SLIDE 1
EXPLOITING LOOPHOLES IN CAP
Michael T. Nygard Relevance, Inc.
Thursday, November 8, 12
About CAP a.k.a. Brewer’s Conjecture a.k.a. Theorem that Shipped 1,000 Launches
Thursday, November 8, 12
EXPLOITING LOOPHOLES IN CAP Michael T. Nygard Relevance, Inc. - - PowerPoint PPT Presentation
EXPLOITING LOOPHOLES IN CAP Michael T. Nygard Relevance, Inc. - - PowerPoint PPT Presentation
EXPLOITING LOOPHOLES IN CAP Michael T. Nygard Relevance, Inc. Thursday, November 8, 12 About CAP a.k.a. Brewers Conjecture a.k.a. Theorem that Shipped 1,000 Launches Thursday, November 8, 12 Brewer's conjecture and the feasibility
SLIDE 2
SLIDE 3
“Brewer's conjecture and the feasibility of consistent, available, partition-tolerant web services.” Seth Gilbert and Nancy Lynch.
SIGACT News 33, 2 (June 2002), 51-59. DOI=10.1145/564585.564601 http://doi.acm.org/10.1145/564585.564601
Thursday, November 8, 12
SLIDE 4
Thursday, November 8, 12
SLIDE 5
Thursday, November 8, 12
SLIDE 6
Consistency
Thursday, November 8, 12
SLIDE 7
Consistency Availability
Thursday, November 8, 12
SLIDE 8
Consistency Availability Partition-Tolerance
Thursday, November 8, 12
SLIDE 9
Consistency Availability Partition-Tolerance Choose Two
Thursday, November 8, 12
SLIDE 10
BEWARE BAD LOGIC
C ∩ P → ¬A
Thursday, November 8, 12
SLIDE 11
BEWARE BAD LOGIC
C ∩ P → ¬A A ∩ P → ¬C
Thursday, November 8, 12
SLIDE 12
BEWARE BAD LOGIC
⊭¬C → A C ∩ P → ¬A A ∩ P → ¬C
Thursday, November 8, 12
SLIDE 13
Thursday, November 8, 12
SLIDE 14
CAP
Thursday, November 8, 12
SLIDE 15
CAP Gödel’s Incompleteness Theorem
Thursday, November 8, 12
SLIDE 16
CAP Gödel’s Incompleteness Theorem Heisenberg’s Uncertainty Principle
Thursday, November 8, 12
SLIDE 17
CAP GIT HUP
Thursday, November 8, 12
SLIDE 18
They’re a drag!
Thursday, November 8, 12
SLIDE 19
The Network
Thursday, November 8, 12
SLIDE 20
Asynchronous Message-passing Network
Thursday, November 8, 12
SLIDE 21
Thursday, November 8, 12
SLIDE 22
Consistency
Thursday, November 8, 12
SLIDE 23
Thursday, November 8, 12
SLIDE 24
n2
Thursday, November 8, 12
SLIDE 25
n2
→ write 12 ←
Thursday, November 8, 12
SLIDE 26
n2
→ write 12 ← ack
Thursday, November 8, 12
SLIDE 27
n2
→ write 12 ← ack →
Thursday, November 8, 12
SLIDE 28
n2
→ write 12 ← ack → read ←
Thursday, November 8, 12
SLIDE 29
n2
→ write 12 ← ack → read ← 12
Thursday, November 8, 12
SLIDE 30
n2
→ write 12 ← ack → read ← 12 →
Thursday, November 8, 12
SLIDE 31
n2
→ write 12 ← ack → read ← 12 → read ←
Thursday, November 8, 12
SLIDE 32
n2
→ write 12 ← ack → read ← 12 → read ← 12
Thursday, November 8, 12
SLIDE 33
n2
→ write 12 ← ack → read ← 12 → read ← 12 →
Thursday, November 8, 12
SLIDE 34
n2
→ write 12 ← ack → read ← 12 → read ← 12 → write 20 ←
Thursday, November 8, 12
SLIDE 35
n2
→ write 12 ← ack → read ← 12 → read ← 12 → write 20 ← ack
Thursday, November 8, 12
SLIDE 36
Thursday, November 8, 12
SLIDE 37
n2
write 12 read read write 20
Thursday, November 8, 12
SLIDE 38
n2
write 12 read read write 20
