Introduction to Self-Stabilization Stéphane Devismes
27/03/20082 Self-Stabilization [Dijkstra, 1974] Example: Dijkstra’s Token Ring
27/03/20083 Starting from an arbitrary state
27/03/20084 Definition: Closure + Convergence States of the system Illegitimate statesLegitimate States Convergence Closure
27/03/20085 Why Self-Stabilization? Tolerance to transient faults Eventually Safe No initializationOvercost Dynamicity No Detection of Stability AdvantagesDrawbacks
27/03/20086 Protocols for: Resources Allocation (Mutual Exclusion) Broadcast Routing Overlay (Spanning trees, Routing table) …
27/03/20087 Around Self-Stabilization (1/2) Weaker Properties: K-Stabilization (no more than K faults) Weak-Stabilization (possible convergence) Probabilistic Stabilization (probabilistic convergence) Pseudo-Stabilization Aim: circumvent impossibility results Example: alternated bit protocol
27/03/20088 Pseudo-Stabilization ? Self-Stabilization [Dijkstra, 1974]: Starting from any configuration, a self-stabilizing system reaches in a finite time a configuration c such that any suffix starting from c satisfies the intended specification. Pseudo-Stabilization [Burns, Gouda, and Miller, 1993]: Starting from any configuration, any execution of a pseudo-stabilizing system has a non-empty suffix that satisfies the intended specification.
27/03/20089 Self- vs. Pseudo- Stabilization Illegitimate States Legitimate States Strong Closure vs. Ultimate Closure
27/03/ Self- vs. Pseudo- Stabilization Example: Leader Election Self-Stabilizing Leader Election: Eventually there is a unique leader that cannot change Pseudo-Stabilizing Leader Election: We never have the guarantee that the leader no more changes but eventually it no more change Remark: no stabilization time in pseudo-stabilization
27/03/ Around Self-Stabilization (2/2) Stronger Properties: Fault-containment (Quick stabilization when there are few faults) Snap-Stabilization (Safety for the tasks started after the faults) Byzantine-Tolerant Stabilization Fault-Tolerant Stabilization (Stabilization despite crashes) Aim: circumvent the drawbacks
Fault-Tolerant Stabilizing Leader Election Carole Delporte-Gallet (LIAFA) Stéphane Devismes (CNRS, LRI) Hugues Fauconnier (LIAFA) LIAFA
27/03/ Fault-Tolerant Stabilization Gopal and Perry, PODC’93 Beauquier and Kekkonen-Moneta, JSS’97 Anagnostou and Hadzilacos, WDAG’93 In partial synchronous model ?
27/03/ Leader Election Fault-Tolerant Stabilizing Leader Election with: weak reliability and synchrony assumptions
27/03/ Model Network: fully-connected n Processes: timely may crash (an arbitrary number of processes may crash) Variables: initially arbitrary assigned Links: Unidirectional Initially not necessarily empty No order on the message deliverance Variable reliability and timeliness assumptions
27/03/ Communication-Efficiency [Larrea, Fernandez, and Arevalo, 2000]: « An algorithm is communication-efficient if it eventually only uses n - 1 unidirectional links »
27/03/ Self-Stabilizing Leader Election in a full timely network? Yes + communication-efficiency
27/03/ Principles of the algorithm A process p periodically sends ALIVE to every other if Leader = p Leader=1 Leader=2 Alive,2 Alive,1
27/03/ Principles of the algorithm When a process p such that Leader = p receives ALIVE from q, then Leader := q if q < p Leader=1 Leader=2 Alive,2 Alive,1 Leader=1 4
27/03/ Principles of the algorithm Any process q such that Leader ≠ q always chooses as leader the process from which it receives ALIVE the most recently Leader=1 Leader=2Leader=1 Alive,1 Leader=1 4
27/03/ Principles of the algorithm On Time out, a process p sets Leader to p Leader=3 Leader=2Leader=4 Alive,2 Alive,1 Leader=1 Leader=2 4
27/03/ Communication-Efficient Self-Stabilizing Leader Election in a system where at most one link is asynchronous? No
27/03/ Impossibility of Communication-Efficiency in a system with at most one asynchronous link Claim: Any process p such that Leader ≠ p must periodically receive messages within a bounded time otherwise it chooses another leader The process chooses another leader
27/03/ Self-Stabilizing (non communication-efficient) Leader Election in a system where some links are asynchronous? Yes
27/03/ Self-Stabilizing Leader Election in a system with a timely routing overlay For each pair of alive processes (p,q), there exists at least two paths of timely links: From p to q From q to p
27/03/ Principle of the algorithm Each process computes the set of alive processes and chooses as leader the smallest process of this set To compute the set: 1. Each process p periodically sends ALIVE,p to every other process 2. Any ALIVE,p message is repeated n - 1 times (any other process periodically receives such a message)
27/03/ Self-Stabilizing Leader Election in a system without timely routing overlay ? No
27/03/ Pseudo-Stabilizing Leader Election in a system where Self-Stabilizing Leader Election is not possible ? Yes + communication-efficiently In a system having a source and fair links
27/03/ Algorithm for systems with Source + fair links A process p periodically sends ALIVE to every other if Leader = p Each process stores in Active its ID + the IDs of each process from which it recently receives ALIVE Each process chooses its leader among the processes in its Active set Problem: we cannot use the IDs to choose a leader 21 Source <1><1><2><2> Alive,1 Alive,2
27/03/ Accusation Counter p stores in Counter[p] how many times it was suspected to be crashed When a process suspects its leader: it sends an ACCUSATION to LEADER, and chooses as new leader the process in Active with the smallest accusation counter p periodically sends ALIVE,Counter[p] to every other if Leader = p Problem: the accusation counter of the source can increase infinitely often 12 3 Source 3 <3><3> ,C=2 1,C=1 <2><2> Accuse
27/03/ Phase Counter Each process maintains in Phase[p] the number of times it looses the leadership p periodically sends ALIVE,Counter[p],Phase[p] to every other if Leader = p p increments Counter[p] only when receiving ACCUSATION,ph with ph = Phase[p] 12 3 Source <3><3> ,C=2 1,C=1 Ph=3 Ph=1Ph=2 Ph=4 (previously 3) <2><2> Accuse,3
27/03/ Communication-Efficient Pseudo-Stabilizing Leader Election in a system having only a source? No, but a non communication-efficient pseudo-stabilizing leader election can be done
27/03/ Result Summary ce-FTSSFTSSce-FTPSFTPS Full-TimelyYes Bi-sourceNoYes Timely routingNoYes? Source + fair linksNo Yes SourceNo Yes Totally asynchronousNo
27/03/ Perspectives Communication-efficient FTPS leader election in a system with timely routing overlay Extend these results to other topologies and models Fault-tolerant stabilizing decision problems ?
Thank You!