We study the scenario where a transient fault hit f of the n nodes of a distributed system by corrupting their state. We consider the basic persistent bit problem, where the system is required to maintain a 0/1 value in the face of transient failures by means of replication. We give an algorithm to recover the value quickly: the value of the bit is recovered at all nodes in O(f) time units for an unknown f ! n=2. Moreover, complete state quiescence occurs in O(diam) time units, where diam denotes the actual diameter of the network. This means that the value persists indefinitely so long as any f ! n=2 faults are followed by \Omega\Gamma diam) fault-free time units. We prove matching lower bounds on both the output stabilization time and the state quiescence time. Using our persistent bit algorithm, we present a general transformer which takes a distributed non-reactive non-stabilizing protocol P , and produces a self-stabilizing protocol P 0 which solves the problem P solv...

A local stabilizer protocol that takes any on-line or off-line distributed algorithm and converts it into a synchronous self-stabilizing algorithm with local monitoring and repairing properties is presented. Whenever the self-stabilizing version enters an inconsistent state, the inconsistency is detected, in O(1) time, and the system state is repaired in a local manner. The expected computation time that is lost during the repair process is proportional to the largest diameter of a faulty region. An extended abstract of this paper appeared in the Proc. of the 5th Israeli Symposium on Theory of Computing and Systems, June 1997 and a brief announcement in Proc. of the 16th Annual ACM Symp. on Principles of Distributed Computing, August 1997. y Computer Science Department, Tel-Aviv University, Tel-Aviv, 69978, Israel. Email: afek@math.tau.ac.il. z Department of Mathematics and Computer Science, Ben-Gurion University, Beer-Sheva, 84105, Israel. Partially supported by the Israeli m...

Re ning self-stabilizing algorithms which use tighter scheduling constraints (weaker daemon) into corresponding algorithms for weaker or no scheduling constraints (stronger daemon), while preserving the stabilization property, is useful and challenging. Designing transformation techniques for these re nements has been the subject of serious investigations in recent years. This paper proposes a new transformation technique for daemon re nement. The core of the transformer is a self-stabilizing local mutual exclusion algorithm. The local mutual exclusion problem is to grant a process the privilege to enter critical section if and only if none of its neighbors has the privilege. The contribution of this paper is twofold. First, we present a bounded-memory self-stabilizing local mutual exclusion algorithm for arbitrary networks, assuming any arbitrary daemon. After stabilization, this algorithm maintains a bound on the service time (the delay between two successive executions of critical section by a particular process). This bound is n(n 1) where n is the network size. Another nice feature of our algorithm is that it satis es the strong safety property | in any con guration, there is at least one privileged processor. Second, we use the local mutual exclusion algorithm to design two transformers which convert the algorithms working under a weaker daemon to ones which work under the distributed, arbitrary (or unfair) daemon. Both transformers preserve the self-stabilizing property. The rst transformer re nes algorithms written under the central daemon, while the second transformer re nes algorithms designed for the k-fair (k (n 1)) daemon.

We study the memory requirements of self-stabilizing leader election (SSLE) protocols. We are mainly interested in two types of systems: anonymous systems and id-based systems. We consider two classes of protocols: deterministic ones and randomized ones. We prove that a non-constant lower bound on the memory space is required by a SSLE protocol on unidirectional, anonymous rings (even if the protocol is randomized). We show that, if there is a deterministic protocol solving a problem on id-based systems where the processor memory space is constant and the id-values are not bounded then there is a deterministic protocol on anonymous systems using constant memory space that solves the same problem. Thus impossibility results on anonymous rings (i.e. one may design a deterministic SSLE protocol, only on prime size rings, under a centralized daemon) can be extended to those kinds of id-based rings. Nevertheless, it is possible to design a silent and deterministic SSLE protocol requiring constant memory space on unidirectional, id-based rings where the id-values are bounded. We present such a protocol. We also present a randomized SSLE protocol and a token circulation protocol under an unfair, distributed daemon on anonymous and unidirectional rings of any size. We give a lower bound on memory space requirement proving that these protocols are space optimal. The memory space required is constant on average.

