argosy verifying layered storage systems with recovery
play

Argosy: Verifying layered storage systems with recovery refinement - PowerPoint PPT Presentation

Jan 30, 2023 •320 likes •1.08k views

Argosy: Verifying layered storage systems with recovery refinement Tej Chajed , Joseph Tassarotti, Frans Kaashoek, Nickolai Zeldovich MIT logical disk disk 1 disk 2 Bob writes a replication system 2 logical disk write 1 write 2 disk 1 disk

  1. Argosy: Verifying layered storage systems with recovery refinement Tej Chajed , Joseph Tassarotti, Frans Kaashoek, Nickolai Zeldovich MIT

  2. logical disk disk 1 disk 2 Bob writes a replication system � 2

  3. logical disk write 1 write 2 disk 1 disk 2 Bob writes a replication system � 2

  4. logical disk write 1 disk 1 disk 2 Bob writes a replication system � 3

  5. ? logical disk write 1 disk 1 disk 2 Bob writes a replication system � 3

  6. ? logical disk write 1 rep_recover disk 1 disk 2 Bob writes a replication system and implements its recovery procedure � 3

  7. ? logical disk write 1 rep_recover recovery restores invariants disk 1 disk 2 Bob writes a replication system and implements its recovery procedure � 3

  8. Bob is careful and writes a 
 machine-checked proof of correctness Disk interface replication read and write are atomic if you run rep_recover after every crash read rep_recover write Two-disk interface � 4

  9. Transactions write-ahead logging … log_recover Disk interface � 5

  10. Transactions write-ahead logging ops are atomic if you run log _recover after every crash … log_recover Disk interface � 5

  11. Transactions write-ahead log logging + ? replication Disk interface replication Two-disk interface � 6

  12. Transactions write-ahead log logging + ? replication Disk interface rep_recover ; log_recover replication Two-disk interface � 6

  13. Challenge: crashes during composed recovery rep_recover under crashes under crashes log_recover how do we prove correctness rep_recover ; log_recover ? under crashes using the existing proofs? � 7

  14. Prior work cannot handle multiple recovery procedures CHL [SOSP ’15] not modular write-ahead log Yggdrasil [OSDI ’16] single recovery replication restricted recovery Flashix [SCP ’16] procedures � 8

  15. Argosy supports modular recovery proofs Transactions developer proves write-ahead log Disk interface replication developer proves Two-disk interface � 9

  16. Argosy supports modular recovery proofs Transactions Argosy write-ahead log proves logging + Disk interface replication replication Two-disk interface � 9

  17. Contributions Recovery refinement for modular proofs � 10

  18. Contributions Recovery refinement for modular proofs CHL for proving recovery refinement see paper Verified example: logging + replication see paper � 10

  19. Contributions Recovery refinement for modular proofs CHL for proving recovery refinement see paper Verified example: logging + replication see paper Machine-checked proofs in Coq see code � 10

  20. Preview: recovery refinement Disk interface 1. Normal execution correctness 
 using refinement replication 2. Crash and recovery correctness 
 using recovery refinement Two-disk interface � 11

  21. Background Refinement � 12

  22. Background Disk interface replication Two-disk interface � 13

  23. Background Disk interface write replication write_impl Two-disk interface write 1 write 2 � 13

  24. Background Disk interface write replication write_impl Two-disk interface write 1 write 2 � 13

  25. Background Disk interface read write replication read_impl write_impl Two-disk interface write 1 write 2 read 1 read 2 � 13

  26. Background Disk interface read write correctness is based on how we use replication : run code using Disk interface on top of two disks replication code read read_impl read_impl write write_impl code_impl write_impl Two-disk interface write 1 write 2 read 1 read 2 � 13

  27. Background Correctness: trace inclusion Disk interface spec’s 
 code behaviors replication ⊇ running code’s code_impl behaviors Two-disk interface � 14

  28. Background Proving correctness with an abstraction relation spec state logical disk 1. developer provides 
 abstraction relation R R disk 1 disk 2 � 15

