Preserving Stabilization while Practically Bounding State Space

Stabilization is a key dependability property for dealing with unanticipated transient faults, as it guarantees that even in the presence of such faults, the system will recover to states where it satisfies its specification. One of the desirable attributes of stabilization is the use of bounded space for each variable. In this paper, we present an algorithm that transforms a stabilizing program that uses variables with unbounded domain into a stabilizing program that uses bounded variables and (practically bounded) physical time. While non-stabilizing programs (that do not handle transient faults) can deal with unbounded variables by assigning large enough but bounded space, stabilizing programs that need to deal with arbitrary transient faults cannot do the same since a transient fault may corrupt the variable to its maximum value. We show that our transformation algorithm is applicable to several problems including logical clocks, vector clocks, mutual exclusion, leader election, diffusing computations, Paxos based consensus, and so on. Moreover, our approach can also be used to bound counters used in an earlier work by Katz and Perry for adding stabilization to a non-stabilizing program. By combining our algorithm with that earlier work by Katz and Perry, it would be possible to provide stabilization for a rich class of problems, by assigning large enough but bounded space for variables.Comment: Moved some content from the Appendix to the main paper, added some details to the transformation algorithm and to its descriptio

Replay Clocks

In this work, we focus on the problem of replay clocks (RepCL). The need for replay clocks arises from the observation that analyzing distributed computation for all desired properties of interest may not be feasible in an online environment. These properties can be analyzed by replaying the computation. However, to be beneficial, such replay must account for all the uncertainty that is possible in a distributed computation. Specifically, if event 'e' must occur before 'f' then the replay clock must ensure that 'e' is replayed before 'f'. On the other hand, if 'e' and 'f' could occur in any order then replay should not force an order between them. After identifying the limitations of existing clocks to provide the replay primitive, we present RepCL and identify an efficient representation for the same. We demonstrate that RepCL can be implemented with less than four integers for 64 processes for various system parameters if clocks are synchronized within 1 ms. Furthermore, the overhead of RepCL (for computing/comparing timestamps and message size) is proportional to the size of the clock. Using simulations, we identify the expected overhead of RepCL based on the given system settings. We also identify how a user can the identify feasibility region for RepCL. Specifically, given the desired overhead of RepCL, it identifies the region where unabridged replay is possible

Challenges and Demands on Automated Software Revision

In the past three decades, automated program verification has undoubtedly been one of the most successful contributions of formal methods to software development. However, when verification of a program against a logical specification discovers bugs in the program, manual manipulation of the program is needed in order to repair it. Thus, in the face of existence of numerous unverified and un- certified legacy software in virtually any organization, tools that enable engineers to automatically verify and subsequently fix existing programs are highly desirable. In addition, since requirements of software systems often evolve during the software life cycle, the issue of incomplete specification has become a customary fact in many design and development teams. Thus, automated techniques that revise existing programs according to new specifications are of great assistance to designers, developers, and maintenance engineers. As a result, incorporating program synthesis techniques where an algorithm generates a program, that is correct-by-construction, seems to be a necessity. The notion of manual program repair described above turns out to be even more complex when programs are integrated with large collections of sensors and actuators in hostile physical environments in the so-called cyber-physical systems. When such systems are safety/mission- critical (e.g., in avionics systems), it is essential that the system reacts to physical events such as faults, delays, signals, attacks, etc, so that the system specification is not violated. In fact, since it is impossible to anticipate all possible such physical events at design time, it is highly desirable to have automated techniques that revise programs with respect to newly identified physical events according to the system specification

Lattice Linear Problems vs Algorithms

Modelling problems using predicates that induce a partial order among global states was introduced as a way to permit asynchronous execution in multiprocessor systems. A key property of such problems is that the predicate induces one lattice in the state space which guarantees that the execution is correct even if nodes execute with old information about their neighbours. Thus, a compiler that is aware of this property can ignore data dependencies and allow the application to continue its execution with the available data rather than waiting for the most recent one. Unfortunately, many interesting problems do not exhibit lattice linearity. This issue was alleviated with the introduction of eventually lattice linear algorithms. Such algorithms induce a partial order in a subset of the state space even though the problem cannot be defined by a predicate under which the states form a partial order. This paper focuses on analyzing and differentiating between lattice linear problems and algorithms. It also introduces a new class of algorithms called (fully) lattice linear algorithms. A characteristic of these algorithms is that the entire reachable state space is partitioned into one or more lattices and the initial state locks into one of these lattices. Thus, under a few additional constraints, the initial state can uniquely determine the final state. For demonstration, we present lattice linear self-stabilizing algorithms for minimal dominating set and graph colouring problems, and a parallel processing 2-approximation algorithm for vertex cover. The algorithm for minimal dominating set converges in n moves, and that for graph colouring converges in n+2m moves. The algorithm for vertex cover is the first lattice linear approximation algorithm for an NP-Hard problem; it converges in n moves. Some part is cut due to 1920 character limit. Please see the pdf for full abstract.Comment: arXiv admin note: text overlap with arXiv:2209.1470

Lattice Linearity in Assembling Myopic Robots on an Infinite Triangular Grid

In this paper, we study the problem of gathering distance-1 myopic robots on an infinite triangular grid. We show that the algorithm developed by Goswami et al. (SSS, 2022) is lattice linear. This implies that a distributed scheduler, assumed therein, is not required for this algorithm: it runs correctly in asynchrony. It also implies that the algorithm works correctly even if the robots are equipped with a unidirectional \textit{camera} to see the neighbouring robots (rather than an omnidirectional one, which would be required under a distributed scheduler). Due to lattice linearity, we can predetermine the point of gathering. We also show that this algorithm converges in $2n$ rounds, which is lower than that ($2.5(n+1)$ rounds) shown in Goswami et al.Comment: arXiv admin note: text overlap with arXiv:2302.0720