On the Limits and Practice of Automatically Designing Self-Stabilization

A protocol is said to be self-stabilizing when the distributed system executing it is guaranteed to recover from any fault that does not cause permanent damage. Designing such protocols is hard since they must recover from all possible states, therefore we investigate how feasible it is to synthesize them automatically. We show that synthesizing stabilization on a fixed topology is NP-complete in the number of system states. When a solution is found, we further show that verifying its correctness on a general topology (with any number of processes) is undecidable, even for very simple unidirectional rings. Despite these negative results, we develop an algorithm to synthesize a self-stabilizing protocol given its desired topology, legitimate states, and behavior. By analogy to shadow puppetry, where a puppeteer may design a complex puppet to cast a desired shadow, a protocol may need to be designed in a complex way that does not even resemble its specification. Our shadow/puppet synthesis algorithm addresses this concern and, using a complete backtracking search, has automatically designed 4 new self-stabilizing protocols with minimal process space requirements: 2-state maximal matching on bidirectional rings, 5-state token passing on unidirectional rings, 3-state token passing on bidirectional chains, and 4-state orientation on daisy chains

Genetic and ecological outcomes of Inga vera subsp. affinis (leguminosae) tree plantations in a fragmented tropical landscape

Planting of native trees for habitat restoration is a widespread practice, but the consequences for the retention and transmission of genetic diversity in planted and natural populations are unclear. Using Inga vera subsp. affinis as a model species, we genotyped five natural and five planted populations in the Atlantic forest of northeastern Brazil at polymorphic microsatellite loci. We studied the breeding system and population structure to test how much genetic diversity is retained in planted relative to natural populations. We then genotyped seedlings from these populations to test whether genetic diversity in planted populations is restored by outcrossing to natural populations of I. vera. The breeding system of natural I. vera populations was confirmed to be highly outcrossing (t = 0.92; FIS = -0.061, P = 0.04), with populations showing weak population substructure (FST = 0.028). Genetic diversity in planted populations was 50% less than that of natural populations (planted: AR = 14.9, HO = 0.865 and natural: AR = 30.8, HO = 0.655). However, seedlings from planted populations showed a 30% higher allelic richness relative to their parents (seedlings AR = 10.5, parents AR = 7.6). Understanding the processes and interactions that shape this system are necessary to provide ecologically sensible goals and successfully restore hyper-fragmented habitats. Future restoration plans for I. vera must consider the genetic diversity of planted populations and the potential for gene flow between natural populations in the landscape, in order to preserve ecological interactions (i.e. pollination), and promote opportunities for outcrossing

Shadow/puppet synthesis: A stepwise method for the design of self-stabilization

This paper presents a novel two-step method for automated design of self-stabilization. The first step enables the specification of legitimate states and an intuitive (but imprecise) specification of the desired functional behaviors in the set of legitimate states (hence the term “shadow”). After creating the shadow specifications, we systematically introduce the main variables and the topology of the desired self-stabilizing system. Subsequently, we devise a parallel and complete backtracking search towards finding a self-stabilizing solution that implements a precise version of the shadow behaviors, and guarantees recovery to legitimate states from any state. To the best of our knowledge, the shadow/puppet synthesis is the first sound and complete method that exploits parallelism and randomization along with the expansion of the state space towards generating self-stabilizing systems that cannot be synthesized with existing methods. We have validated the proposed method by creating both a sequential and a parallel implementation in the context of a software tool, called Protocon. Moreover, we have used Protocon to automatically design three new self-stabilizing protocols that we conjecture to require the minimal number of states per process to achieve stabilization (when processes are deterministic): 2-state maximal matching on bidirectional rings, 5-state token passing on unidirectional rings, and 3-state token passing on bidirectional chains

On the Complexity of Adding Convergence

International audienceThis paper investigates the complexity of designing Self-Stabilizing (SS) distributed programs, where an SS program meets two properties, namely closure and convergence. Convergence requires that, from any state, the computations of an SS program reach a set of legitimate states (a.k.a. invariant). Upon reaching a legitimate state, the computations of an SS program remain in the set of legitimate states as long as no faults occur; i.e., Closure. We illustrate that, in general, the problem of augmenting a distributed program with convergence, i.e., adding convergence, is NP-complete (in the size of its state space). An implication of our NP-completeness result is the hardness of adding nonmasking fault tolerance to distributed programs, which has been an open problem for the past decade

