Results 1  10
of
22
Synthesis of faulttolerant concurrent programs
 Proceedings of the 17th ACM Symposium on Principles of Distributed Computing (PODC
, 1998
"... Methods for mechanically synthesizing concurrent programs from temporal logic specifications obviate the need to manually construct a program and compose a proof of its correctness. A serious drawback of extant synthesis methods, however, is that they produce concurrent programs for models of comput ..."
Abstract

Cited by 47 (5 self)
 Add to MetaCart
(Show Context)
Methods for mechanically synthesizing concurrent programs from temporal logic specifications obviate the need to manually construct a program and compose a proof of its correctness. A serious drawback of extant synthesis methods, however, is that they produce concurrent programs for models of computation that are often unrealistic. In particular, these methods assume completely faultfree operation, i.e., the programs they produce are faultintolerant. In this paper, we show how to mechanically synthesize faulttolerant concurrent programs for various fault classes. We illustrate our method by synthesizing faulttolerant solutions to the mutual exclusion and barrier synchronization problems. Categories and Subject Descriptors: F.3.1 [Logics and Meanings of Programs]: Specifying and Verifying and Reasoning about Programs—logics of programs, mechanical verification, specification
Hundreds of Impossibility Results for Distributed Computing
 Distributed Computing
, 2003
"... We survey results from distributed computing that show tasks to be impossible, either outright or within given resource bounds, in various models. The parameters of the models considered include synchrony, faulttolerance, different communication media, and randomization. The resource bounds refe ..."
Abstract

Cited by 43 (5 self)
 Add to MetaCart
We survey results from distributed computing that show tasks to be impossible, either outright or within given resource bounds, in various models. The parameters of the models considered include synchrony, faulttolerance, different communication media, and randomization. The resource bounds refer to time, space and message complexity. These results are useful in understanding the inherent difficulty of individual problems and in studying the power of different models of distributed computing.
A PursuerEvader Game for Sensor Networks
 Sixth Symposium on SelfStabilizing Systems(SSS’03
, 2003
"... In this paper we present a selfstabilizing program for solving a pursuerevader problem in sensor networks. The program can be tuned for tracking speed or energy efficiency. In the program, sensor motes close to the evader dynamically maintain a "tracking" tree of depth that is alw ..."
Abstract

Cited by 39 (8 self)
 Add to MetaCart
(Show Context)
In this paper we present a selfstabilizing program for solving a pursuerevader problem in sensor networks. The program can be tuned for tracking speed or energy efficiency. In the program, sensor motes close to the evader dynamically maintain a "tracking" tree of depth that is always rooted at the evader.
Proof Labeling Schemes
 Proc. the 24th Annual ACM Symposium on Principles of Distributed Computing (PODC 2005), Las Vegas
, 2005
"... This paper addresses the problem of locally verifying global properties. Several natural questions are studied, such as “how expensive is local verification? ” and more specifically “how expensive is local verification compared to computation? ” A suitable model is introduced in which these questio ..."
Abstract

Cited by 29 (18 self)
 Add to MetaCart
(Show Context)
This paper addresses the problem of locally verifying global properties. Several natural questions are studied, such as “how expensive is local verification? ” and more specifically “how expensive is local verification compared to computation? ” A suitable model is introduced in which these questions are studied in terms of the number of bits a node needs to communicate. In addition, approaches are presented for the efficient construction of schemes, and upper and lower bounds are established on the cost of schemes for multiple basic problems. The paper also studies the role and cost of unique identities in terms of impossibility and complexity. Previous studies on related questions deal with distributed algorithms that simultaneously compute a configuration and verify that this configuration has a certain desired property. It turns out that this combined approach enables verification to be less costly, since the configuration is typically generated so as to be easily verifiable. In contrast, our approach separates the configuration design from the verification. That is, it first generates the desired configuration without bothering with the need to verify, and then handles the task of constructing a suitable verification scheme. Our approach thus allows for a more modular design of algorithms, and has the potential to aid in verifying properties even when the original design of the structures for maintaining them was done without verification in mind.
Distributed Verification of Minimum Spanning Trees
 Proc. 25th Annual Symposium on Principles of Distributed Computing
, 2006
"... The problem of verifying a Minimum Spanning Tree (MST) was introduced by Tarjan in a sequential setting. Given a graph and a tree that spans it, the algorithm is required to check whether this tree is an MST. This paper investigates the problem in the distributed setting, where the input is given in ..."
Abstract

