using tla
play

Using TLA+ Tianxiang Lu Stephan Merz Christoph Weidenbach TLA+ - PowerPoint PPT Presentation

Dec 22, 2022 •246 likes •402 views

Formal verification of Pastry Using TLA+ Tianxiang Lu Stephan Merz Christoph Weidenbach TLA+ Workshop at FM2012, Paris August 27, 2012 Introduction Pastry 0 2 M -1 Overlay P2P network protocol 95 Distributed Hash Table 65

  1. Formal verification of Pastry Using TLA+ Tianxiang Lu Stephan Merz Christoph Weidenbach TLA+ Workshop at FM2012, Paris August 27, 2012

  2. Introduction • Pastry 0 2 M -1 – Overlay P2P network protocol 95 – Distributed Hash Table 65 – Self organized nodes – Resilient to churn: rightset • concurrent join • silent departure 58 • Virtual ring 18 – (see the picture) leftset Coverage of 18 Nodes Leaf Set of 18 Keys l = 2 2/10 August 27, 2012

  3. Introduction • Verification Challenges – Complex data structure – Distributed protocol: absence of global state – Dynamic network: spontaneous departure, join of nodes • Today I will talk about – How we formally modeled Pastry in TLA + – How we prove properties of Pastry using TLAPS 3/10 August 27, 2012

  4. Formal Model in TLA + 4/10 August 27, 2012

  5. Verification Target • Validate model by refuting impossibility claims – NeverJoin : A new node can never be joined the network – NeverDeliver: A lookup message can never be delivered • Safety Property: Correct Delivery – For each key k , there is at most one node i that may deliver, and no other node is closer to k than i . 5/10 August 27, 2012

  6. Model Checking Pastry Properties • Model Checking using TLC • Statistics – 8 state variables – 11 concurrent actions – Total state space roughly: 2 152 X 3 64 (≈10 76 ) for 4 nodes – Server with 2 CPUs (32 Bit Linux machine with Xeon(R) X5460) – 3.16GHz, 4 GB of memory per CPU Property Time Depth # states Counter Example NeverDeliver 1" 5 101 yes NeverJoin 1" 9 19 yes …… CorrectDelivery > 1 month 21 1952882411 no 6/10 August 27, 2012

  7. Proving Correct Delivery • To prove:  Spec [] CorrectDel ivery 1. Invent a property Inv , in order to apply the rule   Spec [] Inv Inv CorrectDel ivery  Spec [] CorrectDel ivery  2. Prove by: Spec [] Inv    Init Inv Inv A ( i , j ) Inv ' for every sub - action A ( i , j ) of Next  Spec [] Inv   • Recall that Spec Init [][ Next ] vars 7/10 August 27, 2012

  8. Proof in TLA + toolbox • Proof of the model in TLAPS with strong assumptions – no nodes leave the network – only one node can join the network at a time in any neighboring region • Statistics – 23 invariants proved by induction on 11 actions – About 100 lemmas on arithmetic and ring calculation – About 100 lemmas on data structures – About 1200 proof steps for proving type correctness – About 12500 proof steps for inductive proof of invariants • CPU Intel Core i3-2330M 2.20GHz, 8 GB RAM, 64-bit, Win7 • JVM – Xms5120M -Xmx5120M -XX:PermSize=2048M • About 10 minutes and 5GB for generating proof obligations 8/10 August 27, 2012

  9. Done & Doing • Done – Real-world case study of complex network protocol: Pastry • Found bugs in Protocol and improved it. – Modeled routing and join protocols in TLA+ and model checked them in TLC – Finished the proof of the model in TLAPS with strong assumptions • Doing – Relaxed the assumptions: more nodes join in neighboring region – Finding the proper invariants and proving them 9/10 August 27, 2012

  10. Remarks on the Tools • Trace explorer – Very useful ! – Display the action name ? • TLC with multi-threads – Significant speed up – Huge memory footprint and no CPU usage after weeks • Java runtime problem ? • What about distributed version of TLC ? • TLAPS – Proof editing is very convenient! (zoom, non-linear , jump …) – Generation of proof obligation caused memory problem ? 10/10 August 27, 2012

  11. Thank you ! JVM error: Stack Overflow! August 27, 2012

  12. Join Leaf set range of i l=2 Right set Right set Neighbors of i Join(j, s) Left set j i JReply(i, j) Coverage of i Neighbors of i … Probe(j, a 1 ) Probe(j, a 2 ) Probe(j, a n ) j: “wait” … PReply(a 1 , j) PReply(a 2 , j) PReply(a n , j) Waiting node no Complete? Repair(j) Ready node yes Dead node/ Key j : “ready” Extend: 1/3 June 8, 2011

