1. Hwajung Lee

2.  Technique for spontaneous healing.  Forward error recovery.  Guarantees eventual safety following failures. Feasibility demonstrated by Dijkstra (CACM 74)

3. Recover from any initial configuration to a legitimate configuration in a bounded number of steps, as long as the codes are not corrupted.

4. Transient failures perturb the global state. The ability to spontaneously recover from any initial state implies that no initialization is ever required. Such systems can be deployed ad hoc, and are guaranteed to function properly in bounded time

5. Self-stabilizing systems exhibits non-masking fault-tolerance. It satisfies the following two criteria fault 1. Convergence 2. Closure Not L L convergence closure

6. System behavior spontaneously changes when the environment changes A traffic control system Thus the legal configuration is L = (  E  L1)  (E  L2) Environment E = morning (0) / afternoon (1) Let the morning invariant be L1 and The afternoon invariant be L2

7. 0 1 62 4 7 53 N-1 Consider a unidirectional ring of processes. In the legal configuration, exactly one token will circulate in the network

8. 0 {Process 0} do x[0] = x[N-1]  x[0] := x[0] + 1 od {Process j > 0} do x[j] ≠ x[j -1]  x[j] := x[j-1] od The state of process j is x[j]  {0, 1, 2, K-1} (TOKEN = ENABLED GUARD) Hand -execute this first, before reading further. Start the system from an arbitrary initial configuration

9. Why will it work? As long as K > N, there is at least one value x (O≤ x ≤K-1) that is NOT the initial state of any node (pigeonhole principle) There is no deadlock Number of tokens never increases (closure) Processes 1..N-1 acquire their states from their left side Eventually process 0 attains the state x Thereafter in N-1 steps, all processes attain the state x. This is a legal configuration (only process 0 has a token) (convergence). So the system stabilizes.

10.  Given a connected graph G = (V,E) and a root r, design an algorithm for maintaining a spanning tree in presence of transient failures that may corrupt the local states of processes.  Let n = |V|

11. Each process i has two variables: L(i) = Distance from the root via tree edges P(i) = parent of process i N(i) denotes the neighbors of i By definition L(r) = 0, and P(r) is undefined. 0 ≤ L(i) ≤ n. In a legal state  i  V: i ≠ r:: L(i) ≠ n and L(i) = L(P(i)) +1.

12. 0 1 2 5 4 3 0 1 2 5 4 3 1 2 3 4 5 P(2) is corrupted

13. do (L(i) ≠ n)  (L(i) ≠ L(P(i)) +1)  (L(P(i)) ≠ n)  L(i) :=L(P(i)) +1(0)  (L(i)  n)  (L(P(i)) =n)  L(i):=n(1) ÿ (L(i) =n)  (  k  N(i):L(k) < n-1)  L(i) :=L(k)+1; P(i):=k(2) od

14. Define an edge from i to P(i) to be well-formed, when L(i) ≠ n, L(P(i) ≠ n and L(i) = L(P(i)) +1. In any configuration, the well-formed edges form a spanning forest. Delete all edges that are not well-formed. Designate each tree T(k) in the forest by the lowest value of L in it.

15. In the sample graph shown earlier. T(0) = {0, 1} T(2) = {2, 3, 4, 5} Let F(k) denote the number of T(k) in the forest. Define a tuple F= (F(0), F(1), F(2) …, F(n)). For the sample graph, F = (1, 0, 1, 0, 0, 0) after node 2 has a transient failure.

16. Minimum F = (1,0,0,0,0,0) {legal configuration} Maximum F = (1, n-1, 0, 0, 0, 0). With each action of the algorithm, F decreases lexicographically. Verify the claim! This proves that eventually F becomes (1,0,0,0,0,0) and the spanning tree stabilizes. What is the time complexity of this algorithm?