parameterized model checking of fault tolerant
play

Parameterized Model Checking of Fault-tolerant Distributed - PowerPoint PPT Presentation

Oct 21, 2023 •223 likes •939 views

Parameterized Model Checking of Fault-tolerant Distributed Algorithms by Abstraction Annu John Igor Konnov Ulrich Schmid Helmut Veith Josef Widder FMCAD13 Portland, OR, USA, Oct 20-23, 2013 Igor Konnov (www.forsyte.at) Parameterized

  1. Parameterized Model Checking of Fault-tolerant Distributed Algorithms by Abstraction Annu John Igor Konnov Ulrich Schmid Helmut Veith Josef Widder FMCAD’13 Portland, OR, USA, Oct 20-23, 2013 Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 1 / 30

  2. Why fault-tolerant (FT) distributed algorithms faults not in the control of system designer bit-flips in memory power outage disconnection from the network intruders take control over some computers Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 2 / 30

  3. Why fault-tolerant (FT) distributed algorithms faults not in the control of system designer bit-flips in memory power outage disconnection from the network intruders take control over some computers distributed algorithms intended to make systems more reliable even in the presence of faults replicate processes exchange messages do coordinated computation goal: keep replicated processes in “good state” Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 2 / 30

  4. Fault-tolerant distributed algorithms n n processes communicate by messages Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 3 / 30

  5. Fault-tolerant distributed algorithms n ? ? ? t n processes communicate by messages all processes know that at most t of them might be faulty Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 3 / 30

  6. Fault-tolerant distributed algorithms n ? ? ? t f n processes communicate by messages all processes know that at most t of them might be faulty f are actually faulty resilience conditions, e.g., n > 3 t ∧ t ≥ f ≥ 0 no masquerading: the processes know the origin of incoming messages Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 3 / 30

  7. Fault models from benign to Byzantine clean crashes: faulty processes prematurely halt after/before “send to all” crash faults: faulty processes prematurely halt (also) in the middle of “send to all” omission faults: faulty processes follow the algorithm, but some messages sent by them might be lost symmetric faults: faulty processes send arbitrarily to all or nobody Byzantine faults: faulty processes can do anything hybrid models: combinations of the above Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 4 / 30

  8. Automated Verification? Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 5 / 30

  9. Fault-tolerant DAs: Model Checking Challenges unbounded data types counting how many messages have been received parameterization in multiple parameters among n processes f ≤ t are faulty with n > 3 t contrast to concurrent programs fault tolerance against adverse environments degrees of concurrency many degrees of partial synchrony continuous time fault-tolerant clock synchronization Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 6 / 30

  10. Importance of liveness in distributed algorithms Interplay of safety and liveness is a central challenge in DAs interplay of safety and liveness is non-trivial asynchrony and faults lead to impossibility results Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 7 / 30

  11. Importance of liveness in distributed algorithms Interplay of safety and liveness is a central challenge in DAs interplay of safety and liveness is non-trivial asynchrony and faults lead to impossibility results Rich literature to verify safety (e.g. in concurrent systems) Distributed algorithms perspective: “doing nothing is always safe” “tools verify algorithms that actually might do nothing” Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 7 / 30

  12. Model checking problem for fault-tolerant DA algorithms Parameterized model checking problem: given a distributed algorithm and spec. ϕ show for all n , t , and f satisfying n > 3 t ∧ t ≥ f ≥ 0 M ( n , t , f ) | = ϕ every M ( n , t , f ) is a system of n − f correct processes n n ? ? ? ? ? ? t t f Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 8 / 30

  13. Model checking problem for fault-tolerant DA algorithms Parameterized model checking problem: given a distributed algorithm and spec. ϕ show for all n , t , and f satisfying resilience condition M ( n , t , f ) | = ϕ every M ( n , t , f ) is a system of N ( n , f ) correct processes n n ? ? ? ? ? ? t t f Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 8 / 30

  14. Properties in Linear Temporal Logic Unforgeability (U). If v i = 0 for all correct processes i , then for all correct processes j , accept j remains 0 forever. �� n − f �� � � n − f � � G v i = 0 → G accept j = 0 i =1 j =1 Completeness (C). If v i = 1 for all correct processes i , then there is a correct process j that eventually sets accept j to 1. �� n − f �� � � n − f � � G v i = 1 → F accept j = 1 i =1 j =1 Relay (R). If a correct process i sets accept i to 1, then eventually all correct processes j set accept j to 1. �� n − f �� � � � n − f � G accept i = 1 → F accept j = 1 i =1 j =1 Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 9 / 30

