checking consistency properties tractable reductions to
play

Checking Consistency Properties: Tractable Reductions to - PowerPoint PPT Presentation

Apr 18, 2023 •220 likes •522 views

Checking Consistency Properties: Tractable Reductions to Reachability Constantin Enea IRIF , University Paris Diderot Concurrent/Distributed Objects Modern computer software is increasingly concurrent performance improvements often

  1. Checking Consistency Properties: Tractable Reductions to Reachability Constantin Enea IRIF , University Paris Diderot

  2. Concurrent/Distributed Objects • Modern computer software is increasingly concurrent • performance improvements often achieved by parallelizing operations • concurrent/distributed objects encapsulate concurrent shared-memory accesses into higher-level abstract data types • java.util.concurrent, Intel Thread Building Blocks • Amazon SS3, MongoDB • the widespread usage of these libraries demands for precise (formal) specifications 


  3. Consistency Criteria • Define an abstraction of the library behaviors • Example: linearizability ensures an atomic view of the method calls deq ⇒ 1 enq(1) Thread 1 enq(2) deq ⇒ 2 Thread 2 “abstracted to” deq ⇒ 1 enq(1) Thread 1 enq(2) deq ⇒ 2 Thread 2

  4. Modeling Library Behaviors: Histories push(1) pop ⇒ 2 Thread 1 pop ⇒ 3 pop ⇒ 1 push(2) push(3) Thread 2 happens-before partial order program order pop ⇒ 2 pop ⇒ 2 push(1) push(1) pop ⇒ 3 pop ⇒ 3 pop ⇒ 1 pop ⇒ 1 push(2) push(2) push(3) push(3)

  5. Consistency Criteria • Expressible as (existential) second order formulas over histories • Linearizability: ( Invoc, Hb ) is linearizable i ff ( Invoc, Hb ) | = ∃ Lin. Hb ⊆ Lin ∧ Spec ( Lin ) pop ⇒ 2 push(1) pop ⇒ 3 linearized to pop ⇒ 1 push(2) push(3) push(1) pop ⇒ 1 push(2) pop ⇒ 2 push(3) pop ⇒ 3

  6. Consistency Criteria • Expressible as second order formulas over histories • Linearizability: ( Invoc, Hb ) is linearizable i ff ( Invoc, Hb ) | = ∃ Lin. Hb ⊆ Lin ∧ Spec ( Lin ) • Sequential Consistency: ( Invoc, Po ) is sequentially consistent i ff ( Invoc, Po ) | = ∃ Lin. Po ⊆ Lin ∧ Spec ( Lin ) • Causal Consistency: …

  7. Verifying Consistency Criteria Challenges: Checking consistency of a single history is often NP-complete • results in descriptive complexity => no first-order formulation • Checking consistency of finite-state implementations is often undecidable • Example: linearizability, sequential/causal consistency • Goal: Identifying classes of implementations/specifications for which checking • consistency is reducible to reachability (assertion checking) Polynomial procedures for checking consistency of single histories •

  8. Results Criterion Implementations Specifications Eventual Describable using B E H, POPL’14 All Consistency "multiset automata” B E GH, POPL’17 Causal Consistency Data Independent Key-value stores Register, Stack, BE E H, ICALP’15 B E W, CONCUR’17 Linearizability Data Independent Queue, Priority Queue

  9. Geo-Replicated Data Structures • Strong (sequential) consistency write(x,1) write(x,2)

  10. Geo-Replicated Data Structures • Strong (sequential) consistency read(x) ⇒ 1 read(x) ⇒ 1 read(x) ⇒ 2 read(x) ⇒ 2 write(x,1) write(x,2)

  11. Geo-Replicated Data Structures • Strong (sequential) consistency is impossible while being available and tolerating network partitions: the CAP theorem read(x) ⇒ 1 read(x) ⇒ 1 read(x) ⇒ 2 read(x) ⇒ 2 write(x,1) write(x,2)

