## Section: New Results

### Distributed Algorithms for Dynamic Networks and Fault Tolerance

Participants : Luciana Bezerra Arantes [correspondent] , Sébastien Bouchart, Marjorie Bournat, Swan Dubois, Denis Jeanneau, Mohamed Hamza Kaaouachi, Sébastien Monnet, Franck Petit [correspondent] , Pierre Sens, Julien Sopena.

Nowadays, distributed systems are more and more heterogeneous and versatile.
Computing units can join, leave or move inside a global infrastructure.
These features require the implementation of *dynamic* systems, that is to say they can cope autonomously with changes
in their structure in terms of physical facilities and software. It therefore becomes necessary to define, develop, and validate
distributed algorithms able to managed such dynamic and large scale systems, for instance mobile *ad hoc*
networks, (mobile) sensor networks, P2P systems, Cloud environments, robot networks, to quote only a few.

The fact that computing units may leave, join, or move may result of an intentional behavior or not. In the latter case, the system may be subject to disruptions due to component faults that can be permanent, transient, exogenous, evil-minded, etc. It is therefore crucial to come up with solutions tolerating some types of faults.

We address both system dynamic and fault tolerance through various aspects: $\left(1\right)$ Fault Detection, $\left(2\right)$ Self-Stabilization, and $\left(3\right)$ Dynamic System Design. Our approach covers the whole spectrum from theory to experimentation. We design algorithms, prove them correct, implement them, and evaluate them within simulation plateforms.

#### Failure detection

Since 2013, we address both theoretical and practical aspects of failure detector. The failure detector (FD) abstraction has been used to solve agreement problems in asynchronous systems prone to crash failures, but so far it has mostly been used in static and complete networks. FDs are distributed oracles that provide processes with unreliable information on process failures, often in the form of a list of trusted process identities. In 2016 we obtain the following results.

We propose in [31] a new failure detector that expresses the confidence with regard to the system as a whole. Similarly to a reputation approach, it is possible to indicate the relative importance of each process of the system, while a threshold offers a degree of flexibility for failures and false suspicions. Performance evaluation results, based on real PlanetLab traces, confirm the degree of flexible of the failure detector. By logically organizing nodes in a distributed hypercube, denoted VCube, which dynamically re-organizes itself in case of node failures, detected by a hierarchical perfect failure, we have proposed a autonomic distributed quorum algorithm [35]. By replacing the perfect failure detector by another one that offers eventual strong completeness, we have presented in [33] a second autonomic reliable broadcast protocol.

In the context of large networks, we propose Internet Failure Detector Service (IFDS) [16] for processes running in the Internet on multiple autonomous systems. The failure detection service is adaptive, and can be easily integrated into applications that require configurable QoS guarantees. The service is based on monitors which are capable of providing global process state information through a SNMP MIB. Monitors at different networks communicate across the Internet using Web Services. The system was implemented and evaluated for monitored processes running both on single LAN and on PlanetLab. Experimental results are presented, showing the performance of the detector, in particular the advantages of using the self-tuning strategies to address the requirements of multiple concurrent applications running on a dynamic environment.

Finally, in collaboration with ICL Lab. (University of Tennessee), we study failure detection in the context of ExaScale computing. We designed and evaluated a new robust failure detector, able to maintain and distribute the correct list of alive resources within proven and scalable bounds. The detection and distribution of the fault information follow different overlay topologies that together guarantee minimal disturbance to the applications. A virtual observation ring minimizes the overhead by allowing each node to be observed by another single node, providing an unobtrusive behavior. The propagation stage is using a non-uniform variant of a reliable broadcast over a circulant graph overlay network, and guarantees a logarithmic fault propagation. Extensive simulations, together with experiments on the Titan ORNL supercomputer, show that the algorithm performs extremely well, and exhibits all the desired properties of an Exascale-ready algorithm. This work has been published at SC 2016 conference [26].

#### Self-Stabilization

Regardless its initial state, a *self-stabilizing* system has the ability to reach a correct behavior in finite time.
Self-stabilization is a generic paradigm to tolerate transient faults (*i.e.*, faults of finite duration) in distributed systems.
Self-stabilization is also a suitable approach to design reliable solutions
for dynamic systems.
Results obtained in this area by Regal members in 2016 follow.

In [8], we address the ability to maintain distributed structures at large scale. Among the many different structures proposed in this context, The prefix tree structure is a good candidate for indexing and retrieving information. One weakness of using such a distributed structure stands in its poor native fault tolerance, leading to the use of preventive costly mechanisms such as replication. We focus on making tries self-stabilizing over such platforms, and propose a self-stabilizing maintenance algorithm for a prefix tree using a message passing model. The proof of self-stabilization is provided, and simulation results are given, to better capture its performances.

