e fficient v erification of r eplicated d atatypes using
play

E FFICIENT V ERIFICATION OF R EPLICATED D ATATYPES USING L ATER A - PowerPoint PPT Presentation

Jul 26, 2023 •285 likes •752 views

E FFICIENT V ERIFICATION OF R EPLICATED D ATATYPES USING L ATER A PPEARANCE R ECORDS (LAR) Madhavan Mukund, Gautham Shenoy R, S P Suresh Chennai Mathematical Institute, Chennai, India ATVA 2015, Shanghai, China, 14 October 2015 Distributed

  1. E FFICIENT V ERIFICATION OF R EPLICATED D ATATYPES USING L ATER A PPEARANCE R ECORDS (LAR) Madhavan Mukund, Gautham Shenoy R, S P Suresh 
 Chennai Mathematical Institute, Chennai, India ATVA 2015, Shanghai, China, 14 October 2015

  2. Distributed systems N nodes connected by asynchronous network …

  3. Distributed systems N nodes connected by asynchronous network Nodes may fail and recover infinitely often …

  4. Distributed systems N nodes connected by asynchronous network Nodes may fail and recover infinitely often Nodes resume from safe state before failure …

  5. Replicated datatypes Each node replicates the data structure … Replica 1 Replica 2 Replica 3 Replica N

  6. Replicated datatypes Each node replicates the data structure Queries / updates addressed to any replica Queries are side-e ff ect free Updates change the state of the data structure … Replica 1 Replica 2 Replica 3 Replica N

  7. Replicated datatypes … Typical applications Amazon shopping carts Google docs Facebook “like” counters … Replica 1 Replica 2 Replica 3 Replica N

  8. Replicated datatypes … Typical data structure — Sets Query : is x a member of S? Updates : add x to S, remove x from S … Replica 1 Replica 2 Replica 3 Replica N

  9. Clients and replicas Clients issue query/update requests Each request is fielded by an individual source replica … Replica 1 Replica 2 Replica 3 Replica N x in S? add(x,S) remove(y,S) remove(x,S) Client A Client B Client C Client D

  10. Processing query requests Queries are answered directly by source replica, using local state … Replica 1 Replica 2 Replica 3 Replica N x in S? Yes Client A

  11. Processing updates … Replica 1 Replica 2 Replica 3 Replica N add(x,S) Client B

  12. Processing updates Source replica first updates its own state … Replica 1 Replica 2 Replica 3 Replica N add(x,S) Client B

  13. Processing updates Source replica first updates its own state Propagates update message to other replicas With auxiliary metadata (timestamps etc) add(x,S,Y) add(x,S,Y) … Replica 1 Replica 2 Replica 3 Replica N add(x,S) Client B

  14. Strong eventual consistency Replicas may diverge while updates propagate All messages are reliably delivered Replicas that receive the same set of updates must be query equivalent After a period of quiescence, all replicas converge Any stronger consistency requirement would negate availability or partition tolerance (Brewer’s CAP theorem)

  15. Facebook example (2012) http://markcathcart.com/2012/03/06/eventually-consistent/

  16. Facebook example (2012) http://markcathcart.com/2012/03/06/eventually-consistent/

  17. CRDT: Conflict Free Data Types Introduced by Shapiro et al 2011 Implementations of counters, sets, graphs, … that satisfy strong eventual consistency by design No independent specifications Correctness? Formalisation by Burkhardt et al 2014 Very detailed, di ffi cult to use for verification

  18. Need for specifications How to resolve conflicts? What does it mean to concurrently apply add(x,S) and remove(x,S) to a set S? Di ff erent replicas see these updates in di ff erent orders Observed-Remove (OR) sets: add wins … Replica 1 Replica 2 Replica 3 Replica N x in S? add(x,S) remove(y,S) remove(x,S) Client A Client B Client C Client D

  19. “Operational” specifications My implementation uses timestamps, … to detect causality and concurrency If my replica received <add(x,S),t> and <remove(x,S),t’> and t and t’ are related by …, then answer Yes to “x in S?”, otherwise No … Replica 1 Replica 2 Replica 3 Replica N x in S? add(x,S) remove(y,S) remove(x,S) Client A Client B Client C Client D

  20. Declarative specification Represent a concurrent computation canonically Say a labelled partial order Describe e ff ect of a query based on partial order Reordering of concurrent updates does not matter Strong eventual consistency is guaranteed

  21. CRDTs Conflict-free Replicated Data Type: D = (V,Q,U) V — underlying universe of values Q — query operations U — update operations For instance, for OR-sets, 
 Q = {member-of}, U = {add, remove}