  15. Properties in Linear Temporal Logic Unforgeability (U). If v i = 0 for all correct processes i , then for all correct processes j , accept j remains 0 forever. �� n − f �� � � n − f � � Safety G v i = 0 → G accept j = 0 i =1 j =1 Completeness (C). If v i = 1 for all correct processes i , then there is a correct process j that eventually sets accept j to 1. �� n − f �� � � n − f � � Liveness G v i = 1 → F accept j = 1 i =1 j =1 Relay (R). If a correct process i sets accept i to 1, then eventually all correct processes j set accept j to 1. �� n − f �� � � � n − f � Liveness G accept i = 1 → F accept j = 1 i =1 j =1 Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 9 / 30

  16. Threshold-guarded fault-tolerant distributed algorithms Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 10 / 30

  17. Threshold-guarded FTDAs Fault-free construct: quantified guards (t=f=0) Existential Guard if received m from some process then ... Universal Guard if received m from all processes then ... These guards allow one to treat the processes in a parameterized way Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 11 / 30

  18. Threshold-guarded FTDAs Fault-free construct: quantified guards (t=f=0) Existential Guard if received m from some process then ... Universal Guard if received m from all processes then ... These guards allow one to treat the processes in a parameterized way what if faults might occur? Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 11 / 30

  19. Threshold-guarded FTDAs Fault-free construct: quantified guards (t=f=0) Existential Guard if received m from some process then ... Universal Guard if received m from all processes then ... These guards allow one to treat the processes in a parameterized way what if faults might occur? Fault-Tolerant Algorithms: n processes, at most t are Byzantine Threshold Guard if received m from n − t processes then ... (the processes cannot refer to f !) Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 11 / 30

  20. Counting argument in threshold-guarded algorithms t + 1 n if received m from t + 1 processes then ... t f Correct processes count distinct incoming messages Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 12 / 30

  21. Counting argument in threshold-guarded algorithms t + 1 n if received m from t + 1 processes then ... t f Correct processes count distinct incoming messages Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 12 / 30

  22. Counting argument in threshold-guarded algorithms t + 1 n at least one non-faulty sent the message if received m from t + 1 processes then ... t f Correct processes count distinct incoming messages Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 12 / 30

  23. our abstraction at a glance Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 13 / 30

  24. Data + counter abstraction over parametric intervals n = 6, t = 1, f = 1 t + 1 = 2, n − t = 5 1 process at (accepted, received=5) 3 processes at (sent, received=3) nr. processes (counters) • 6 • 5 • 4 • 3 • 2 • 1 • 0 • • 0 • 1 • 2 • 3 • 4 • 5 • 6 • 0 • 1 • 2 • 3 • 4 • 5 • 6 received received accepted sent Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 14 / 30

  25. Data + counter abstraction over parametric intervals n = 6, t = 1, f = 1 t + 1 = 2, n − t = 5 nr. processes (counters) • 6 • 5 • 4 • 3 • 2 • 1 • 0 • 0 • • 1 • 2 • 3 • 4 • 5 • 6 • 0 • 1 • 2 • 3 • 4 • 5 • 6 received received accepted sent Igor Konnov (www.forsyte.at) Parameterized Model Checking of FTDAs... FMCAD’13 14 / 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SMT and POR beat Counter Abstraction Parameterized Model Checking of Threshold-Based Distributed

SMT and POR beat Counter Abstraction Parameterized Model Checking of Threshold-Based Distributed

SMT and POR beat Counter Abstraction Parameterized Model Checking of Threshold-Based Distributed Algorithms Igor Konnov Helmut Veith Josef Widder Alpine Verification Meeting May 4-6, 2015 Why fault-tolerant (FT) distributed algorithms

859 views • 64 slides
Overview Introduction ECE 753: FAULT-TOLERANT Watchdog techniques COMPUTING

Overview Introduction ECE 753: FAULT-TOLERANT Watchdog techniques COMPUTING

3/25/2014 Overview Introduction ECE 753: FAULT-TOLERANT Watchdog techniques COMPUTING Timers, watchdog processors, error model, control flow checking, memory access and assertion Kewal K.Saluja checking Re-execution for

209 views • 5 slides
Model Checking of Fault-Tolerant Distributed Algorithms Igor Konnov joint work with Annu

Model Checking of Fault-Tolerant Distributed Algorithms Igor Konnov joint work with Annu

Model Checking of Fault-Tolerant Distributed Algorithms Igor Konnov joint work with Annu Gmeiner Ulrich Schmid Helmut Veith Josef Widder Igor Konnov Distributed Systems Are they always working? 2/63 No. . . some failing systems

979 views • 72 slides
Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault

Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault

4/1/2014 Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault coverage COMPUTING Checkpointing and backward error recovery (rollback) Kewal K.Saluja General principles General principles

259 views • 3 slides
An Abstraction Technique for Parameterized Model Checking of Leader Election Protocols:

An Abstraction Technique for Parameterized Model Checking of Leader Election Protocols:

