The Alternator Mohamed G' Gouda and Furman Haddix

1
The AlternatorMohamed G. Gouda and Furman Haddix
2
The Alternator

• Motivation

It is easier to prove stabilization under the
assumption of serial execution. Unfortunately
many practical implications of stabilizing
systems can support concurrent execution of
actions but not serial execution. The alternator
is used to transform any system (with arbitrary
topology) that is stabilizing under the
assumption of serial execution to one that is
stabilizing under concurrent execution.
3
The Alternator

• Overview

• Introduction ( What is an Alternator ? )
• Specification of Alternator ( actions )
• Properties of the Alternator
• Use of the Alternator ( transformation )
• Conclusion ( efficiency, open questions )

4
The Alternator

• Introduction

5
The Alternator

• What is an Alternator ?

• An array of interacting processes that satisfy
• non-interference
• Along any concurrent execution, each action is
  executed infinitely often
• along any maximally concurrent execution, the
  alternator is stabilizing to states where the
  number of enabled actions is maximal

6
The Alternator

• Use of the Alternator

If a process array qi0 .. N-1 is serially
stabilizing to S (set of states), then another
process array qi0 .. N-1 is concurrently
stabilizing to S, where q and S are strongly
related to q and S, respectively. We will be
constructing process qi from process qi and
process pi in the alternator (whose topology is
isomorphic to t hat of q).
7
The Alternator

• Specification

8
The Alternator

• Specification of Alternator

• connected undirected graph ( each node represents
  a process in the alternator )
• cyclic distance d of an alternator
• (1) If the topology has no cycles, d2.
• (2) Otherwise, d is the number of edges in the
  longest simple cycle
• in the topology.
• two processes in the alternator are called
  neighbors iff
• there is an edge between two nodes.

9
The Alternator

• A process pi in an alternator

process pi 0..n-1 comment n?2 const d
integer cyclic distance of the
alternator var vi 0..2d-1 begin (for every
j, where pj is a neighbor of pi,
(vi?vj or iltj) and (vi?vj-1 mod 2d))
? vivi1 mod 2d end
A state of an Alternator is an assignment of a
value, from the range 0..2d-1, to every variable
vi in the alternator.
10
The Alternator

• Theorem I (Deadlock Freedom)

for each state s of an alternator, the action of
at least one process in the alternator is enabled
at state s.
11
The Alternator

• Proof of Theorem I

• graph G.s for each state s of the alternator
• each node i in G.s represents process pi in the
  alternator
• ii. undirected edge from i to j iff pi and pj
  are neighbors
• in the alternator and satisfy
• (vi?vj) and
• (vi?vj-1 mod 2d) and
• (vi-1 mod 2d?vj)
• iii. directed edge form i to j iff pi and pj
  are neighbors
• in the alternator and satisfy
• (vivj and igtj) or
• (vivj-1 mod 2d)
• ? the action of pi is enabled at a state s iff
  node i has no outgoing directed edges in G.s.

12
The Alternator

• Proof of Theorem I

• For any state s, G.s has no directed cycles (by
  contradiction)
• Case I values of the vi variables around
  the cycle are all equal
• Case II values of the vi variables around
  the cycle are all unequal
• G.s has at least one node i that does not have
  outgoing
• directed edges.
• the action of process pi is enabled for
  execution at state s.

13
The Alternator

• Proof of Theorem I

Proof G.s has no directed cycles assume that
G.s has a directed cycle, then case 1 (values
of the vi variables around the cycle are all
equal) contradiction by (vivj and
igtj) case 2 (values of the vi variables
around the cycle are unequal) contradiction by
(vivj-1 mod 2d) and (directed cycle has at
most d nodes.)

14
The Alternator

• Properties of the Alternator

15
The Alternator

• Terminologies

• A concurrent transition (or, maximal transition)
  of an alternator is a pair (s, s) of states such
  that starting the alternator at state s then
  executing the statements of one or more actions
  (or all actions) that are enabled at s yields the
  alternator in the state s.
• A concurrent computation (or, maximal
  computation) of an alternator is an infinite
  sequence s.0, s.1, . of states such that each
  pair (s.i, s.(i1)) of consecutive states in the
  sequence is a concurrent transition (or, maximal
  transition)

16
The Alternator

• Terminologies

• a state s of an alternator is called loose iff
  for every pair of neighboring processes pi and
  pj in the alternator satisfy
• (vi?vj) and
• (vi?vj-1 mod 2d) and
• (vi-1 mod 2d?vj)
• a state s of the alternator is called uneven iff
  for every pair of
• neighboring processes pi and pj
• vi?vj at state s.

17
The Alternator

• Terminologies

If an Alternator is at a loose state s, then the
action of every process in the alternator is
enabled at s. A maximal transition starting
from a loose state yields the alternator in
another loose sate. All states in a maximal
computation that starts at a loose state are
loose.
18
The Alternator

• Properties of the Alternator

• Non-interference
• At each state s of the alternator, if the
  actions of two neighboring processes pI and
  pj ( in the transformed system) are enabled at
  s, then vi?2d-1 or vj?2d-1at s.
• ii. Progress
• along each concurrent computation of the
  alternator
• the action of each process is executed
  infinitely often.
• iii. Stabilization
• each maximal computation of the alternator
  has an
• infinite suffix where each state is loose.