n11
write 12 read read write 20
Thursday, November 8, 12
SLIDE 39
n2
write 12 read read write 20
n11
write 12 read read write 20
n17
write 12 write 9 read write 20
Thursday, November 8, 12
SLIDE 40
n2
write 12 read read write 20
n11
write 12 read read write 20
n17
write 12 write 9 read write 20
×
Thursday, November 8, 12
SLIDE 41
Atomic Linearizable
Thursday, November 8, 12
SLIDE 42
Thursday, November 8, 12
SLIDE 43
Availability
Thursday, November 8, 12
SLIDE 44
Thursday, November 8, 12
SLIDE 45
n2
Thursday, November 8, 12
SLIDE 46
n2
→ write 12 ←
Thursday, November 8, 12
SLIDE 47
n2
→ write 12 ← ack
Thursday, November 8, 12
SLIDE 48
n2
→ write 12 ← ack →
Thursday, November 8, 12
SLIDE 49
n2
→ write 12 ← ack → read ←
Thursday, November 8, 12
SLIDE 50
n2
→ write 12 ← ack → read ← 12
Thursday, November 8, 12
SLIDE 51
n2
→ write 12 ← ack → read ← 12 →
Thursday, November 8, 12
SLIDE 52
n2
→ write 12 ← ack → read ← 12 → read
Thursday, November 8, 12
SLIDE 53
n2
→ write 12 ← ack → read ← 12 → read
Thursday, November 8, 12
SLIDE 54
n2
→ write 12 ← ack → read ← 12 → read →
Thursday, November 8, 12
SLIDE 55
n2
→ write 12 ← ack → read ← 12 → read → write 20
Thursday, November 8, 12
SLIDE 56
n2
→ write 12 ← ack → read ← 12 → read → write 20
Thursday, November 8, 12
SLIDE 57
Thursday, November 8, 12
SLIDE 58
Thursday, November 8, 12
SLIDE 59
Partitioning
Thursday, November 8, 12
SLIDE 60
Thursday, November 8, 12
SLIDE 61
Thursday, November 8, 12
SLIDE 62
G1 = {n1, n2, n3, n4,
n5, n6, n7, n16, n17, n18, n19, n20}
G2 = {n8, n9, n10, n11,
n12, n13, n14, n15}
Thursday, November 8, 12
SLIDE 63
G1 = {n1, n2, n3, n4,
n5, n6, n7, n16, n17, n18, n19, n20}
G2 = {n8, n9, n10, n11,
n12, n13, n14, n15}
Thursday, November 8, 12
SLIDE 64
Thursday, November 8, 12
SLIDE 65
Theorem
Thursday, November 8, 12
SLIDE 66
Shared atomic object Network divided into {G1, G2} All messages between G1 and G2 are lost Asynchronous message-passing network
Thursday, November 8, 12
SLIDE 67
Suppose algorithm A meets all 3 of C, A, & P .
Thursday, November 8, 12
SLIDE 68
v0 time
write v1
G1
α1
Thursday, November 8, 12
SLIDE 69
v0 time
read ←v0
G2
α2
Thursday, November 8, 12
SLIDE 70
v0 time
write v1
G1
read ←v0
G2
α = α1 + α2
Thursday, November 8, 12
SLIDE 71
Thursday, November 8, 12
SLIDE 72
loophole noun
Thursday, November 8, 12
SLIDE 73
loophole noun
- 1. A way of escaping a difficulty, especially an
- mission or ambiguity in the wording of a
contract or law that provides a means of evading compliance.
Thursday, November 8, 12
SLIDE 74
loophole noun
- 1. A way of escaping a difficulty, especially an
- mission or ambiguity in the wording of a
contract or law that provides a means of evading compliance.
- 2. A small hole or slit in a wall, especially one
through which small arms may be fired.
Thursday, November 8, 12
SLIDE 75
Loophole 1
Thursday, November 8, 12
SLIDE 76
HQ9+
Thursday, November 8, 12
SLIDE 77
Thursday, November 8, 12
SLIDE 78
H Prints “Hello, World!”