  29. Background Proving correctness with an abstraction relation spec state logical disk 1. developer provides 
 abstraction relation R R disk 1 write 1 write 2 disk 2 � 15

  30. Background Proving correctness with an abstraction relation spec state write logical disk 1. developer provides 
 abstraction relation R R 2. prove spec execution exists disk 1 write 1 write 2 disk 2 � 15

  31. Background Proving correctness with an abstraction relation spec state write logical disk 1. developer provides 
 abstraction relation R R R 2. prove spec execution exists 3. and abstraction relation is preserved disk 1 write 1 write 2 disk 2 � 15

  32. Recovery refinement � 16

  33. Disk interface read write replication read_impl write_impl Two-disk interface write 1 write 2 read 1 read 2 � 17

  34. Disk interface read write replication read_impl rep_recover write_impl Two-disk interface write 1 write 2 read 1 read 2 � 17

  35. Disk interface read write replication read_impl rep_recover write_impl Two-disk interface write 1 write 2 read 1 read 2 � 17

  36. Extending trace inclusion with recovery code ⊇ Disk interface code_impl replication specification for crash behavior Two-disk interface ⊇ crash & recovery behavior � 18

  37. Extending trace inclusion with recovery code ⊇ Disk interface code_impl replication crash semantics ? specification for crash behavior Two-disk interface ⊇ recovery semantics ? recover crash & recovery behavior � 18

  38. code ⊇ Disk interface one of these code_impl replication | | | := op 1 op 1 op 2 code … Two-disk interface ⊇ recovery semantics ? recover crash & recovery behavior � 19

  39. code ⊇ Disk interface code_impl replication | | | := op 1 op 1 op 2 code … Two-disk interface ⊇ recovery semantics ? recover crash & recovery behavior � 19

  40. code ⊇ Disk interface code_impl replication code Two-disk interface ⊇ code_impl recover � 20

  41. code ⊇ Disk interface code_impl replication code Two-disk interface ⊇ ⋆ code_impl recover recover zero-or-more iterations � 21

  42. code ⊇ Disk interface code_impl replication code Two-disk interface ⊇ ⋆ code_impl recover recover � 21

  43. Trace inclusion, with recovery code ⊇ Disk interface code_impl replication code Two-disk interface ⊇ ⋆ code_impl recover recover � 22

  44. Proving trace inclusion, with recovery ⋆ op1_impl op2_impl recover recover � 23

  45. Proving trace inclusion, with recovery ⋆ op1_impl op2_impl recover recover crash must occur during some operation � 23

  46. Proving trace inclusion, with recovery ⋆ op1_impl op2_impl recover recover � 23

  47. Proving trace inclusion, with recovery op 1 R R ⋆ op1_impl op2_impl recover recover � 23

  48. Proving trace inclusion, with recovery R ⋆ op2_impl recover recover � 23

  49. Proving trace inclusion, with recovery op 2 | R R ⋆ op2_impl recover recover � 23

  50. Recovery refinement non-crash execution crash and recovery execution | op op R R R R ⋆ op_impl recover recover op_impl � 24

  51. Recovery refinement non-crash execution crash and recovery execution | op op R R R R ⋆ op_impl recover recover op_impl Trace inclusion implies specification behavior ⊇ running code behavior � 24

  52. Composition theorem � 25

  53. Kleene algebra for transition relations expression op 1 op 2 op | ⋆ r � 26

  54. Kleene algebra for transition relations expression matching transitions op 1 op 2 op 1 op 2 op | op ⋆ r r r r … � 26

  55. Theorem: recovery refinements compose Transactions write-ahead log … log_recover If Disk interface replication … rep_recover Two-disk interface � 27

  56. Theorem: recovery refinements compose Transactions Transactions write-ahead log … log_recover logging + replication If then Disk interface … rep_recover; log_recover replication … rep_recover Two-disk interface Two-disk interface � 27

  57. Goal: prove composed recovery correct rep_recover under crashes under crashes log_recover rep_recover ; log_recover ? � 28

