<div>Sayantan,</div><div><br></div><div>Thanks for presentation of an alternative proposal. Alternative proposals are invaluable in helping the group work towards a more refined final proposal for the forum.</div><div><br>
</div><div>I do have some questions, comments, and concerns about your proposal detailed below by section. </div><div><br></div><div>Thanks,</div><div>Josh</div><div><br></div><div>(1) Consider a communicator with 1 million processes and 10 die. Would you rather reason about 10 dead or (1M-10) alive? At some point it does not matter much, but for the common case where the number of failures is much less than the size of the MPI universe then it is computationally easier to reason about the set of failed. What is the exact meaning of "is_ok"?</div>
<div><br></div><div>(2) The phrase "collectively active/inactive" is bad - as illustrated by the reaction in the meeting. For the discussion consider a MPI_Reduce(). The root may be connected to alive processes in a tree structure, and is waiting patiently for a result. Somewhere in the tree a process fails before entering the MPI_Reduce(). Is it valid for the root to wait forever - locally observed behavior is a hang? or must the processes in the tree propagate the error - locally observed behavior is a transitive error? So considering that situation what must we say in the MPI standard about collective operations?</div>
<div><br></div><div>(3) I'm fine with removing most of the failure detector statement if that is what the group wants. It served its purpose as a method to ground the semantics. I feel it is useful to keep in (it is precise and well grounded in theory), but if it has become distracting then we can consider removing it. I'm concerned with the language that "requests may complete with MPI_ERR_PROC_FAIL_STOP" as a way to allude to the option of MPI being able to delay notification. The wording also leaves open the opportunity for an implementation to wait forever to deliver the failure notification thus hanging the program. That is one of the nice aspects of stating explicitly that eventually every process -may- know of the failure, and that communication will complete (as stated in each of the subchapters). But that conversation tends to come back around to well we should make an explicit statement like we have in the document now...</div>
<div><br></div><div>(4) Yeah I think Failure Handlers are distracting the conversation, and we should consider bringing them in separately. It would be useful to have a notification of process failure -not- tied to the current MPI call context. Which is what the failure handlers were meant to do. However the following question is what can a user do inside a failure handler, which is what lead to the discussion of the different modes, calling order, ... There is a strong use case for these from UTK to which they can elaborate better than I.</div>
<div><br></div><div>(5) So you are proposing the MPI_ANY_SOURCE receives -never- return in error, even if the only process alive in the communicator is the calling process? You suggest that an application should call MPI_Comm_check/validate before calling the MPI_Recv(ANY)? What if a failure occurs between these two operations that would have changed the decision of the application to post the MPI_Recv(ANY) - e.g., the caller is the only process left in the communicator? There remains problems with threading, but much of those problems are derived from the above questions.</div>
<div><br></div><div>(6) ok</div><div><br></div><div>(7) I do not really follow why MPI_Comm_check is better than _validate? Can you elaborate? How does an Allreduce provide you the same semantic guarantees as a MPI_Comm_check/validate? A process might have failed in the tree during the result distribution phase causing dependent processes to fail the Allreduce operation. The point is that MPI_Allreduce is not a fault tolerant agreement algorithm, MPI_Comm_check/validate is. They may have the same failure free complexity, but they are semantically different.</div>
<div><br></div><div>(8) The reason we want to allow for the option of reusing a communicator with holes in the membership is for application indexing. This was something that applications requested as many of them use the rank in the communicator to calculate offsets into data structures or participation in the operation. So keeping their rank was seen as important. An application that wants to can create a new communicator with only the alive ranks, but is not required to do so. A different tact, MPI_COMM_WORLD will have holes in it upon process failure, so is it valid to call a collective operation (like MPI_Comm_create) over it to get the new shrunken communicator?</div>
<div><br></div><div>(9) Applications may want to keep track of failed processes for application indexing, as just mentioned, but also for later recovery (you need to know who failed if you are going to recover them).</div>
<div><br></div><div>(10) I don't think the semantics for MPI_Comm_size are odd at all. MPI_Comm_size returns the total size of the communicator, a value that is often used to setup data structures of appropriate size and to reason about the extent to names in the communicator. So, since communicators have a static size, MPI_Comm_size should always return that static size. If you only track the alive processes, how do you know from which you should recover?</div>