Thursday, November 8, 12
SLIDE 79
H Prints “Hello, World!” Q Prints source text
Thursday, November 8, 12
SLIDE 80
H Prints “Hello, World!” Q Prints source text 9 Prints lyrics to 99 bottles
Thursday, November 8, 12
SLIDE 81
H Prints “Hello, World!” Q Prints source text 9 Prints lyrics to 99 bottles + Increments the register
Thursday, November 8, 12
SLIDE 82
Distributed HQ9+
Thursday, November 8, 12
SLIDE 83
H Prints “Hello, World!” Q Prints source text 9 Prints lyrics to 99 bottles
Thursday, November 8, 12
SLIDE 84
H Prints “Hello, World!” Q Prints source text 9 Prints lyrics to 99 bottles + Increments the distributed register
Thursday, November 8, 12
SLIDE 85
Thursday, November 8, 12
SLIDE 86
Loophole 2
Thursday, November 8, 12
SLIDE 87
Write Once, Immutable Thereafter
Thursday, November 8, 12
SLIDE 88
“Reading from immutable data is really fun, easy, and trivially consistent.”
- - Eric Brewer, about an hour ago
Thursday, November 8, 12
SLIDE 89
v0 time
G1 G2
Thursday, November 8, 12
SLIDE 90
v0 time
G1 G2
read ←v0 read ←v0 read ←v0 read ←v0
Thursday, November 8, 12
SLIDE 91
v0 time
G1 G2
read ←v0 read ←v0 read ←v0 read ←v0 read ←v0 read ←v0 read ←v0
Thursday, November 8, 12
SLIDE 92
A = v0
time
read A
←v0
G1
read B
←w0
G2
new C, X
read B
←w0
read C
←X
read A
←v0
B = w0
Thursday, November 8, 12
SLIDE 93
A = v0
time
read A
←v0
G1
read B
←w0
G2
new C, X
read B
←w0
read C
←X
read A
←v0
B = w0
Thursday, November 8, 12
SLIDE 94
A bit of trickery?
Thursday, November 8, 12
SLIDE 95
Loophole 3
Thursday, November 8, 12
SLIDE 96
An older definition
- f consistency
Thursday, November 8, 12
SLIDE 97
The data base consists of entities which are related in certain ways. These relationships are best thought of as assertions about the data.
Thursday, November 8, 12
SLIDE 98
Examples of such assertions are: “Names is an index for Telephone_numbers.” “The value of Count_of_X gives the number of employees in department X.”
Thursday, November 8, 12
SLIDE 99
The data base is said to be consistent if it satisfies all its assertions. In some cases, the data base must become temporarily inconsistent in order to transform it to a new consistent state.
From "Granularity of Locks and Degrees of Consistency in a Shared Data Base", J.N. Gray, R.A. Lorie, G.R. Putzolu, I.L. Traiger, 1976
Thursday, November 8, 12
SLIDE 100
The data base is said to be consistent if it satisfies all its assertions. In some cases, the data base must become temporarily inconsistent in order to transform it to a new consistent state.
From "Granularity of Locks and Degrees of Consistency in a Shared Data Base", J.N. Gray, R.A. Lorie, G.R. Putzolu, I.L. Traiger, 1976 From "Granularity of Locks and Degrees of Consistency in a Shared Data Base", J.N. Gray, R.A. Lorie, G.R. Putzolu, I.L. Traiger, 1976
Thursday, November 8, 12
SLIDE 101
Consistency is a predicate C on entities and their values. The predicate is generally not known to the system but is embodied in the structure of the transactions.
From "Transactions and Consistency in Distributed Database Systems", I.L. Traiger, J.N. Gray, C.A. Galtieri, and B.G. Lindsay, 1982
Thursday, November 8, 12
SLIDE 102
Can this kind of consistency be maintained in a distributed system?
