teaching rigorous distributed systems with e ffj cient
play

Teaching Rigorous Distributed Systems With E ffj cient Model - PowerPoint PPT Presentation

Aug 29, 2023 •374 likes •1k views

Teaching Rigorous Distributed Systems With E ffj cient Model Checking Ellis Michael Doug Woos Thomas Anderson Michael D. Ernst Zachary Tatlock UW CSE 452 Course on distributed systems for undergraduates and 5th year Master's

  1. Teaching Rigorous Distributed Systems With E ffj cient 
 Model Checking Ellis Michael Doug Woos Thomas Anderson Michael D. Ernst Zachary Tatlock

  2. UW CSE 452 • Course on distributed systems for undergraduates and 5th year Master's students, enrollment grown to approximately 200 • Lab assignments building fault-tolerant, consistent distributed systems, based on assignments developed for MIT 6.824: 1. Exactly-once RPC 2. Primary-backup 3. Paxos-based state machine replication 4. Sharded key-value store 5. Distributed transactions using two-phase commit • Tests used for grading assignments given to students Goal: Tests which identify common bugs, provide timely feedback, and assist debugging to help students build systems to rigorous standards.

  3. Systems solution for teaching distributed systems

  4. Testing Distributed Systems is Di ffj cult p 1 p 2 p 3 p 4 p 5 • Simple Paxos bug: leader checks for quorum with matching values (rather than proposal numbers). • Finding such a bug is di ffj cult with current tools. • This false quorum bug could be CHOSEN caused by a fundamental misunderstanding . CHOSEN

  5. "Just 3 days before the deadline of the project, my partner and I discovered that our Paxos failed 1 of 100,000 tests . …We realized that the bug comes from our optimization of duplicate request detection before putting request on the Paxos operation log. … We needed to rewrite fj fty percent of the whole project but we did not give up. Finally, after 30 hours of work in 2 days, we fj xed the design fm aw and eliminated the bug. We were so excited that we started to dance in the lab. ” – CSE 452 Student

  6. Checking Correctness • Execution-based testing is insu ffj cient; can miss bugs unlikely to occur based on timing. • Manual review does not scale or provide feedback quickly enough. • Formal veri fj cation is di ffj cult and time-consuming, not approachable for students.

  7. Checking Correctness: Model Checking • Researchers and practitioners use model checking to validate protocols and software, systematically searching through possible executions. • Some speci fj cation languages are di ffj cult to learn, do not produce runnable code. • Naïve methods do not scale well, fail to fj nd rare bugs quickly and reliably.

  8. DSLabs A framework for creating distributed systems labs and test suites … capable of fj nding common bugs in students' implementations quickly and reliably … using a widely-used programming language (Java) and easily-learned tools … that helps students write correct , e ffj cient , runnable code … and understand errors when they do arise.

  9. The Rest of This Talk 1. The DSLabs programming model 2. Model checking strategies and optimizations 3. Understandability and Oddity visual debugger 4. Experiences

  10. DSLabs Programming Model • A distributed system consists of a set of nodes which communicate over an asynchronous network , working together to run a protocol. • Nodes are I/O automata; they run as single-threaded event loops. • Nodes are split between client and server nodes.

  11. 
 DSLabs Programming Model • A distributed system consists of a set of nodes which communicate over an asynchronous network , working together to run a 1: init() protocol. 2: loop 
 3: e <- rcv_timer() || 
 • Nodes are I/O automata; they { 
 rcv_msg() 
 foo: 42, 
 run as single-threaded event bar: "towel" 
 4: update_state( e ) 
 loops. } 5: send_msgs() 
 • Nodes are split between client 6: set_timers() 
 and server nodes. 7: endloop

  12. DSLabs Programming Model • A distributed system consists of a set of nodes which communicate over an asynchronous network , working together to run a protocol. • Nodes are I/O automata; they run as single-threaded event loops. • Nodes are split between client and server nodes.

  13. DSLabs Programming Model • A distributed system consists of a set of nodes which communicate over an asynchronous network , working together to run a protocol. • Nodes are I/O automata; they run as single-threaded event loops. • Nodes are split between client and server nodes.