Program renements from an abstract to a concrete model empower designers to reason effectively in the abstract and architects to implement effectively in the concrete. For refinements to be useful, they must not only preserve functionality properties but also dependability properties. In this paper, we focus our attention on refinements that preserve the property of stabilization. We distinguish between two types of stabilization-preserving refinements -- atomicity refinement and semantics refinement -- and study the former. Specifically, we present a stabilization-preserving atomicity refinement from a model where a process can atomically access the state of all its neighbors and update its own state, to a model where a process can only atomically access the state of any one of its neighbors or atomically update its own state. (Of course, correctness properties, including termination and fairness, are also preserved.) Our refinement is based on a low-atomicity, bounded-space, stabilizing solution to the dining philosophers problem. It is readily extended to: (a) solve stabilization-preserving semantics refinement, (b) solve the drinking philosophers problem, and (c) allow further refinement into a message-passing model.

In 1974, Dijkstra presented the notion of self-stabilization in the context of distributed computing[5]. A system is self-stabilizing (SS) with respect to a set of legitimate states if regardless of its initial state, the system is guaranteed to arrive at a legitimate state in a finite number of execution steps and will never leave legitimate states after that. Thus, an SS system need not be initialized and is able to recover from transient failures by itself. Many SS programs have been developed for different models with various assumptions about their execution environments. These assumptions include the semantics of concurrency and communication primitives. Among these models, a serial model (C-daemon model) has the strongest assumptions. In the serial model, an atomic execution step consists of (1) a read sub-step, which reads the states of its neighbor processes; followed by (2) a write sub-step, which modifies its own state (based on the neighbors ' current states and its own state). The communication and concurrency semantics are such that each process can always see the current states of its neighbors, and only one process at a time executes an atomic step.

We study the scenario where a transient batch of faults hit a minority of the nodes in a distributed system by corrupting their state. We concentrate on the basic persistent bit problem, where the system is required to maintain a 0/1 value in the face of transient failures by means of replication. We give an algorithm to stabilize the value to a correct state quickly; that is, denoting the unknown number of faulty nodes by f , our algorithm recovers the value of the bit at all nodes in O(f) time units for any f ! n=2, where n is the number of all nodes. Moreover,

The problem of verifying a Minimum Spanning Tree (MST) was introduced by Tarjan in a sequential setting. Given a graph and a tree that spans it, the algorithm is required to check whether this tree is an MST. This paper investigates the problem in the distributed setting, where the input is given in a distributed manner, i.e., every node “knows ” which of its own emanating edges belong to the tree. Informally, the distributed MST verification problem is the following. Label the vertices of the graph in such a way that for every node, given (its own label and) the labels of its neighbors only, the node can detect whether these edges are indeed its MST edges. In this paper we present such a verification scheme with a maximum label size of O(log n log W), where n is the number of nodes and W is the largest weight of an edge. We also give a matching lower bound of Ω(log n log W) (except when W ≤ log n). Both our bounds improve previously known bounds for the problem. Our techniques (both for the lower bound and for the upper bound) may indicate a strong relation between the fields of proof labeling schemes and implicit labeling schemes. For the related problem of tree sensitivity also presented by Tarjan, our method yields rather efficient schemes for both the distributed and the sequential settings.

) Joffroy Beauquier 1 Sylvie Delaet 1 Shlomi Dolev 2? S'ebastien Tixeuil 1 1 Laboratoire de Recherche en Informatique, Batiment 490, Universit'e de Paris Sud, F91405 Orsay Cedex, France. Email: fjb, delaet, tixeuilg@lri.fr. 2 Department of Mathematics and Computer Science, Ben-Gurion University, Beer-Sheva, 84105, Israel. Email: dolev@cs.bgu.ac.il. Abstract. In this paper we present failure detectors that detect transient failures, i.e. corruption of the system state without corrupting the program of the processors. We distinguish task which is the problem to solve, from implementation which is the algorithm that solves the problem. A task is specified as a desired output of the distributed system. The mechanism used to produce this output is not a concern of the task but a concern of the implementation. In addition we are able to classify both the distance locality and the history locality property of tasks. The distance locality is related to the diameter of the system con...

Self-stabilizing systems can automatically recover from arbitrary state perturbations in finite time. They are therefore well-suited for dynamic, failure prone environments. Spanning-tree construction in distributed systems is a fundamental task which forms the basis for many other network algorithms (like token circulation or routing). This paper surveys self-stabilizing algorithms that construct a spanning tree within a network of processing entities. Lower bounds and related work are also discussed.