)

   At some time \(t_4 > t_3\), \(\textit{op}\) read R[j] on line 8 and returns the value read.

Since \(P[1 ..\, n]\) solves the (n, k)-set agreement problem, some operation \(\textit{op}'\) in H begins executing a protocol of \(P[1 ..\, n]\) with proposal value j before or at the same time \(t_1\) when \(\textit{op}\) completes executing P[i] with decision value j. In Algorithm 2, an operation executes a protocol of \(P[1 ..\, n]\) with proposal value j (line 5) only if it receives j from \(\mathcal {F}\) (line 2). So \(\textit{op}'\) is the operation in H that receives j from \(\mathcal {F}\). Then by Claim 25.1, since \(\textit{op}\) returns the value it reads from R[j] at time \(t_4\), \(\textit{op}\) returns the proposal value of \(\textit{op}'\), the operation in H that received j from \(\mathcal {F}\). Thus the proposal value of \(\textit{op}'\) is v, the non-\(\bot \) return value of \(\textit{op}\).

We now show that \(\textit{op}'\) is in \(\mathcal {S}_3\) and \(t_{\textit{op}'} < t_\textit{op}\), so \(\textit{op}'\) precedes \(\textit{op}\) in \(\mathcal {L}_3\). Therefore v was proposed by an operation that precedes \(\textit{op}\) in \(\mathcal {L}_3\). There are three cases:

Case A\(\textit{op}'\) is incomplete in H.

Recall that in the completion \(H'\) of H, every incomplete operation that receives an integer in \([1 ..\, n]\) from \(\mathcal {F}\) is completed. So since \(\textit{op}'\) receives \(j \in [1 ..\, n]\) from \(\mathcal {F}\), \(\textit{op}'\) is also in \(H'\). Furthermore, since a complete operation in H, namely \(\textit{op}\), returns the value v that is proposed by \(\textit{op}'\), \(\textit{op}'\) is completed in \(H'\) by returning its own proposal value v. Thus by the definition of \(\mathcal {S}_3\), \(\textit{op}'\) is in \(\mathcal {S}_3\), and \(t_{\textit{op}'}\) is defined as the invocation time of \(\textit{op}'\).

So to show that \(t_{\textit{op}'} < t_\textit{op}\), it suffices to show that \(\textit{op}'\) is invoked before \(t_3 = t_\textit{op}\). Clearly, \(\textit{op}'\) is invoked before \(\textit{op}'\) begins executing a protocol of \(P[1 ..\, n]\) with proposal value j, and so before \(\textit{op}\) completes executing P[i] with decision value j at time \(t_1\). Thus \(\textit{op}'\) is invoked before \(t_\textit{op}= t_3 > t_1\).

Case B\(\textit{op}'\) is complete in H and it returns the value v that it proposed.

Then by the definition of \(\mathcal {S}_3\), \(\textit{op}'\) is in \(\mathcal {S}_3\), and \(t_{\textit{op}'}\) is defined as the invocation time of \(\textit{op}'\).

So to show that \(t_{\textit{op}'} < t_\textit{op}\), it suffices to show that \(\textit{op}'\) is invoked before \(t_3 = t_\textit{op}\). Clearly, \(\textit{op}'\) is invoked before \(\textit{op}'\) begins executing a protocol of \(P[1 ..\, n]\) with proposal value j, and so before \(\textit{op}\) completes executing P[i] with decision value j at time \(t_1\). Thus \(\textit{op}'\) is invoked before \(t_\textit{op}= t_3 > t_1\).

Case C\(\textit{op}'\) is complete in H and it returns a value that is different from the value v that it proposed.

Then by the definition of \(\mathcal {S}_3\), \(\textit{op}'\) is in \(\mathcal {S}_3\), and \(t_{\textit{op}'}\) is the time when \(\textit{op}'\) reads X[j] on line 7. Note that X[j] does not contain 1 at time \(t_{\textit{op}'}\), otherwise \(\textit{op}'\) would return its own proposal value v on line 7. Thus \(t_{\textit{op}'}\) is before the time \(t_2\) when \(\textit{op}\) writes 1 into X[j]; otherwise, since 1 is the only value ever written into \(X[1 ..\, n]\) in Algorithm 2, X[j] would still contain 1 at time \(t_{\textit{op}'}\). Then, since \(t_{\textit{op}'} < t_2\), \(t_2 < t_3\), and \(t_3 = t_\textit{op}\), \(t_{\textit{op}'} < t_\textit{op}\). \(\square \)

Claim 25.11

In \(H'\), if an operation \(\textit{op}\) returns a non-\(\bot \) value v, then v was proposed by \(\textit{op}\) or by an operation that precedes \(\textit{op}\) in \(\mathcal {L}\).

