Self-Stabilizing Systems Seminar of Distributed systems University of L’Aquila Date:19/01/2016 Giuseppe Tomei Giuseppe Di Lena 1

Topics Introduction to Self-stabilizing Systems Dijkstra’s approch: K-state machines (K>N) Four-state machines Three-state machines Mutual Exclusion with K-State machines

Introduction The synchronization task of processes in a distributed-system can be viewed as keeping the system in a legitimate state. If there is a shared memory, every process can access it by mutex.In this scenario the current state of system is stored in the shared memory . If there isn’t a shared memory, then every process must have some distributed variables and each process can only exchange information with its neighbors.

Introduction In our presentation we discuss the second case, in particular we consider ring topology which is a connected graph in which the majority of the edge are missing. What’s the problem? Each process only knows the state of its neighbors; The behavior of a process is influenced only by a part of the total system state .

Assumptions In each node there is a finite state machine Each machine has one or more «privileges» Privilege is defined such as boolean function, where its input is the state of the machine and the states of its neighbors. The result of the function is «True» if the privilege is present, false otherwise There is a central daemon that can select one of the present privileges We don’t know how the daemon works

How the system works The machine that has the selected privilege will make its «move» After its move, the machine will be in a new state, which it depends on its old state and the states of its neighbors After completion of the move the daemon will select a new privilege

Formal Definition

Legitimate state What is a «legitimate state»? The system is in a legitimate state when it satisfies the following properties: In each legitimate state one or more privileges will be present; In each legitimate state each possible move will bring the system again in a legitimate state ; Each privilege must be present in at least one legitimate state For any pair of legitimate states there exists a sequence of moves transferring the system from the one into the other

Self-stabilizing System We call the system self-stabilizing if and only if, regardless of the initial state and regardless of the privilege selected each time for the next move, at least one privilege will always be present and the system is guaranteed to find itself in a legitimate state after a finite number of moves

Dijkstra’s Approach

Dijkstra assumptions We consider 𝑁+1 machines numbered from 0 to 𝑁 in a ring topology We shall use for machine number 𝑖: L: to refer to the state of its lefthand neighbor, machine nr. (𝑖−1)𝑚𝑜𝑑(𝑁+1); S:to refer to the state of itself, machine nr. 𝑖 R: to refer to the state of its righthand neighbor, machine nr. (𝑖+1)𝑚𝑜𝑑(𝑁+1);

Dijkstra assumptions Machine number 0 will also be called the «bottom machine» Machine number 𝑁 will also be called the «top machine» The legitimate state has exactly one privilege present Sintax: if privilege then corresponding move fi;

Solution with K-state machines (𝐾>𝑁) Each machine state is represented by an integer value 𝑆, where 0≤𝑆<𝐾 For each machine one privilege is defined: Code for the bottom machine : Code for the other machines:

Now the only machine that Example for 𝐾>𝑁 Bottom Who has the privilege??? N = 4 p0 L R p1 p2 p4 K = 5 S = 2 S = 3 The demon chooses one p1 = L I choose p1 p4 p1 Now the only machine that has the privilege is p4 S = 2 S = 0 S = 1 S = 2 p4 = L Now the bottom machine has the privilege p3 p2 p0 = (S + 1)mod K S = 2 S = 2 And so on…

Solution with 4-state machines Each machine state is represented by two booleans :𝑥𝑆 and 𝑢𝑝𝑆. For the bottom machine 𝑢𝑝𝑆=𝑡𝑟𝑢𝑒 by definition, for the top machine 𝑢𝑝𝑆=𝑓𝑎𝑙𝑠𝑒 by definition For each machine the privilege is defined: Code for the bottom machine: Code for the top machine: Code for the other machines:

Example 4-state machines bottom Who has the privilege??? p0 p1 p2 p3 p4 L R x = false x = true The demon chooses p3 up = true The demon can still choose p3 top The demon chooses p1 p4 p1 Only p1 has the privilege now x = true x = true x = false After the last execution of p1, p1.up = false and this «unlock» the bottom machine up = false up = true up = false See how it evolves… p3 p2 x = false x = true x = true up = false up = true up = false Bottom: Top: Other:

Example 4-state machines bottom Who has the privilege??? p0 p1 p2 p3 p4 L R x = false The demon chooses p3 up = true The demon can still choose p3 top The demon chooses p1 p4 p1 Only p1 has the privilage now x = true x = false After the last execution of p1, p1.up = false and this «unlock» the bottom machine up = false up = true See how it evolves… p3 p2 x = true x = true up = false up = false

Solution with 3-state machines Each state is represented by an integer value 𝑆, where 0≤𝑆<3. For each machine the privilege is defined: Code for the bottom machine: Code for the top machine: Code for the other machines:

