Introduction to Self-Stabilization

Introduction to   Self-Stabilization

Maria Potop-Butucaru, Franck Petit 
 and Sébastien Tixeuil

LiP6/UPMC

Self-stabilization 101 Example

U₀=a

Un+1=^U₂ⁿ ifUnis even U_n+1=^3Un₂⁺¹ ifU_nis odd

Example

U₀=a

U_n+1=^U₂ⁿ ifU_nis even Un+1=^3Un₂⁺¹ ifUnis odd

16

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

27

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

Iterations

Values

"Correct"

Self-stabilization

Time

Configurations

"Correct"

Time

Configurations

"Correct"

Stabilization Time

Time

Configurations

"Correct"

Stabilization Time Stabilized

Self-stabilization

Arbitrary Legitimate

f1 f2 f1

Self-stabilization Distributed Systems

•

Locality of time

•

Locality of information

•

Non-determinism

Distributed Systems

•

Configuration: product of the local states of system components

•

Execution: interleaving of the local executions of the system components

Distributed Systems

•

Classical: Starting from a particular initial configuration, the system immediately exhibits correct behavior

•

Self-stabilizing: Starting from any initial configuration, the system eventually reaches a configuration from which its behavior is correct

Distributed Systems

•

Self-stabilizing: Starting from any initial configuration, the system eventually reaches a configuration from which its behavior is correct

•

Defined by Dijkstra in 1974

•

Advocated by Lamport in 1984 to address fault-tolerant issues

Assumptions

Atomicity

•

A «stabilizing» sequential program

Self-stabilization Hypothesis Composition Proof Techniques Conclusion

Atomicity

I

Example of “stabilizing” sequential program

int x = 0;

...

while( x == x ) { x = 0;

// code assuming x equals 0 }

Atomicity

•

A «stabilizing» sequential program

Self-stabilization Hypothesis Composition Proof Techniques Conclusion

Atomicity

I Example of “stabilizing” sequential program

0 iconst_0 1 istore_1 2 goto 7 5 iconst_0 6 istore_1 7 iload_1 8 iload_1 9 if_icmpeq 5 Problem

Communications

a b

c e

e

Communications

a b

c e

e

Communications

a b

c e

e

Example

•

Shared memory: in one atomic step, read the state of all neighbors and write own state

•

Guarded command Guard!Action

Predicate on the states of the neighborhoodExecuted if

Guard is true

Self-Stabilizing Token Ring

p = top

TR1 : (v p =vl) → vp:=vl⊕k1 p ≠ top

TR2 : (v p ≠ vl) → vp:=vl Bottom

Top

Middle Bottom Top Middle

Self-Stabilizing Token in Linear Chain

R0: (Lp≠n) and (Lp≠LF+1) and (LF ≠n) → Lp := LF+1;

R1: (L_p≠n) and (L_F=n) → L_p := n;

R2: Let q be a neighbor of p such that:

(L_p=n) and (L_q<n-1) → L_p := L_q+1; F:=q;

r0

10 9

2 4

13 1

11 12

4

7 1

1

5

(n=14)

Self-Stabilizing Spanning Tree Construction

BFS

true!Distance_i:=M inj2N eighborsi{Distance_j+ 1}

3 3

2 1 2

2

r 1

2 2

1

3

Scheduling

•

Scheduler (a.k.a. Daemon): the daemon chooses among activatable processes those that will execute their actions

•

can be seen as an adversary whose role is to prevent stabilization

Spatial Scheduling

true!color_i:=M in \ {color_j|j2N eighbors_i}

=

a b

d

c e

f

a b

a d

c e

f

a b

Temporal Scheduling

token!pass token to left neighbor with probability 1 token= no token= 2

Composition Schemes

Fair Composition

•

Basic idea

•

Compose several self-stabilizing algorithms such that their results can be resused by

•

can not detect whether algorithms have stabilized, but behaves as if

A1, A2, . . . , Ak

A_k+1 Ak+1

Example

•

We are given two self-stabilizing algorithms, one for constructing a tree in a general network, one for mutual exclusion on a unidirectional ring

3 3

2 1 2

1

r 1

2 2

1

3

3 3

2 1 2

1

r 1

2 2

1

3

a b

c d l

i

r j

e f

g

k

Example

d

c a c b c d e

d r g f k f g r j r i

l

i

r

a b

c d l

i

r j

e f

g

k

Proof Techniques

Transfer function

•

Basic idea

•

Used to prove convergence

•

Convenient to compute stabilization time

Self-stabilization Hypothesis Composition Proof Techniques Conclusion

Transfer Function

Basic Idea

I c1!c2!c3!c4!· · ·!ci

I FP(c1)>FP(c2)>FP(c3)>. . .>FP(ci) =bound

I Used to prove convergence

I Can be used to compute the number of steps to reach a legitimate configuration

Transfer Function

Time

Configurations

"Correct"

Stabilization Time Stabilized

Time

Configurations

"Correct"

Stabilization Time Stabilized

Attractors

Arbitrary Attractor Legitimate

d

Attractors

Arbitrary Legitimate

f1 f2 f1

Attractors

Arbitrary Attractor

Legitimate

f f f

f f

f

f f

f f

f f f

f f

f f

Conclusion

Self-stabilization

•

^Pros

•

The network need not be initialized

•

When a fault is diagnosed, it is sufficent to identify then remove or restart the faulty component

•

Does not depend on the nature or extent of the faults

Self-stabilization

•

^Cons

•

«Eventually» does not give any bound on the stabilization time

•

Faults must be sufficiently rare that they can be considered as transient

•

Nodes never know whether the system is stabilized