haryadi s gunawi pallavi joshi peter alvaro
play

Haryadi S. Gunawi, Pallavi Joshi, Peter Alvaro, ! Joseph M. - PowerPoint PPT Presentation

Aug 26, 2023 •98 likes •503 views

Haryadi S. Gunawi, Pallavi Joshi, Peter Alvaro, ! Joseph M. Hellerstein, and Koushik Sen ! ! Thanh Do, Andrea C. Arpaci-Dusseau, ! and Remzi H. Arpaci-Dusseau ! ! Dhruba Borthakur ! 1 ! Cloud ! " Thousands of commodity machines ! "

  1. Haryadi S. Gunawi, Pallavi Joshi, Peter Alvaro, ! Joseph M. Hellerstein, and Koushik Sen ! ! Thanh Do, Andrea C. Arpaci-Dusseau, ! and Remzi H. Arpaci-Dusseau ! ! Dhruba Borthakur ! 1

  2. ! Cloud ! " Thousands of commodity machines ! " “Rare (HW) failures become frequent” [Hamilton] ! ! Failure recovery ! " “… has to come from the software” [Dean] ! " “… must be a first-class op” [Ramakrishnan et al.] ! " But ... hard to get right ! 2

  3. Cloudy ! ! with a chance of ! ! failure ! More in literature: ! - Data loss, whole-system down in Google Chubby [Burrows06] ! - 91 recovery issues found in HDFS over 4 years ! - ... ! 3

  4. ! Testing is not advanced enough ! " Cloud systems face complex multiple, diverse failures ! ! Recovery is under-specified ! " Lots of custom recovery ! " Implementation is complex ! ! Need two advancements: ! " Exercise complex failure modes ! " Write recovery specifications and test the implementation ! 4

  5. FATE ! Cloud software ! Failure Testing ! ! ! Service ! X 1 ! X 2 ! DESTINI ! Declarative Testing ! Violate ! Specifications ! specs? ! 5

  6. ! FATE ! " Exercise multiple, diverse failures ! - Over 40,000 unique combinations (80 hours) ! - Challenge: combinatorial explosion of multiple failures ! " Pruning strategies for failure exploration ! - An order of magnitude speedup ! - Found the same #bugs ! ! DESTINI ! " Facilitate recovery specifications ! - Reliability and availability related ! " Clear and concise (use Datalog, 5 lines/check) ! " Design patterns ! 6

  7. ! Target 3 cloud systems ! " HDFS (primary target), Cassandra, and ZooKeeper ! ! HDFS recovery bugs ! " Found 16 new bugs (+6 in newest) ! ! Problems found ! " Data loss ! - Buggy recovery wipes out all replicas ! " Unavailability ! - Broken rack-aware policy ! - Can’t restart after failures ! 7

  8. ! Introduction ! ! FATE ! " Failure IDs: abstraction for failure exploration ! " Pruning strategies ! ! DESTINI ! ! Evaluation ! ! Conclusion ! 8

  9. Setup ! Stage ! M ! C ! 1 2 ! 3 ! HadoopFS (HDFS) ! Alloc Req ! Write ! Protocol ! Data ! Transfer ! No failures ! M ! C ! 1 2 ! 3 ! M ! C ! 2 ! 3 ! 4 ! 1 X 1 X 2 Data Transfer Recovery: ! Setup Recovery: ! Continue on surviving nodes ( 1 , 2) ! Recreate fresh pipeline ( 1 , 2, 4) ! 9 !

  10. ! Failures ! " Anytime: different stages # different recovery ! " Anywhere: N2 crash, and then N3 ! " Any type: bad disks, partitioned nodes/racks ! ! FATE ! " Systematically exercise multiple, diverse failures ! " How? need to “remember” failures – via failure IDs ! M ! C ! 1 ! 2 ! 3 ! M ! C ! 1 ! 2 ! 3 ! 4 ! 10

  11. ! Abstraction of I/O failures ! ! Building failure IDs ! " Intercept every I/O ! " Inject possible failures ! - Ex: crash, network partition, disk failure (LSE/corruption) ! OutputStream.read() in ! BlockReceiver.java ! Node2 ! Node3 ! I/O ! <stack trace> ! information: ! X Net I/O from N3 to N2 ! “Data Ack” ! Note: ! Injected failure: ! Crash After ! FIDs ! Failure ID: 2573 ! A, B, C, ... ! 11

  12. 1 failure / run ! 2 failures / run ! M ! C ! 1 2 ! 3 ! M ! C ! 1 2 ! 3 ! A ! A ! Exp # 1 : A ! AB ! B ! A ! A ! Exp #2: B ! AC ! B ! C ! B ! Exp #3: C ! A ! A ! BC ! C ! B ! B ! C ! 12 !

