Papers
Topics
Authors
Recent
Search
2000 character limit reached

Bounded Bypass: Concepts and Applications

Updated 6 July 2026
  • Bounded bypass is a domain-specific constraint that ensures processes or operations complete within a well-defined, bounded delay across various applications.
  • It is used in mutual exclusion to enforce fairness by limiting the number of overtakes before a waiting process enters the critical section, often with tight quadratic bounds.
  • In contexts like protected-library OS design, quantum key distribution, and neural models, bounded bypass guarantees predictable performance and mitigates circumvention risks.

Searching arXiv for recent and relevant uses of “bounded bypass” and closely related literature. Using arXiv search to identify papers directly relevant to “bounded bypass.” Bounded bypass is a domain-dependent technical term used for several distinct but structurally related constraints on circumvention. In mutual exclusion, it is a liveness property stronger than starvation-freedom: every process that invokes lock\mathit{lock} must enter the critical section after losing at most f(n)f(n) competitions from the completion of the first instruction of the lock\mathit{lock} (Glabbeek et al., 17 Jun 2026). In protected-library operating-system design, it denotes the requirement that every protected library call complete in modest, bounded time even while providing kernel-bypass I/O (Beadle et al., 2 Sep 2025). In satellite quantum key distribution, it refers to scenarios in which Eve’s access to the optical signal is physically bounded, so that a known fraction of the transmission bypasses her entirely (Ghalaii et al., 2022, Wooltorton et al., 23 Mar 2026). In graph-based neural marketing mix models, it appears as “attribution bypass,” together with a framework that bounds decoder-side circumvention of a supplied graph (Wang et al., 10 Jun 2026).

1. Formal meaning in mutual exclusion

The most explicit definition of bounded bypass appears in concurrent algorithms. Earlier treatments by Silberschatz–Galvin–Gagne, Taubenfeld, and Raynal described the idea informally as a bound on how many times other processes may enter the critical section before a waiting process does. The 2026 treatment by Goubault-Larrecq, Sznajder, and Stainer sharpens this into a standalone liveness property and shows that Raynal’s formulation is false as stated: a “protocol” whose lock\mathit{lock} is await false has no wins and hence no lost competitions, so Raynal’s condition is vacuously satisfied although the protocol is neither deadlock-free nor starvation-free. To avoid trivialization, the moment from which bypasses are counted is fixed to the completion of the first instruction of lock\mathit{lock}, and that first instruction must be a write to shared memory (Glabbeek et al., 17 Jun 2026).

In this setting, a process loses a competition when another process enters its critical section while the first process’s overlapping lock\mathit{lock} remains pending. Bounded bypass therefore quantifies unfair overtaking, rather than merely eventual entry. The same paper introduces two weaker notions that sit strictly between starvation-freedom and full bounded bypass.

Notion Counting window Guarantee
Bounded bypass From completion of the first instruction of lock\mathit{lock} Entry after at most f(n)f(n) lost competitions
Post-doorway bounded bypass From completion of a bounded doorway Entry after at most f(n)f(n) lost competitions
Intermittent bounded bypass Outside at most h(n)h(n) interrupting assignments Entry after at most f(n)f(n)0 lost competitions

The hierarchy proved in that work is asymmetric. Bounded bypass implies both post-doorway bounded bypass and intermittent bounded bypass; each of those implies starvation-freedom; starvation-freedom implies deadlock-freedom. All other non-drawn implications are shown not to hold. Dekker’s algorithm separates starvation-freedom from the stronger notions: it is starvation-free with atomic registers, yet it does not satisfy bounded bypass, and its structure prevents the doorway trick from rescuing it. Anderson’s two-process algorithm shows the opposite phenomenon: it fails full bounded bypass, because a slow process can be overtaken unboundedly often after its first instruction, but with a suitable bounded doorway it satisfies post-doorway bounded bypass (Glabbeek et al., 17 Jun 2026).

2. Generic transformations and quantitative bounds

A central result is that Yoah Bar-David’s 1998 wrapper algorithm upgrades any deadlock-free mutual exclusion protocol f(n)f(n)1 into a protocol with stronger liveness. The wrapper uses Boolean registers f(n)f(n)2 and a shared register f(n)f(n)3. A process first executes f(n)f(n)4, then spins until either f(n)f(n)5 or f(n)f(n)6, and only then calls f(n)f(n)7. On exit, it clears f(n)f(n)8, possibly advances f(n)f(n)9, and calls lock\mathit{lock}0 (Glabbeek et al., 17 Jun 2026).

With atomic registers, the wrapper yields full bounded bypass. The exact theorem states that once a process completes its first write lock\mathit{lock}1, it enters the critical section after losing at most

lock\mathit{lock}2

competitions. The proof relies on the notion that lock\mathit{lock}3 is stably lock\mathit{lock}4: if lock\mathit{lock}5 and lock\mathit{lock}6, then no other process can progress from line 3 to line 8 until lock\mathit{lock}7 executes lock\mathit{lock}8. From that state, at most one other critical-section entry per competing process can still occur before lock\mathit{lock}9 enters. The quadratic bound is tight; the paper constructs executions with exactly lock\mathit{lock}0 bypasses (Glabbeek et al., 17 Jun 2026).

