http distributedcomponents net ilya sergey james r wilcox
play

` http://distributedcomponents.net Ilya Sergey James R. Wilcox - PowerPoint PPT Presentation

Apr 10, 2023 •35 likes •435 views

Programming and Proving with Distributed Protocols Disel: Distributed Separation Logic { P } c { Q } ` http://distributedcomponents.net Ilya Sergey James R. Wilcox Zach Tatlock Distributed Systems Distributed Infrastructure Distributed

  1. Programming and Proving with Distributed Protocols Disel: Distributed Separation Logic { P } c { Q } ` http://distributedcomponents.net Ilya Sergey James R. Wilcox Zach Tatlock

  2. Distributed Systems

  3. Distributed Infrastructure

  4. Distributed Applications

  5. Verified Distributed Systems

  6. Verified Distributed Infrastructure Veri- Wow -Cert Iron

  7. Verified Distributed Applications Veri- Wow -Cert Iron

  8. Verified Distributed Applications Veri- Wow Challenging to verify apps in terms of infra. starting from scratch is unacceptable Indicates deeper problems with composition one node’s client is another’s server! -Cert Iron

  9. Verified Distributed Applications Challenges Solutions Client reasoning Protocols Veri- Wow Invariants rule WithInv Separation rule/Hooks Frame ` { P } c { Q } -Cert Disel: Iron

  10. Outline ` { P } c { Q } Protocols and running example Logical mechanisms programming with protocols invariants framing and hooks Implementation and future work

  11. Cloud Compute 21 C S

  12. Cloud Compute

  13. Cloud Compute : Server while true: (from, n) <- recv Req send Resp(n, factors(n)) to from Traditional specification: messages from server have correct factors Proved by finding an invariant of the system

  14. Cloud Compute: Server

  15. Cloud Compute: Client

  16. Cloud Compute: Client send Req(21) to server (_, ans) <- recv Resp assert ans == {3, 7} Start over with clients in system? In Disel: use protocol to describe client interface

  17. Protocols

  18. Protocols A protocol is an interface among nodes Enables compositional verification

  19. Cloud Compute Protocol Messages: State: Transitions: Sends: precondition and effect Receives: effect

  20. Cloud Compute Protocol Messages: Req(n) | Resp(n,s) outstanding: Set<Msg> State: Transitions: Req Resp Sends: Receives: Req Resp

  21. Cloud Compute Req(21) C S Send Req(n) Precondition: none Effect: none

  22. Cloud Compute Req(21) ( C ,21) { } C S Receive Req(n) add (from, n) to out Effect:

  23. Cloud Compute { } C S Resp({3,7}) Send Resp(n,l) l == factors(n) Requires: (n,to) in out removes (n,to) from out Effect:

  24. Cloud Compute { } C S Resp({3,7}) Recv Resp(n,l) Effect: none

  25. Cloud Compute Protocol Messages: Req(n) | Resp(n,s) outstanding: Set<Msg> State: Transitions: Req Resp Sends: Receives: Req Resp

  26. Outline ` { P } c { Q } Protocols and running example Logical mechanisms programming with protocols invariants framing and hooks Implementation and future work

  27. Cloud Compute : Server while true: (from, n) <- recv Req send Resp(n, factors(n)) to from Precondition on send requires correct factors

  28. Cloud Compute: Server t ∈ { Pre } ` { } m h send m to h send m to h ( ) sent t t t , while true: (from, n) <- recv Req send Resp(n, factors(n)) to from Precondition on send requires correct factors

  29. Cloud Compute: Client send Req(21) to server (_, ans) <- recv Resp assert ans == {3, 7} recv doesn’t ensure correct factors

  30. Cloud Compute: Client t ∈ ` { > } m { recvd ( ) } recv m t send Req(21) to server (_, ans) <- recv Resp assert ans == {3, 7} recv doesn’t ensure correct factors

  31. Protocol Invariants ` { P } c { Q } I inductive 0 ` { P ∧ I } c { Q ∧ I } Protocol where every state satisfies I

  32. Cloud Compute: Client t ∈ 0 ` { > } m { recvd ( ) } recv m t send Req(21) to server (_, ans) <- recv Resp assert ans == {3, 7} Now recv ensures correct factors