  13. ! Introduction ! ! FATE ! " Failure IDs: abstraction of failures ! " Pruning strategies for failure exploration ! ! DESTINI ! ! Evaluation ! ! Conclusion ! 13

  14. ! Exercised over 40,000 unique combinations of 1 , 2, and 3 failures per run ! " 80 hours of testing time! ! New challenge: ! Combinatorial explosion of multiple failures ! 1 2 ! 3 ! 2 failures / run ! A 1 A 3 A 2 A1 A2 A1 B2 B1 A2 B 1 B 3 B 2 B1 B2 ... 14

  15. ! Properties of multiple failures ! " Pairwise dependent failure IDs ! " Pairwise independent failure IDs ! ! Goal: exercise distinct recovery behaviors ! " Key: some failures result in similar recovery ! " Result: > 10x faster, and found the same bugs ! 15

  16. ! Failure dependency graph ! FID # Subseq FIDs ! " Inject single failures first ! A # X " Record subsequent dependent IDs ! B # X C # X, Y - Ex: X depends on A ! " Brute-force: AX, BX, CX, DX, CY, DY ! D # X, Y ! Recovery clustering ! A B C D " Two clusters: {X} and {X, Y} ! ! Only exercise distinct clusters ! Y X " Pick a failureID that triggers a recovery cluster ! " Results: AX, CX, CY ! 16

  17. 2 ! 3 ! 1 ! Independent combinations ! A 1 A 3 A 2 " Ex: FP = 2, N = 3 ! " FP 2 x N (N – 1 ) ! B 1 B 3 B 2 ! Symmetric code ! 2 ! 3 ! 1 " Just pick two nodes ! " N (N – 1 ) # 2 ! A 1 A 3 A 2 " FP 2 x 2 ! B 1 B 3 B 2 17

  18. ! FP 2 bottleneck ! A 1 A 2 " Ex: FP = 4 ! B 1 B 2 " Real example: FP = 15 ! C 1 C 2 ! Recovery clustering ! D 1 D 2 " Cluster A and B if: ! fail(A) == fail(B) ! A 1 A 2 " Reduce FP 2 to FP 2 clustered ! B 1 B 2 " E.g.15 FPs to 8 FPs clustered ! C 1 C 2 D 1 D 2 18

  19. ! Contributions ! " Exercise multiple, diverse failures (via failure IDs) ! " Pruning strategies (> 10x improvement) ! ! Limitations ! " I/O reordering ! " Inclusion of states to failure IDs ! " More failure modes ! - Transient, slow-down, and data-center partitioning ! 19

  20. ! Introduction ! ! FATE ! ! DESTINI: Declarative Testing Specifications ! ! Evaluation ! ! Conclusion ! 20

  21. ! Is the system correct under failures? ! " Need to write specifications ! " FATE needs DESTINI ! Test ! Specs ! [It is] great to document (in a spec) the HDFS write protocol ... ! ! …, but we shouldn't spend too Implemen- ! much time on it, … a formal spec tation ! X 2 may be overkill for a protocol we X 1 plan to deprecate imminently. ! 21

  22. ! How to write specifications? ! " Developer friendly (clear, concise, easy) ! ! Datalog: a declarative relational logic language ! " Easy to express logical relations ! " (just for writing specifications) ! 22

  23. ! How to write specs? ! Specs ! " Violations ! " Expectations ! " Facts ! Implemen- ! tation ! ! How to write recovery specs? ! " “... recovery is under specified” [Hamilton] ! " Precise failure events ! " Precise check timings ! ! How to test implementation? ! " Interpose I/O calls (lightweight) ! " Deduce expectations and facts from I/O events ! ! 23