Proof

If \(\textit{op}\) is in \(\mathcal {S}_3\), then the claim holds by Claim 25.10. So suppose \(\textit{op}\) is not in \(\mathcal {S}_3\).

Since \(\textit{op}\) returns a non-\(\bot \) value, \(\textit{op}\) is not in \(\mathcal {S}_1\). So \(\textit{op}\) is in \(\mathcal {S}_2\). Thus by Claim 25.5, \(\textit{op}\) returns \(v = v_{\textit{first}}\).

By definition, \(v_{\textit{first}}\) is the earliest non-\(\bot \) value returned in H, so there is a complete operation \(\textit{op}'\) in H that returns \(v \ne \bot \). Thus, by the definition of \(\mathcal {S}_3\), \(\textit{op}'\) is in \(\mathcal {S}_3\).

Then by Claim 25.10, since the operation \(\textit{op}'\) in \(\mathcal {S}_3\) returns v, v was proposed by \(\textit{op}'\) or by an operation \(\textit{op}''\) that precedes \(\textit{op}'\) in the ordering \(\mathcal {L}_3\) of \(\mathcal {S}_3\). Now recall that \(\mathcal {L} = \mathcal {L}_3 \mathcal {L}_2 \mathcal {L}_1\), so in \(\mathcal {L}\), all operations in \(\mathcal {S}_3\) precede all operations in \(\mathcal {S}_2\). Thus v is proposed by an operation in \(\mathcal {S}_3\) that precedes \(\textit{op}\) in the ordering \(\mathcal {L}\) since \(\textit{op}\) is in \(\mathcal {S}_2\). \(\square \)

Claim 25.12

In \(H'\), there are at most k distinct non-\(\bot \) return values.

Proof

By Claim 25.3, in H, there are at most k distinct non-\(\bot \) return values. It suffices to observe that in the completion \(H'\) of H, each incomplete operation in H is either removed in \(H'\) or completed in \(H'\) with the same return value as some complete operation in H. \(\square \)

We next show that the ordering \(\mathcal {L}\) satisfies (L2).

Claim 25.13

The sequence of values returned by the operations in \(\mathcal {L}\) respects the sequential specification of the (n, k)-SAS object.

Proof

Let \(\textit{op}\) be an arbitrary operation in \(H'\). There are two cases: either there are fewer than n operations that precede \(\textit{op}\) in \(\mathcal {L}\), or there are at least n operations that precede \(\textit{op}\) in \(\mathcal {L}\).

Case A There are fewer than n operations that precede \(\textit{op}\) in \(\mathcal {L}\).

Then let v be the value proposed by \(\textit{op}\), and \(v'\) be the value returned by \(\textit{op}\). According to the sequential specification of the (n, k)-SAS object, the return value \(v'\) of \(\textit{op}\) should be such that the following hold:

1. (a)

   \(v' \ne \bot \),

2. (b)

   \(v'\) is in \(V_\textit{in}\cup \{v\}\),

3. (c)

   \(|V_\textit{out}\cup \{v'\}| \le k\),

where \(V_\textit{in}\) and \(V_\textit{out}\) refer to the state of the (n, k)-SAS object after the sequence of operations preceding \(\textit{op}\) in \(\mathcal {L}\) is applied to the object.

We first show that (a) holds. Suppose, for contradiction, that \(v' = \bot \). So \(\textit{op}\) returns \(\bot \) in \(H'\). Thus by the definition of \(\mathcal {S}_1\), \(\textit{op}\) is in \(\mathcal {S}_1\). Then since \(\mathcal {L} = \mathcal {L}_3 \mathcal {L}_2 \mathcal {L}_1\), and there are fewer than n operations that precede \(\textit{op}\) in \(\mathcal {L}\), there are fewer than n operations in \(\mathcal {L}_3 \mathcal {L}_2\).