  12. Geo-Replicated Data Structures • Tolerating faults while preserving availability leads to anomalies w.r.t. strong (sequential) consistency read(x) ⇒ 2 read(x) ⇒ 1 read(x) ⇒ 1 read(x) ⇒ 2 write(x,1) write(x,2) Updates are seen in different orders

  13. Verifying Causal Consistency • The set of allowed anomalies are defined by weak consistency criteria, e.g., eventual consistency, causal consistency. • Goal: Algorithmic methods for checking causal consistency. • Verifying a single history is NP-Complete • Verifying a finite-state implementation is undecidable (finite nb. of sites) Linearizability. EXPSPACE-complete Sequential Consistency. Undecidable Causal Consistency. Undecidable Eventual Consistency. Decidable

  14. What About Key-Value Stores ? • Checking causal consistency remains undecidable in general • Restricting to data independent implementations • behaviors don’t depend on the stored/input values • For data independent implementations, it is enough to check executions where each value is written at most once

  15. What About Key-Value Stores ? • Bad pattern = a set of operations related in a particular way • Approach: identify a set of bad patterns X such that A history is causally-consistent i ff it contains a bad pattern from X • Consequences: • checking causal consistency for a single history is polynomial time • checking causal consistency is reducible to assertion checking • define a monitor that tracks the presence of bad patterns

  16. Definition of Causal Consistency Definitions of Causal Consistency Characterization of Causal Consistency using Bad Patterns Causal Consistency Using Bad Patterns for Verification Definition of Causal Consistency read ( x ) I 2 read ( x ) I 1 write ( x , 2) write ( x , 1) read ( x ) I 1 read ( x ) I 2 program order There exists a causality order CO such that the causal past of every read can explain its value CO includes the program (site) order 10 / 35

  17. Definition of Causal Consistency Definitions of Causal Consistency Characterization of Causal Consistency using Bad Patterns Causal Consistency Using Bad Patterns for Verification Definition of Causal Consistency read ( x ) I 2 read ( x ) I 1 read ( x ) I 1 write ( x , 2) write ( x , 2) write ( x , 2) write ( x , 1) write ( x , 1) write ( x , 1) read ( x ) I 1 read ( x ) I 2 read ( x ) I 2 program order There exists a causality order CO such that the causal past of every read can explain its value CO includes the program (site) order 10 / 35

  18. Causal Consistency Violations Definitions of Causal Consistency Characterization of Causal Consistency using Bad Patterns Causal Consistency Using Bad Patterns for Verification Causal Consistency Violations Causally related writes must be seen by all sites in the same order. write ( x , 1) write ( x , 2) write ( y , 3) read ( x ) I 1 11 / 35

  19. Causal Consistency Violations Definitions of Causal Consistency Characterization of Causal Consistency using Bad Patterns Causal Consistency Using Bad Patterns for Verification Causal Consistency Violations Causally related writes must be seen by all sites in the same order. write ( x , 1) write ( x , 2) write ( y , 3) read ( x ) I 1 read ( y ) I 3 read ( x ) I 1 11 / 35

  20. Formalizing Causal Consistency Definitions of Causal Consistency Characterization of Causal Consistency using Bad Patterns Causal Consistency Using Bad Patterns for Verification Formalizing Causal Consistency Specification = a set of sequences of operations write ( x , 1) · write ( y , 2) · read ( x ) I 1 · read ( y ) I 2 12 / 35

  21. Formalizing Causal Consistency Definitions of Causal Consistency Characterization of Causal Consistency using Bad Patterns Causal Consistency Using Bad Patterns for Verification Formalizing Causal Consistency Specification = a set of sequences of operations write ( x , 1) · write ( y , 2) · read ( x ) I 1 · read ( y ) I 2 A history h = ( O , PO ) is causally consistent w.r.t. a specification S i ff there exists a strict partial order CO s.t. AxCausal : PO ✓ CO AxCausalValue : 8 o 2 O . CausalPast( CO , o ) v S ( CausalPast( CO , o ) = the restriction of CO to CO − 1 ( o ) [ { o } CO CausalPast ( CO, o ) o v means “can be linearized to”) 12 / 35