  24. “Throw a violation if ! an expectation is different from ! the actual behavior” ! violationTable(…) :- ! expectationTable(…), ! NOT -IN actualTable(…) ! ! head() :- predicates(), … ! Datalog syntax: ! :- derivation ! , AND ! 24

  25. M ! C ! 1 2 ! 3 ! “Block replicas should ! exist in surviving nodes” ! X Data ! B ! B ! Transfer ! incorrectNodes ! actualNodes ! expectedNodes ! (Block, Node) ! (Block, Node) ! (Block, Node) ! B Node 1 B Node 1 B Node 2 B Node 2 incorrectNodes(B, N) :- expectedNodes(B, N), NOT -IN actualNodes(B, N); ! 25

  26. M ! C ! 1 2 ! 3 ! X B ! B ! incorrectNodes ! expectedNodes ! actualNodes ! (Block, Node) ! (Block, Node) ! (Block, Node) ! B Node 2 B Node 1 B Node 1 B Node 2 incorrectNodes(B, N) :- expectedNodes(B, N), NOT -IN actualNodes(B, N); ! 26

  27. 1 2 ! 3 ! ! Ex: which nodes should M ! C ! have the blocks? ! X " Deduce expectations 2 from I/O events (italic) ! expectedNodes ! (Block, Node) ! C ! M ! B Node 1 getBlockPipe(…) ! B Node 2 Give me 3 nodes for B ! B Node 3 [Node 1 , Node2, Node3] ! expectedNodes (B, N) :- ! getBlockPipe (B, N); ! # 1 : incorrectNodes(B, N) :- expectedNodes(B, N), NOT -IN actualNodes(B, N); ! 27

  28. expectedNodes ! (Block, Node) ! DEL expectedNodes (B, N) :- ! B Node 1 expectedNodes (B, N), ! B Node 2 fateCrashNode (N) ! B Node 3 M ! C ! 2 ! 3 ! 1 DESTINI ! needs ! X FATE ! B ! B ! # 1 : incorrectNodes(B, N) :- expectedNodes(B, N), NOT -IN actualNodes(B, N); ! #2: expectedNodes(B, N) :- getBlockPipe (B,N); ! 28

  29. DEL expectedNodes (B, N) :- ! expectedNodes (B, N), ! fateCrashNode (N), ! Precise failure events # ! writeStage (B, Stage), ! Stage == “ Data Transfer”; ! # 1 : incorrectNodes(B,N) ! :- expectedNodes(B,N), NOT -IN actualNodes(B,N) ! #2: expectedNodes(B,N) ! :- getBlockPipe (B,N); ! #3: expectedNodes(B,N) ! :- expectedNodes(B,N), fateCrashNode(N), ! writeStg (B,Stage), Stage == “DataTr” ! ! #4: writeStg (B, “DataTr”) ! :- writeStg (B,“Setup”), nodesCnt(Nc), acksCnt (Ac), Nc==Ac ! #5: nodesCnt (B, CNT<N>) ! :- pipeNodes (B, N); ! #6: pipeNodes (B, N) ! :- getBlockPipe (B, N); ! #7: acksCnt (B, CNT<A>) ! :- setupAcks (B, P , “OK”); ! #8: setupAcks (B, P , A) ! :- setupAck (B, P , A); ! ! 29

  30. ! Recovery ≠ invariant ! # 1 : ! " If recovery is ongoing, ! incorrectNodes(B, N) :- ! invariants are violated ! expectedNodes(B, N), ! " Don’t want false alarms ! NOT -IN actualNodes(B, N), ! ! Need precise check timings ! completeBlock (B); ! " Ex: upon block completion ! 30

  31. ! Support recovery specs ! " Reliability and availability related ! " Clear and concise (use Datalog) ! ! Design patterns ! " Add detailed specs ! " Write specs from different views (global, client, ...) ! " Incorporate diverse failures (crashes, rack partitions) ! " ... more in the paper ! 31

  32. ! Introduction ! ! FATE ! ! DESTINI ! ! Evaluation and conclusion ! 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Towards Automatically Checking Thousands of Failures with Micro-Specifications Haryadi S. Gunawi,

Towards Automatically Checking Thousands of Failures with Micro-Specifications Haryadi S. Gunawi,

Towards Automatically Checking Thousands of Failures with Micro-Specifications Haryadi S. Gunawi, Thanh Do , Pallavi Joshi, Joseph M. Hellerstein, Andrea C. Arpaci-Dusseau , Remzi H. Arpaci-Dusseau , Koushik Sen University of

1.84k views • 98 slides
EIO: ERROR CHECKING IS OCCASIONALLY CORRECT HARYADI S. GUNAWI, CINDY RUBIO-GONZLEZ, ANDREA C.