Cited by 27 (23 self)
 Add to MetaCart
(Show Context)
The problem of verifying a Minimum Spanning Tree (MST) was introduced by Tarjan in a sequential setting. Given a graph and a tree that spans it, the algorithm is required to check whether this tree is an MST. This paper investigates the problem in the distributed setting, where the input is given in a distributed manner, i.e., every node “knows ” which of its own emanating edges belong to the tree. Informally, the distributed MST verification problem is the following. Label the vertices of the graph in such a way that for every node, given (its own label and) the labels of its neighbors only, the node can detect whether these edges are indeed its MST edges. In this paper we present such a verification scheme with a maximum label size of O(log n log W), where n is the number of nodes and W is the largest weight of an edge. We also give a matching lower bound of Ω(log n log W) (except when W ≤ log n). Both our bounds improve previously known bounds for the problem. Our techniques (both for the lower bound and for the upper bound) may indicate a strong relation between the fields of proof labeling schemes and implicit labeling schemes. For the related problem of tree sensitivity also presented by Tarjan, our method yields rather efficient schemes for both the distributed and the sequential settings.
Resettable Vector Clocks
 PROCEEDINGS OF THE 19TH ACM SYMPOSIUM ON PRINCIPLES OF DISTRIBUTED COMPUTING (PODC
, 2000
"... Vector clocks (VC) are an inherent component of a rich class of distributed applications. In this paper, we consider the problem of realistic  more specically, boundedspace and faulttolerant  implementation of these client applications. To this end, we generalize the notion of VC to resettable ..."
Abstract

Cited by 17 (5 self)
 Add to MetaCart
Vector clocks (VC) are an inherent component of a rich class of distributed applications. In this paper, we consider the problem of realistic  more specically, boundedspace and faulttolerant  implementation of these client applications. To this end, we generalize the notion of VC to resettable vector clocks (RVC), and provide a realistic implementation of RVC. Further, we identify an interface contract under which our RVC implementation can be substituted for VC in client applications, without aecting the client's correctness. Based on such substitution, we show how to transform the client so that it is itself realistically implemented; we demonstrate our method in the context of RicartAgrawala's mutual exclusion program.
Solving problems in the presence of process crashes and lossy links
, 1996
"... We study the effect of link failures on the solvability of problems in asynchronous systems that are subject to process crashes: given a problem that can be solved in a system with process crashes and reliable links, is the problem solvable even if links are lossy? We answer this question for two ty ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
(Show Context)
We study the effect of link failures on the solvability of problems in asynchronous systems that are subject to process crashes: given a problem that can be solved in a system with process crashes and reliable links, is the problem solvable even if links are lossy? We answer this question for two types of lossy links, and show that the answer depends on the maximum number of processes that may crash and the nature of the problem to be solved. In particular, we prove that the answer is positive if fewer than half of the processes may crash or if the problem speci®cation does not refer to the state of processes that crash. However, in general, the answer is negative even if each link can loose only a ®nite number of messages. 1
Multitolerance in Distributed Reset
 CHICAGO JOURNAL OF THEORETICAL COMPUTER SCIENCE, SPECIAL ISSUE ON SELFSTABILIZATION
, 1998
"... A reset of a distributed system is safe if it does not complete "prematurely", i.e., without having reset some process in the system. Safe resets are possible in the presence of certain faults, such as process failstops and repairs, but are not always possible in the presence of more ..."
Abstract