  14. DSLabs Programming Model • A distributed system consists of a set of nodes which communicate over an asynchronous network , working together to run a protocol. • Nodes are I/O automata; they run as single-threaded event interface Client { loops. void sendCommand(Command command); • Nodes are split between client boolean hasResult(); and server nodes. Result getResult(); }

  15. DSLabs Programming Model • A distributed system consists of a set of nodes which communicate over an asynchronous network , working together to run a protocol. • Nodes are I/O automata ; they run as single-threaded event loops. • Nodes are split between client and server nodes.

  16. Programming Model Bene fj ts • Isolates concurrency to coarsest possible granularity • Lets students focus on distributed protocols, avoiding issues such as deadlock within a node • Allows for model checking at the protocol level without signi fj cant modi fj cation or overhead

  17. Model Checking

  18. Model Checking

  19. Model Checking

  20. Model Checking

  21. Model Checking

  22. Model Checking

  23. Model Checking

  24. Model Checking

  25. Model Checking

  26. Outline 1. The DSLabs programming model 2. Model checking strategies and optimizations 3. Understandability and Oddity visual debugger 4. Experiences

  27. How can the model checker evaluate states of student implementations? What should the interface be between the tests and student implementations ?

  28. Black-Box • Tests can check end-to-end properties, nothing else • Allows maximum fm exibility during implementation • Doesn't allow checking more complicated properties, optimizations

  29. Black-Box Gray-Box White-box • Tests can check end-to- • Students implement • Message formats, and end properties, nothing limited, informational even internal data else interface structures de fj ned for students • Allows maximum • Allows enough • Allows for thorough, fm exibility during insight into state for implementation thorough checking incremental checking • Doesn't allow checking • Leaves most design • Solves design challenges more complicated decisions to students for students properties, optimizations • Couples tests to implementation

  30. Black-Box Gray-Box White-box • Tests can check end- • Students implement • Message formats, and to-end properties, limited, informational even internal data nothing else interface structures de fj ned for students • Allows maximum • Allows enough • Allows for thorough, fm exibility during insight into state for implementation thorough checking incremental checking • Doesn't allow • Leaves most design • Solves design checking more decisions to students challenges for complicated students properties, • Couples tests to optimizations implementation

  31. Black-Box Gray-Box White-box • Tests can check end- • Students implement • Message formats, and to-end properties, limited, informational even internal data nothing else interface structures de fj ned for students • Allows maximum • Allows enough • Allows for thorough, fm exibility during insight into state for implementation thorough checking incremental checking • Doesn't allow • Leaves most design • Solves design checking more decisions to students challenges for complicated students properties, • Couples tests to optimizations implementation

  32. Improving Model Checking Performance, Reliability Model checking faces state-space explosion problem. Strategies: 1. Pruning the search space 2. Punctuated search 3. Searching for progress

  33. Pruning the Search Space • Not all states are interesting. • We can prune uninteresting states, refusing to expand them during the search. • If we're interested in linearizability, we can safely ignore states in which clients have received all results.

  34. Pruning the Search Space • Not all states are interesting. • We can prune uninteresting states, refusing to expand them during the search. • If we're interested in linearizability, we can safely ignore states in which clients have received all results.

  35. Punctuated Search • BFS is limited primarily by the depth to which it can search. • First, the model checker fj nds a state matching an intermediate constraint . Then, resumes checking starting from the new state. • Repeatable, allows for scripting complex searches

  36. Punctuated Search • BFS is limited primarily by the depth to which it can search. • First, the model checker fj nds a state matching an intermediate constraint . Then, resumes checking starting from the new state. • Repeatable, allows for scripting complex searches

  37. Punctuated Search • BFS is limited primarily by the depth to which it can search. • First, the model checker fj nds a state matching an intermediate constraint . Then, resumes checking starting from the new state. • Repeatable, allows for scripting complex searches

  38. Punctuated Search • BFS is limited primarily by the depth to which it can search. • First, the model checker fj nds a state matching an intermediate constraint . Then, resumes checking starting from the new state. • Repeatable, allows for scripting complex searches

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Further Experience with Teaching Distributed Systems to Undergraduates Gregory M. Kapfhammer