EIO: ERROR CHECKING IS OCCASIONALLY CORRECT HARYADI S. GUNAWI, CINDY RUBIO-GONZLEZ, ANDREA C.

Department of Computer Science Institute of System Architecture, Operating Systems Group EIO: ERROR CHECKING IS OCCASIONALLY CORRECT HARYADI S. GUNAWI, CINDY RUBIO-GONZLEZ, ANDREA C. ARPACI-DUSSEAU, REMZI H. ARPACI-DUSSEAU, BEN LIBLIT CARSTEN

842 views • 17 slides
Error Propagation Analysis for File Systems Cindy Rubio-Gonzlez, Haryadi S. Gunawi, Ben

Error Propagation Analysis for File Systems Cindy Rubio-Gonzlez, Haryadi S. Gunawi, Ben

Error Propagation Analysis for File Systems Cindy Rubio-Gonzlez, Haryadi S. Gunawi, Ben Liblit, Remzi H. Arpaci-Dusseau, and Andrea C. Arpaci-Dusseau University of Wisconsin-Madison PLDI09 ECS 289C Seminar on Program

554 views • 30 slides
EIO : E rror-handling i s O ccasionally Correct Haryadi S. Gunawi , Cindy Rubio-Gonzlez, Andrea

EIO : E rror-handling i s O ccasionally Correct Haryadi S. Gunawi , Cindy Rubio-Gonzlez, Andrea

EIO : E rror-handling i s O ccasionally Correct Haryadi S. Gunawi , Cindy Rubio-Gonzlez, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau, Ben Liblit University of Wisconsin Madison FAST 08 February 28, 2008 1 Robustness of File

381 views • 35 slides
Dedalus: Datalog in Time and Space Peter Alvaro, Ras Bodk,

Dedalus: Datalog in Time and Space Peter Alvaro, Ras Bodk,

Dedalus: Datalog in Time and Space Peter Alvaro, Ras Bodk, Neil Conway , Joe Hellerstein, David Maier (PSU), Bill Marczak, and Rusty Sears (Yahoo!

501 views • 26 slides
E2 E2E: E: Em Embr bracing ng Use ser Heterogene neity y to Im Impr prove e Qu Quality

E2 E2E: E: Em Embr bracing ng Use ser Heterogene neity y to Im Impr prove e Qu Quality

E2 E2E: E: Em Embr bracing ng Use ser Heterogene neity y to Im Impr prove e Qu Quality ality of Exper erien ience e on th the e Web eb Xu Zhang 1 , Siddhartha Sen 2 , Daniar Kurniawan 1 , Haryadi Gunawi 1 , Junchen Jiang 1 1

707 views • 37 slides
Data-centric Programming for Distributed Systems Chp2&amp;3.2 by Peter Alvaro, 2015 presenter:

Data-centric Programming for Distributed Systems Chp2&amp;3.2 by Peter Alvaro, 2015 presenter:

Data-centric Programming for Distributed Systems Chp2&amp;3.2 by Peter Alvaro, 2015 presenter: Irene (Ying) Yu 2016/11/16 1 Outline Disorderly programming Overview for overlog Implementation in protocols (two-phase commit)

1.02k views • 35 slides
Twizzler: A Data-Centric OS for Persistent Memory Daniel Bittman Peter Alvaro Pankaj Mehra

Twizzler: A Data-Centric OS for Persistent Memory Daniel Bittman Peter Alvaro Pankaj Mehra

Twizzler: A Data-Centric OS for Persistent Memory Daniel Bittman Peter Alvaro Pankaj Mehra Darrell Long Ethan Miller Center for Research in Storage Systems University of California, Santa Cruz 1 Hardware Trends sys_read ~100-300 ns

