Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 3 - Motivating Self-Stabilization3-1 Chapter 3 Self-Stabilization Self-Stabilization Shlomi Dolev MIT Press, 2000 Shlomi Dolev, All Rights Reserved.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 3 - Motivating Self-Stabilization3-1 Chapter 3 Self-Stabilization Self-Stabilization Shlomi Dolev MIT Press, 2000 Shlomi Dolev, All Rights Reserved."— Presentation transcript:

1 Chapter 3 - Motivating Self-Stabilization3-1 Chapter 3 Self-Stabilization Self-Stabilization Shlomi Dolev MIT Press, 2000 Shlomi Dolev, All Rights Reserved ©

2 Chapter 3 - Motivating Self-Stabilization3-2 Chapter 3: Motivating Self-Stabilization  Converging to a desired behavior from any initial state enables the algorithm to converge from an arbitrary state caused by faults  Why should one have interest in self-stabilizing algorithms? Its applicability to distributed systems Recovering from faults of a space shuttle. Faults may cause malfunction for a while. Using a self- stabilizing algorithm for its control will cause an automatically recovery, and enables the shuttle continue in its task

3 Chapter 3 - Motivating Self-Stabilization3-3 What is a Self-Stabilizing Algorithm ?  This question will be answered using the “Stabilizing Orchestra” example  The Problem: The conductor is unable to participate – harmony is achieved by players listening to their neighbor players Windy evening – the wind can turn some pages in the score, and the players may not notice the change

4 Chapter 3 - Motivating Self-Stabilization3-4 The “Stabilizing Orchestra” Example  Our Goal: To guarantee that harmony is achieved at some point following the last undesired page turn  Imagine that the drummer notices a different page of the violin next to him … (solutions and their problems): 1. The drummer turns to its neighbors new page – what if the violin player noticed the difference as well ? 2. Both the drummer and violin player start from the beginning - what if the player next to the violin player notices the change only after sync between the other 2 ?

5 Chapter 3 - Motivating Self-Stabilization3-5 The “Stabilizing Orchestra” Example – the Self-Stabilizing Solution  Every player will join the neighboring player who is playing the earliest page (including himself)  Note that the score has a bounded length. What happens if a player goes to the first page of the score before harmony is achieved? This case is discussed in details in chapter 6.  In every long enough period in which the wind does not turn a page, the orchestra resumes playing in synchrony

6 Chapter 3 - Motivating Self-Stabilization3-6 Chapter 3: roadmap 3.1 Initialization of a Data-Link Algorithm in the Presence of Faults 3.2 Arbitrary Configuration Because of Crashes 3.3 Frequently Asked Questions

7 Chapter 3 - Motivating Self-Stabilization3-7 The Data Link Algorithm  The task of delivering a message is sophisticated, and may cause message corruption or even loss Physical Layer Data link Layer Tail Packet Frame Network Layer Head Physical Layer Data link Layer Tail Packet Frame Network Layer Head The layers involved: Physical Layer Data link Layer Tail Packet Frame Network Layer Head Physical Layer Data link Layer Tail Packet Frame Network Layer Head The layers involved: TailPacket Frame Head The sender sends sequences of bits to the receiver

8 Chapter 3 - Motivating Self-Stabilization3-8 The alternating-bit algorithm Is used to cope with possibility of frame corruption or loss 01 initialization 02 begin 03 i := 1 04 bit s := 0 05 send(  bit s,im i  ) (*im i is fetched*) 06 end (*end initialization*) 07 upon a timeout 08 send(  bit s,im i  ) 09 upon frame arrival 10 begin 11receive(FrameBit) 12if FrameBit = bit s then 13 begin 14bit s := (bit s + 1) mod 2 15i := i + 1 16end 17send(  bit s,im i  ) (*im i is fetched*) 18 end Sender 01 initialization 02 begin 03 j := 1 04 bit r := 1 05 end (*end initialization*) 06 upon frame arrival 07 begin 08receive(  FrameBit, msg  ) 09if FrameBit  bit r then 10 begin 11bit r := FrameBit 12j := j + 1 13om j := msg 14end 15send(bit r ) 16 end Receiver Every message from the sender is repeatedly sent in a frame to the receiver until acknowledges arrives acknowledgement Send acknowledgement

9 Chapter 3 - Motivating Self-Stabilization3-9 The alternating-bit algorithm – run sample SR bit s = 0 bit R = 1 SR....... bit s = 0 bit R = 1 Upon a timeout … SR.... bit s = 0 bit R = 0 R received m 1 Upon a timeout … SR....... bit s = 0 bit R = 0 SR....... bit s = 1 bit R = 0 S received ack. R received m 1 again SR............. bit s = 0 bit R = 0 R received m 1 again SR....... bit s = 1 bit R = 0 Upon a timeout … SR............ bit s = 1 bit R = 1 R received m 2 SR.............. bit s = 1 bit R = 1 Once the sender receives an acknowledgment, no frame with sequence number 0 exists in the system