<div><br></div><div>(11) So communicator creation should still be 'transactional' - meaning that it returns uniformly at all processes?</div><div><br></div><br><div class="gmail_quote">On Fri, Jan 13, 2012 at 4:41 PM, Sur, Sayantan <span dir="ltr"><<a href="mailto:sayantan.sur@intel.com">sayantan.sur@intel.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal">FT WG,<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I would like to thank Josh for enduring the marathon plenary presentation! It was truly commendable.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Based on the Forum feedback and vote, it is apparent that there are some significant issues. Primarily due to several new concepts and terms, that the larger Forum does not believe to be required, OR present implementation challenges for
the rest of MPI library.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I would like to argue for a simplified version of the proposal that covers a large percentage of use-cases and resists adding new “features” for the full-range of ABFT techniques. It is good if we have a more pragmatic view and not sacrifice
the entire FT proposal for the 1% fringe cases. Most apps just want to do something like this:<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">for(… really long time …) {<u></u><u></u></p>
<p class="MsoNormal"> MPI_Comm_check(work_comm, &is_ok, &alive_group);<u></u><u></u></p>
<p class="MsoNormal"> if(!is_ok) {<u></u><u></u></p>
<p class="MsoNormal"> MPI_Comm_create_group(alive_group, …, &new_comm);<u></u><u></u></p>
<p class="MsoNormal"> // re-balance workload and use new_comm in rest of computation<u></u><u></u></p>
<p class="MsoNormal"> MPI_Comm_free(work_comm); // get rid of old comm<u></u><u></u></p>
<p class="MsoNormal"> work_comm = new_comm;<u></u><u></u></p>
<p class="MsoNormal"> } else {<u></u><u></u></p>
<p class="MsoNormal"> // continue computation using work_comm<u></u><u></u></p>
<p class="MsoNormal"> // if some proc failed in this iteration, roll back work done in this iteration, go back to loop<u></u><u></u></p>
<p class="MsoNormal"> }<u></u><u></u></p>
<p class="MsoNormal">}<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Here are some modifications I would like to propose to the current chapter (in order as these concepts/terms appear in the text):<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p><u></u><span>1.<span style="font:7.0pt "Times New Roman"">
</span></span><u></u>Remove concept of “recognized failed” processes. As was pointed out in the meeting, we don’t really care about the failed processes, rather the alive ones. Accordingly, rename MPI_Comm(win/file)_validate() to MPI_Comm(win/file)_check(MPI_Comm
comm, int * is_ok, MPI_Group * alive_group);<u></u><u></u></p>
<p><u></u><span>2.<span style="font:7.0pt "Times New Roman"">
</span></span><u></u>Remove concept of “collectively inactive/active”. This doesn’t really bring anything to the table, rather conflicts with existing definition of collectives. MPI defines collectives as being equivalent of a series of point-to-point calls.
As per that definition, if the point-to-point calls succeed (i.e. the corresponding processes are alive), then as locally observed, collective call has also succeeded. As far as the application is concerned as long as the local part of collective is complete
successfully, it is OK. If they want to figure out global status, they can always call MPI_Comm_check() or friends.<u></u><u></u></p>
<p><u></u><span>3.<span style="font:7.0pt "Times New Roman"">
</span></span><u></u>Eventually perfect failure detector/strongly complete/strongly accurate/etc: We replace this discussion (even remove much of 17.3) with a much more straight-forward requirement – “Communication with a process completes with either success
or error. In case of communication with failed processes, communication calls and requests may complete with MPI_ERR_PROC_FAILSTOP.” Note that MPI standard requires all communication to complete before calling MPI_Finalize – therefore, the first part of this
requirement is nothing new. The second part indicates that there is no guarantee that communication with a failed process *<b>will</b>* fail. Messages may have been internally buffered before the real failure may still be delivered per existing MPI semantics.<u></u><u></u></p>
<p style="margin-left:1.0in">
<u></u><span>a.<span style="font:7.0pt "Times New Roman"">
</span></span><u></u>This does raise the question from implementers: “When do I mark requests as MPI_ERR_PROC_FAILSTOP? How long do I wait?” The answer completely depends on the implementation. Obviously, there is some requirement to deal with process launcher
runtime. In some implementations with connected mode may be able to leverage hw or os techniques to detect connections that have gone down. MPI implementations using connection-less transports may need additional work. However, *<b>none</b>* of this is new
work/concepts. As far as possible, we should talk minimally about what the MPI implementation might do to achieve this.<u></u><u></u></p>
<p><u></u><span>4.<span style="font:7.0pt "Times New Roman"">
</span></span><u></u>Remove process failure handlers – 17.5.1, 17.5.2, 17.5.3, 17.5.4. The only way to find out if something failed is to call MPI_Comm_check() and friends. This removes a whole lot of complexity with failure handlers. Fail handlers can be
emulated over this interface as a library. We may consider them for MPI-3.1 (or 4).<u></u><u></u></p>
<p><u></u><span>5.<span style="font:7.0pt "Times New Roman"">
</span></span><u></u>Point-to-point communication: Remove the concept of MPI_ERR_ANY_SOURCE_DISABLED and corresponding calls to re-enable any source. The concept of disabling ANY_SOURCE is counter-intuitive. When an app/lib posts a recv with ANY_SOURCE,
it is specifically telling the MPI library that *<b>any</b>* source is OK and implicitly means that if some senders are unable to send, application/lib does not care! Master/slave type of applications wishing to use FT features can periodically call MPI_Comm_check().
