Realizing self stabilizing algorithms
1 / 27

Realizing Self-Stabilizing Algorithms - PowerPoint PPT Presentation

  • Uploaded on

Realizing Self-Stabilizing Algorithms. Shlomi Dolev, Yinnon A. Haviv , Department of Computer Science Ben-Gurion University, Israel Mooly Sagiv, Department of Computer Science Tel Aviv University, Israel. Motivation. Transient malfunctions. Single processor: Hardware glitches.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Realizing Self-Stabilizing Algorithms' - moana

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Realizing self stabilizing algorithms

Realizing Self-StabilizingAlgorithms

Shlomi Dolev, Yinnon A. Haviv,

Department of Computer Science

Ben-Gurion University, Israel

Mooly Sagiv,

Department of Computer Science

Tel Aviv University, Israel


  • Transient malfunctions.

  • Single processor:

    • Hardware glitches.

    • Soft-Errors.

  • Distributed environment:

    • Processor crashes / recoveries.

    • Link errors.

  • Resulting in an unpredictable system state.

Coping with transient errors
Coping with Transient Errors

  • Masking (safety factor) achieved by:

    • Information redundancy (e.g., ECC).

    • Time/Space redundancy. (e.g., TMR)

  • Self-Stabilization [Dijkstra74]:

    • Assuming any system state (caused by errors).

    • Recovering by converging into legal behavior.

    • Existing algorithms for distributed tasks:

      • Routing, leader election, mutual exclusion, etc.

Self stabilizing algorithms
Self-Stabilizing Algorithms

  • Used for on-going systems

    • The required semantics is defined by a set of traces.

  • Started in any given state, the system eventually exhibit a legal behavior.

    • Example: eventually there is exactly one leader.

  • Self-stabilizing algorithms are described using pseudo-code/Guarded command notations.

  • Our goal: practical self-stabilizing systems.

Realization outline
Realization – Outline

  • Self-stabilizing microprocessor [DH04].

    • What is required from ss-microprocessor?

    • Methodologies for verifying stabilization property.

    • Implementation - Mic-1

  • Self-stabilization preserving compiler.

    • Choosing the right language.

    • Requirements from self-stabilization preserving compiler.

    • Implementation - Abstract State Machines

More on soft errors
More on Soft-Errors

  • Caused by cosmic ray.

  • Cause a logical gate to temporarily malfunction / latch to flip its content.

  • Currently noticed (and handled) only in memories (once a week / 1GB of ram).

  • Technology roadmaps predict a significant impact on the microprocessors soon…

Soft errors current solutions
Soft-Errors - Current Solutions

  • Obtaining masking using probabilistic approaches:

    • Information redundancy (ECC / Parity)

    • Space redundancy

    • Time redundancy

    • Failure detection / recovery.

  • Known solutions:

    • IBM S-390

    • Compaq NonStop Himalaya

    • IROC

Side note on predicting soft errors vulnerability
Side note on predicting soft-errors vulnerability.

  • Incorrect computation in the internal gates that does not result in an incorrect output.

  • Consider the formula below: When :

  • A formula may favor certain inputs.

Self stabilizing algorithms a solution to soft errors
Self-Stabilizing Algorithms – a Solution to Soft-Errors?

  • Self-Stabilizing algorithms assume that the microprocessor executes them.

    • Soft-Errors may cause the microprocessor to be stuck in a faulty state.

  • Remember: composing self-stabilizing algorithms creates a self-stabilizing system.

    • Make the microprocessor eventually fetch-decode-execute machine code.

Self stabilizing microprocessor
Self-Stabilizing Microprocessor

  • A microprocessor self-stabilizes if:

    • Started in any internal state, it converges in a finite number of steps into the set of safe states.

  • Safe states, from which the microprocessor behaves as it should.

  • The definition of the desired behavior of the microprocessor is sensitive

    • Depends on the abstraction level.

Our test case mic 1













Micro-Code Controller





1 bit

flip flops





Our Test Case – Mic-1

  • Presented in Tanenbaum’s book.