In [4], we propose a silent self-stabilizing
leader election algorithm for bidirectional
connected identified networks of arbitrary topology.
Written in the locally shared memory model,
it assumes the distributed unfair daemon, *i.e.*,
the most general scheduling hypothesis of
the model. Our algorithm requires no global knowledge on the network
(such as an upper bound on the diameter or the number of processes).
We show that its stabilization time is in $\Theta \left({n}^{3}\right)$ steps in the
worst case, where $n$ is the number of processes. Its memory
requirement is asymptotically optimal, * i.e.*, $\Theta (logn)$
bits per processes. Its round complexity is of the same order of
magnitude — *i.e.*, $\Theta \left(n\right)$ rounds — as the best
existing algorithms designed with similar
settings. To the best of our knowledge, this is the first asynchronous
self-stabilizing leader election algorithm for arbitrary identified
networks that is proven to achieve a stabilization time polynomial
in steps. By contrast, we show that the previous best existing algorithms
stabilize in a non polynomial number of steps in the worst case.

A *snap-stabilizing* protocol, regardless of the initial
configuration of the system, guarantees that it always behaves
according to its specification.
In [9], we consider the locally shared
memory model. In this model, we propose a snap-stabilizing
Propagation of Information with Feedback (PIF) protocol for rooted
networks of arbitrary topology. Then, we use the proposed PIF
protocol as a key module in the design of snap-stabilizing solutions for
some fundamental problems in distributed systems, such as Leader
Election, Reset, Snapshot, and Termination Detection. Finally, we
show that in the locally shared memory model, snap-stabilization is
as expressive as self-stabilization by designing a universal
transformer to provide a snap-stabilizing version of any protocol
that can be (automatically) self-stabilized.
Since by definition, a snap-stabilizing algorithm is
self-stabilizing, self- and snap-stabilization have the same
expressiveness in the locally shared memory model.

In [6], we address the *committee coordination problem*:
A committee consists of a set of professors and committee meetings are synchronized, so
that each professor participates in at most one committee meeting at
a time.
We propose two snap-stabilizing distributed algorithms for the committee coordination.
They are enriched with some desirable properties related to
concurrency, (weak) fairness, and a stronger
synchronization mechanism called 2-Phase Discussion.
Existing work in the literature has shown that (1)
in general, fairness cannot be achieved in committee coordination,
and (2) it becomes feasible if each professor waits for meetings
infinitely often. Nevertheless, we show that even under this latter
assumption, it is impossible to implement a fair solution that
allows maximal concurrency.
Hence, we propose two orthogonal
snap-stabilizing algorithms, each satisfying 2-phase discussion, and
either maximal concurrency or fairness.

#### Dynamic Distributed Systems

In [19],
we introduce the notion of *gradually stabilizing* algorithm as any self-stabilizing algorithm with the
following additional feature: if at most $\tau $ *dynamic steps*—a dynamic step is a step containing
topological changes—occur starting from a legitimate configuration, it first quickly
recovers to a configuration from which a minimum quality of service is satisfied and then gradually converges to stronger and stronger
safety guarantees until reaching a legitimate configuration again. We illustrate this new property by proposing a gradually stabilizing
unison algorithm, that consists in synchronizing logical clocks locally maintained by the processes.

The next results consider highly dynamic distributed systems modelled by time-varying graphs (TVGs).
In [7], we first address proof of impossibility results that often use informal
arguments about convergence. We provide a general framework that
formally proves the convergence of the sequence of executions of any deterministic algorithm over TVGs of any
convergent sequence of TVGs. Next, we focus of the weakest class of long-lived TVGs, *i.e.*, the class of TVGs where any
node can communicate any other node infinitely often. We illustrate the relevance of our result by showing that no
deterministic algorithm is able to compute various distributed covering structure on any TVG of this class. Namely,
our impossibility results focus on the eventual footprint, the minimal dominating set and the maximal matching
problems.

We also study the k-set agreement problem, a generalization of the consensus problem where processes can decide up to k different values. Very few papers have tackled this problem in dynamic networks. Exploiting the formalism of TVGs, we propose in [11] a new quorum-based failure detector for solving k-set agreement in dynamic networks with asynchronous communications. We present two algorithms that implement this new failure detector using graph connectivity and message pattern assumptions. We also provide an algorithm for solving k-set agreement using our new failure detector.

Finally, in [22], we deal with the classical
problem of exploring a ring by a cohort of synchronous robots. We focus on the
perpetual version of this problem in which it is required
that each node of the ring is visited by
a robot infinitely often.
We assume that the robots evolve in ring-shape TVGs, *i.e.*, the static graph made of the same set of nodes and that includes all edges
that are present at least once over time forms a ring of arbitrary size.
We also assume that each node is infinitely often reachable from any
other node. In this context, we aim at providing a self-stabilizing
algorithm to the robots (*i.e.*, the algorithm must guarantee
an eventual correct behavior regardless of the initial state and
positions of the robots). We show that this problem is
deterministically solvable in this harsh environment by providing
a self-stabilizing algorithm for three robots.