Title: Self Stabilizing, p1
1CS 294-8Self-Stabilizing Systems
http//www.cs.berkeley.edu/yelick/294
2Administrivia
- No seminar or class Thursday
- Sign up for project meetings tomorrow, Thursday,
or Tuesday (?) - Poster session Wednesday, 12/13, in the Woz,
2-5pm - Final papers due Friday, 12/15
3(Self) Stabilization
- History Idea introduced by Dijkstra in 1973/74.
Popularized by Lamport in 1983. - Idea of stabilization ability of a system to
converge in finite number of steps from arbitrary
states to desired state
4Overview
Concepts Tools
Asynchronous Cut Snapshot
Asynchronous Fault-Tolerant Byzantine Faults Authorization, Xcast
Asynchronous Fault-Tolerant Self-Stabilizing Local Checking, Counter Flushing
5Stabilization
- Motivation fault tolerance
- Especially transient faults
- Also useful for others (crashes, Byzantine)
- Where Stabilization ideas appear in physics,
control theory, mathematical analysis, and
systems science
6Stabilization
- Definition Let P be a state predicate of a
system S. S is stabilizing to P iff it satisfies
the following - Closure P is closer in S any computation that
starts in a state in P leads to states that are
in P - Convergence every computation of S has a finite
prefix such that the following is in P
7Stabilization (Refined)
8Practical Issues
- Stabilizing protocols allow for
- Corrupted state
- Initialization errors
- Not corruption of code
- Applications
- Routing, Scheduling, Resource Allocation
9Dijkstras Model
- The concurrency model is unrealistic, but useful
for illustration - Processors are organized in a sparse, connected
graph - At each step a processor looks at its own step
and neighbors, and changes its own state - A demon selects the processor to executed
(fairly)
10Impossibility of Stabilization
- If the processors are truly identical
(symmetric), then stabilization is impossible - Consider an N processor system, with N a
non-prime, say N 2m - Consider an initial state that is cyclically
symmetric, e.g., - s, t, s, t, s, t
- pis state is s for i even, and t for i odd
- Then the scheduling demon can schedule all even
processors (which will all move to s) and then
all odd (move to t), so no progress will be made
11Implications of Impossibility
- How important is this result?
- Burns and Pachl show that with a prime number of
processors, self-stabilization with symmetric
processors is possible - More importantly, how realistic is the symmetry
assumption?
12Mutual Exclusion on a Line
- The following simple example is a solution to the
mutual exclusion problem - n processors are connected in a line
- Each talks to 2 neighbors (1 on the ends)
- State
- Each process has 2 variables
- up token is above if true, below if false
- x a bit used for token passing
13Token Passing on a Line
- Top (Process n-1)
- x 0 up false
- x 0 up false
- x 0 up false
- x 1 up true
- x 1 up true
- .
- .
- .
- x 1 up true
- Bottom (Process 0)
- Logical token
- Token is at one of 2 procs where up differs
- If xs differ, upper proc, if same, lower proc
14Token Passing Program
- Bottom-move-up0
- If x0 x1 and up1 false then x0
x0 - Top-move-downn-1
- If xn-2 ! xn-1 then xn-1 xn-2
- Middle-move-upi
- if xi ! xi-1 then xi xi-1 upi
true - Middle-move-downi
- if (xi xi1 and upi true and
upi1true then upi false - This is Dijkstras second, 4-state algorithm
15Token Passing Up
- Top (Process n-1)
- x 0 up false
- x 0 up false
- x 0 up false
- x 1 up true
- x 1 up true
- .
- .
- .
- x 1 up true
- Bottom (Process 0)
x 1 up true
if xi ! xi-1 then xi xi-1
upi true
16Token Passing Down
- Top (Process n-1)
- x 0 up false
- x 1 up true
- x 1 up true
- x 1 up true
- x 1 up true
- .
- .
- .
- x 1 up true
- Bottom (Process 0)
x 1
if xn-2 ! xn-1 then xn-1 xn-2
17Proof Idea for Correct States
- If the initialization of states is correct
- One can divide the processor line in two parts
based on up - Two processors, i and i-1 in between
- All processors above i have same x value as xi
all below i-1 same as xi-1 - An action in the program is enabled only when the
token is held - Only 1 action is enabled (and only 1 process
holds the token at any given time) - The above can be checked by examining the
predicates on the rules
18Locally Checkable Properties
- In any good state, the following hold
- If upi-1 upi, then xi-1xi
- If upi true then upi-1true
- These are enough to show that only 1 processor is
enabled - These are locally checkable
- a local set (pair) of processors can detect an
incorrect state
19General Stabilization Technique 1
- Varghese proposed local checking and correction
as a general technique - Turn local checks into local correction
- Consider processors as tree (line is special
case) - Consider I-1 to be Is parent
- For each node I (I ! 0), add Correction action
check the local predicate between I and its
parent, correct Is state if necessary - Correction affects only child, not parent
20Practical Issues
- Dijkstras algorithm works without the explicit
correction step - For more complex protocols, correction is used
- Although Dijkstras algorithm is
self-stabilizing, it goes through states where
mutual exclusion is not guaranteed
21Token Passing on Ring
- Processor 0 and n-1 are neighbors
- Initially, count 0, except for processor 0
where count 1 - Zero-move
- If count0 countn-1
then count0 count01 mod (n1) - Other-move
- If counti ! counti-1 then counti
counti-1 - Note this is Dijkstras first, k-state algorithm
22Token Ring Execution
- Good States
- For I 1n1, either countI-1countI or
countI-1 countI1 - Either count0 countn-1 or
count0 countn-11
x
x-1
x
p0
x-1
x
x-1
x
x-1
x-1
x-1
x-1
x-1
token
23Proof Idea
- The following can be shown
- In any execution, P0 will eventually increment
its counter (because all other processor decrease
of counter values) - In any execution P0 will eventually reach a
fresh counter value - Any state in which P0 has a fresh counter value m
is eventually followed by a state in which all
processes have m
24General Stabilization Technique 2
- Varghese proposes counter flushing as a general
technique for stabilization - Starting with some sender (P0) sending to others,
which messages in rounds - Make stabilizing by numbering messages with
counters (max ctr gt N) - Sender must eventually get fresh value
25Compilers and Stabilization
- Two useful properties for compilers (according to
Schneider) - Self-stabilizing source code should produce
self-stabilizing object - Compiler should produce a self-stabilizing
version of our program even if the source code is
not
26Compilers Cont
- Fundamental difference between symmetric and
asymmetric rings - Self-stabilization is unstable across
architectures - There is a class of programs for which a compiler
can be written to force stabilization
27Summary
- Self-stabilizing algorithms
- Overlooked for 10 years
- Revived in distributed algorithms community
- Algorithms for MST, Communication,
- Relevance to practice
- Tolerating transient faults is important
- Do these ideas appear in real systems?
- See http//www.cs.uiowa.edu/ftp/selfstab/bibliogra
phy/stabib.html