  22. Runs of CRDTs Recall that each update is locally applied at source replica, followed by N-1 messages to other replicas add(x,S,Y) add(x,S,Y) … Replica 1 Replica 2 Replica 3 Replica N add(x,S) Client B

  23. Runs of CRDTs … Sequence of query, update and receive operations u3 u3 Init u1 q1 u1 u1 q2 u2 u1 u2 u3 u3 u2 u2 q3 rec rec rec rec rec rec rec rec rec r1 r2 r3 r2 r1 r4 r2 r3 r1 r4 r3 r2 r3 r1 r4

  24. Runs of CRDTs … Ignore query operations Associate a unique event with each update and receive operation u3 u3 Init u1 u1 u1 u2 u1 u2 u3 u3 u2 u2 rec rec rec rec rec rec rec rec rec r1 r3 r2 r4 r2 r3 r1 r4 r3 r2 r4 r1

  25. Runs of CRDTs … Replica order: total order of each replica’s events u1 u3 u2 r1 rec rec u3 u1 u2 r2 rec rec Init u1 u3 u2 r3 rec rec u2 u3 u1 r4 rec rec rec

  26. Runs of CRDTs … Delivery order: match receives to updates u1 u3 u2 r1 rec rec u3 u1 u2 r2 rec rec Init u1 u3 u2 r3 rec rec u2 u3 u1 r4 rec rec rec

  27. Runs of CRDTs … Happened before order on updates: Replica + Delivery Need not be transitive Causal delivery of messages makes it transitive u1 u3 u2 r1 rec rec u3 u1 u2 r2 rec rec Init u1 u3 u2 r3 rec rec u2 u3 u1 r4 rec rec rec

  28. Runs of CRDTs … Local view of a replica Whatever is visible below its maximal event u1 u3 u2 r1 rec rec u3 u1 u2 r2 rec rec Init u1 u3 u2 r3 rec rec u2 u3 u1 r4 rec rec rec

  29. Runs of CRDTs … Local view of a replica Whatever is visible below its maximal event u1 u3 u2 r1 rec rec u3 u1 u2 r2 rec rec Init u1 u3 u2 r3 rec rec u2 u3 u1 r4 rec rec rec

  30. Runs of CRDTs … Local view of a replica Whatever is visible below its maximal event u1 u3 u2 r1 rec rec u3 u1 u2 r2 rec rec Init u1 u3 u2 r3 rec rec u2 u3 u1 r4 rec rec rec

  31. Runs of CRDTs … Local view of a replica Whatever is visible below its maximal event u1 u3 u2 r1 rec rec u3 u1 u2 r2 rec rec Init u1 u3 u2 r3 rec rec u2 u3 u1 r4 rec rec rec

  32. Runs of CRDTs … Local view of a replica Whatever is visible below its maximal event u1 u3 u2 r1 rec rec u3 u1 u2 r2 rec rec Init u1 u3 u2 r3 rec rec u2 u3 u1 r4 rec rec rec

  33. Runs of CRDTs … Even if updates are received locally in di ff erent orders, “happened before” on updates is the same u1 u3 u2 r1 rec rec u3 u1 u2 r2 rec rec Init u1 u3 u2 r3 rec rec u2 u3 u1 r4 rec rec rec

  34. Runs of CRDTs … Even if updates are received locally in di ff erent orders, “happened before” on updates is the same u1 u2 u3

  35. Declarative specification Define queries in terms of partial order of updates in local view For example: add wins in an OR-set Report “x in S” to be true if some maximal update is add(x,S) Concurrent add(x,S), remove(x,S) will both be maximal

  36. Bounded past Typically do not need entire local view to answer a query Membership in OR-sets requires only maximal update for each element N events per element

  37. Verification Given a CRDT D = (V,Q,U), does every run of D agree with the declarative specification? Strategy Build a reference implementation from declarative specification Compare the behaviour of D with reference implementation

  38. Finite-state implementations Assume universe is bounded Can use distributed timestamping to build a sophisticated distributed reference implementation [VMCAI 2015] Asynchronous automata theory Requires bounded concurrency for timestamps to be bounded

  39. Global implementation A simpler global implementation su ffi ces for verification Each update event is labelled by the source replica with an integer (will be bounded later) Maintain sequence of updates applied at each replica either local update from client or remote update received from another replica

  40. Later Appearance Record Each replica’s history is an LAR of updates (u 1 ,l 1 ) (u 2 ,l 2 ) … (u k ,l k ) u j has details about update: source replica, arguments l j is label tagged to u j by source replica Labels are consistent across LARs — (u i ,l) in r1 and (u j ,l) in r2 denote same update event Maintain LAR for each replica