10 Chapter 3 - Motivating Self-Stabilization3-10 There Is No Data-link Algorithm that can Tolerate Crashes  It is usually assumed that a crash causes the sender/receiver to reach an initial state  No initialization procedure exists such that we can guarantee that every message fetched by the sender, following the last crash, will arrive at its destination  The next Execution will demonstrate this point. Denote: Crash R – receiver crash Crash S – sender crash  Crash X causes X to perform an initialization procedure

11 Chapter 3 - Motivating Self-Stabilization3-11 The Pumping Technique The idea : repeatedly crash the sender and the receiver and to replay parts of the RE in order to construct a new execution E’ Reference Execution (RE) = Crash S, Crash R, send S (f s1 ), receive R (f s1 ), send R (f r1 ), receive S (f r1 ), send S (f s2 ), …, receive S (f rk ) SR f s1 S sends f s1 SR f r1 R receives f s1 and sends f r1 SR Crash S S crashes f r1 SR f s2 f s1 S sends f s1 receives f r1 and sends f s2 SR f s2 f s1 Crash R R crashes SR f r1 f r2 R receives f s1, sends f r1, receives f s2 and sends f r2 SR f r1 f r2... f rk R receives f s1, sends f r1, receives f s2, sends f r2, …, receives f sk and sends f rk SR f r1 f r2... f rk Crash R Now S and R crash Crash S f sk... f s2 f s1 We let S send f si and receive f ri (i from 1 to k) SR If these k frames are lost, no information about the message exists in the system SR SR Crash S Suppose Crash S and Crash R occurred Crash R SR Crash S f r1 f r2... f r(k-1) S crashes..m2m1..m2m1 SR f sk... f s2 f s1 S sends f s1 receives f r1, sends f s2 receives f r2, …, receives f r(k-1) and sends f sk m2m2 m1m1 m2m2..... Continue with the same technique

12 Chapter 3 - Motivating Self-Stabilization3-12 Conclusion !  It is possible to show that there is no guarantee that the k th message will be received  We want to require that eventually every message fetched by the sender reaches the receiver, thus requiring a Self-Stabilizing Data-Link Algorithm

13 Chapter 3 - Motivating Self-Stabilization3-13 Chapter 3: roadmap 3.1 Initialization of a Data-Link Algorithm in the Presence of Faults 3.2 Arbitrary Configuration Because of Crashes 3.3 Frequently Asked Questions

14 Chapter 3 - Motivating Self-Stabilization3-14 Arbitrary configuration because of crashes  A combination of crashes and frame losses can bring a system to any arbitrary states of processors and an arbitrary configuration

15 Chapter 3 - Motivating Self-Stabilization3-15 Any Configuration Can be Reached by a Sequence of Crashes  The pumping technique is used to reach any arbitrary configuration starting with the reference execution Reference Execution (RE) = Crash S, Crash R, send S (f s1 ), receive R (f s1 ), send R (f r1 ), receive S (f r1 ), send S (f s2 ), …, receive S (f rk )  The technique is used to accumulate a long sequence of frames

16 Chapter 3 - Motivating Self-Stabilization3-16 Reaching an Arbitrary Configuration  Our first goal – creating an execution in which RE appears i times in a row (RE) i SR f r1 f r2... f rk First we use the Pumping Technique to receive RE SR f s1 f r1 f r2... f rk S sends fs1 SR Crash S f s1 f r1 f r2... f rk S crashes SR f sk, …, f s2, f s1, f s1, S sends f s1, receives f r1, sends f s2, receives f r2, …, sends f sk, receives f rk, SR F sE f r1 R receives f s1 and sends f r1 Denote : F rE (F sE ) – the sequence of frames sent by the receiver (sender) in RE SR F sE f r1 Crash R R crashes SR f r1 F rE R receives f s1 sends f r1 … receives f sk and sends f rk SR Crash S f r1 F rE S crashes SR f s2 f s1 F rE S sends f s1, receives f r1, sends f s2 SR Crash S f s2 f s1 F rE S crashes SR F sE f s2 f s1 S sends f s1, receives f r1, …, sends f sk, receives f rk SR F sE F sE S received the first F rE, crashed and received the second..... Continue with the same technique F i rE (F i sE ) = the sequence F r(s)E F r(s)E … F r(s)E (i times) SR F i sE For any finite i, the technique can be extended to reach a configuration in which F i sE appears in q s,r