  58. Goal: prove composed recovery correct rep_recover rep under crashes log_recover under crashes log rep log ; ? � 29

  59. ⋆ rep rep ⋆ log log � 30

  60. ⋆ rep rep ⋆ log log ( ) ⋆ rep rep log rep log | � 30

  61. ⋆ rep rep ⋆ log log ( ) ⋆ rep rep log rep log | how to re-use recovery proofs here? � 30

  62. Using Kleene algebra for reasoning ( ) ⋆ rep rep log rep log | � 31

  63. Using Kleene algebra for reasoning ( ) ⋆ rep rep log rep log | after de-nesting ( p ∣ q ) ⋆ = p ⋆ ( qp ⋆ ) ⋆ � 31

  64. Using Kleene algebra for reasoning ( ) ⋆ rep rep log rep log | after de-nesting ( p ∣ q ) ⋆ = p ⋆ ( qp ⋆ ) ⋆ ⋆ ⋆ ⋆ ( ) = rep log rep rep log rep � 31

  65. Using Kleene algebra for reasoning ( ) ⋆ rep rep log rep log | after de-nesting ( p ∣ q ) ⋆ = p ⋆ ( qp ⋆ ) ⋆ ⋆ ⋆ ⋆ ( ) = rep log rep rep log rep ( pq ) ⋆ p = p ( qp ) ⋆ after sliding rep ( ⋆ ⋆ ) ⋆ = log rep rep rep log � 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 10 November, 2017 1/34 Outline Motivation and related work Our approach

681 views • 34 slides
Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 09 March, 2017 Overview 1. Why we need a verified filesystem 2. Our approach

514 views • 29 slides
Layered Systems Software Design and Architectures Layered Systems BSD Unix Layered Architecture

Layered Systems Software Design and Architectures Layered Systems BSD Unix Layered Architecture

Software Design and Architectures 4 Software Architectures: Layered Systems Software Design and Architectures Layered Systems BSD Unix Layered Architecture lorem 1 examples examples patten ipsum 2 responsibilities dolor 3 communication

243 views • 10 slides
Lecture 4: Storage Management 1 / 57 Storage Management Administrivia Assignment 1 is due on

Lecture 4: Storage Management 1 / 57 Storage Management Administrivia Assignment 1 is due on

Storage Management Lecture 4: Storage Management 1 / 57 Storage Management Administrivia Assignment 1 is due on September 7th @ 11:59pm 2 / 57 Storage Management Layered Architecture Layered Architecture 3 / 57 Storage Management Layered

844 views • 57 slides
Green Bond Offer Argosy Property Limited 20 February 2019 www.argosy.co.nz Important

Green Bond Offer Argosy Property Limited 20 February 2019 www.argosy.co.nz Important

Green Bond Offer Argosy Property Limited 20 February 2019 www.argosy.co.nz Important Information and Disclaimer This presentation has been prepared by Argosy Property Limited (Argosy) . The details in this presentation provide general

323 views • 30 slides
Chapter 15: Recovery System Failure Classification Storage Structure Recovery and

Chapter 15: Recovery System Failure Classification Storage Structure Recovery and

' $ Chapter 15: Recovery System Failure Classification Storage Structure Recovery and Atomicity Log-Based Recovery Shadow Paging Recovery With Concurrent Transactions Buffer Management Failure with Loss of

375 views • 21 slides
Interim Results Presentation Argosy Property Limited 23 November 2016 www.argosy.co.nz Agenda

Interim Results Presentation Argosy Property Limited 23 November 2016 www.argosy.co.nz Agenda

Interim Results Presentation Argosy Property Limited 23 November 2016 www.argosy.co.nz Agenda Highlights Page 4 Financials Page 6 Strategy Overview Page 16 Leasing Update Page 24 Outlook Page 29 PRESENTED BY: Peter Mence CEO Dave

392 views • 36 slides
Lets Talk About Storage & Recovery Methods for Non-Volatile Memory OLTP Database Systems