  33. Cloud Compute: More Clients send Req(21) to server 1 send Req(35) to server 2 (_, ans 1 ) <- recv Resp (_, ans 2 ) <- recv Resp assert ans 1 ans 2 == {3, 5, 7} ∪ Same protocol enables verification

  34. Frame rule ` { P } c { Q } R stable independent protocols ` { P R } c { Q R } ∗ ∗ Reuse invariants from component protocols

  35. Frame rule: Hooks ` { P } c { Q } R stable ` { P R } c { Q R } ∗ ∗ Allows one protocol to restrict another

  36. Outline ` { P } c { Q } Protocols and running example Logical mechanisms programming with protocols invariants framing and hooks Implementation and future work

  37. Implementation Shallowly embedded in Coq with full power of functional programming Executable via extraction to OCaml via trusted shim to implement semantics Case study: two-phase commit exercises all features of the logic

  38. Related and Future Work Concurrent separation logics Iris, FCSL, CAP, … Adding other effects e.g. mutable heap, threads, failure…

  39. Composition: A way to make proofs harder “In 1997, the unfortunate reality is that engineers rarely specify and reason formally about the systems they build. It seems unlikely that reasoning about the composition of open-system specifications will be a practical concern within the next 15 years.”

  40. Verified Distributed Applications Challenges Solutions Client reasoning Protocols Veri- Wow Invariants rule WithInv Separation rule/Hooks Frame ` { P } c { Q } -Cert Disel: Iron

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

` http://distributedcomponents.net Ilya Sergey James R. Wilcox Zach Tatlock Distributed

` http://distributedcomponents.net Ilya Sergey James R. Wilcox Zach Tatlock Distributed

Programming and Proving with Distributed Protocols Disel: Distributed Separation Logic { P } c { Q } ` http://distributedcomponents.net Ilya Sergey James R. Wilcox Zach Tatlock Distributed Systems Distributed Infrastructure Distributed

727 views • 70 slides
` James R. Wilcox Zach Tatlock Ilya Sergey Distributed Systems Distributed Infrastructure

` James R. Wilcox Zach Tatlock Ilya Sergey Distributed Systems Distributed Infrastructure

Programming Language Abstractions for Modularly Verified Distributed Systems { P } c { Q } ` James R. Wilcox Zach Tatlock Ilya Sergey Distributed Systems Distributed Infrastructure Distributed Applications Verified Distributed Systems

794 views • 64 slides
Static Analysis and Code Optimizations in Glasgow Haskell Compiler Ilya Sergey

Static Analysis and Code Optimizations in Glasgow Haskell Compiler Ilya Sergey

Static Analysis and Code Optimizations in Glasgow Haskell Compiler Ilya Sergey ilya.sergey@gmail.com 12.12.12 1 The Goal Discuss what happens when we run ghc -O MyProgram.hs 2 The Plan Recall how laziness is implemented in GHC and

987 views • 74 slides
A Semantics for Context-Oriented Programming with Layers Dave Clarke and Ilya Sergey Katholieke

A Semantics for Context-Oriented Programming with Layers Dave Clarke and Ilya Sergey Katholieke

What is COP Problem description COP formalization A Semantics for Context-Oriented Programming with Layers Dave Clarke and Ilya Sergey Katholieke Universiteit Leuven {Dave.Clarke,Ilya.Sergey}@cs.kuleuven.be International workshop on

797 views • 35 slides
Functional Programming is Everywhere Ilya Sergey ilyasergey.net PLMW @ ICFP 2019 2

Functional Programming is Everywhere Ilya Sergey ilyasergey.net PLMW @ ICFP 2019 2

Functional Programming is Everywhere Ilya Sergey ilyasergey.net PLMW @ ICFP 2019 2 About myself MSc Saint Petersburg State University, 2008 PhD KU Leuven, 2008-2012 Currently Associate Professor (tenure-track) at Yale-NUS College

1.18k views • 91 slides
Reasoning about Byzantine Protocols Ilya Sergey ilyasergey.net Why Distributed Consensus is