An Abstraction Technique for Parameterized Model Checking of Leader Election Protocols: Application to FTSP Ocan Sankur , Jean-Pierre Talpin Irisa, CNRS, Rennes Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 1 / 7

534 views • 25 slides
Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault tolerant programming are: Fault Detection - Knowing that a fault exists Fault Recovery - having atomic instructions that can be rolled back in

361 views • 18 slides
Fault-tolerant techniques Fault-tolerant techniques What causes component faults? What are the

Fault-tolerant techniques Fault-tolerant techniques What causes component faults? What are the

EDA421/DIT171 - Parallel and Distributed Real-Time Systems, Chalmers/GU, 2011/2012 Lecture #14 Updated May 2, 2012 Fault-tolerant techniques Fault-tolerant techniques What causes component faults? What are the effects if the

374 views • 9 slides
FAULT-TOLERANT CONTROL Is it possible? JAN MACIEJOWSKI Fault- tolerant control. DPS09,

FAULT-TOLERANT CONTROL Is it possible? JAN MACIEJOWSKI Fault- tolerant control. DPS09,

FAULT-TOLERANT CONTROL Is it possible? JAN MACIEJOWSKI Fault- tolerant control. DPS09, Gdask Canonical Control Engineering Problem Disturbance Controlled output Set-point Filter Controller Plant Sensor Noise This problem is

639 views • 29 slides
Adaptive Fault Tolerant Systems: Adaptive Fault Tolerant Systems: Reflective Design and

Adaptive Fault Tolerant Systems: Adaptive Fault Tolerant Systems: Reflective Design and

1 Adaptive Fault Tolerant Systems: Adaptive Fault Tolerant Systems: Reflective Design and Validation Reflective Design and Validation Marc-Olivier Killijian Dependable Computing and Fault Tolerance Research Group Toulouse - France 2

865 views • 50 slides
Generating a Family of Byzantine- Fault-Tolerant Protocol Implementations Using a Meta- Model

Generating a Family of Byzantine- Fault-Tolerant Protocol Implementations Using a Meta- Model

Generating a Family of Byzantine- Fault-Tolerant Protocol Implementations Using a Meta- Model Architecture Graham Kirby, Alan Dearle & Stuart Norcross School of Computer Science, University of St Andrews A Finite State Machine WADS 2007

599 views • 20 slides
Fault-tolerant matrix factorisation: a formal model and proof Camille Coti, Laure Petrucci,

Fault-tolerant matrix factorisation: a formal model and proof Camille Coti, Laure Petrucci,

Daniel Torres Fault-tolerant matrix factorisation: a formal model and proof 1/26 Fault-tolerant matrix factorisation: a formal model and proof Camille Coti, Laure Petrucci, Daniel Alberto Torres Gonz alez Laboratoire dInformatique de

683 views • 49 slides
Overview Introduction ECE 753: FAULT-TOLERANT System Model COMPUTING Diagnosis

Overview Introduction ECE 753: FAULT-TOLERANT System Model COMPUTING Diagnosis

2/25/2014 Overview Introduction ECE 753: FAULT-TOLERANT System Model COMPUTING Diagnosis Problem - PMC model Other Models and Comments Kewal K Saluja Kewal K.Saluja Sequential Diagnosability Department of Electrical

171 views • 5 slides
Model Checking of Parameterized Systems on Weak Memory David Declerck Laboratoire de Recherche

Model Checking of Parameterized Systems on Weak Memory David Declerck Laboratoire de Recherche

Model Checking of Parameterized Systems on Weak Memory David Declerck Laboratoire de Recherche en Informatique Universit e Paris-Sud October 3rd, 2017 Work supported by French ANR project PARDI (DS0703) David Declerck A Backward

327 views • 10 slides
Discretized Streams An Efficient and Fault-Tolerant Model for Stream Processing on Large Clusters

Discretized Streams An Efficient and Fault-Tolerant Model for Stream Processing on Large Clusters

Discretized Streams An Efficient and Fault-Tolerant Model for Stream Processing on Large Clusters Matei Zaharia, Tathagata Das, Haoyuan Li, Scott Shenker, Ion Stoica UC BERKELEY Motivation Many important applications need to

490 views • 19 slides
Fault-Tolerant Data Collection in Fault-Tolerant Data Collection in Heterogeneous Intelligent

Fault-Tolerant Data Collection in Fault-Tolerant Data Collection in Heterogeneous Intelligent

Fault-Tolerant Data Collection in Fault-Tolerant Data Collection in Heterogeneous Intelligent Monitoring Networks Networks Heterogeneous Intelligent Monitoring Jing Deng Department of Computer Science University of North Carolina at

335 views • 18 slides
A Fault-Tolerant Alternative to Lockstep Triple Modular Redundancy Andrew L. Baldwin, BS 09,