19
The Alternator

• Use of the Alternator

20
The Alternator

• Use of the Alternator

• Consider a process array qi 0..n-1, where n
  ?2.
• Connected undirected graph where each node
  represents one process in the array.
• Each process qi has k variables and m actions.
• The processes in the process array q can be
  defined as follows
• process qi 0n-1
• var ltvariable 0gt lttype 0gt,
• ltvariable k-1gt lttype k-1gt
• begin
• ltguard 0gt ? ltstatement 0gt
• ltguard m-1gt? ltstatement m-1gt
• End

21
The Alternator

• Use of the Alternator

A state of the process array q is an assignment
of a value to every variable in every process in
the array. The value assigned to each variable
is from the domain of values of that
variable. An action in the process array q is
enabled at a state s iff the guard of that
action is true at state s.
22
The Alternator

• Use of the Alternator

assume that the process array qi 0n-1
satisfies the following two conditions i.
determinacy at each state s, each process qi
has at most one action that is enabled at s. ii.
enabling at each state s, each process qi has
at least one action that is enabled at s.
23
The Alternator

• Use of the Alternator

• The assumption is not a severe restriction
• e.g. guards are ltguard 1gtand ltguard 2gt
• Determinacy (at most one action)
• if two actions are enabled at some state, then
  replace
• ltguard 2gt by notltguard 1gt ltguard 2gt
• Enabling (at least one action)
• if none of the actions is enabled at some state,
  then add
• notltguard 1gt notltguard mgt?skip where
  ltguard 1gt, ,
• ltguard mgt are the guards of all actions in
  qi.

24
The Alternator

• Terminologies

A serial transition of the process array qI
0..n-1 is a pair (s, s) of states such that
starting the process array at state s then
executing the statement of one action that is
enabled at s yields the process array in state
s. A serial computation of a process array
qI 0..n-1 is an infinite sequence s.0, s.1,
of states such that each pair ( s.i, s.(i1)) of
consecutive states in the sequence is a serial
transition.
25
The Alternator

• Terminologies

A set S of the states of the process array q is
called closed iff for every serial transition (s,
s) of the process array, if s is in S, then s
is in S. Let S be a closed set of the states of
the process array q. The process array q is said
to be serially stabilizing to S iff every serial
computation of the process array has an infinite
suffix where each state is in set S.
26
The Alternator

• Transformation of the system

If the process array qi 0.. N-1 is serially
stabilizing to S, then another process array
qi 0.. N-1 is concurrently stabilizing to S,
where qi 0.. N-1 and S are strongly related
to qi 0.. N-1 and S respectively. Now, the
process array q is constructed from process
array q and an alternator pi 0..n-1whose
topology is isomorphic to that of qI 0..n-1.
27
The Alternator

• Each process qi can be constructed from
  process
• qi and process pi in the alternator, as
  follows

process qi 0n-1 n?2 Const d integer
cyclic distance var ltvariable 0gt lttype
0gt, ltvariable k-1gt lttype k-1gt vi
02d-1 begin G.i vi?2d-1 ? S.i G.i
vi2d-1 ltguard 0gt?S.i ltstatement 0gt G.i
vi2d-1 ltguard m-1gt?S.i ltstatement
m-1gt end
28
The Alternator

• qi 0.. N-1

A state of the process array qi 0.. N-1 is an
assignment of a value to every variable in every
process in the array. The value assigned to each
variable is from the domain of values of that
variable. An action in the process array qi
0.. N-1 is enabled at a state s iff the guard of
that action is true at state s. A state s of a
process array qi 0.. N-1 is called loose iff
exactly one action in every process in the
process array qi 0.. N-1 is enabled at s.
29
The Alternator

• Lemmas for process qi 0.. N-1

Lemma 1 (deadlock ) For each state s, at least
one action in a process in the process array
qi 0n-1 is enabled at s. Lemma 2
(determinacy) For each state s, at most one
action in each process in the process array q
i 0n-1 is enabled at s.
30
The Alternator

• Properties of the process array

• Non-interference
• At each state s of the alternator, if the
  actions of two
• neighboring processes pI and pj are enabled
  at s, then vi?2d-1 or vj?2d-1at s.
• ii. Progress
• along each concurrent computation of the
  alternator
• the action of each process is executed
  infinitely often.
• iii. Stabilization
• each maximal computation of the alternator
  has an
• infinite suffix where each state is loose.

31
The Alternator

• Theorem V

If the process array q is serially stabilizing to
S, then the process array q is concurrently
stabilizing to the extension of S to q. Let S
be a closed set of states of the process array
qI 0..n-1. The extension of S to the process
array qi 0..n-1 is the set S of all states
of the process array qi 0..n-1 such that for
every state s in set S, there is a state s in
set S where every variable in qi 0..n-1 has
the same value in s and s. Let S be the
extension of S to the process array qi
0..n-1. The process array qi 0..n-1 is said
to be concurrently stabilizing to S iff every
concurrent computation of the process array qI
0..n-1 has an infinite suffix where each state
is in S.
32
The Alternator

• Concluding Remarks

Priority The guard of each action in the
alternator has the predicate iltj, where the
values of I and j are in the range 0..n-1 and n
is the number of processes in the alternator.
This predicate can be replaced by the predicate
priltprj, where each pri is a fixed integer,
called priority, assigned to process pi. Local
state space Each assigned priority is in the
range 0..g, where g is the degree of the
alternator. Thus, the local state of each
process in the alternator can be implemented
using log(d) log(g1) bits.
33
The Alternator

• Open Questions

• Stabilization property is not silent
• Can be used in solving Synchronization problems
• More efficient alternators can be developed for
  special
• topologies (ring, hypercubes, etc)

34

• Thank you !