17 Chapter 3 - Motivating Self-Stabilization3-17 Reaching an Arbitrary Configuration  Our second goal – achieving c a (an arbitrary configuration)  Denote k 1 (k 2 )- the number of frames in q s,r (q r,s ) in c a  i = k 1 +k 2 +2 SR F i sE Using the previous technique we accumulate F i sE SR F k1+1 sE F k2+1 rE R replays RE k 2 +1 times S'S'R F k1+1 sE q r,s S replays RE using the first F rE until it reaches its desired state (loosing the frames sent by it and the leftovers of F k2 rE that are not in q r,s ) S'S'R'R' q s,r q r,s We do the same with R, reaching the arbitrary configuration c a

18 Chapter 3 - Motivating Self-Stabilization3-18 Crash-Resilient Data-Link Algorithm,With a Bound on the Number of Frames in Transit  Crashes are not considered severe type of faults (Byzantine are more severe - chapter 6)  The algorithm uses the initialization procedure, following the crashes of S and R  bound – the maximal number of frames that can be in transit SR S,in after-crash state, invokes a clean procedure SR Crash S S crashes SR.... SR... SR... SR... S received, then sends repeatedly until it will receive..... Continue until S receives SR... When the sender receives the first it can be sure that the only label in transit is bound+1, and can initialize the alternating bit algorithm (similarly R can initialize as well) SR bit s = 0 bit R = 1

19 Chapter 3 - Motivating Self-Stabilization3-19 Crash-Resilient Data-Link Algorithm – R crashes SR Crash R R crashes SR bit R = i SR bit R =FrameBit R received msg and assigned FrameBit to bit R it then delivers msg to the output queue – The Problem : extra copy of msg in the output queue

20 Chapter 3 - Motivating Self-Stabilization3-20 Crash-Resilient Data-Link Algorithm – R crashes Can we guarantee at most one delivery, and exactly- once delivery after the last crash?  bit R initialization should assure that a message fetched after the crash will be delivered  A solution: S sends each message in a frame with label 0, until Ack. arrives and then sends the same message with label 1 until an Ack. arrives R delivers a message only with label 1 that arrives immediately after label 0

21 Chapter 3 - Motivating Self-Stabilization3-21 Chapter 3: roadmap 3.1 Initialization of a Data-Link Algorithm in the Presence of Faults 3.2 Arbitrary Configuration Because of Crashes 3.3 Frequently Asked Questions

22 Chapter 3 - Motivating Self-Stabilization3-22 What is the Rational behind assuming that the states of the processors can be corrupted while the processors’ programs cannot ? The program is stored in a long-term memory device which makes it possible to 1. Reload program statements periodically 2. Protect the memory segment using a read-only memory device If the program is subjected to corruption, any configuration is possible. The Byzantine model allows 1/3 of processors to execute corrupted programs

23 Chapter 3 - Motivating Self-Stabilization3-23 Safety Properties  Safety and Liveness properties should be satisfied by a distributed algorithm Safety ensures avoiding bad configurations Liveness ensures achieving the systems’ goal  The designer of a self-stabilizing algorithm wants to ensure that even if the safety property is violated, the system execution will reach a suffix in which both properties hold  What use is an algorithm that doesn’t ensure that a car never crashes? If the faults are severe enough to make the algorithm reach an arbitrary configuration, the car may crash no matter what the algorithm is chosen

24 Chapter 3 - Motivating Self-Stabilization3-24 Safety Properties … A safety property for a car controller might be: never turn into a one-way road When no specification exists the car can continue driving on this road and crash with other cars A self Stabilization controller will recover from this non-legal init (by turning the car)

25 Chapter 3 - Motivating Self-Stabilization3-25 Processors Can Never be Sure that a Safe Configuration is Reached What use is an algorithm in which the processors are never sure about the current global state?  The question confuses the assumptions (transient faults occurrence) with the algorithm that is designed to fit the severe assumptions. A self-stabilizing algorithm can be designed to start in a particular (safe) state  A self-stabilizing algorithm is at least good as a non-self-stabilizing one for the same task, and is in fact much better !!!

Download ppt "Chapter 3 - Motivating Self-Stabilization3-1 Chapter 3 Self-Stabilization Self-Stabilization Shlomi Dolev MIT Press, 2000 Shlomi Dolev, All Rights Reserved."

Similar presentations

Self-Stabilizing End-to-End Communication in Bounded Capacity, Omitting, Duplicating and non-FIFO Dynamic Networks Shlomi Dolev 1, Ariel Hanemann 1, Elad.

Self-Stabilizing End-to-End Communication in Bounded Capacity, Omitting, Duplicating and non-FIFO Dynamic Networks Shlomi Dolev 1, Ariel Hanemann 1, Elad.
Impossibility of Distributed Consensus with One Faulty Process

Impossibility of Distributed Consensus with One Faulty Process
Chapter 8 Fault Tolerance

Chapter 8 Fault Tolerance
Primitives for Achieving Reliability 3035/GZ01 Networked Systems Kyle Jamieson Department of Computer Science University College London.

