Introduction to SelfStabilization Stphane Devismes 27032008 SelfStabilization Dijkstra
Introduction to Self-Stabilization Stéphane Devismes 27/03/2008
Self-Stabilization [Dijkstra, 1974] n Example: Dijkstra’s Token Ring 1 0 2 10 10 10 27/03/2008 0 1 2
Starting from an arbitrary state 5 01 4 2 5 4 5 0 27/03/2008 0 5 3
Definition: Closure + Convergence Closure Illegitimate states Legitimate States Convergence States of the system 27/03/2008 4
Why Self-Stabilization? Advantages Drawbacks Tolerance to transient faults Eventually Safe No initialization Overcost Dynamicity No Detection of Stability 27/03/2008 5
Protocols for: n n n Resources Allocation (Mutual Exclusion) Broadcast Routing Overlay (Spanning trees, Routing table) … 27/03/2008 6
Around Self-Stabilization (1/2) n Weaker Properties: n n n K-Stabilization (no more than K faults) Weak-Stabilization (possible convergence) Probabilistic Stabilization (probabilistic convergence) Pseudo-Stabilization Aim: circumvent impossibility results n 27/03/2008 Example: alternated bit protocol 7
Pseudo-Stabilization ? n Self-Stabilization [Dijkstra, 1974]: Starting from any configuration, a self-stabilizing system reaches in a finite time a configuration c such that any suffix starting from c satisfies the intended specification. n Pseudo-Stabilization [Burns, Gouda, and Miller, 1993]: Starting from any configuration, any execution of a pseudo-stabilizing system has a non-empty suffix that satisfies the intended specification. 27/03/2008 8
Self- vs. Pseudo- Stabilization Strong Closure vs. Ultimate Closure Illegitimate States 27/03/2008 Legitimate States 9
Self- vs. Pseudo- Stabilization n Example: Leader Election n Self-Stabilizing Leader Election: n n Pseudo-Stabilizing Leader Election: n n Eventually there is a unique leader that cannot change We never have the guarantee that the leader no more changes but eventually it no more change Remark: no stabilization time in pseudo-stabilization 27/03/2008 10
Around Self-Stabilization (2/2) n Stronger Properties: n n n Fault-containment (Quick stabilization when there are few faults) Snap-Stabilization (Safety for the tasks started after the faults) Byzantine-Tolerant Stabilization Fault-Tolerant Stabilization (Stabilization despite crashes) Aim: circumvent the drawbacks 27/03/2008 11
LIAFA Fault-Tolerant Stabilizing Leader Election Carole Delporte-Gallet (LIAFA) Stéphane Devismes (CNRS, LRI) Hugues Fauconnier (LIAFA) 27/03/2008
Fault-Tolerant Stabilization n Gopal and Perry, PODC’ 93 Beauquier and Kekkonen-Moneta, JSS’ 97 Anagnostou and Hadzilacos, WDAG’ 93 In partial synchronous model ? 27/03/2008 13
Leader Election Fault-Tolerant Stabilizing Leader Election with: weak reliability and synchrony assumptions 27/03/2008 14
Model n n Network: fully-connected n Processes: n n timely may crash (an arbitrary number of processes may crash) Variables: initially arbitrary assigned Links: n n Unidirectional Initially not necessarily empty No order on the message deliverance Variable reliability and timeliness assumptions 27/03/2008 15
Communication-Efficiency [Larrea, Fernandez, and Arevalo, 2000]: « An algorithm is communication-efficient if it eventually only uses n - 1 unidirectional links » 27/03/2008 16
Self-Stabilizing Leader Election in a full timely network? Yes + communication-efficiency 27/03/2008 17
Principles of the algorithm n A process p periodically sends ALIVE to every other if Leader = p Alive, 1 4 2 e, iv Al Leader=2 3 Alive, 2 1 e, iv Alive, 1 Al Leader=1 1 2 Leader=2 Alive, 2 27/03/2008 18
Principles of the algorithm When a process p such that Leader = p receives ALIVE from q, then n n Leader : = q if q < p Alive, 1 4 2 e, iv Al Leader=2 3 Alive, 2 1 e, Alive, 1 iv Al Leader=1 1 2 Leader=1 Alive, 2 27/03/2008 19