A Fault-Tolerant Alternative to Lockstep Triple Modular Redundancy Andrew L. Baldwin, BS 09,

A Fault-Tolerant Alternative to Lockstep Triple Modular Redundancy Andrew L. Baldwin, BS 09, MS 12 W. Robert Daasch, Professor Integrated Circuits Design and Test Laboratory Problem Statement In a fault tolerant system containing

478 views • 35 slides
Threshold production/Compton scattering on the deuteron Bruno Strandberg The University

Threshold production/Compton scattering on the deuteron Bruno Strandberg The University

Introduction Experiment Analysis Summary Threshold production/Compton scattering on the deuteron Bruno Strandberg The University Of Glasgow Nuclear Physics Group June 6, 2016 Introduction Experiment Analysis Summary Outline

815 views • 50 slides
Youjun Lu Na*onal Astronomical Observatory of China 2016.02.08@Aspen Collaborators: Fupeng ZHANG

Youjun Lu Na*onal Astronomical Observatory of China 2016.02.08@Aspen Collaborators: Fupeng ZHANG

Youjun Lu Na*onal Astronomical Observatory of China 2016.02.08@Aspen Collaborators: Fupeng ZHANG (SYSU) Qingjuan YU (KIAA) 2/11/16 GC conference@Aspen 1 Constraining the spin of the massive black hole at the Galac*c center via the mo*on

593 views • 22 slides
APPLYING BCMP MULTI-CLASS QUEUEING NETWORKS FOR THE PERFORMANCE EVALUATION OF HIERARCHICAL AND

APPLYING BCMP MULTI-CLASS QUEUEING NETWORKS FOR THE PERFORMANCE EVALUATION OF HIERARCHICAL AND

APPLYING BCMP MULTI-CLASS QUEUEING NETWORKS FOR THE PERFORMANCE EVALUATION OF HIERARCHICAL AND MODULAR SOFTWARE SYSTEMS Simonetta Balsamo Gian-Luca Dei Rossi Andrea Marin Dipartimento di Informatica Universit` a Ca Foscari, Venezia

298 views • 15 slides
NoSQL: Redis and MongoDB A.A. 2019/20 Fabiana Rossi Laurea Magistrale in Ingegneria Informatica

NoSQL: Redis and MongoDB A.A. 2019/20 Fabiana Rossi Laurea Magistrale in Ingegneria Informatica

Macroarea di Ingegneria Dipartimento di Ingegneria Civile e Ingegneria Informatica NoSQL: Redis and MongoDB A.A. 2019/20 Fabiana Rossi Laurea Magistrale in Ingegneria Informatica - II anno The reference Big Data stack High-level Interfaces

1.17k views • 61 slides
Python In a Nutshell Why another programming language? **All Programming Languages are created

Python In a Nutshell Why another programming language? **All Programming Languages are created

Python In a Nutshell Why another programming language? **All Programming Languages are created equal ** ;-) Bohm & Jacopini demonstrate that any programming language that allows you to write sequence conditional structure loops can

348 views • 10 slides
INFRASTRUCTURE QUALITY, INFRASTRUCTURE QUALITY, DEPLOYMENT, AND DEPLOYMENT, AND OPERATIONS

INFRASTRUCTURE QUALITY, INFRASTRUCTURE QUALITY, DEPLOYMENT, AND DEPLOYMENT, AND OPERATIONS

INFRASTRUCTURE QUALITY, INFRASTRUCTURE QUALITY, DEPLOYMENT, AND DEPLOYMENT, AND OPERATIONS OPERATIONS Christian Kaestner Required reading: Eric Breck, Shanqing Cai, Eric Nielsen, Michael Salib, D. Sculley. The ML Test Score: A Rubric for ML

1.36k views • 124 slides
Deep Underground Neutrino Experiment (DUNE) 2 DRAFT Technical Design Report 3 Volume n/a: 4

Deep Underground Neutrino Experiment (DUNE) 2 DRAFT Technical Design Report 3 Volume n/a: 4

https://v1.overleaf.com/15790648swrpvqxhkshy 1 Deep Underground Neutrino Experiment (DUNE) 2 DRAFT Technical Design Report 3 Volume n/a: 4 (Calibration Information for SP volumes) 5 March 8, 2019 6 The DUNE Collaboration 7 8 Contents

793 views • 43 slides
Summer School on Matching Problems, Markets and Mechanisms David Manlove Outline 1. The

Summer School on Matching Problems, Markets and Mechanisms David Manlove Outline 1. The

Summer School on Matching Problems, Markets and Mechanisms David Manlove Outline 1. The Hospitals / Residents problem and its variants 2. The House Allocation problem 3. Kidney exchange 1 Tutorial 2 The House Allocation Problem with

1.45k views • 121 slides

More recommend