Further Experience with Teaching Distributed Systems to Undergraduates Gregory M. Kapfhammer

Further Experience with Teaching Distributed Systems to Undergraduates Gregory M. Kapfhammer Department of Computer Science Allegheny College http : // cs . allegheny . edu / gkapfham / Further Experience with Teaching Distributed Systems to

165 views • 12 slides
Modular Reasoning for Actor Specification Diagrams Rigorous reasoning for open distributed

Modular Reasoning for Actor Specification Diagrams Rigorous reasoning for open distributed

Reasoning About Open Systems Project Collaboration with Agha, Mason, Smith, Talcott Modular Reasoning for Actor Specification Diagrams Rigorous reasoning for open distributed systems Scott F . Smith General multi-language framework

428 views • 10 slides
Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

5/17/2017 Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges scalability and performance apps require more resources than one computer has 13B. Distributed Systems: Communication grow

572 views • 7 slides
Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

5/19/2018 Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges scalability and performance apps require more resources than one computer has 13B. Distributed Systems: Communication grow

131 views • 9 slides
Teaching Parallel and Distributed Systems Programming for 4th year Computer Science and Other

Teaching Parallel and Distributed Systems Programming for 4th year Computer Science and Other

Chalenges Approach Techniques and tools Results Teaching Parallel and Distributed Systems Programming for 4th year Computer Science and Other Discipline Students Marcelo Arroyo Universidad Nacional de R o Cuarto Argentina 2013

78 views • 7 slides
Teaching Distributed Systems to Undergraduates: An Experience Report Gregory M. Kapfhammer

Teaching Distributed Systems to Undergraduates: An Experience Report Gregory M. Kapfhammer

Teaching Distributed Systems to Undergraduates: An Experience Report Gregory M. Kapfhammer (Geoffrey Arnold and Brian Zorman) Sixth Annual Jini Community Meeting Boston June 17-20, 2002 Presentation Outline Introduction

357 views • 18 slides
Distributed Systems Reasons for distributed systems Resource sharing sharing and

Distributed Systems Reasons for distributed systems Resource sharing sharing and

CSC 4103 - Operating Systems Motivation Spring 2007 Distributed system is collection of loosely coupled processors that do not share memory Lecture - XXII interconnected by a communications network Distributed Systems

477 views • 4 slides
Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a distributed Definitions implementation of a classical time-sharing model of a file Distributed system - A number of loosely coupled system. machines

997 views • 8 slides
Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp; Design , George Coulouris, et al. and Engineering Distributed Objects , Wolfgang Emmerich Outline What is a Distributed System? Examples of

565 views • 18 slides
Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp; Design , George Coulouris, et al. and Engineering Distributed Objects , Wolfgang Emmerich Outline What is a Distributed System? Examples of

961 views • 36 slides
Distributed Systems of distributed systems Types of Distributed Describe various

Distributed Systems of distributed systems Types of Distributed Describe various

Objectives/Outline (selected topics from chapter 16 &amp; 18) Objectives Outline Provide a high-level overview Introduction Distributed Systems of distributed systems Types of Distributed Describe various methods for

436 views • 9 slides
Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous

Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous

Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous lectures Distributed Storage Systems CAP Theorem Amazon Dynamo Cassandra 2 Today Distributed systems coordination Apache

1.57k views • 62 slides
Distributed Systems - III What about distributed systems? No common clock or memory

Distributed Systems - III What about distributed systems? No common clock or memory

CSC 4103 - Operating Systems Distributed Coordination Spring 2007 Ordering events and achieving synchronization in centralized systems is easier. Lecture - XXIV We can use common clock and memory Distributed Systems - III What

286 views • 4 slides
Towards a Theory of Formal Distributed Systems Why and how distributed systems can solve

Towards a Theory of Formal Distributed Systems Why and how distributed systems can solve

Towards a Theory of Formal Distributed Systems Why and how distributed systems can solve distributed problems ? Towards = immature or not ready for presenting Formal = unrealistic or useless Masafumi Yamashita (Kyushu Univ.) Table of

578 views • 33 slides
CSE 452 Distributed Systems Arvind Krishnamurthy Distributed Systems How to make a set of