Thursday, November 8, 12
SLIDE 103
V = v0 time
G1 G2
read V
←v0 read X ←x1
X = x0
write X, x1 write V, v1
Thursday, November 8, 12
SLIDE 104
V = v0 time
G1 G2
read V
←v0 read X ←x1
read V
←v0 write V, v1 write X, x1
read X
←x1
X = x0
write X, x1 write V, v1
Thursday, November 8, 12
SLIDE 105
C R D T
Thursday, November 8, 12
SLIDE 106
C R D T Commutative Replicated Data Type
Thursday, November 8, 12
SLIDE 107
Loophole 4
Thursday, November 8, 12
SLIDE 108
Partition A: <Ca, Ga, a1, a2, …, an>
Thursday, November 8, 12
SLIDE 109
Partition A: <Ca, Ga, a1, a2, …, an> Ca
Consistency predicate over a1… an
Thursday, November 8, 12
SLIDE 110
Partition A: <Ca, Ga, a1, a2, …, an> Ca
Consistency predicate over a1… an
Ga
Subset of nodes in network
Thursday, November 8, 12
SLIDE 111
Partition A: <Ca, Ga, a1, a2, …, an> Ca
Consistency predicate over a1… an
Ga
Subset of nodes in network
ai
Value of variable i
Thursday, November 8, 12
SLIDE 112
Partition A: <Ca, Ga, a1, a2, …, an> Ca
Consistency predicate over a1… an
Ga
Subset of nodes in network
ai
Value of variable i
Thursday, November 8, 12
SLIDE 113
Partition A: <Ca, Ga, a1, a2, …, an>
Thursday, November 8, 12
SLIDE 114
Partition A: <Ca, Ga, a1, a2, …, an>
Thursday, November 8, 12
SLIDE 115
Partition A: <Ca, Ga, a1, a2, …, an> Partition B: <Cb, Gb, b1, b2, …, bm>
Thursday, November 8, 12
SLIDE 116
Ga Gb
WAN
LOHRs LOHRs
Thursday, November 8, 12
SLIDE 117
Loophole 5
Thursday, November 8, 12
SLIDE 118
Bounded Consistency
Thursday, November 8, 12
SLIDE 119
Thursday, November 8, 12
SLIDE 120
Core
Thursday, November 8, 12
SLIDE 121
Core Nebula
Thursday, November 8, 12
SLIDE 122
Thursday, November 8, 12
SLIDE 123
RDBMS
Thursday, November 8, 12
SLIDE 124
RDBMS Memcached
Thursday, November 8, 12
SLIDE 125
Thursday, November 8, 12
SLIDE 126
Item Display A & P
Heavy caching
Bid History C & P
Strong consistency
Thursday, November 8, 12
SLIDE 127
Loophole 6
Thursday, November 8, 12
SLIDE 128
Stop building distributed systems
Thursday, November 8, 12
SLIDE 129
Loophole 7
Thursday, November 8, 12
SLIDE 130
Get a better network!
Thursday, November 8, 12
SLIDE 131
Asynchronous message passing
Thursday, November 8, 12
SLIDE 132
Asynchronous message passing That’s UDP!
Thursday, November 8, 12
SLIDE 133
Semi-synchronous network
Lost messages are detected after time t (by a missed acknowledgement)
Thursday, November 8, 12
SLIDE 134
“Delayed-t Consistency”
A partial ordering P orders all writes, and all reads with respect to writes. The value of every read is the one written by the previous write, where “previous” is under P . The order in P is consistent with the order of read and write requests at each node. If all messages are delivered and an operation θ Φ Φ
Thursday, November 8, 12
SLIDE 135
The value of every read is the one written by the previous write, where “previous” is under P . The order in P is consistent with the order of read and write requests at each node. If all messages are delivered and an operation θ completes before Φ begins, then Φ does not precede θ in P . Assume an interval greater than t in which no messages are lost. Further assume that θ begins before the interval and Φ begins after the interval
- ends. Then Φ does not precede θ in P
.