Reasoning about Byzantine Protocols Ilya Sergey ilyasergey.net Why Distributed Consensus is

Reasoning about Byzantine Protocols Ilya Sergey ilyasergey.net Why Distributed Consensus is difficult? Arbitrary message delays (asynchronous network) Independent parties (nodes) can go offline (and also back online) Network

1.29k views • 72 slides
Programming and Proving with Concurrent Resources Ilya Sergey joint work with Aleks

Programming and Proving with Concurrent Resources Ilya Sergey joint work with Aleks

Programming and Proving with Concurrent Resources Ilya Sergey joint work with Aleks Nanevski, Anindya Banerjee, Ruy Ley-Wild and Germn Delbianco What and why Concurrency parallelism efficiency A gap between informal

1.54k views • 109 slides
Reasoning about Consensus Protocols Ilya Sergey ilyasergey.net Consensus Common meaning :

Reasoning about Consensus Protocols Ilya Sergey ilyasergey.net Consensus Common meaning :

Reasoning about Consensus Protocols Ilya Sergey ilyasergey.net Consensus Common meaning : a way for a set of parties to come to a shared agreement. In computing : ensuring that among the values proposed by a collection of

767 views • 63 slides
Mechanising Blockchain Consensus George Prlea and Ilya Sergey Monday, 8 January 2018 CPP2018

Mechanising Blockchain Consensus George Prlea and Ilya Sergey Monday, 8 January 2018 CPP2018

Mechanising Blockchain Consensus George Prlea and Ilya Sergey Monday, 8 January 2018 CPP2018 1 Context Hundreds of deployed public blockchains $600 625 675 735 755 780 820 billion total market cap (7 day progression since Jan 1 st )

1.32k views • 38 slides
Compositional Static Race Detection at Scale, without False Positives Ilya Sergey Joint work

Compositional Static Race Detection at Scale, without False Positives Ilya Sergey Joint work

Compositional Static Race Detection at Scale, without False Positives Ilya Sergey Joint work with Sam Blackshear, Peter OHearn, Nikos Gorogiannis Key Messages Static analyses for concurrency can be made scalable and precise . Unsound

827 views • 80 slides
Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski

Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski

Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski Anindya Banerjee PLDI 2015 Terminology Coarse-grained Concurrency synchronisation between threads via locks ; Fine-grained

973 views • 72 slides
A Concurrent Perspective on Smart Contracts Ilya Sergey Aquinas Hobor 1st Workshop on

A Concurrent Perspective on Smart Contracts Ilya Sergey Aquinas Hobor 1st Workshop on

A Concurrent Perspective on Smart Contracts Ilya Sergey Aquinas Hobor 1st Workshop on Trusted Smart Contracts 7 April 2017 class ConcurrentQueue &lt;E&gt; { public synchronized void enqueue(E elem) {} public synchronized E dequeue()

605 views • 21 slides
Microsoft Corporation http://www.jeff.wilcox.name/ 2

Microsoft Corporation http://www.jeff.wilcox.name/ 2

Microsoft Corporation http://www.jeff.wilcox.name/ 2 3 Multimedia Display Codec acceleration 480x800 QVGA Other resolutions in the future Capacitive

1.16k views • 90 slides
Fixing Idioms A recursion primitive for Applicative DSLs Dominique Devriese Ilya Sergey Dave

Fixing Idioms A recursion primitive for Applicative DSLs Dominique Devriese Ilya Sergey Dave

Fixing Idioms A recursion primitive for Applicative DSLs Dominique Devriese Ilya Sergey Dave Clarke Frank Piessens Functional DSLs Functional languages are a good host for elegant DSLs Shallow functional embeddings inherit desirable

595 views • 14 slides
pointer-manipulating programs Nadia Polikarpova joint work with Ilya Sergey (Yale-NUS) follow

pointer-manipulating programs Nadia Polikarpova joint work with Ilya Sergey (Yale-NUS) follow

SuSLik: synthesis of safe pointer-manipulating programs Nadia Polikarpova joint work with Ilya Sergey (Yale-NUS) follow along https://github.com/TyGuS/suslik-tutorial 2 pointer-manipulating programs network / security operating systems