  41. Causality and concurrency Suppose r3 receives (u,l) from r1 and (u’,l’) from r2 If (u,l) is causally before (u’,l’), (u,l) must appear in r2’s LAR before (u’,l’) If (u,l) is not causally before (u’,l’) and (u’,l’) is not causally before (u,l), they must have been concurrent Can recover partial order and answer queries according to declarative specification

  42. Pruning LARs Only need to keep latest updates in each local view If (u,l) generated by r is not latest for any other replica, remove all copies of (u,l) To prune LARs, maintain a global table keeping track of which updates are pending (not yet delivered to all replicas) Labels of pruned events can be safely reused

  43. Outcome Simple global reference implementation that conforms to declarative specification of CRDT Reference implementation is bounded if we make suitable assumptions about operating environment Bounded universe Bounded message delivery delays

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Recursion C ONTENT D ATATYPES Intro &amp; motivation, getting started with Isabelle Example:

Recursion C ONTENT D ATATYPES Intro &amp; motivation, getting started with Isabelle Example:

L AST T IME Sets in Isabelle Inductive Definitions Rule induction NICTA Advanced Course Fixpoints Slide 1 Theorem Proving Slide 3 Principles, Techniques, Applications Isar: induct and cases Recursion C ONTENT D ATATYPES

507 views • 9 slides
Group Signatures [CH91] allow a member to anonymously and accountably sign on behalf of a group.

Group Signatures [CH91] allow a member to anonymously and accountably sign on behalf of a group.

E FFICIENT D ISTRIBUTED T AG -B ASED E NCRYPTION AND ITS A PPLICATION TO G ROUP S IGNATURES WITH E FFICIENT D ISTRIBUTED T RACEABILITY Essam Ghadafi (Presented by Enrique Larraia) ghadafi@cs.bris.ac.uk University of Bristol Latincrypt 2014 E

348 views • 33 slides
S ECURITY M ODEL OF DAA 2 A B LUEPRINT FOR DAA 3 B UILDING B LOCKS 4 O UR C ONSTRUCTIONS 5 E

S ECURITY M ODEL OF DAA 2 A B LUEPRINT FOR DAA 3 B UILDING B LOCKS 4 O UR C ONSTRUCTIONS 5 E

E FFICIENT S IGNATURES OF K NOWLEDGE AND DAA IN THE S TANDARD M ODEL David Bernhard Georg Fuchsbauer Essam Ghadafi ghadafi@cs.bris.ac.uk Department of Computer Science, University of Bristol ACNS 2013 E FFICIENT S IGNATURES OF K NOWLEDGE AND

694 views • 54 slides
A M A M IXED ED V ER ON ERIFICATION S TRATEG EGY T AILOR ED FOR OR ORED N ET ORKS ON ON C C HIP

A M A M IXED ED V ER ON ERIFICATION S TRATEG EGY T AILOR ED FOR OR ORED N ET ORKS ON ON C C HIP

A M A M IXED ED V ER ON ERIFICATION S TRATEG EGY T AILOR ED FOR OR ORED N ET ORKS ON ON C C HIP ETWOR HIP G.Tsiligiannis, L.Pierre TIMA Laboratory, Grenoble, France I NTRODUCTION Questions: Is it worth defining a specific

556 views • 23 slides
V erification de protocoles cryptographiques en pr esence de th eories equationnelles

V erification de protocoles cryptographiques en pr esence de th eories equationnelles

V erification de protocoles cryptographiques en pr esence de th eories equationnelles V erification de protocoles cryptographiques en pr esence de th eories equationnelles Pascal Lafourcade LSV, UMR 8643, CNRS, ENS de

1.12k views • 74 slides
USER SIGNER E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 1 / 18 B LIND S IGNATURES S ECURITY M

USER SIGNER E FFICIENT T WO -M OVE B LIND S IGNATURES . . . 1 / 18 B LIND S IGNATURES S ECURITY M

B LIND S IGNATURES S ECURITY M ODEL R ELATED W ORK O UR C ONSTRUCTION E FFICIENCY C OMPARISON O PEN P ROBLEMS E FFICIENT T WO -M OVE B LIND S IGNATURES IN THE C OMMON R EFERENCE S TRING M ODEL E. Ghadafi N.P. Smart Department of Computer Science,

1.17k views • 32 slides
Eff fficient processing of Hi Hi-C data an and ap application to can ancer Nicola las Serv

Eff fficient processing of Hi Hi-C data an and ap application to can ancer Nicola las Serv