  22. Di ff erentiated histories Definitions of Causal Consistency Data Independent Implementations Characterization of Causal Consistency using Bad Patterns Bad Patterns Using Bad Patterns for Verification Data Independent Implementations A history is di ff erentiated if each value is written at most once Observation : Written values do not influence behaviors. ⇒ We can assume written values are unique. write ( x , 1) write ( x , 3) write ( x , 2) write ( x , 4) read ( x ) I 3 Unicity of writes implies a canonical causality relation (included in every other causality relation). 18 / 35

  23. Bad Patterns Definitions of Causal Consistency Data Independent Implementations Characterization of Causal Consistency using Bad Patterns Bad Patterns Using Bad Patterns for Verification Bad Patterns to Characterize Violations Bad pattern : set of operations related is a particular way Defined using the following orders: PO (program order): connects operations from the same site RF (reads-from relation): connects write to read CO (causal order): defined as ( PO ∪ RF ) + 19 / 35

  24. Example: WriteCORead Definitions of Causal Consistency Data Independent Implementations Characterization of Causal Consistency using Bad Patterns Bad Patterns Using Bad Patterns for Verification Bad Pattern for Causal Consistency: WriteCORead Two writes w 1 and w 2 , and one read r 1 on the same variable: r 1 reads-from w 1 w 1 < CO w 2 < CO r 1 Example: write ( x , 1) write ( y , 2) write ( x , 2) read ( y ) I 2 read ( x ) I 2 read ( x ) I 1 20 / 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Chapter 4 ICS-275 Fall 2010 Fall 2010 ICS 275 - Constraint Networks 1 Tractable Tractable

Chapter 4 ICS-275 Fall 2010 Fall 2010 ICS 275 - Constraint Networks 1 Tractable Tractable

Directional consistency Chapter 4 ICS-275 Fall 2010 Fall 2010 ICS 275 - Constraint Networks 1 Tractable Tractable classes classes Fall 2010 2 Backtrack-free search: or What level of consistency will guarantee global- consistency

418 views • 41 slides
Heuristics for Checking Liveness Properties with Partial Order Reductions A. Duret-Lutz, F.

Heuristics for Checking Liveness Properties with Partial Order Reductions A. Duret-Lutz, F.

Heuristics for Checking Liveness Properties with Partial Order Reductions A. Duret-Lutz, F. Kordon, D. Poitrenaud, E. Renault Tuesday, October 18th E. Renault ATVA16 Tuesday, October 18th 1 / 17 State Space Explosion Two concurrent

941 views • 52 slides
Fixed-parameter tractable reductions to SAT Ronald de Haan Stefan Szeider Vienna University of

Fixed-parameter tractable reductions to SAT Ronald de Haan Stefan Szeider Vienna University of

Fixed-parameter tractable reductions to SAT Ronald de Haan Stefan Szeider Vienna University of Technology Reductions to SAT Problems in NP can be encoded into SAT in poly-time. Problems at the second level of the PH or higher cannot be

295 views • 16 slides
Just-Right As available as possible, consistent when necessary Consistency The CAP theorem

Just-Right As available as possible, consistent when necessary Consistency The CAP theorem

Just-Right Consistency: Just-Right As available as possible, consistent when necessary Consistency The CAP theorem forces a choice In contrast, checking a data between strong consistency (CP) precondition on partitioned state is and

567 views • 10 slides
Tractable Refinement Checking for Concurrent Objects Constantin Enea LIAFA, CNRS &amp;

Tractable Refinement Checking for Concurrent Objects Constantin Enea LIAFA, CNRS &amp;

Tractable Refinement Checking for Concurrent Objects Constantin Enea LIAFA, CNRS &amp; University Paris Diderot - Paris 7 joint work with Ahmed Bouajjani, Michael Emmi, Jad Hamza Concurrent objects Concurrent Object call (push, pop, )

442 views • 25 slides
Specifying and Checking File System Crash-Consistency Models Steven Lang September 4, 2016