By Claim 25.6, since \(\textit{op}\) is in \(\mathcal {S}_1\), \(\textit{op}\) receives an integer greater than n from \(\mathcal {F}\). Since \(\mathcal {F}\) is a fetch & increment object, for all \(i \in [1 ..\, n]\) there is an operation that receives i from \(\mathcal {F}\) in H. Recall that in the completion \(H'\) of H, an incomplete operation in H is removed only if it does not receive an integer in \([1 ..\, n]\) from \(\mathcal {F}\). So these n operations are all in \(H'\). Furthermore, by Claim 25.6, these n operations that receive integers in \([1 ..\, n]\) from \(\mathcal {F}\) are not in \(\mathcal {S}_1\). Thus these n operations are in either \(\mathcal {S}_2\) or \(\mathcal {S}_3\) — contradicting that there are fewer than n operations in \(\mathcal {L}_3 \mathcal {L}_2\). So \(v' \ne \bot \).

We now show that (b) also holds. By Claim 25.11, since \(\textit{op}\) returns \(v' \ne \bot \), \(v'\) was proposed by \(\textit{op}\) or by an operation that precedes \(\textit{op}\) in \(\mathcal {L}\). By the sequential specification of the (n, k)-SAS object, \(V_\textit{in}\cup \{v\}\) is the set of all values proposed by \(\textit{op}\) and the operations that precede \(\textit{op}\) in \(\mathcal {L}\). Thus \(v'\) is in \(V_\textit{in}\cup \{v\}\).

We now show that (c) also holds. By Claim 25.12, in \(H'\), there are at most k distinct non-\(\bot \) return values. By the sequential specification of the (n, k)-SAS object, \(V_\textit{out}\cup \{v'\}\) is the set of all non-\(\bot \) values returned by \(\textit{op}\) and the operations that precede \(\textit{op}\) in \(\mathcal {L}\). Thus \(|V_\textit{out}\cup \{v'\}| \le k\).

Case B There are at least n operations that precede \(\textit{op}\) in \(\mathcal {L}\).

Then according to the sequential specification of the (n, k)-SAS object, \(\textit{op}\) should return \(\bot \). By Claim 25.7, every operation in \(\mathcal {S}_2 \cup \mathcal {S}_3\) receives an integer in \([1 ..\, n]\) from \(\mathcal {F}\). So there are at most n operations in \(\mathcal {L}_3 \mathcal {L}_2\). Thus, since \(\mathcal {L} = \mathcal {L}_3 \mathcal {L}_2 \mathcal {L}_1\) and there are at least n operations that precede \(\textit{op}\) in \(\mathcal {L}\), \(\textit{op}\) is in the ordering \(\mathcal {L}_1\) of \(\mathcal {S}_1\). So by the definition of \(\mathcal {S}_1\), \(\textit{op}\) returns \(\bot \) in \(H'\). \(\square \)

By Claim 25.9 and Claim 25.13, \(\mathcal {L}\) satisfies (L1) and (L2) in Case 2. Thus, in both cases, H is linearizable with respect to the sequential specification of (n, k)-SAS. This completes the proof of Theorem 25. \(\square \)

By Observation 24 and Theorem 25, we have:

Corollary 26

For all \(n \ge 1\) and \(k \ge 1\), (a) the (n, k)-SAS object can be used to solve the (n, k)-set agreement problem, and (b) the (n, k)-SAS object can be implemented from fetch & increment objects, registers, and any solution to the (n, k)-set agreement problem.

We now prove Theorem 17, restated here:

Theorem 17 Let\(\mathcal {C}\)be any set of set agreement problems that contains the (2, 1)-set agreement problem. Then there exists a linearizable objectOsuch that:

1. (a)

   Oand registers can be usedto solve every problem in\(\mathcal {C}\).

2. (b)

   Ocan be implemented using registers and arbitrary solutions to every problem in\(\mathcal {C}\).

Proof

Let \(\mathcal {C}_{\text {SAS}}\) be the set of SAS objects where for all \(n \ge 1\) and \(k \ge 1\), \(\mathcal {C}_{\text {SAS}}\) contains the (n, k)-SAS object if and only if \(\mathcal {C}\) contains the (n, k)-set agreement problem. Thus by Corollary 26 (a) the objects in \(\mathcal {C}_{\text {SAS}}\) can be used to solve every problem in \(\mathcal {C}\), and (b) every object in \(\mathcal {C}_{\text {SAS}}\) can be implemented using fetch & increment objects, registers, and arbitrary solutions to every problem in \(\mathcal {C}\). Since \(\mathcal {C}\) contains the (2, 1)-set agreement problem, and fetch & increment objects can be implemented from any solution for the (2, 1)-set agreement problem and registers [3, 4], we have:

Observation 17.1

(a) the objects in \(\mathcal {C}_{\text {SAS}}\) can be used to solve every problem in \(\mathcal {C}\), and (b) every object in \(\mathcal {C}_{\text {SAS}}\) can be implemented using registers and arbitrary solutions to every problem in \(\mathcal {C}\).

