1 / 11

Lecture 3: The Stability Detection Problem

Understand stability in distributed systems, termination detection, program design, proofs, refining, and correctness validation.

salfred
Download Presentation

Lecture 3: The Stability Detection Problem

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 3:State, Detection Anish Arora CSE 763

  2. The Stability Detection Problem • A stableproperty of a distributed system is one that persists: once a stable property is true it remains true thereafter • Examples: • “the computation has terminated” • “the system is deadlocked” • “all tokens in a token ring have disappeared” • Solution • Determine the global state of the system • Test the global state to see if the stable property holds

  3. Termination Detection • Processes 0..N-1 arbitrarily connected by channels • Each process either idle or active • An active process can become idle spontaneously • An idle process can become active only upon receiving a message The Problem : Detect that all processes are idle and all channels are empty

  4. Program and Proof (hand-in-hand) Design • Step 0 : How to count messages in channels. process j {send msg}  c.j := c.j + 1 ▯ {receive msg}  c.j := c.j - 1 Proof : Invariant I1  (Sum j :: c.j) = # of messages in channels

  5. Refining the program • Step 1 : How to detect that all processes are idle. Consider a logical ring 0 -> … N-1 -> … 0 and pass a token Let t denote the location of the token process j {send msg}  c.j := c.j + 1 ▯ {receive msg}  c.j := c.j - 1 ▯ {propagate token}  t := t – 1  j  0  t = j  idle.j ; q := q + c.j ▯ {retransmit token}  t := N – 1  j = 0  t = j  idle.j ; q := 0   (q + c.0 = 0)

  6. Refining the proof Proof : We begin with an idealized Invariant  I1  Q, where Q  (j : t<j  j<N : idle.j)  (q = (Sum j : t<j  j<N : c.j)) However Q is not preserved by one of the actions (the receive action for j, t < j  j < N) But when Q is violated, R becomes true, where R  q + (Sum j : 0 j  j  t : c.j) > 0 So, we weaken Invariant  I1  (Q  R) However R is not preserved by one of the actions (the receive action for j, 0  j and j  t)

  7. Refining the program again • Step 2 : How to abort a detection when unsure that the token traversal was uninterrupted. process j {send msg}  c.j := c.j + 1 ▯ {receive msg}  c.j := c.j – 1; ; blacken j ▯{propagate token}  t := t – 1  j  0  t = j  idle.j ; q := q + c.j ; whiten j ▯{retransmit token}  t := N – 1  j = 0  t = j  idle.j ; q := 0 (q + c.0 = 0  0 is white) ; whiten j

  8. Iterated refinement Proof : Invariant  I1  (Q  R  S) where S  (j:0  j  jt:j is black) However S is not preserved by one of the actions (the propagate action at a black node) So we introduce a color for the token and get the final program program of process j {send msg}  c.j := c.j + 1 ▯ {receive msg}  c.j := c.j – 1; ; blacken j ▯ {propagate token}  t := t – 1  j  0  t = j  idle.j ; q := q + c.j ; if black j then blacken token ; whiten j ▯ {retransmit token}  t := N – 1  j = 0  t = j  idle.j ; q := 0 (q + c.0 = 0  ; whiten token token is white  0 is white) ; whiten j

  9. Termination Detection Predicate Termination  (j :: idle.j)  # of msgs sent - # of msgs received = 0 Invariant  (Sum j:: c.j) = # of msgs sent - # of msgs received  (Q  R  S  T) Q  (j : t<j  j<N : idle.j)  (q=( j : t<j  j<N : c.j)) R  q + ( j : 0 j  j  t : c.j) > 0 S  (j : 0  j  j  t : j is black) T  token is black

  10. Proof of correctness • Invariant  t=0  O is white  idle.0  q+c.0=0  token is white  Termination • Invariant  Termination leads-to t = 0  0 is white  idle.0  q + c.0 = 0  token is white

  11. Termination Detection Proof of (1): • O is white  t = 0   S • q + c.0 = 0  t = 0   R • token is white   T • Hence the antecedent implies Invariant  Q  q + c.0 = 0 i.e., the antecedent implies Termination Proof of (2): • If termination has occurred, only the propagation and retransmission actions can execute • After the first complete traversal of the ring by the token, all processes are white and the token is white • At the end of the next traversal, when t = 0, the algorithm detects the termination of the underlying computation

More Related