Self-stabilization in NEST
description
Transcript of Self-stabilization in NEST
Self-stabilization in NEST
Mikhail Nesterenko(based on presentation by Anish Arora, Ohio State University)
Goals
Scalable dependability via new notions of stabilization
• e.g. weak, protective, bounded stabilization
Stabilization at all levels of NEST system stack
• e.g., at application level, via component-frameworks and automated synthesis
• e.g., at middleware level, via stabilizing monitoring
Stabilization Notions: Original Concept
legitimate states from where safety and livenessare satisfied
illegitimate states reached possiblydue to faults
•Closure: Set of legitimate states is closed under system execution
•Convergence: Starting from any system state, every system
computation eventually reaches a legitimate state
Weak Stabilization
• Closure• Weak Convergence: Starting from any system state, some system
computation eventually reaches a legitimate state
Protective Stabilization
• Closure • Convergence (strong or weak)• Protection: No transition is unsafe ( )
Bounded Stabilization
• Closure• Bounded Convergence:
Set of fault-span states is closed under system execution Starting from any fault-span state, every system computation reaches a legitimate state in bounded time
Fault-span states, convergence time is bounded
Stabilization in NEST System Stack
AP
Timed AP
APC
Stabilizing
application
componentframework
synthesisNonstabilizingapplication
Stabilization synthesis framework
Implementing stabilizing apps
Stabilizing system/app monitoring
Project: Stabilizing Monitoring Service
Model:
• apps/daemons/nodes periodically send a refresh to
service
• period is chosen within some interval [LF .. HF]
Service ensures in stabilizing manner:
• apps/daemons/nodes are up
• monitoring service of a node is up
Layered Architecture
Layer 0: Hardware watchdog
implements a hardware self-rebooting mechanism
Layer 1: Basic monitoring
ensures that registered app/daemons are up
Layer 2: Remote and Advanced monitoring
ensures other nodes and distributed process groups are up
generation of suspicions for dependent apps/daemons
adaptation of refresh periods & registered apps/daemons
Project: Implementing Stabilizing Applications
Input:
a (weakly-) stabilizing protocol consisting of processes
communicating via messages in Abstract Protocol (AP) notation
Output:
a weakly-stabilizing implementation using UNIX processes and UDP communication
Approach
AP
Timed AP
APC
preserves all safety and liveness properties
preserves some properties, including weak-stabilization
Input
Output
•Abstract timeouts•Zero message delay •Action/fault atomicity•Action fairness
•Real timeouts•Non-zero message delay •Action/fault atomicity•Action fairness
•Real timeouts•Non-zero message delay•Event/weak fault atomicity•Weak action fairness
Project: Stabilization Synthesis Framework
NonstabilizingAPC
Stabilizing APC
dependability componentframework
NonstabilizingAP
Stabilizing AP
synthesis procedure
Approach
• Exponential-time synthesis procedure, with adequate
polynomial-time heuristic
sufficient for synthesis of byzantine agreement
• Dependability component framework enables reuse of
application-independent aspects of stabilization
application-dependent parameter used to instantiate this
framework, e.g. network type, communication patterns
Sample Component Frameworks
• Reactive link-predicate stabilization component
Retransmission based
Use of ACK/NACKs
• Proactive link-predicate stabilization component
Forward error correction based
Sending parity packets in advance
• Group-of-nodes state-predicate stabilization component
Deliverables and Milestones
• Stabilizing Monitoring Framework: Aug’02: Implementation of basic node monitoring
Aug’03: Implementation of advanced node/group monitoring
Apr’04: Demo of monitoring service use by NEST application
• Implementing Stabilizing Applications: Aug’02: AP-to-APC transformer implementation Apr’03: Demo of stabilizing transformer-based NEST application Aug’04: Transformer for stabilization of sequential processes
• Stabilizing Synthesis Framework: Aug’02: Demo of tool for synthesis of stabilizing AP protocols Apr’03: BNF & semantics of APC dependability component composition
language Aug’03: Application-independent code for reactive & proactive component
frameworks Apr’04: Demo of stabilizing framework-based NEST application