With safe or regular registers, the same wrapper cannot guarantee full bounded bypass. The paper gives a counterexample in which overlapping writes to lock\mathit{lock}1 allow one process to be bypassed unboundedly often. Nevertheless, the wrapper still ensures intermittent bounded bypass with explicit quadratic bounds: lock\mathit{lock}2 That is, each lock\mathit{lock}3 reaches the critical section after at most lock\mathit{lock}4 counted bypasses outside at most lock\mathit{lock}5 interrupting assignments. This distinction is substantive: intermittent bounded bypass is not merely a proof artifact, but a strictly weaker property tailored to weak-register semantics (Glabbeek et al., 17 Jun 2026).

The same work also gives modal lock\mathit{lock}6-calculus formulae for bounded bypass, post-doorway bounded bypass, and intermittent bounded bypass, and uses model checking to validate the bounds and expose definition-level ambiguities. This leads to tighter atomic bounds and a corrected treatment of interrupting assignments in the weak-register case (Glabbeek et al., 17 Jun 2026).

3. Bounded-time kernel bypass in protected-library operating systems

In systems work, “bounded bypass” names a different problem: how to obtain fast kernel-bypass I/O while ensuring that every protected operation completes within a predictable bound. The protected-library model studied in Hodor places hardware, a modified Linux 5.4 kernel with Hodor support, the protected library, and a trusted daemon in the trusted computing base, while all applications using the library remain untrusted. Because Hodor delays signals and termination while any thread executes inside a protected library, every protected library call must complete in modest, bounded time; otherwise the kernel cannot safely reclaim failed processes (Beadle et al., 2 Sep 2025).

The design rule is explicit: a protected library call must never do anything that may take more than the bounded time guaranteed by the kernel. This excludes unbounded blocking, unbounded spinning, and dependence on events not guaranteed to occur within a known bound. The kernel model assumes a published maximum bound lock\mathit{lock}7, conceptually summarized as

lock\mathit{lock}8

If a call overruns lock\mathit{lock}9, the kernel treats the library as buggy and terminates all its clients “with prejudice” (Beadle et al., 2 Sep 2025).

The key programming pattern is “wait outside, act inside.” Bounded work is performed inside the protected library; any unbounded wait is pushed into untrusted wrapper code, typically using futex(FUTEX_WAIT). The library may return a futex address when progress is impossible; the wrapper sleeps outside the protected domain and later re-enters the library for another bounded step. This supports synchronous semantics without violating reclaimability. The same principle governs coarse-grained operations, bounded loops over messages or readers, futex-based cross-process wakeup, and eager notification (Beadle et al., 2 Sep 2025).

The paper couples this bounded-time discipline with additional mechanisms: permanent buffers to prevent the “buffer unmapping attack,” a trusted daemon for asynchronous events and dynamic interrupt/polling switching, and MPK/PKU-based isolation of the protected heap. In the HodorDDS prototype, this architecture yields approximately lock\mathit{lock}0 lower latency and up to lock\mathit{lock}1 throughput relative to FastDDS, with lower CPU utilization. The authors describe the result as the first successful sharing of a kernel-bypass NIC among mutually untrusting applications (Beadle et al., 2 Sep 2025).

4. Bypass channels in quantum key distribution

In satellite QKD, bounded bypass refers to a restricted-eavesdropping model in which Eve can collect only a bounded fraction lock\mathit{lock}2 of Alice’s optical field, while the remainder enters a mode lock\mathit{lock}3 that bypasses Eve and may still contribute to Bob’s detection statistics. The 2022 continuous-variable analysis models this by inserting a beam splitter between Alice and Eve and treating the bypass arm as inaccessible to Eve but not necessarily characterized by Alice and Bob. The 2026 discrete-variable framework adopts the same physical picture and makes the bypass constraint explicit through the marginal condition

lock\mathit{lock}4

which fixes the reduced state on lock\mathit{lock}5 independently of Eve’s attack on lock\mathit{lock}6 (Ghalaii et al., 2022, Wooltorton et al., 23 Mar 2026).

This setting changes the structure of worst-case security proofs. In the 2022 work, scenario (a) includes an unknown bypass channel, while scenario (b) replaces that branch with a vacuum map inside enlarged trusted Alice/Bob boxes. For finite-key security, the rate in the true bypass scenario is upper-bounded by the rate in the simpler trusted-loss model,

lock\mathit{lock}7

because the feasible attack set in the bypass scenario is larger. The same paper also gives a generic lower bound in direct reconciliation,

lock\mathit{lock}8

where lock\mathit{lock}9 is the mode just after the first beam splitter and before Eve’s action (Ghalaii et al., 2022).