Thursday, November 8, 12
SLIDE 136
“Delayed-t Consistency”
Thursday, November 8, 12
SLIDE 137
“Eventual Consistency”
Thursday, November 8, 12
SLIDE 138
Loophole 7
Thursday, November 8, 12
SLIDE 139
Loophole 7
×
Thursday, November 8, 12
SLIDE 140
Loophole 8
Thursday, November 8, 12
SLIDE 141
Loophole 8 Use the Force
Thursday, November 8, 12
SLIDE 142
Relativistic Quantum Field Theory
Thursday, November 8, 12
SLIDE 143
Thursday, November 8, 12
SLIDE 144
Thursday, November 8, 12
SLIDE 145
Thursday, November 8, 12
SLIDE 146
Thursday, November 8, 12
SLIDE 147
GPS
Thursday, November 8, 12
SLIDE 148
Loophole 9
Thursday, November 8, 12
SLIDE 149
Redefine availability
Thursday, November 8, 12
SLIDE 150
Normal Operation Partition Detected Query Alter Available Available Available Not available
Thursday, November 8, 12
SLIDE 151
ASYMMETRY OF TIME
Send Request
Thursday, November 8, 12
SLIDE 152
Send Request
100 ms 200 ms
ASYMMETRY OF TIME
Thursday, November 8, 12
SLIDE 153
Send Request
100 ms 200 ms 300 ms 400 ms 500 ms 600 ms
ASYMMETRY OF TIME
Thursday, November 8, 12
SLIDE 154
Send Request
100 ms 200 ms 300 ms 400 ms 500 ms 600 ms
Time Out
ASYMMETRY OF TIME
Thursday, November 8, 12
SLIDE 155
900 100 200 300 400 500 600 700 800 1 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9
Time Elapsed (ms) Confidence of Response before Timeout
Thursday, November 8, 12
SLIDE 156
Send Request
100 ms 200 ms 300 ms 400 ms 500 ms 600 ms
Time Out Response Arrives
ASYMMETRY OF TIME
Thursday, November 8, 12
SLIDE 157
To the observer, there is no difference between “too slow” and “not there”.
Thursday, November 8, 12
SLIDE 158
P A C E L C
Thursday, November 8, 12
SLIDE 159
P A C E L C
Thursday, November 8, 12
SLIDE 160
Partition? L C A C
Thursday, November 8, 12
SLIDE 161
Partition? L C
Yes
A C
Thursday, November 8, 12
SLIDE 162
Partition? Availability Consistency L C
Yes vs
A C
Thursday, November 8, 12
SLIDE 163
Partition? Availability Consistency
Yes No vs
L C
Thursday, November 8, 12
SLIDE 164
Partition? Availability Consistency Latency Consistency
Yes No vs vs
L C
Thursday, November 8, 12
SLIDE 165
Loophole 10
Thursday, November 8, 12
SLIDE 166
OBSERVABLE CONSISTENCY
Thursday, November 8, 12
SLIDE 167
Porky Pig’s Window Shade
If Porky Pig is looking at the window shade, it will be down. If he is looking away from the window shade, it will be up.
Thursday, November 8, 12
SLIDE 168
FIRST DIMENSION
X1 = {looking, not looking}
Thursday, November 8, 12
SLIDE 169
SECOND DIMENSION
X1 = {looking, not looking} X2 = {shade open, shade closed}
Thursday, November 8, 12
SLIDE 170
FORBIDDEN STATES
X1 = {looking, not looking} X2 = {shade open, shade closed}
Thursday, November 8, 12
SLIDE 171
Back to “consistency” as a predicate over the state space
Thursday, November 8, 12
SLIDE 172
time t11 t12
Thursday, November 8, 12
SLIDE 173
Back to CAP
Thursday, November 8, 12
SLIDE 174
None of these make CAP “untrue”
Thursday, November 8, 12
SLIDE 175
None of these make CAP “untrue” Some of them operate under different assumptions.
Thursday, November 8, 12
SLIDE 176
Some of them are totally impractical.
Thursday, November 8, 12
SLIDE 177
Some of them are totally impractical. Some of them are in production today.
Thursday, November 8, 12
SLIDE 178
Finally, I’ll close with this bit of code:
Thursday, November 8, 12
SLIDE 179
Finally, I’ll close with this bit of code: QHH9Q+++
Thursday, November 8, 12
SLIDE 180
mtnygard@thinkrelevance.com @mtnygard
Michael T. Nygard Relevance, Inc.
Thursday, November 8, 12