Principles of the algorithm n Any process q such that Leader ≠ q always chooses as leader the process from which it receives ALIVE the most recently Alive, 1 1 27/03/2008 4 e, Alive, 1 Leader=2 Leader=1 3 iv Al Leader=1 1 2 Leader=1 20
Principles of the algorithm n On Time out, a process p sets Leader to p Alive, 1 4 2 e, iv Al Leader=2 3 Alive, 2 1 e, iv Alive, 1 Al Leader=3 1 Leader=4 2 Leader=2 Alive, 2 27/03/2008 21
Communication-Efficient Self-Stabilizing Leader Election in a system where at most one link is asynchronous? No 27/03/2008 22
Impossibility of Communication-Efficiency in a system with at most one asynchronous link n Claim: Any process p such that Leader ≠ p must periodically receive messages within a bounded time otherwise it chooses another leader The process chooses another leader 27/03/2008 23
Self-Stabilizing (non communication-efficient) Leader Election in a system where some links are asynchronous? Yes 27/03/2008 24
Self-Stabilizing Leader Election in a system with a timely routing overlay n For each pair of alive processes (p, q), there exists at least two paths of timely links: n n From p to q From q to p 27/03/2008 25
Principle of the algorithm n Each process computes the set of alive processes and chooses as leader the smallest process of this set n To compute the set: 1. Each process p periodically sends ALIVE, p to every other process 2. Any ALIVE, p message is repeated n - 1 times (any other process periodically receives such a message) 27/03/2008 26
Self-Stabilizing Leader Election in a system without timely routing overlay ? No 27/03/2008 27
Pseudo-Stabilizing Leader Election in a system where Self-Stabilizing Leader Election is not possible ? Yes + communication-efficiently In a system having a source and fair links 27/03/2008 28
Algorithm for systems with Source + fair links n A process p periodically sends ALIVE to every other if Leader = p n Each process stores in Active its ID + the IDs of each process from which it recently receives ALIVE n Each process chooses its leader among the processes in its Active set n Problem: we cannot use the IDs to choose a leader Source Alive, 1 <1, 2>���� <1> 1 2 <1, 2>���� <2> Alive, 2 27/03/2008 29
Accusation Counter n n p stores in Counter[p] how many times it was suspected to be crashed When a process suspects its leader: n n 3 32 <3> <1, 3> 2 C= 3, C =2 Source cu Ac =1 n p periodically sends ALIVE, Counter[p] to every other if Leader = p Problem: the accusation counter of the source can increase infinitely often se 1, C n it sends an ACCUSATION to LEADER, and chooses as new leader the process in Active with the smallest accusation counter 1 <1, 3> 1 27/03/2008 2 1, C=1 4 <2> <2, 3> 30
Phase Counter p increments Counter[p] only when receiving ACCUSATION, ph with ph = Phase[p] Source 2 C= cu Ac , 3 se Ph=1 Ph=3 (previously 3) 2 <1, 3> <3> Ph=4 3, =2 3 3, C n p periodically sends ALIVE, Counter[p], Phase[p] to every other if Leader = p =1 n Each process maintains in Phase[p] the number of times it looses the leadership 1, C n 1 <1, 3> 1 2 4 <2, 3> <2> Ph=2 1, C=1 27/03/2008 31
Communication-Efficient Pseudo-Stabilizing Leader Election in a system having only a source? No, but a non communication-efficient pseudo-stabilizing leader election can be done 27/03/2008 32
Result Summary ce-FTSS ce-FTPS Full-Timely Yes Yes Bi-source No Yes Yes Timely routing No Yes ? Yes Source + fair links No No Yes Source No No No Yes Totally asynchronous No No 27/03/2008 33
Perspectives n Communication-efficient FTPS leader election in a system with timely routing overlay n Extend these results to other topologies and models n Fault-tolerant stabilizing decision problems ? 27/03/2008 34
Thank You! 27/03/2008
- Slides: 35