Eff fficient processing of Hi Hi-C data an and ap application to can ancer Nicola las Serv rvant, PhD Institut Curie, INSERM U900, Mines ParisTech, PSL-Research University 04th of Decembre 2019 Hi-C days, Toulouse 2 Spa patial

649 views • 54 slides
V erification de programmes avec pointeurs ` a laide de r egions et de permissions

V erification de programmes avec pointeurs ` a laide de r egions et de permissions

INRIA Saclay Universit e de Paris-Sud 11 Ile-de-France Centre dOrsay Equipe ProVal V erification de programmes avec pointeurs ` a laide de r egions et de permissions Romain Bardou pr esent ee le 14 octobre 2011

944 views • 51 slides
EFFICIENT FFICIENT ECONO ONOMY MY Opportunities for Companies and Financial Institutions

EFFICIENT FFICIENT ECONO ONOMY MY Opportunities for Companies and Financial Institutions

LE LEVERA VERAGING GING A WATER TER EFFICIENT FFICIENT ECONO ONOMY MY Opportunities for Companies and Financial Institutions Gustavo Pimentel gpimentel@sitawi,net June 14 th , 2016 METHODOLOGY 1 The objective is to assess and highlight

316 views • 18 slides
CING APTI BUNDLE WITH M EMORY ORY U SA GE P REDICT ION : WITH SAGE DICTIO E FFI FFICIENT G

CING APTI BUNDLE WITH M EMORY ORY U SA GE P REDICT ION : WITH SAGE DICTIO E FFI FFICIENT G

A DAP TIVE R AY AY - BU LE T RACIN CING APTI BUNDLE WITH M EMORY ORY U SA GE P REDICT ION : WITH SAGE DICTIO E FFI FFICIENT G LOBAL AL I LLUMIN ION IN IN L ARGE GE S CENES MINATIO Yusuke ke To Toku kuyoshi (Squar are Enix Co., Ltd.) .)

525 views • 19 slides
NORTH CAROLINA DMV Identification Requirements and erification of Lawful Status in the U.S.

NORTH CAROLINA DMV Identification Requirements and erification of Lawful Status in the U.S.

NORTH CAROLINA DMV Identification Requirements and erification of Lawful Status in the U.S. Wednesday, January 25, 2012 Step 1 Documents Required as Proof of Identification to receive a DL/ID Driver License or State Issued

743 views • 27 slides
S PECIFICATION AND V ERIFICATION OF P ROPERTIES FOR G RAPH -B ASED M ODEL T RANSFORMATIONS G EHAN

S PECIFICATION AND V ERIFICATION OF P ROPERTIES FOR G RAPH -B ASED M ODEL T RANSFORMATIONS G EHAN

S PECIFICATION AND V ERIFICATION OF P ROPERTIES FOR G RAPH -B ASED M ODEL T RANSFORMATIONS G EHAN M. K. S ELIM , L EVI L UCIO , J AMES R. C ORDY , J UERGEN D INGEL , B ENTLEY J. O AKES A GENDA Problem Statement DSLTrans Model Transformation

712 views • 25 slides
V ANTAGE : S CALABLE AND E FFICIENT F INE -G RAIN C ACHE P ARTITIONING Daniel Sanchez and Christos

V ANTAGE : S CALABLE AND E FFICIENT F INE -G RAIN C ACHE P ARTITIONING Daniel Sanchez and Christos

V ANTAGE : S CALABLE AND E FFICIENT F INE -G RAIN C ACHE P ARTITIONING Daniel Sanchez and Christos Kozyrakis Stanford University ISCA-38, June 6 th 2011 Executive Summary 2 ! Problem: Interference in shared caches ! Lack of isolation &quot; no

534 views • 39 slides
Q UASAR : R ESOURCE -E FFICIENT A ND Q O S-A WARE C LUSTER M ANAGEMENT Christina Delimitrou and

Q UASAR : R ESOURCE -E FFICIENT A ND Q O S-A WARE C LUSTER M ANAGEMENT Christina Delimitrou and

Q UASAR : R ESOURCE -E FFICIENT A ND Q O S-A WARE C LUSTER M ANAGEMENT Christina Delimitrou and Christos Kozyrakis Stanford University http://mast.stanford.edu ASPLOS March 3 rd 2014 Executive Summary Problem: low datacenter utilization

939 views • 44 slides
E NERGY -E FFICIENT D ATA R EPLICATION IN C LOUD C OMPUTING D ATACENTERS Presented by David Ocejo

E NERGY -E FFICIENT D ATA R EPLICATION IN C LOUD C OMPUTING D ATACENTERS Presented by David Ocejo