1.23k views • 105 slides
Calculating Graph Algorithms for Dominance and Shortest Path Ilya Sergey Jan Midtgaard

Calculating Graph Algorithms for Dominance and Shortest Path Ilya Sergey Jan Midtgaard

Calculating Graph Algorithms for Dominance and Shortest Path Ilya Sergey Jan Midtgaard Dave Clarke MPC 2012 How to derive two graph algorithms by means of Abstract Interpretation ? Abstract Interpretation Abstract Interpretation

1.27k views • 101 slides
MobileIron Introduction 2007 Company founded purpose-built for multi-OS mobility MobileIron

MobileIron Introduction 2007 Company founded purpose-built for multi-OS mobility MobileIron

MobileIron Introduction 2007 Company founded purpose-built for multi-OS mobility MobileIron firsts: 2009 Enterprise app store BYOD privacy BYOD selective wipe 4000+ Customers globally Of Fortune 500 / 200+ Global 2000 97%

222 views • 7 slides
Iron Mountain Reports First Quarter 2018 Results BOSTON April 26, 2018 Iron Mountain

Iron Mountain Reports First Quarter 2018 Results BOSTON April 26, 2018 Iron Mountain

FOR IMMEDIATE RELEASE Iron Mountain Reports First Quarter 2018 Results BOSTON April 26, 2018 Iron Mountain Incorporated (NYSE: IRM), the storage and information management services company, announces financial and operating results for the

783 views • 66 slides
Delivering value through the cycle Michael Gollschewski, managing director Pilbara Mines Global

Delivering value through the cycle Michael Gollschewski, managing director Pilbara Mines Global

Delivering value through the cycle Michael Gollschewski, managing director Pilbara Mines Global Iron Ore &amp; Steel Forecast Conference 8 March 2016, Hyatt Regency, Perth First iron ore shipment from Dampier August 1966 2 Cautionary

385 views • 10 slides
Essex-Hudson Greenway Ice &amp; Iron Greenway East Coast Greenway September 11th Memorial Trail

Essex-Hudson Greenway Ice &amp; Iron Greenway East Coast Greenway September 11th Memorial Trail

Essex-Hudson Greenway Ice &amp; Iron Greenway East Coast Greenway September 11th Memorial Trail New Jersey Bike &amp; Walk Coalition East Coast Greenway Alliance September 11 th National Memorial Trail Alliance What is the Ice &amp; Iron

558 views • 19 slides
Depth of maximum of air-shower profiles at the Pierre Auger Observatory: Measurements above 10

Depth of maximum of air-shower profiles at the Pierre Auger Observatory: Measurements above 10

Depth of maximum of air-shower profiles at the Pierre Auger Observatory: Measurements above 10 17.2 eV and Composition Implications Jose Bellido The University of Adelaide 1 for the Pierre Auger Collaboration 2 1 The University of Adelaide,

473 views • 29 slides
Status of Partial Return Yoke Holger Witte Brookhaven National Laboratory Advanced Accelerator

Status of Partial Return Yoke Holger Witte Brookhaven National Laboratory Advanced Accelerator

Status of Partial Return Yoke Holger Witte Brookhaven National Laboratory Advanced Accelerator Group 30 May 2014 1 Overview Introduction and Concept Performance Engineering Timeline 30 May 2014 2 Partial Return Yoke MICE

607 views • 24 slides
Learned about: LSH/Similarity search &amp; recommender systems Search: jaguar

Learned about: LSH/Similarity search &amp; recommender systems Search: jaguar

Learned about: LSH/Similarity search &amp; recommender systems Search: jaguar Uncertainty about the users information need Dont put all eggs in one basket! Relevance isnt everything need diversity ! 5/28/20 Tim

962 views • 59 slides
WHEN N KINGDOMS OMS COL OLLAPS LAPSE Now it will come about in the last days, the mountain

WHEN N KINGDOMS OMS COL OLLAPS LAPSE Now it will come about in the last days, the mountain

WHEN N KINGDOMS OMS COL OLLAPS LAPSE Now it will come about in the last days, the mountain of the house of the Lord will be established as the chief of mountainsand all the nations will stream to it. And many people will come and say,

445 views • 19 slides

More recommend