On the verification of livelock-freedom and self-stabilization on parameterized rings

This article investigates the verification of livelock-freedom and self-stabilization on parameterized rings consisting of symmetric, constant space, deterministic, and self-disabling processes. The results of this article have a significant impact on several fields, including scalable distributed systems, resilient and self-* systems, and verification of parameterized systems. First, we identify necessary and sufficient local conditions for the existence of global livelocks in parameterized unidirectional rings with unbounded (but finite) number of processes under the interleaving semantics. Using a reduction from the periodic domino problem, we show that, in general, verifying livelock-freedom of parameterized unidirectional rings is undecidable (specifically, Π10-complete) even for constant space, deterministic, and self-disabling processes. This result implies that verifying self-stabilization for parameterized rings of self-disabling processes is also undecidable. We also show that verifying livelock-freedom and self-stabilization remain undecidable under (1) synchronous execution semantics, (2) the FIFO consistency model, and (3) any scheduling policy. We then present a new scope-based method for detecting and constructing livelocks in parameterized rings. The proposed semi-algorithm behind our scope-based verification is based on a novel paradigm for the detection of livelocks that totally circumvents state space exploration. Our experimental results on an implementation of the proposed semi-algorithm are very promising as we have found livelocks in parameterized rings in a few microseconds on a regular laptop. The results of this article have significant implications for scalable distributed systems with cyclic topologies

Topology-specific synthesis of self-stabilizing parameterized systems with constant-space processes

This paper investigates the problem of synthesizing parameterized systems that are self-stabilizing by construction. To this end, we present several significant results. First, we show a counterintuitive result that despite the undecidability of verifying self-stabilization for parameterized unidirectional rings, synthesizing self-stabilizing unidirectional rings is decidable! This is surprising because it is known that, in general, the synthesis of distributed systems is harder than their verification. Second, we present a topology-specific synthesis method (derived from our proof of decidability) that generates the state transition system of template processes of parameterized self-stabilizing systems with elementary unidirectional topologies (e.g., rings, chains, trees). We also provide a software tool that implements our synthesis algorithms and generates interesting self-stabilizing parameterized unidirectional rings in less than 50 microseconds on a regular laptop. We validate the proposed synthesis algorithms for decidable cases in the context of several interesting distributed protocols. Third, we show that synthesis of self-stabilizing bidirectional rings remains undecidable

Humanoid mindset

Het lectoraat Management van Cultuurverandering, een onderzoeksgroep van de Hogeschool van Amsterdam, legt zich onder andere toe op theorievorming rond organisatieculturen. Onderdeel daarvan is onderzoek doen naar mindsets. De fundamentele ideeën hierover kunnen ook voor andere doeleinden gebruikt worden. Daarom dit stuk, het is een uitkomst van een denkexperiment. Google investeert in de ontwikkeling van mensachtige robots, humanoids. Echt op mensen gelijkende machines die geschikt zijn functies te vervullen in ons sociale leven. Google heeft besloten meerdere bedrijven voor dit doel op te kopen en een onderzoeksgroep hiervoor op te richten. In deze tekst wordt uiteengezet hoe de mentale structuur van een humanoid eruit kan zien. Mindsets gebruikt in de theorievorming van het lectoraat kunnen misschien dienst doen als mentaal besturingssysteem van humanoid gedrag

On the hardness of adding nonmasking fault tolerance

This paper investigates the complexity of adding nonmasking fault tolerance, where a nonmasking fault-tolerant program guarantees recovery from states reached due to the occurrence of faults to states from where its specifications are satisfied. We first demonstrate that adding nonmasking fault tolerance to low atomicity programs-where processes have read/write restrictions with respect to the variables of other processes--is NP-complete (in the size of the state space) on an unfair or weakly fair scheduler. Then, we establish a surprising result that even under strong fairness, addition of nonmasking fault tolerance remains NP-hard! The NP-hardness of adding nonmasking fault tolerance is based on a polynomial-time reduction from the 3-SAT problem to the problem of designing self-stabilizing programs from their non-stabilizing versions, which is a special case of adding nonmasking fault tolerance. While it is known that designing self-stabilization under the assumption of strong fairness is polynomial, we demonstrate that adding self-stabilization to non-stabilizing programs is NP-hard under weak fairness