Self-stabilization in NEST

Mikhail Nesterenko(based on presentation by Anish Arora, Ohio State University)

Goals

Scalable dependability via new notions of stabilization• e.g. weak, protective, bounded stabilization

Stabilization at all levels of NEST system stack• e.g., at application level, via component-frameworks and automated synthesis• e.g., at middleware level, via stabilizing monitoring

Stabilization Notions: Original Concept

legitimate states from where safety and livenessare satisfied

illegitimate states reached possiblydue to faults

•Closure: Set of legitimate states is closed under system execution•Convergence: Starting from any system state, every system computation eventually reaches a legitimate state

Weak Stabilization

• Closure• Weak Convergence: Starting from any system state, some system computation eventually reaches a legitimate state

Protective Stabilization

• Closure • Convergence (strong or weak)• Protection: No transition is unsafe ( )

Bounded Stabilization

• Closure• Bounded Convergence:

Set of fault-span states is closed under system execution Starting from any fault-span state, every system computation reaches a legitimate state in bounded time

Fault-span states, convergence time is bounded

Stabilization in NEST System Stack

AP

Timed AP

APC

Stabilizing application

componentframework

synthesisNonstabilizingapplication Stabilization synthesis framework

Implementing stabilizing apps

Stabilizing system/app monitoring

Project: Stabilizing Monitoring Service

Model: • apps/daemons/nodes periodically send a refresh to service • period is chosen within some interval [LF .. HF]

Service ensures in stabilizing manner: • apps/daemons/nodes are up • monitoring service of a node is up

Layered Architecture

Layer 0: Hardware watchdog implements a hardware self-rebooting mechanism

Layer 1: Basic monitoring ensures that registered app/daemons are up

Layer 2: Remote and Advanced monitoring ensures other nodes and distributed process groups are up generation of suspicions for dependent apps/daemons adaptation of refresh periods & registered apps/daemons

Project: Implementing Stabilizing Applications

Input:a (weakly-) stabilizing protocol consisting of processes

communicating via messages in Abstract Protocol (AP) notation

Output:a weakly-stabilizing implementation using UNIX processes and UDP communication

Approach

AP

Timed AP

APC

preserves all safety and liveness properties

preserves some properties, including weak-stabilization

Input

Output

•Abstract timeouts•Zero message delay •Action/fault atomicity•Action fairness

•Real timeouts•Non-zero message delay •Action/fault atomicity•Action fairness

•Real timeouts•Non-zero message delay•Event/weak fault atomicity•Weak action fairness

Project: Stabilization Synthesis Framework

NonstabilizingAPC

Stabilizing APC

dependability componentframework

NonstabilizingAP

Stabilizing AP

synthesis procedure

Approach

• Exponential-time synthesis procedure, with adequate polynomial-time heuristic sufficient for synthesis of byzantine agreement

• Dependability component framework enables reuse of application-independent aspects of stabilization application-dependent parameter used to instantiate this

framework, e.g. network type, communication patterns

Sample Component Frameworks

• Reactive link-predicate stabilization component Retransmission based Use of ACK/NACKs

• Proactive link-predicate stabilization component Forward error correction based Sending parity packets in advance

• Group-of-nodes state-predicate stabilization component

Deliverables and Milestones

• Stabilizing Monitoring Framework: Aug’02: Implementation of basic node monitoring Aug’03: Implementation of advanced node/group monitoring Apr’04: Demo of monitoring service use by NEST application

• Implementing Stabilizing Applications: Aug’02: AP-to-APC transformer implementation Apr’03: Demo of stabilizing transformer-based NEST application Aug’04: Transformer for stabilization of sequential processes

• Stabilizing Synthesis Framework: Aug’02: Demo of tool for synthesis of stabilizing AP protocols Apr’03: BNF & semantics of APC dependability component composition

language Aug’03: Application-independent code for reactive & proactive component

frameworks Apr’04: Demo of stabilizing framework-based NEST application