Specifying and Checking File System Crash-Consistency Models Steven Lang September 4, 2016

Specifying and Checking File System Crash-Consistency Models Steven Lang September 4, 2016 Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universitt Mainz Motivation The problem: POSIX

982 views • 71 slides
Checking Graph Properties with GP Chris Poskitt (cmp501@cs.york.ac.uk) The University of York

Checking Graph Properties with GP Chris Poskitt (cmp501@cs.york.ac.uk) The University of York

Checking Graph Properties with GP Checking Graph Properties with GP Chris Poskitt (cmp501@cs.york.ac.uk) The University of York PLASMA Seminar: 5th March 2009 Checking Graph Properties with GP Motivation Todays Talk 1. Motivation 2. GP

874 views • 52 slides
Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties

Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties

Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties Viktor Schuppan Computer Systems Institute, ETH Z urich http://www.inf.ethz.ch/schuppan/ Defense Thesis ETH 16268 September 28, 2005, Z

382 views • 19 slides
Towards efficient model checking for variants of ATL under different semantics Wojciech Penczek

Towards efficient model checking for variants of ATL under different semantics Wojciech Penczek

Specification of Strategic Abilities in ATL* Model checking Multi-Valued ATL* Partial order reductions for sATL* Simpler strategies for Timed ATL Conclusions Towards efficient model checking for variants of ATL under different semantics

1.1k views • 88 slides
Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency Requirements of performance, availability, and disconnected operation require us to relax the goal of semantic transparency. - HTTP 1.1 specification

598 views • 13 slides
Dynamic Reductions for Model Checking Concurrent Software Alfons Laarman alfons@laarman.com

Dynamic Reductions for Model Checking Concurrent Software Alfons Laarman alfons@laarman.com

Introduction Transactions Dynamic Experiments Conclusion Dynamic Reductions for Model Checking Concurrent Software Alfons Laarman alfons@laarman.com Henning G unther , Ana Sokolova and Georg Weissenbacher Formal Methods in Systems

905 views • 51 slides
Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole Model Checking C Model checking: normally applied to formal state transition systems checks safety and

439 views • 17 slides
Checking path consistency and reachability in multipath networks using Batfish Ari Fogel 1 Stanley

Checking path consistency and reachability in multipath networks using Batfish Ari Fogel 1 Stanley

Checking path consistency and reachability in multipath networks using Batfish Ari Fogel 1 Stanley Fung 1 Todd Millstein 1 Ratul Mahajan 2 Ramesh Govindan 3 Luis Pedrosa 3 1 University of California, Los Angeles 2 Microsoft Research 3 University of

287 views • 12 slides
Efficient Model Checking of Safety Properties Timo Latvala timo.latvala@hut.fi Laboratory for

Efficient Model Checking of Safety Properties Timo Latvala timo.latvala@hut.fi Laboratory for

Efficient Model Checking of Safety Properties Timo Latvala timo.latvala@hut.fi Laboratory for Theoretical Computer Science Helsinki University of Technology Finland Spin 2003 p.1/16 Introduction Safety properties properties

669 views • 44 slides
Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model

Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model

Lecture 4: Checking properties in NuSMV B. Srivathsan Chennai Mathematical Institute Model Checking and Systems Verification January - April 2016 1 / 43 Outline Module 1: Synchronous Vs Asynchronous composition Module 2: More examples

1.11k views • 90 slides
Constraint satisfaction problems II CS271P, Winter 2018 Introduction to Artificial Intelligence

Constraint satisfaction problems II CS271P, Winter 2018 Introduction to Artificial Intelligence

Constraint satisfaction problems II CS271P, Winter 2018 Introduction to Artificial Intelligence Prof. Richard Lathrop You Should Know Node consistency, arc consistency, path consistency, K-consistency (6.2) Forward checking (6.3.2)

1.1k views • 83 slides
Chapter 9 Internet Email Page 1 We Shall be Covering ... Internet email Using Ximian

