Snap-Stabilization in Message-Passing Systems Sylvie Delaët (LRI) Stéphane Devismes (CNRS, LRI) Mikhail Nesterenko (Kent State University) Sébastien Tixeuil (LIP6)
Message-Passing Model 1 2 3 4 Network bidirectionnal and fully-connected Communications by messages Links asynchronous, fair, and FIFO Ids on processes Transient faults ma mb m3 m m2 m1 ma mb m3 08/04/2008 Orsay, séminaire
Stabilizing Protocols Self-Stabilization [Dijkstra, 1974] c1 c2 c3 c4 c5 c6 c7 Convergence time correct behavior uncorrect behavior correct behavior Transient Faults Arbitrary initial state 08/04/2008 Orsay, séminaire
Stabilizing Protocols Snap-Stabilization [Bui et al, 1999] c1 c2 c3 c4 c5 c6 c7 time correct behavior uncorrect behavior correct behavior Transient Faults Arbitrary initial state 08/04/2008 Orsay, séminaire
Related Works in message-passing (reliable communication in self-stabilization) ? <How old are you, Captain?> <I’m 21> ? <I’m 60> <I’m 12> [Gouda & Multari, 1991] Deterministic + Unbounded Capacity => Unbounded Counter Deterministic + Bounded Capacity => Bounded Counter [Afek & Brown, 1993] Probabilistic + Unbounded Capacity + Bounded Counter 08/04/2008 Orsay, séminaire
Related Works in message-passing (self-stabilization) [Varghese, 1993] Deterministic + Bounded Capacity [Katz & Perry, 1993] Unbounded Capacity, deterministic, infinite counter [Delaët et al] Unbounded Capacity, deterministic, finite memory Silent tasks 08/04/2008 Orsay, séminaire
Related Works (snap-stabilization) Nothing in the Message-Passing Model Only in State Model: Locally Shared Memory Composite Atomicity [Cournier et al, 2003] 08/04/2008 Orsay, séminaire
Snap-Stabilization in Message-Passing Systems
Case 1: unbounded capacity links Impossible for safety-distributed specifications 08/04/2008 Orsay, séminaire
Safety-distributed specification q Example : Mutual Exclusion 08/04/2008 Orsay, séminaire
Safety-distributed specification m1 m2 m3 m4 m5 sq B q m’1 m’2 m’3 m’4 08/04/2008 Orsay, séminaire
Safety-distributed specification m1 m2 m3 m4 m5 sq B q m’1 m’2 m’3 m’4 08/04/2008 Orsay, séminaire
Case 2: bounded capacity links Problem to solve: Reliable Communication Starting from any configuration, if Tintin sends a question to Captain Haddock, then: Tintin eventually receives good answers Tintin takes only the good answers into account ? ? 08/04/2008 Orsay, séminaire
Case 2: bounded capacity links Case Study: Single-Message Capacity 0 or 1 message 0 or 1 message 08/04/2008 Orsay, séminaire
Case 2: bounded capacity links Sequence number State {0,1,2,3,4} p q <1,NeigStatep,Qp,Ap> <0,NeigStatep,Qp,Ap> <Stateq,0,Qq,Aq> Statep 1 ? Until Statep = 4 Stateq ? NeigStatep NeigStateq ? ? 08/04/2008 Orsay, séminaire
Case 2: bounded capacity links Pathological Case: p <2,?,?,?> <3,NeigStatep,Qp,Ap> q <Stateq,3,Qq,Aq> <?,2,?,?> <?,1,?,?> <?,0,?,?> Statep Stateq 1 4 2 3 ? NeigStatep NeigStateq ? 3 1 2 08/04/2008 Orsay, séminaire
Generalizations Arbitrary Bounded Capacity 2xCmax+3 values Cmax values q Cmax values 1 value 1 value 08/04/2008 Orsay, séminaire
Generalizations PIF in fully-connected network m m Am m Am Am 08/04/2008 Orsay, séminaire
Application Mutual Exclusion in a fully-connected & identified network using the PIF 08/04/2008 Orsay, séminaire
Mutual Exclusion Specification: Any process that requests the CS enters in the CS in finite time (Liveness) If a requesting process enters in the CS, then it executes the CS alone (Safety) N.b. Some non-requesting processes may be initially in the CS 08/04/2008 Orsay, séminaire
Principles (1/6) Let L be the process with the smallest ID L decides using ValueL which is authorized to access the CS if ValueL = 0, then L is authorized if ValueL = i, then the ith neighbor of L is authorized When a process learns that it is authorized by L to access the CS: It ensures that no other process can execute the CS It executes the CS, if it requests it It notifies L when it terminates Step 2 (so that L increments ValueL) 08/04/2008 Orsay, séminaire
Principles (2/6) Each process sequentially executes 4 phases infinitely often A requesting process p can enter in the CS only after executing Phases 1 to 4 consecutively The CS is in Phase 4 08/04/2008 Orsay, séminaire
Principles (3/6) Process p evaluates the IDs 5 3 8 2 Id? Id? 3 Id? 8 2 Phase=1 5 3 Leader=2 Id? 3 Id? 8 2 8 2 08/04/2008 Orsay, séminaire
Principles (4/6) Process p asks if Valueq = p to each other process q Ok? Phase=2 5 1 Leader=2 3 Ok=true No Value=0 Ok? 2 3 Ok? No Yes 1 2 1 2 8 2 3 3 Value=3 Value=2 08/04/2008 Orsay, séminaire
Principles (5/6) If Winner(p) then p broadcasts EXIT to every other process Winner(5)=true Winner(3)=? Exit Phase=3 Phase=1 Phase=? 5 1 3 Leader=2 Leader=? Exit Ok Ok=true Ok=? 2 3 Exit Value=0 Winner(8)=? Winner(2)=? Ok Ok Phase=1 Phase=? 1 Phase=1 Phase=? 2 1 Leader=? 2 Leader=? 8 2 Ok=? Ok=? Value=3 3 3 Value=2 08/04/2008 Orsay, séminaire
Principles (6/6) If Winner(p) then CS; If p≠L, then p broadcasts ExitCS, else p increments Valuep Winner(5)=true Winner(3)=? ExitCS <CS> Phase=4 Phase=1 5 1 3 Leader=2 Leader=? ExitCS Ok Ok=? Ok=true 2 3 Value=0 ExitCS Winner(8)=? Winner(2)=? Ok Ok Phase=1 1 Phase=1 2 1 Leader=? 2 Leader=? 8 2 Ok=? Ok=? Value=3 3 3 Value=3 Value=2 08/04/2008 Orsay, séminaire
Snap-Stabilization in message-passing is no more an open question Conclusion Snap-Stabilization in message-passing is no more an open question 08/04/2008 Orsay, séminaire
Extensions Apply snap-stabilization in message-passing to: Other topologies (tree, arbitrary topology) Other problems Other failure patterns Space requirement 08/04/2008 Orsay, séminaire
Thank you