Lets Talk About Storage & Recovery Methods for Non-Volatile Memory OLTP Database Systems

Lets Talk About Storage & Recovery Methods for Non-Volatile Memory OLTP Database Systems Andy Pavlo + Joy Arulraj Carnegie Mellon University Winter Winter 2013: 2013: Fir irst B t Blood lood Initial evaluation of existing DBMSs

536 views • 20 slides
FY19 Annual Results Presentation Argosy Property Limited 23 May 2019 www.argosy.co.nz AGENDA

FY19 Annual Results Presentation Argosy Property Limited 23 May 2019 www.argosy.co.nz AGENDA

FY19 Annual Results Presentation Argosy Property Limited 23 May 2019 www.argosy.co.nz AGENDA Highlights Page 4 Strategy / Portfolio Page 6 Financials Page 15 Leasing Update Page 24 Looking Ahead Page 28 PRESENTED BY: Peter Mence CEO

538 views • 36 slides
FY19 Interim Results Presentation Argosy Property Limited 20 November 2018 www.argosy.co.nz

FY19 Interim Results Presentation Argosy Property Limited 20 November 2018 www.argosy.co.nz

FY19 Interim Results Presentation Argosy Property Limited 20 November 2018 www.argosy.co.nz AGENDA Highlights Page 4 Strategy / Portfolio Page 6 Financials Page 13 Leasing Update Page 22 Looking Ahead Page 26 PRESENTED BY: Peter

455 views • 34 slides
Confluence of Layered Rewrite Systems Jean-Pierre Jouannaud Jiaxiang Liu and Mizuhito Ogawa 24th

Confluence of Layered Rewrite Systems Jean-Pierre Jouannaud Jiaxiang Liu and Mizuhito Ogawa 24th

Confluence of Layered Rewrite Systems Jean-Pierre Jouannaud Jiaxiang Liu and Mizuhito Ogawa 24th CSL, Berlin, September 6, 2015 Outline 1 Problem and Result 2 Layered rewrite systems 3 Sub-rewriting 4 Cyclic unification 5 Decreasing diagrams 6

437 views • 39 slides
Disk Storage Systems CloudPlus Ch2 Topics Disk Storage Systems Disk Types and

Disk Storage Systems CloudPlus Ch2 Topics Disk Storage Systems Disk Types and

Disk Storage Systems CloudPlus Ch2 Topics Disk Storage Systems Disk Types and Configurations RAID File Systems Rotational Media Disk storage Generic term used to describe storage where data is digitally recorded by

619 views • 37 slides
Verifying the Adaptation Behavior of Embedded Systems Klaus Schneider 1 Tobias Schuele 1 Mario

Verifying the Adaptation Behavior of Embedded Systems Klaus Schneider 1 Tobias Schuele 1 Mario

Introduction Modeling Adaptation Behavior Verifying Adaptation Behavior Tool Demonstration Summary and Conclusion Verifying the Adaptation Behavior of Embedded Systems Klaus Schneider 1 Tobias Schuele 1 Mario Trapp 2 1 Reactive Systems Group,

438 views • 14 slides
Recovery Theory Non-volatile storage tape, disk, which survive crashes. Stable storage

Recovery Theory Non-volatile storage tape, disk, which survive crashes. Stable storage

Storage Types Volatile storage main memory, which does not survive crashes. Recovery Theory Non-volatile storage tape, disk, which survive crashes. Stable storage information in stable storage is "never" lost.

698 views • 5 slides
Verifying Finality for Blockchain Systems Karl Palmskog Milos Gligoric Lucas Pe na

Verifying Finality for Blockchain Systems Karl Palmskog Milos Gligoric Lucas Pe na

Verifying Finality for Blockchain Systems Verifying Finality for Blockchain Systems Karl Palmskog Milos Gligoric Lucas Pe na Grigore Ro su The University of Texas at Austin University of Illinois at Urbana-Champaign

739 views • 30 slides
Evaluation of Dependable Layered Systems with a Fault Management Architecture Olivia Das, C.