  • Implements a subset of JVM instruction set.

  • Stack operations use cache for the top of stack value (TOS).

Alternative specifications for add
Alternative Specifications for ADD

  • Sums the top two elements in the stack and replaces them with the result

  • Or as a function of the TOS value:

    • TOS Stack[--SP]+TOS

    • Stack[SP]=TOS

  • Two specifications are different if:

    • TOS ≠ Stack[SP]

  • Conclusion: semantic change in the specification may change the set of safe states.

Ensuring convergence
Ensuring Convergence

  • The state space of the microprocessor –

    • Every possible assignment to the machine memory elements (including internal registers).

  • Safe states

    • States in which the microprocessor behaves according to the specification.

  • Ultra-Safe states

    • Subset of the safe states that is easily defined andfrequently visited.

Ensuring convergence alternatives
Ensuring Convergence - Alternatives

  • Using a self-stabilizing watchdog for ensuring ultra-safe statesare visited often enough.

  • Validating that there exists no “bad” cyclein the transition graph

    • Cycle that does not travel throw an ultra-safe state.

Proving convergence



















Proving Convergence

  • Proving that there exists no “bad” cycle in the transition graph of the microprocessor.

  • Too large ! (we must explore the entire graph)

  • Using an abstraction:~ Group together states in which the micro-code program counter is the same.

Summary part 1
Summary (Part 1)

  • In addition, technique for the case of black box using a simple self-stabilizing watchdog.

  • Self-Stabilizing microprocessor is possible.

  • Specification semantics is crucial.

    • Abstract specification  easier to write code in.

    • Detailed specification  easier to implement.

Choosing the right language
Choosing the right language

  • Language for describing stabilizing algorithms:

    • Dijkstra choose guarded commands. Why?

      • Simple and precise semantics from any state.

    • Allows abstract presentation and provable design refinements.

      (D)ASM – (Distributed) Abstract State Machine [Yuri Gurevich 93]

      Combined with Dijkstra guarded commands.

Abstract state machine lang
Abstract State Machine lang.

  • Program :=

    • Variable definition.

    • Set of rules:

      • Upon <condition> do <statement>

  • Rule’s body is executed in finite time.

The gap
The Gap.

  • Need a transformation between:

    • Input program P, described using a high language, say, (D)ASM.

    • Output program Q, described using a machine language, say, JVM.

  • Existing compilers?

    • P and Qbehaves the same when started in the initial state.

    • What if Q reaches an unexpected state?

Trivial example
Trivial Example

  • mov ax, 10

  • mov cx, 0

  • loop1:

  • push cx

  • call f

  • inc cx

  • cmp cx,ax

  • jne loop

  • A statement of the form:

    For each i in {0..9} do f(i)

  • May be compiled to 

  • Start with cx=12 inside the loop…

  • Moreover: Any runtime mechanism can get stuck / inconsistent.

Self stabilization preserving compiler1
Self-Stabilization Preserving Compiler

  • Given P, a self-stabilizing program described in ASM, output Q, a stabilizing JVM program for the same task.

  • Started at any state, Q eventually behaves the same as P, when started at some state.

  • Requires more than existing compilers obtain.

Stabilization preserving compiler a closer look
Stabilization Preserving Compiler – a closer look

Ensuring that Q eventually behaves as P:

  • State space of P

  • State space of Q

The transformation

Enforce invariants

Variable declarations




upon <condition_1> do



upon <condition_n> do



The Transformation

Status and future development
Status and future development

  • Front end of compiler established.

    • Typed version of ASM.

    • JavaCC as a parser generator.

  • Interpreter (used as a model)

  • Near future:

    • JVM subset backend.

    • Integrating optimizations cleverly.

  • Fast stabilization vs. optimizations.

Conclusions part 2
Conclusions (Part 2)

  • Self Stabilization preserving compiler.

    • Language with clear semantics from any state.

    • Innovative demands from compiler.