CSE 452 Distributed Systems Arvind Krishnamurthy Distributed Systems How to make a set of

CSE 452 Distributed Systems Arvind Krishnamurthy Distributed Systems How to make a set of computers work together Correctly Efficiently At (huge) scale With high availability Despite messages being lost and/or taking a

779 views • 29 slides
CSE 452 Distributed Systems Tom Anderson Distributed Systems How to make a set of computers

CSE 452 Distributed Systems Tom Anderson Distributed Systems How to make a set of computers

CSE 452 Distributed Systems Tom Anderson Distributed Systems How to make a set of computers work together Reliably Efficiently At (huge) scale With high availability Despite messages being lost and/or taking a variable

833 views • 40 slides
Lecture 1.1: Basic set theory Matthew Macauley Department of Mathematical Sciences Clemson

Lecture 1.1: Basic set theory Matthew Macauley Department of Mathematical Sciences Clemson

Lecture 1.1: Basic set theory Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 4190, Discrete Mathematical Structures M. Macauley (Clemson) Lecture 1.1: Basic set theory

360 views • 14 slides
Types Deian Stefan (adopted from my &amp; Edward Yangs CSE242 slides) Today General

Types Deian Stefan (adopted from my &amp; Edward Yangs CSE242 slides) Today General

Types Deian Stefan (adopted from my &amp; Edward Yangs CSE242 slides) Today General discussion of types Type inference Type polymorphism What is a type? Examples of types: Integer [Char] Either (Either Char Int)

1.04k views • 64 slides
Cameras ! ! First photograph due to Niepce ! ! First on record shown in the book - 1822 !

Cameras ! ! First photograph due to Niepce ! ! First on record shown in the book - 1822 !

Cameras ! ! First photograph due to Niepce ! ! First on record shown in the book - 1822 ! ! Basic abstraction is the pinhole camera ! ! lenses required to ensure image is not too dark ! ! various other abstractions can be

283 views • 26 slides
Introduction to Graph Cluster Analysis Outline Introduction to Cluster Analysis Types of

Introduction to Graph Cluster Analysis Outline Introduction to Cluster Analysis Types of

Introduction to Graph Cluster Analysis Outline Introduction to Cluster Analysis Types of Graph Cluster Analysis Algorithms for Graph Clustering k-Spanning Tree Shared Nearest Neighbor Betweenness Centrality Based Highly

836 views • 48 slides
Framed mapping class groups and strata of Abelian differentials Nick Salter Joint with Aaron

Framed mapping class groups and strata of Abelian differentials Nick Salter Joint with Aaron

Framed mapping class groups and strata of Abelian differentials Nick Salter Joint with Aaron Calderon Columbia University April 15, 2020 margaret wuz here Translation surfaces Algebraic geometry Geometric geometry Surface with atlas

426 views • 23 slides
Federated Learning Min Du Postdoc, UC Berkeley Outline q Preliminary: deep learning and SGD q

Federated Learning Min Du Postdoc, UC Berkeley Outline q Preliminary: deep learning and SGD q

Federated Learning Min Du Postdoc, UC Berkeley Outline q Preliminary: deep learning and SGD q Federated learning: FedSGD and FedAvg q Related research in federated learning q Open problems Outline q Preliminary: deep learning and SGD q Federated

616 views • 50 slides
Sets and Objects Bernd Schr oder logo1 Bernd Schr oder Louisiana Tech University, College

Sets and Objects Bernd Schr oder logo1 Bernd Schr oder Louisiana Tech University, College

Two Initial Axioms Venn Diagrams Models Sets and Objects Bernd Schr oder logo1 Bernd Schr oder Louisiana Tech University, College of Engineering and Science Sets and Objects Two Initial Axioms Venn Diagrams Models Remember

564 views • 39 slides
Competency-Based Learning Series: Seminar #3Habits of Work Slides April 2016 Thinking

Competency-Based Learning Series: Seminar #3Habits of Work Slides April 2016 Thinking

Competency-Based Learning Series: Seminar #3Habits of Work Slides April 2016 Thinking about Habits of Work Other Relevant Averaging all Grade Achievement Student Details Entries: Result C achievement Mariela Final Grade =

551 views • 32 slides

More recommend