Evaluation of Dependable Layered Systems with a Fault Management Architecture Olivia Das, C.

WADS Workshop at ICSE 2002 Woodside 1 Evaluation of Dependable Layered Systems with a Fault Management Architecture Olivia Das, C. Murray Woodside Dept. of Systems and Computer Engineering, Carleton University, Ottawa, Canada email:

444 views • 10 slides
Logging and Recovery Module 6, Lectures 3 and 4 If you are going to be in the logging business,

Logging and Recovery Module 6, Lectures 3 and 4 If you are going to be in the logging business,

Logging and Recovery Module 6, Lectures 3 and 4 If you are going to be in the logging business, one of the things that you have to do is to learn about heavy equipment. Robert VanNatta, Logging History of Columbia County Database Management

534 views • 26 slides
U.S. Department of Education SEA Project Directors Meeting April 23, 2013 Jim m Shel helton n

U.S. Department of Education SEA Project Directors Meeting April 23, 2013 Jim m Shel helton n

U.S. Department of Education SEA Project Directors Meeting April 23, 2013 Jim m Shel helton n Assistant istant Deputy puty Secre cretar tary Of Office ce of Inno novation ation an and Improvement ment April 23, 2013 OI OII I Or

748 views • 64 slides
CS570 Introduction to Data Mining Department of Mathematics and Computer Science Li Xiong Today

CS570 Introduction to Data Mining Department of Mathematics and Computer Science Li Xiong Today

CS570 Introduction to Data Mining Department of Mathematics and Computer Science Li Xiong Today Meeting everybody in class Course topics Course logistics 2 Instructor Li Xiong Web: http://www.mathcs.emory.edu/~lxiong

614 views • 42 slides
DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and

DRAFT This paper is a draft submission to Inequality Measurement, trends, impacts, and policies 56 September 2014 Helsinki, Finland This is a draft version of a conference paper submitted for presentation at UNU-WIDERs conference,

688 views • 33 slides
Disas Dis aster R Recovery an and Gr Gran ant t Re Reporting g (DRGR) ) System m DRGR

Disas Dis aster R Recovery an and Gr Gran ant t Re Reporting g (DRGR) ) System m DRGR

Disas Dis aster R Recovery an and Gr Gran ant t Re Reporting g (DRGR) ) System m DRGR Release 8.1 | Overview | CDBG-DR and CDBG-MIT Webinar Series Summer 2020 Presenters Presenters HUD Steven Edwards, DRGR Specialist Hana

240 views • 22 slides
The Recovery Audit Program and Medicare The Who, What, When, Where, How and Why? 1 Agenda

The Recovery Audit Program and Medicare The Who, What, When, Where, How and Why? 1 Agenda

The Recovery Audit Program and Medicare The Who, What, When, Where, How and Why? 1 Agenda What Is A Recovery Auditor? Will The Recovery Auditors Affect Me? Why Recovery Auditors? What Does A Recovery Auditor Do? What Are The

444 views • 19 slides
Enterprise Storage Architecture Fall 2018 Data recovery and forensics Tyler Bletsch Duke

Enterprise Storage Architecture Fall 2018 Data recovery and forensics Tyler Bletsch Duke

ECE590-03 Enterprise Storage Architecture Fall 2018 Data recovery and forensics Tyler Bletsch Duke University The problem Recovery : Restoring data without backups after loss Goal: get our data back Challenges: Damaged media

277 views • 17 slides
Can Applications Recover from fsync Failures? Anthony Rebello, Yuvraj Patel, Ramnatthan Alagappan,

Can Applications Recover from fsync Failures? Anthony Rebello, Yuvraj Patel, Ramnatthan Alagappan,

Can Applications Recover from fsync Failures? Anthony Rebello, Yuvraj Patel, Ramnatthan Alagappan, Andrea C. Arpaci-Dusseau and Remzi H. Arpaci-Dusseau University of Wisconsin-Madison How does data reach the disk? Applications use the file

349 views • 33 slides

More recommend