Leader Election

A distinguished process can greatly simplify a protocol or, as is the case with token rings, may affect whether a self-stabilizing version exists. As such, another well- studied problem is that of determining a unique process to distinguish or act as a

leader. In fact, Mayer, Ostrovsky, Ofek, and Yung [151] have shown that a stabi-

lizing token ring protocol is an equivalent to stabilizing leader election on a bidirec- tional ring. Given the impossibility results of Burns an Pachl [44] for token rings, a stabilizing leader election protocol cannot exist where processes are symmetric and deterministic.

3.5.4.1 Rings of Prime Size

Huang [115] gives a leader election protocol that works on bidirectional rings of prime size. Each process owns a variable whose domain exactly matches the ring size N . When the protocol is finished, each process’s variable will hold a unique value, and a process can determine itself as the leader if its value is 0. Desel, Kindler, Vesper, and Walteret [62] intuitively reformulate this as an agreement protocol on any ring size between humans sitting around a table with a deck of cards, rather than in terms of processes in a ring with variables. Even though the reformulated version focuses on agreement, it is the same protocol and still elects a leader when the ring size is prime. Itkis, Lin, and Simon [118] give another leader election protocol that also requires a prime ring size, but processes require only constant space. This protocol relies on a bidirectional ring topology. In the same work, they also give a protocol that works on a unidirectional ring of prime size N that requires O(lg N ) space per process, and they prove that no constant-space version exists for unidirectional rings.

3.5.4.2 Ring using Logarithmic Space

Blin and Tixeuil [31] give a deterministic leader election protocol on a bidirectional ring under weak fairness. This protocol is not silent and requires each of the N processes in the ring to have O(lg N ) states (or in their words, O(lg lg N ) bits). Note

that even though process domains must grow with the ring size, the processes do not need to know the ring size. This is in the same spirit as Dijkstra’s token ring [64].

Chapter 4:

A Backtracking Algorithm

for Shadow/Puppet Synthesis

Section 2.2.3 introduced the idea of stabilization to a shadow protocol that operates within some set of legitimate states. Recall that a shadow protocol encapsulates the desired behavior of a protocol without the constraints associated with a real- istic topology. For example, in Section 1.1, we described how to specify a token ring protocol ptok of some N processes, operating within states where exactly one token exists (∃!i ∈ ZN : toki= 1), where each πi passes the token with an action

(toki= 1 −→ toki:= 0; toki+1:= 1; ). Such a token ring is certainly not self-stabilizing, and it is likely unrealistic because processes write directly to each other’s memories. Therefore, these toki shadow variables should not be used in a self-stabilizing pro-

tocol, and we instead add puppet variables (named xi in this example) to achieve

behavior in a realistic way. To ensure that a synthesized protocol p′

tok preserves the behavior of ptok, we look at how the toki variables change, but they are treated as

write-only in p′

tok because they are unrealistic and should not affect decision-making. This chapter proposes an automated synthesis algorithm that respects this notion of using a shadow protocol for specification and puppet variables for implementation. The algorithm itself is a backtracking search [162], which is a class of search algo- rithms that is easy to implement and can yield very good results. It is also a complete search, a property that several automated techniques forgo [4,5,76,88,179] due to the inherent complexity of designing stabilization [64, 100, 132]. Other complete meth- ods do exist, particularly reducing the problem of synthesis to the language of an SMT solver [84, 90]. However, we find that backtracking with some (completeness- preserving) heuristics performs better, primarily because we can guide the search to make decisions at logical points (choosing actions) rather than getting lost in the protocol representation (states and transitions).

Contributions. The contributions of this work are multi-fold. First, we devise a

two-step design method that separates the concerns of closure and convergence for the designer, and enables designers to intuitively specify functional behaviors and

Sections 4.2–4.4 contain material from A. P. Klinkhamer and A. Ebnenasir. Shadow/Puppet Synthesis: A Stepwise Method for the Design of Self-Stabilization. IEEE Transactions on Parallel

systematically include computational redundancy. Second, we propose a parallel and

complete backtracking search that finds an SS solution if one exists. If a solution

does not exist in the current state space of the program, then designers can include additional puppet variables or alternatively increase the domain size of the existing puppet variables and rerun the backtracking search. Third, we present three differ- ent implementations of the proposed method as a software toolset, called Protocon (http://asd.cs.mtu.edu/projects/protocon/), where we provide a sequential im- plementation and two parallel implementations; one multi-threaded and the other an MPI-based implementation. We also demonstrate the power of the proposed method by synthesizing several new network protocols that all existing heuristics fail to syn- thesize. These case studies include 2-state maximal matching on bidirectional rings, 5-state token passing on unidirectional rings, 3-state token passing on a bidirectional chains, and orientation on daisy chains.

Organization. Section 4.1 defines the problem of synthesis and gives the essential

ideas used by our search algorithm. Section 4.2 presents a flowchart overview of our synthesis algorithm. Section 4.3 gives algorithm details, including pseudocode. Section 4.4 discusses the optimizations we use to minimize the cost of our backtracking search, which is exponential in the worst case. Chapter 5 is a continuation of this chapter that showcases 4 new protocols found using this synthesis algorithm, including the search time for synthesizing these and other related protocols. It also gives some insight into the techniques involved in specification and synthesis.