Chapter 9 Internet Email Page 1 We Shall be Covering ... Internet email Using Ximian

Chapter 9 Internet Email Page 1 We Shall be Covering ... Internet email Using Ximian Evolution email Using Mozilla Mail email Page 2 Internet Email Web-based (webmail) or POP3-based Webmail: uses ubiquitous web browser to

498 views • 25 slides
flowMerge: Merging Mixture Components to Identify Distinct Cell Populations in Flow Cytometry

flowMerge: Merging Mixture Components to Identify Distinct Cell Populations in Flow Cytometry

flowMerge: Merging Mixture Components to Identify Distinct Cell Populations in Flow Cytometry Greg Finak, PhD R. Gottardo Laboratory, Vaccine and Infectious Disease Division Fred Hutchinson Cancer Research Center flowCAP 2010 Summit. September

384 views • 25 slides
Symbolic Abstract Data Types (ADTs) Constantin Enea University Paris Diderot - Paris 7 joint

Symbolic Abstract Data Types (ADTs) Constantin Enea University Paris Diderot - Paris 7 joint

Symbolic Abstract Data Types (ADTs) Constantin Enea University Paris Diderot - Paris 7 joint work with Michael Emmi, IMDEA Madrid Modular Reasoning Abstract Data Types smaller &amp; simpler program, easier to reason about

258 views • 24 slides
VNF Benchmark-as-a-Service (VBaaS): A Teaser (draft-rorosz-nfvrg-vbaas-00.txt) Rosa, Raphael V.

VNF Benchmark-as-a-Service (VBaaS): A Teaser (draft-rorosz-nfvrg-vbaas-00.txt) Rosa, Raphael V.

Teaser Backup slides VNF Benchmark-as-a-Service (VBaaS): A Teaser (draft-rorosz-nfvrg-vbaas-00.txt) Rosa, Raphael V. Rothenberg, Christian E. Szabo, Robert FEEC/UNICAMP and Ericsson Research Hungary NFVRG, IETF 94

251 views • 22 slides
The Cluster Monitoring System of IHEP Qingbao Hu huqb@ihep.ac.cn Computing Center, Institute of

The Cluster Monitoring System of IHEP Qingbao Hu huqb@ihep.ac.cn Computing Center, Institute of

The Cluster Monitoring System of IHEP Qingbao Hu huqb@ihep.ac.cn Computing Center, Institute of High Energy Physics, Chinese Academy of Sciences International Symposium on Grids and Clouds (ISGC) 2016 Content Overview of IHEPs Monitor

361 views • 25 slides
Problems: Page Table Size Maximum virtual space can be considerable (e.g. 2 40 bytes) Disk space

Problems: Page Table Size Maximum virtual space can be considerable (e.g. 2 40 bytes) Disk space

Problems: Page Table Size Maximum virtual space can be considerable (e.g. 2 40 bytes) Disk space for program image (1TB per process!) Page Table size 0.5GB (with 16KB pages, 8 byte descriptors) Most programs use only a small fraction of maximum

211 views • 6 slides
Segmentation: Promoting 2020 Census self-response Laura Kail, PSB Gina Walejko, U.S. Census

Segmentation: Promoting 2020 Census self-response Laura Kail, PSB Gina Walejko, U.S. Census

Mindsets and Segmentation: Promoting 2020 Census self-response Laura Kail, PSB Gina Walejko, U.S. Census Bureau Brian Kriz, PSB Robert Kulzick, PSB Shawnna Mullenax, PSB Hubert Shang, PSB July 12, 2019 The views and opinions expressed in this

910 views • 28 slides
MS degree in Computer Engineering University of Rome Tor Vergata Lecturer: Francesco Quaglia

MS degree in Computer Engineering University of Rome Tor Vergata Lecturer: Francesco Quaglia

MS degree in Computer Engineering University of Rome Tor Vergata Lecturer: Francesco Quaglia Topics Addressing schemes and software protection models Hardware/software protection support Kernel access GATEs

1.29k views • 113 slides

More recommend