The later numerical framework for discrete-variable protocols asks when the physical bypass actually improves key rates. Its main structural observation is that the bounded Eve never acts on mode lock\mathit{lock}0, so the optimization can be written as a constrained minimization over lock\mathit{lock}1 with both observational constraints and the fixed-lock\mathit{lock}2 marginal. The numerical results support a negative and a positive conclusion. First, they numerically support the conjecture that BB84 with single photons does not improve under bypass constraints. Second, they identify regimes that do improve: detector efficiency mismatch and BB84 with weak coherent pulses under certain squashing assumptions (Wooltorton et al., 23 Mar 2026).

The 2022 protocol-specific analysis reaches a related conclusion for satellite links. It shows that bounded Eve can considerably improve performance, and that even BB84 with weak coherent pulses can offer positive key rates at high channel losses in regimes where unrestricted-Eve analysis gives none. A distinctive effect is that Alice may choose larger optimal pulse intensities than under an unrestricted Eve, effectively reducing the operational burden of loss. Thus, in QKD, bounded bypass is neither merely trusted loss nor merely partial interception; it is a constrained attack model in which an Eve-inaccessible branch materially affects the admissible attack set and the attainable rate region (Ghalaii et al., 2022, Wooltorton et al., 23 Mar 2026).

5. Bounded decoder bypass in graph-based neural MMM

A recent and conceptually different use appears in graph-based neural marketing mix models. There, “attribution bypass” denotes a failure mode in which a high-capacity decoder achieves low forecasting error while routing little or none of its actual predictive influence through the graph that is later presented as the attribution object. The DICE-MMM framework explicitly does not claim that observational neural MMM identifies causal effects; instead, it separates graph recovery, forecasting accuracy, and graph-aligned perturbation-induced influence (Wang et al., 10 Jun 2026).

The architecture is deliberately two-stage. Stage 1 trains a graph encoder with a restricted graph-mediated decoder, so that gradients improving prediction must leverage the graph rather than dense decoder shortcuts. Stage 2 freezes the selected encoder and trains a graph-safe latent decoder whose cross-node communication must pass through the supplied graph. Decoder use is then evaluated with CIG, AR-CIG, and graph-swap tests (Wang et al., 10 Jun 2026).

The paper’s central empirical point is that low forecasting error is not an attribution certificate. In the sparse-target benchmark, no-graph and full-graph decoders achieve MSE@7 around lock\mathit{lock}3 while AR-CIG nAUPRC remains near or below zero, whereas an oracle graph reaches lock\mathit{lock}4 at comparable MSE. Frozen graph-swap testing further localizes the bottleneck: the same DICE-hard-trained decoder moves from nAUPRC lock\mathit{lock}5 under learned graph inputs to lock\mathit{lock}6 with the oracle graph. The unresolved failure is therefore not forecasting capacity or the decoder’s ability to use a graph, but graph-support selection (Wang et al., 10 Jun 2026).

In this literature, “bounded bypass” is a diagnostic and architectural discipline rather than a classical liveness or security property. Dense cross-node communication, target autoregression, co-movement, context, and latent memory are treated as bypass mechanisms. DICE bounds them by freezing the encoder, constraining cross-node communication to the supplied adjacency, and measuring perturbation-induced influence separately from MSE (Wang et al., 10 Jun 2026).

6. Distinct but neighboring uses of “bypass”

The phrase should not be conflated with several technically unrelated “bypass” notions. In microarchitectural security, “Bounds Check Bypass” is Spectre v1: speculative execution bypasses a bounds check and leaks secrets through microarchitectural state. That literature studies data-dependency mitigations, such as LAHF-based dependencies and Speculative Load Hardening, and reports approximately lock\mathit{lock}7 overhead across Phoenix versus lock\mathit{lock}8 slowdown for pervasive LFENCE-based serialization (Oleksenko et al., 2018).

In fluid mechanics, “bypass transition” refers to transition to turbulence that bypasses the classical Tollmien–Schlichting route. One line of work models spot nucleation in boundary layers above a flat plate under free-stream turbulence using a threshold lock\mathit{lock}9, an upper breakdown threshold lock\mathit{lock}0, and a nucleation distribution lock\mathit{lock}1 derived from Gaussian amplitude statistics and exponential growth. Another surveys an input–output viewpoint in which non-normal amplification, the lift-up effect, and stochastic forcing explain why streamwise streaks dominate pre-transitional energetics in wall-bounded flows (Kreilos et al., 2016, Jovanović, 2020).

In contact topology, a bypass is a local modification of a contact structure along a convex boundary. Vaugon describes new Reeb periodic orbits created by a bypass attachment in terms of Reeb chords of the attaching arc, while a separate analysis of bypass triangles shows that a bypass triangle changes the homotopy class of the contact structure relative to the boundary, with obstruction class lock\mathit{lock}2, interpreted as a relative Hopf-invariant shift (Vaugon, 2012, Huang, 2011).

These usages share the vocabulary of circumvention, but not a common formal object. In current research usage, bounded bypass is therefore best understood as a family of domain-specific constraints: a fairness bound in mutual exclusion, a bounded-time discipline for protected kernel-bypass operations, a restricted-eavesdropping model in QKD, and an architectural attempt to constrain graph-ignoring prediction pathways in neural attribution systems.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Bounded Bypass.