Example 3-state machines Who has the privilege??? bottom p1 p2 p0 L R p2.S = R S = 1 Only p2 has the privilege now The system is stabilized top I’m back!!! I choose p2 p4 p1 S = 2 S = 1 See how it evolves… p3 p2 S = 0 S = 1 S = 1 S = 0 S = 2 Bottom: Top: Other:

Only p2 has the privilege now Example 3-state machines Who has the privilege??? bottom p1 p2 p0 L R p2.S = R Only p2 has the privilege now The system is stabilized top p4 p1 See how it evolves… p3 p2

Mutual Exclusion with K-State machines

Introduction Now we present Dijkstra self-stabilizing algorithm for the mutual exclusion on a ring. The notation used in this example is : 𝑁 = number of processes 𝑆 = state of process 𝐾 = total number of states per machine 𝐿 = state of left neighbor 𝑅 = state of right neighbor 𝐵 = state of bottom machine

Assumptions A machine can enter in the critical section only if it has a privilege. The system is in a legal state if exactly one machine has a privilege The goal of the self-stabilizing algorithm is to determinate who has the privilege and how the privileges move in the network. There are 𝑁 machines numbered 0… 𝑁−1 The state of any machine is determinated by its label from the set 0…𝐾−1 Remember the pseudocode: Code for the bottom machine : if (𝐿=𝑆) then 𝑆=(𝑆+1) 𝑚𝑜𝑑 𝐾 Code for the other machines: if (𝐿≠𝑆) then 𝑆= 𝐿

Proof of correctness The system is in a legal state if exactly one machine has the privilege. It is easy to verify that (𝑥0,𝑥1…𝑥𝑁−1) is legal if and only if either all 𝑥𝑖 are equal or there exists 𝑚<𝑁−1 such that all 𝑥𝑖 with 𝑖≤𝑚 are equal to some value and all other 𝑥𝑖 are equal to some other value In the first case the bottom machine has the privilege, in the second case the machine 𝑝𝑚+1 has the privilege 𝑳𝒆𝒎𝒎𝒂 𝟏: if the system is in a legal state, then it will stay legal.

So the bottom machine waits a finite number of moves Proof of correctness 𝑳𝒆𝒎𝒎𝒂 𝟐: a sequence of moves in which the bottom machine does not move is at most 𝑶(𝑵𝟐) 𝑷𝒓𝒐𝒐𝒇: in the best case the number of moves is 𝑂(1), obviously; Let’s analyze the worst case: For the sake of semplicity we consider 𝑁=𝐾 bottom L R In the first step we have N-1 moves 𝑁−3 𝑁−2 𝑁−1 1 = 𝑁−1 −(𝑁−2) 1 In the second step we have N-2 moves And so on for N – 2 step where we have this situation at the 𝑁−1 step the bottom get the privilege 1 2 𝑁−4 𝑁−2 𝑁−3 𝑁∗ 𝑁−1 2 = 𝑁 2 2 − N 2 →𝑶( 𝑵 𝟐 ) So the bottom machine waits a finite number of moves 𝑁−5 𝑁−3 𝑁−4 1 2 3

Proof of correctness 𝑳𝒆𝒎𝒎𝒂 𝟑: Given any configuration of the ring, either: 1: no other machine has the same label as the bottom, or 2: there exist a label that is different from all machines. Furthermore, within a finite number of moves, (1) will be true 𝑷𝒓𝒐𝒐𝒇: We show that if (1) does not hold, then (2) is true. If there exist a machine that has the same label as that of bottom, then there are now 𝑘−1 labels left to be distributed among 𝑁−2 machines. Since 𝐾≥𝑁, we get that there is some label which is not used. To show the second part, first note that if some label is missing from the network, then it can only be genereted by the bottom machine. (continue)

Proof of correctness Makeover, the bottom machine simply cycles among all labels. Since, from lemma(2), the bottom machine moves after some finite number of moves by normal machines, we get that the bottom machine will eventually get the missing label. 𝑳𝒆𝒎𝒎𝒂 𝟒: If the system is in illegal state, then within O( 𝑵 𝟐 ) moves it reaches a legal state Proof: It is easy to see that once the bottom machine gets the unique label, the system stabilizes in 𝑂( 𝑁 2 ) moves. (continue)

Proof of correctness The bottom machine can move at most 𝑁 times before it acquires the missing label. Machine 1 therefore can move at most 𝑁+1 times before the bottom acquires the label. Similarly, machine 𝑖 can move at most 𝑁+𝑖 times before the bottom gets the label. By adding up all the moves, we get 𝑁+(𝑁+1)+…+(𝑁+𝑁−1)= 𝑂(𝑁2) moves

References [1] Self-Stabilizing System in Spite of Distributed Control, E.W. Dijkstra [2] cap 23, 82.130.102.95/lectures/ss06/distcomp/lecture/self_stabilization.pdf

THANK YOU!!!!