196 views • 17 slides
The CASE of FEMU: Cheap, Accurate, Scalable and Extensible Flash Emulator Huaicheng Li , Mingzhe

The CASE of FEMU: Cheap, Accurate, Scalable and Extensible Flash Emulator Huaicheng Li , Mingzhe

The CASE of FEMU: Cheap, Accurate, Scalable and Extensible Flash Emulator Huaicheng Li , Mingzhe Hao, Michael Hao Tong, + Swaminatahan Sundararaman*, Matias Bjrling , Haryadi S. Gunawi + * ceres.cs.uchicago.edu 2 FEMU @ FAST 18 What

239 views • 20 slides
Fractional-Overlap Declustered Parity: Evaluating Reliability for Storage Systems Huan Ke ,

Fractional-Overlap Declustered Parity: Evaluating Reliability for Storage Systems Huan Ke ,

1 1 Fractional-Overlap Declustered Parity: Evaluating Reliability for Storage Systems Huan Ke , Dominic Manno, David Bonnie, Haryadi S. Gunawi, Bradley W. Settlemyer 2 Correlated Failures Correlated failures within compressed time windows

184 views • 17 slides
Computational Anatomy: Simple Statistics on Interesting Spaces Sarang Joshi, Brad Davis, Peter

Computational Anatomy: Simple Statistics on Interesting Spaces Sarang Joshi, Brad Davis, Peter

Computational Anatomy: Simple Statistics on Interesting Spaces Sarang Joshi, Brad Davis, Peter Lorenzen and Guido Gerig Departments of Radiation Oncology, Biomedical Engineering and Computer Science University of North Carolina at Chapel Hill

304 views • 28 slides
CALM P ROGRAMMING THE C LOUD Joe Hellerstein Peter Alvaro A GENDA A GENDA Brief research

CALM P ROGRAMMING THE C LOUD Joe Hellerstein Peter Alvaro A GENDA A GENDA Brief research

B LOOM CALM P ROGRAMMING THE C LOUD Joe Hellerstein Peter Alvaro A GENDA A GENDA Brief research background from the BOOM project B i f h b k d f th BOOM j t http://boom.cs.berkeley.edu A taste of CS194 17 Programming the

580 views • 26 slides
Manylogs Improving CMR/SMR Disk Bandwidth &amp; Latency Tiratat Patana-anake , Vincentius

Manylogs Improving CMR/SMR Disk Bandwidth &amp; Latency Tiratat Patana-anake , Vincentius

Manylogs Improving CMR/SMR Disk Bandwidth &amp; Latency Tiratat Patana-anake , Vincentius Martin, Nora Sandler, Cheng Wu, and Haryadi S. Gunawi 2 Manylogs @ MSST 16 Got 100% of the read bandwidth User 1 Big Read 3 Many Got 50%

941 views • 53 slides
MapReduce Online Tyson Condie UC Berkeley Joint work with Neil Conway, Peter Alvaro, and Joseph

MapReduce Online Tyson Condie UC Berkeley Joint work with Neil Conway, Peter Alvaro, and Joseph

MapReduce Online Tyson Condie UC Berkeley Joint work with Neil Conway, Peter Alvaro, and Joseph M. Hellerstein (UC Berkeley) Khaled Elmeleegy and Russell Sears (Yahoo! Research) MapReduce Programming Model Think datacentric Apply a

775 views • 48 slides
Focusing on What Really Matters: Irrelevance Pruning in M&amp;S Alvaro Torralba, Peter

Focusing on What Really Matters: Irrelevance Pruning in M&amp;S Alvaro Torralba, Peter

Focusing on What Really Matters: Irrelevance Pruning in M&amp;S Alvaro Torralba, Peter Kissmann Saarland University, Germany SoCS 2015, June 11 Session with ICAPS 2015 Torralba, Kissmann From Dominance to Irrelevance Pruning SoCS 2015 1

1.28k views • 35 slides
DCatch: Automatically Detecting Distributed Concurrency Bugs in Cloud Systems Haopeng Liu ,

DCatch: Automatically Detecting Distributed Concurrency Bugs in Cloud Systems Haopeng Liu ,