Cited by 14 (9 self)
 Add to MetaCart
A reset of a distributed system is safe if it does not complete "prematurely", i.e., without having reset some process in the system. Safe resets are possible in the presence of certain faults, such as process failstops and repairs, but are not always possible in the presence of more general faults, such as arbitrary transients. In this paper, we design a boundedmemory distributed reset program that possesses two tolerances: (i) in the presence of failstops and repairs, it always executes resets safely, and (ii) in the presence of a finite number of transient faults, it eventually executes resets safely. Designing this multitolerance in the reset program introduces the novel concern of designing a safety detector that is itself multitolerant. A broad application of our multitolerant safety detector is to make any total program likewise multitolerant.
LSRP: Local stabilization in shortest path routing
 IN IEEEIFIP DSN
, 2003
"... We formulate a notion of local stabilization, by which a system selfstabilizes in time proportional to the size of any perturbation that changes the network topology or the state of nodes. The notion implies that the part of the network involved in the stabilization includes at most the nodes who ..."
Abstract

Cited by 14 (4 self)
 Add to MetaCart
(Show Context)
We formulate a notion of local stabilization, by which a system selfstabilizes in time proportional to the size of any perturbation that changes the network topology or the state of nodes. The notion implies that the part of the network involved in the stabilization includes at most the nodes whose distance from the perturbed nodes is proportional to the perturbation size. Also, we present LSRP, a protocol for local stabilization in shortest path routing. LSRP achieves local stabilization via two techniques. First, it layers system computation into three diffusing waves each having a different propagation speed, i.e., “stabilization wave” with the lowest speed, “containment wave ” with intermediate speed, and “supercontainment wave” with the highest speed. The containment wave contains the mistakenly initiated stabilization wave, the supercontainment wave contains the mistakenly initiated containment wave, and the supercontainment wave selfstabilizes itself locally. Second, LSRP avoids forming loops during stabilization, and it removes all transient loops within small constant time. To the best of our knowledge, LSRP is the first protocol that achieves local stabilization in shortest path routing.
LOCI: Local Clustering Service for Large Scale Wireless Sensor Networks
"... We present a local, scalable, and faulttolerant distributed clustering service, LOCI, that partitions a multihop wireless network into clusters of bounded physical radius [R; mR] where m is a constant greater than or equal to 2. That is, each cluster has a leader node such that all nodes within ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
(Show Context)
We present a local, scalable, and faulttolerant distributed clustering service, LOCI, that partitions a multihop wireless network into clusters of bounded physical radius [R; mR] where m is a constant greater than or equal to 2. That is, each cluster has a leader node such that all nodes within distance R of the leader belong to the cluster but no node beyond distance mR from the leader belongs to the cluster. LOCI is local in that each node only needs information about nodes that are at most distance 2R away. It is scalable in that each node maintains only a constant amount of state and completes its role in clustering in O(R4) time (O(R2) for a stronger system model), independent of the network size. It is faulttolerant in that it is selfstabilizing in the presence of state corruption, node and link failstops, and node joins. The network partitions generated by LOCI form a Voronoi tessellation as each nonclusterhead node joins the cluster of the nearest clusterhead and the number of clusters LOCI yields is within a constant factor approximation of the minimum number of clusters theoretically feasible. Our simulations demonstrate that, for m = 2, the number of clusters constructed by LOCI exceed the minimum number of clusters theoretically feasible only by a factor of 1.5 for a 1D network and 2.3 for a 2D network. As hierarchical clustering is readily achieved by instantiating LOCI at multiple levels, LOCI provides a framework for scalable and faulttolerant distributed tracking structure for pursuerevader scenarios that has arisen in our recent work in sensor networks. Furthermore, as part of our efforts towards developing sensor network services in the DARPA Network Embedded Software Technology (NEST) program, we have implemented LOCI in TinyOS on the Mica2 mote platform.