Next, note that since set agreement problems are defined by two parameters n and k ranging from 1 to \(\infty \), there are only countably many distinct set agreement problems. Thus the problems in \(\mathcal {C}\) (and hence the objects in \(\mathcal {C}_{\text {SAS}}\)) can be enumerated. For all \(x \in [1 .. |\mathcal {C}_{\text {SAS}}|]\), let \(\mathcal {C}_{\text {SAS}}[x]\) denote the x-th object in \(\mathcal {C}_{\text {SAS}}\), in some enumeration of \(\mathcal {C}_{\text {SAS}}\), and let \(n_x\) and \(k_x\) be such that \(\mathcal {C}_{\text {SAS}}[x]\) is the \((n_x,k_x)\)-SAS object.

We now define an object \(O\) that combines all of objects in \(\mathcal {C}_{\text {SAS}}\) as follows: for each \(x \in [1 ..\, |\mathcal {C}_{\text {SAS}}|]\), \(O\) supports the \(\textsc {prop}(v,x)\) operation, which behaves identically to the \(\textsc {prop}(v)\) operation on \(\mathcal {C}_{\text {SAS}}[x]\). The state of \(O\) is a tuple \((\textit{count}[1 .. |\mathcal {C}_{\text {SAS}}|],V_\textit{in}[1 .. |\mathcal {C}_{\text {SAS}}|],V_\textit{out}[1 ..\, |\mathcal {C}_{\text {SAS}}|])\), where for all \(x \in [1 .. |\mathcal {C}_{\text {SAS}}|]\), \(\textit{count}[x]\) is the number of \(\textsc {prop}(-,x)\) operations that have been applied, \(V_\textit{in}[x]\) is the set of values proposed by the first \(n_x\) of these operations, and \(V_\textit{out}[x]\) is the set of values returned by the first \(n_x\) of these operations. Initially, for all \(x \in [1 .. |\mathcal {C}_{\text {SAS}}|]\), \(\textit{count}[x] = 0\), \(V_\textit{in}[x] = \{\}\), and \(V_\textit{out}[x] = \{\}\). The sequential behaviour of the \(O\) object is given in Fig. 5.

Fig. 5

Sequential specification of the \(O\) object

From the above, it is clear that the sequential specification of the \(O\) object can be given in terms of a set of states, a set of operations, a set of responses, and a state transition relation. The \(O\) object is linearizable, i.e., the \(\textsc {prop}(-,-)\) operation appears to be atomic [16]. Thus, we consider only sequential histories of this object.

The \(O\) object is equivalent to the collection of objects in \(\mathcal {C}_{\text {SAS}}\); more precisely:

Claim 17.2

(a) \(O\) can be used to implement every object in \(\mathcal {C}_{\text {SAS}}\), and (b) \(O\) can be implemented from the objects in \(\mathcal {C}_{\text {SAS}}\).

Proof

(a): Algorithm 3 shows how an \(O\) object can be used to implement any object \(\mathcal {C}_{\text {SAS}}[x]\) in \(\mathcal {C}_{\text {SAS}}\). To perform an operation \(\textsc {prop}(v)\) on \(\mathcal {C}_{\text {SAS}}[x]\), a process simply performs a \(\textsc {prop}(v,x)\) operation on \(O\) and returns the return value. The correctness of this trivial implementation is straightforward.

(b): Algorithm 4 shows how the objects in \(\mathcal {C}_{\text {SAS}}\) can be used to implement the \(O\) object. To perform an operation \(\textsc {prop}(v,x)\) on \(O\), a process simply performs a \(\textsc {prop}(v)\) operation on the \(\mathcal {C}_{\text {SAS}}[x]\) of \(\mathcal {C}_{\text {SAS}}\) and returns the return value. The correctness of this direct implementation is also straightforward. \(\square \)

Claim 17.2 and Observation 17.1 immediately imply Theorem 17. \(\square \)