1 DCatch: Automatically Detecting Distributed Concurrency Bugs in Cloud Systems Haopeng Liu , Guangpu Li, Jeffrey Lukman, Jiaxin Li, Shan Lu, Haryadi Gunawi, and Chen Tian* * 2 Cloud systems 3 Cloud systems 4 Distributed concurrency bugs

1.3k views • 93 slides
Ken Birman i Cornell University. CS5410 Fall 2008. Background for today Consider a system like

Ken Birman i Cornell University. CS5410 Fall 2008. Background for today Consider a system like

Ken Birman i Cornell University. CS5410 Fall 2008. Background for today Consider a system like Astrolabe. Node p announces: Ive computed the aggregates for the set of leaf nodes to which I belong hi h I b l It turns out that under

677 views • 42 slides
Diabetes: the key things to understand Naveed Sattar Professor of Metabolic Medicine Duality of

Diabetes: the key things to understand Naveed Sattar Professor of Metabolic Medicine Duality of

Diabetes: the key things to understand Naveed Sattar Professor of Metabolic Medicine Duality of Interest Declaration Consultant or speaker for: Eli Lilly, Boehringer Ingelheim, Janssen, AstraZeneca, Novo Nordisk, Sanofi Grants: Boehringer

1.08k views • 19 slides
NET ETRC C - Sum umme mer Web ebinar nar Ser eries es Se Septem ember ber 23, , 2014

NET ETRC C - Sum umme mer Web ebinar nar Ser eries es Se Septem ember ber 23, , 2014

NET ETRC C - Sum umme mer Web ebinar nar Ser eries es Se Septem ember ber 23, , 2014 www.netrc.org Andrew Solomon, MPH - Project Manager Danielle Louder Program Manager; Co-PI Dr. Terry Rabinowitz, DDS, MD Co-PI Judy Amour,

733 views • 37 slides
Critical Care Setting John G Toffaletti, PhD Director of Blood Gas and Clinical Pediatric Labs

Critical Care Setting John G Toffaletti, PhD Director of Blood Gas and Clinical Pediatric Labs

Use of Blood Lactate Measurements in the Critical Care Setting John G Toffaletti, PhD Director of Blood Gas and Clinical Pediatric Labs Professor of Pathology Duke University Medical Center Chief, VAMC Clinical Chemistry Lab Durham, NC

590 views • 42 slides
Keeping Movies Running Amid Thunderstorms Fault-tolerant Systems @ Netflix Sid Anand (@r39132)

Keeping Movies Running Amid Thunderstorms Fault-tolerant Systems @ Netflix Sid Anand (@r39132)

Keeping Movies Running Amid Thunderstorms Fault-tolerant Systems @ Netflix Sid Anand (@r39132) QCon SF 2011 1 Thursday, November 17, 2011 Backgrounder Netflix Then and Now 2 Thursday, November 17, 2011 Netflix Then and Now Netflix prior

766 views • 72 slides
Why do Internet services fail, and what can be done about it? David Oppenheimer

Why do Internet services fail, and what can be done about it? David Oppenheimer

Why do Internet services fail, and what can be done about it? David Oppenheimer davidopp@cs.berkeley.edu ROC Group, UC Berkeley ROC Retreat, June 2002 Slide 1 Motivation Little understanding of real problems in maintaining 24x7 Internet

713 views • 23 slides
Distributed Systems CS425/ECE428 01/29/2020 Logistics Slide policy: Lecture slides v1

Distributed Systems CS425/ECE428 01/29/2020 Logistics Slide policy: Lecture slides v1

Distributed Systems CS425/ECE428 01/29/2020 Logistics Slide policy: Lecture slides v1 By noon the day of the lecture. Lecture slides v2 By 6pm on the day of the lecture. MP0: Please sign up for groups if you have not

770 views • 50 slides
Multipath Transport, Resource Pooling, and implications for Routing Mark Handley , UCL and XORP,

Multipath Transport, Resource Pooling, and implications for Routing Mark Handley , UCL and XORP,

Multipath Transport, Resource Pooling, and implications for Routing Mark Handley , UCL and XORP, Inc Also: Damon Wischik , UCL Marcelo Bagnulo Braun , UC3M The members of Trilogy project: www.trilogy-project.org A few things that will stress

277 views • 25 slides

More recommend