E NERGY -E FFICIENT D ATA R EPLICATION IN C LOUD C OMPUTING D ATACENTERS Presented by David Ocejo O VERVIEW Problem Saving Energy (Solution) Efficiency Data Center Topology Simulation Conditions

631 views • 26 slides
V erification des programmes dordre sup erieur Charles Grellois (travaux r ealis

V erification des programmes dordre sup erieur Charles Grellois (travaux r ealis

V erification des programmes dordre sup erieur Charles Grellois (travaux r ealis es avec Dal Lago et Melli` es) Aix-Marseille Universit e - LSIS Visite des etudiants de lENS Paris-Saclay 23 novembre 2017 Charles

593 views • 57 slides
ARTIFICIAL INTELLIGENCE Russell &amp; Norvig Chapter 5: Adversarial Search Why study games?

ARTIFICIAL INTELLIGENCE Russell &amp; Norvig Chapter 5: Adversarial Search Why study games?

ARTIFICIAL INTELLIGENCE Russell &amp; Norvig Chapter 5: Adversarial Search Why study games? Games can be a good model of many competitive activities Games are a traditional hallmark of intelligence State of game is easy to represent

567 views • 27 slides
Adversarial Search Sven Koenig, USC Russell and Norvig, 3 rd Edition, Sections 5.1-5.3 These

Adversarial Search Sven Koenig, USC Russell and Norvig, 3 rd Edition, Sections 5.1-5.3 These

12/18/2019 Adversarial Search Sven Koenig, USC Russell and Norvig, 3 rd Edition, Sections 5.1-5.3 These slides are new and can contain mistakes and typos. Please report them to Sven (skoenig@usc.edu). 1 Game Playing: Chess (IBM) 1997 [Der

470 views • 34 slides
Charm++ Tutorial Presented by: Lukasz Wesolowski Pritish Jetley 1 Overview Introduction

Charm++ Tutorial Presented by: Lukasz Wesolowski Pritish Jetley 1 Overview Introduction

Charm++ Tutorial Presented by: Lukasz Wesolowski Pritish Jetley 1 Overview Introduction Characteristics of a Parallel Language Virtualization Message Driven Execution Charm++ features Chares and Chare Arrays

1.14k views • 86 slides
Compiling Axioms from the Source Descriptions Craig Knoblock University of Southern California

Compiling Axioms from the Source Descriptions Craig Knoblock University of Southern California

Compiling Axioms from the Source Descriptions Craig Knoblock University of Southern California 4/4/2005 University of Southern California 1 Domain Modeling Language Domain model specified in a KL-ONE style knowledge representation system

215 views • 20 slides
Graphical Models Queries, complexity, algorithms and applications STACS2020 tutorial M.C.

Graphical Models Queries, complexity, algorithms and applications STACS2020 tutorial M.C.

Graphical Models Queries, complexity, algorithms and applications STACS2020 tutorial M.C. Cooper 1 , S. de Givry 2 &amp; T. Schiex 2 1 Universit Fdrale de Toulouse, ANITI, IRIT, Toulouse, France 2 Universit Fdrale de Toulouse,

1.39k views • 107 slides
Gamma-ray Bursts @ MeraTeV Andrea Melandri 04/10/2011 Outline The GRB phenomenon

Gamma-ray Bursts @ MeraTeV Andrea Melandri 04/10/2011 Outline The GRB phenomenon

Gamma-ray Bursts @ MeraTeV Andrea Melandri 04/10/2011 Outline The GRB phenomenon Prompt &amp; Afterglow Space observations Ground-based observations Expectations for VHE of GRBs What is a Gamma-Ray Burst? Brief,

724 views • 45 slides
The Massive, Enriched, Cool Gaseous Envelopes Around Galaxies

The Massive, Enriched, Cool Gaseous Envelopes Around Galaxies

The Massive, Enriched, Cool Gaseous Envelopes Around Galaxies Jessica Werk, Hubble Fellow, University of California, Santa Cruz QNQ, July 2014

589 views • 27 slides
Isomorphic web apps with Rum by Nikita Prokopov MOSCOW NOVOSIBIRSK not existing 1985 not

Isomorphic web apps with Rum by Nikita Prokopov MOSCOW NOVOSIBIRSK not existing 1985 not

Isomorphic web apps with Rum by Nikita Prokopov MOSCOW NOVOSIBIRSK not existing 1985 not programming 2001 studying programming 2005 not programming Clojure :( 2012 programming Clojure 2015 programming ClojureScript 2016 speaking at

598 views • 35 slides

More recommend