Additionally, if the master tries to send to the dead process, it may get an error. My guess is that master/slave type of apps are among the most resilient, and some even work with the current standard (MPI_ERRORS_RETURN). A benefit of removing this restriction
is that we no longer have the threading complexities of re-enabling any source using reader/writer locks
<span style="font-family:Wingdings">J</span> Therefore, we can remove 17.6.3.<u></u><u></u></p>
<p><u></u><span>6.<span style="font:7.0pt "Times New Roman"">
</span></span><u></u>Retain MPI_Comm_drain() and MPI_Comm_idrain() as they provide useful functionality.<u></u><u></u></p>
<p><u></u><span>7.<span style="font:7.0pt "Times New Roman"">
</span></span><u></u>Collective communication: Rename comm_validate() to comm_check() as per discussion above. We can keep comm_check_multiple() as it provides useful functionality for overlapping communicators by reducing overhead to check them. We can
retain much of 17.7.2 while removing references to “collectively inactive”. If the output of collective depends on contribution from a failed process, then obviously, the collective fails. This is in keeping with point-to-point semantics – one cannot receive
any data from a failed process. Keep in mind if the contribution from failed process may have arrived before it failed – and that is OK (not flagged as failure). Some collectives, such as MPI_Bcast, may succeed even if processes down the bcast tree have failed
as sends may simply be buffered. The app/lib will only know if a collective was a global success by either performing an Allreduce after the collective OR calling comm_check(). In any case, it is left to app/lib and not MPI to report failures of processes
the library didn’t try to communicate with during this op.<u></u><u></u></p>
<p><u></u><span>8.<span style="font:7.0pt "Times New Roman"">
</span></span><u></u>I am proposing that once a collective fails with MPI_ERR_PROC_FAIL_STOP, all subsequent collectives on that comm fail immediately with MPI_ERR_PROC_FAIL_STOP. App/lib needs to use MPI_Comm_create_group() to fork off a new comm of live
procs and continue with it. This is a deviation from the current proposal that allows collectives on bad comms (after re-enabling collectives) and keeps 0s as contributions. I am aware that this might not fully satisfy all use cases (although at this point
of time, I cannot think of any), but in a broader view, we could think this of as a compromise to reduce complexity.<u></u><u></u></p>
<p><u></u><span>9.<span style="font:7.0pt "Times New Roman"">
</span></span><u></u>Example 17.4 changes only slightly to call comm_check() and then split off the new communicator. Why keep failed procs in the communicator anyways?<u></u><u></u></p>
<p><u></u><span>10.<span style="font:7.0pt "Times New Roman"">
</span></span><u></u>Note that this change in semantics allows us to bypass the question raised: “Why does comm_size() on a communicator with failed procs still return the old value- alive_ranks + failed_ranks?” As I mentioned before, this is odd, and we
should encourage app/lib to only deal with known alive ranks. The current proposal does the reverse – forces app to keep track of “known failed”. This causes confusion!<u></u><u></u></p>
<p><u></u><span>11.<span style="font:7.0pt "Times New Roman"">
</span></span><u></u>Process topologies 17.9 – should change to say that we can only use communicators with live ranks. i.e. if you know your comm was bad, split off a new comm with live ranks. During the op, some ranks may fail – and that is OK since MPI_ERR_PROC_FAIL_STOP
will be raised. This is mentioned in the current proposal.<u></u><u></u></p>
<p><u></u><span>12.<span style="font:7.0pt "Times New Roman"">
</span></span><u></u>Similar changes in semantics to windows and files.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Please let me know if I overlooked some corner cases or I have mis-interpreted the text of the current chapter. I gave it some thought, but WG knows best!<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Thanks!<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">===<u></u><u></u></p>
<p class="MsoNormal">Sayantan Sur, Ph.D.<u></u><u></u></p>
<p class="MsoNormal">Intel Corp.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<br>_______________________________________________<br>
mpi3-ft mailing list<br>
<a href="mailto:mpi3-ft@lists.mpi-forum.org">mpi3-ft@lists.mpi-forum.org</a><br>
<a href="http://lists.mpi-forum.org/mailman/listinfo.cgi/mpi3-ft" target="_blank">http://lists.mpi-forum.org/mailman/listinfo.cgi/mpi3-ft</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Joshua Hursey<br>
Postdoctoral Research Associate<br>Oak Ridge National Laboratory<br><a href="http://users.nccs.gov/~jjhursey" target="_blank">http://users.nccs.gov/~jjhursey</a><br>