Primitives for Achieving Reliability 3035/GZ01 Networked Systems Kyle Jamieson Department of Computer Science University College London.
CS 542: Topics in Distributed Systems Diganta Goswami.

CS 542: Topics in Distributed Systems Diganta Goswami.
Chapter 6 - Convergence in the Presence of Faults1-1 Chapter 6 Self-Stabilization Self-Stabilization Shlomi Dolev MIT Press, 2000 Shlomi Dolev, All Rights.

Chapter 6 - Convergence in the Presence of Faults1-1 Chapter 6 Self-Stabilization Self-Stabilization Shlomi Dolev MIT Press, 2000 Shlomi Dolev, All Rights.
Chapter 7 - Local Stabilization1 Chapter 7: roadmap 7.1 Super stabilization 7.2 Self-Stabilizing Fault-Containing Algorithms 7.3 Error-Detection Codes.

Chapter 7 - Local Stabilization1 Chapter 7: roadmap 7.1 Super stabilization 7.2 Self-Stabilizing Fault-Containing Algorithms 7.3 Error-Detection Codes.
Chapter 2 - Definitions, Techniques and Paradigms2-1 Chapter 2 Self-Stabilization Self-Stabilization Shlomi Dolev MIT Press, 2000 Draft of May 2003, Shlomi.

Chapter 2 - Definitions, Techniques and Paradigms2-1 Chapter 2 Self-Stabilization Self-Stabilization Shlomi Dolev MIT Press, 2000 Draft of May 2003, Shlomi.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
Outline. Theorem For the two processor network, Bit C(Leader) = Bit C(MaxF) = 2[log 2 ((M + 2)/3.5)] and Bit C t (Leader) = Bit C t (MaxF) = 2[log 2 ((M.

Outline. Theorem For the two processor network, Bit C(Leader) = Bit C(MaxF) = 2[log 2 ((M + 2)/3.5)] and Bit C t (Leader) = Bit C t (MaxF) = 2[log 2 ((M.
CSCE 668 DISTRIBUTED ALGORITHMS AND SYSTEMS Fall 2011 Prof. Jennifer Welch CSCE 668 Self Stabilization 1.

CSCE 668 DISTRIBUTED ALGORITHMS AND SYSTEMS Fall 2011 Prof. Jennifer Welch CSCE 668 Self Stabilization 1.
Distributed Computing 8. Impossibility of consensus Shmuel Zaks ©

Distributed Computing 8. Impossibility of consensus Shmuel Zaks ©
1 Complexity of Network Synchronization Raeda Naamnieh.

1 Complexity of Network Synchronization Raeda Naamnieh.
Chapter 8 - Self-Stabilizing Computing1 Chapter 8 – Self-Stabilizing Computing Self-Stabilization Shlomi Dolev MIT Press, 2000 Draft of January 2004 Shlomi.

Chapter 8 - Self-Stabilizing Computing1 Chapter 8 – Self-Stabilizing Computing Self-Stabilization Shlomi Dolev MIT Press, 2000 Draft of January 2004 Shlomi.
CS 582 / CMPE 481 Distributed Systems Fault Tolerance.

CS 582 / CMPE 481 Distributed Systems Fault Tolerance.
Distributed systems Module 2 -Distributed algorithms Teaching unit 1 – Basic techniques Ernesto Damiani University of Bozen Lesson 3 – Distributed Systems.

Distributed systems Module 2 -Distributed algorithms Teaching unit 1 – Basic techniques Ernesto Damiani University of Bozen Lesson 3 – Distributed Systems.
 Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 1 Principles of Reliable Distributed Systems Lecture 7: Failure Detectors.

 Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 7: Failure Detectors.
Chapter 4 - Self-Stabilizing Algorithms for Model Conservation4-1 Chapter 4: roadmap 4.1 Token Passing: Converting a Central Daemon to read/write 4.2 Data-Link.

Chapter 4 - Self-Stabilizing Algorithms for Model Conservation4-1 Chapter 4: roadmap 4.1 Token Passing: Converting a Central Daemon to read/write 4.2 Data-Link.
CPSC 668Set 16: Distributed Shared Memory1 CPSC 668 Distributed Algorithms and Systems Fall 2006 Prof. Jennifer Welch.

CPSC 668Set 16: Distributed Shared Memory1 CPSC 668 Distributed Algorithms and Systems Fall 2006 Prof. Jennifer Welch.
CPSC 668Set 12: Causality1 CPSC 668 Distributed Algorithms and Systems Fall 2009 Prof. Jennifer Welch.

CPSC 668Set 12: Causality1 CPSC 668 Distributed Algorithms and Systems Fall 2009 Prof. Jennifer Welch.

Similar presentations

Ads by Google