  13. Bug of Pastry ls(a) ls(b) ls(c) ls(d) Join(a, c) Join(b, d) - - - - d d c c JReply(c, a) JReply(d, b) d d d c c c d c Probe(a, c) Probe(a, d) Probe(b, c) Probe(b, d) c d c d d b c a PReply(d, a) PReply(c, b) c d c d d b c a PRply(c, a) PRply(d, b) c d c d d a c b a b k Routing … Lookup(k, d) Deliver(b,k) d c Extend 2/3 June 8, 2011

  14. Lease Granting Protocol [Haeberlen et al. 2005, FreePastry] Complete? yes i : “ ok ” RequestLease (i, ln) RequestLease(i, rn) i :“ ok ” Neighbor? Neighbor? Leaf set no no yes yes GrantLease (rn, i) GrantLease (ln, i) both? i : “ready” Extend 3/3 June 8, 2011

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Peer-to-Peer Networks 05 Pastry Christian Ortolf Technical Faculty Computer-Networks and

Peer-to-Peer Networks 05 Pastry Christian Ortolf Technical Faculty Computer-Networks and

Peer-to-Peer Networks 05 Pastry Christian Ortolf Technical Faculty Computer-Networks and Telematics University of Freiburg Pastry Peter Druschel - Rice University, Houston, Texas - now head of Max-Planck-Institute for Computer Science,

374 views • 22 slides
[P ASTRY ] Shrideep Pallickara Computer Science Colorado State University CS555: Distributed

[P ASTRY ] Shrideep Pallickara Computer Science Colorado State University CS555: Distributed

CS555: Distributed Systems [Fall 2019] Dept. Of Computer Science , Colorado State University CS 555: D ISTRIBUTED S YSTEMS [P ASTRY ] Shrideep Pallickara Computer Science Colorado State University CS555: Distributed Systems [Fall 2019] September

479 views • 26 slides
Medical X-Ray Imaging with Energy Windowing Hans Krger Bonn University Overview ! Overview of

Medical X-Ray Imaging with Energy Windowing Hans Krger Bonn University Overview ! Overview of

Pixel 2000 International Workshop on Semiconductor Pixel Detectors for Particles and X-Rays Genova, June 5-8, 2000 Medical X-Ray Imaging with Energy Windowing Hans Krger Bonn University Overview ! Overview of the MPEC chip family

380 views • 19 slides
ME MYSELF & I EPITA'07 / LSE Microprocessors Architecture Theory Operating System

ME MYSELF & I EPITA'07 / LSE Microprocessors Architecture Theory Operating System

ME MYSELF & I EPITA'07 / LSE Microprocessors Architecture Theory Operating System Principles k kaneton UPMC'07 P ASTIS UNIVERSITY OF CAMBRIDGE'10 INFINIT THE CHALLENGE PROVIDE A FILE SYSTEM SERVICE ASSURING RELIABILITY A V

254 views • 23 slides
Tapestry: A Resilient Global-scale Overlay for What have we seen before? Service Deployment

Tapestry: A Resilient Global-scale Overlay for What have we seen before? Service Deployment

Tapestry: A Resilient Global-scale Overlay for What have we seen before? Service Deployment Key-based routing similar to Chord, Pastry Ben Y. Zhao, Ling Huang, Jeremy Stribling, Sean C. Rhea, Similar guarantees to Chord, Pastry Anthony

87 views • 5 slides
Ekta: An Efficient DHT Substrate for Distributed Applications in Mobile Ad Hoc Networks

Ekta: An Efficient DHT Substrate for Distributed Applications in Mobile Ad Hoc Networks

Ekta: An Efficient DHT Substrate for Distributed Applications in Mobile Ad Hoc Networks Himabindu Pucha, Saumitra Das, Y. Charlie Hu Distributed Systems and Networking Lab, School of ECE, Purdue University 1 Mobile ad hoc networks (MANETs)

1.17k views • 32 slides
SCRIBE A Large-Scale and Decentralised Application-Level Multicast Infrastructure Joo Nogueira

SCRIBE A Large-Scale and Decentralised Application-Level Multicast Infrastructure Joo Nogueira

SCRIBE A Large-Scale and Decentralised Application-Level Multicast Infrastructure Joo Nogueira Tecnologias de Middleware DI - FCUL - 2006 1 Agenda Motivation Pastry Scribe Scribe Protocol Experimental Evaluation

1.32k views • 109 slides
Motivation Large-scale distributed systems becoming more common multiple datacenters, cloud

Motivation Large-scale distributed systems becoming more common multiple datacenters, cloud

Census: Location-Aware Membership Management for Large-Scale Distributed Systems James Cowling Dan R. K. Ports Barbara Liskov Raluca Ada Popa Abhijeet Gaikwad* MIT CSAIL *cole Centrale Paris Motivation Large-scale distributed systems

606 views • 48 slides
Fault-Tolerance for PastryGrid Middleware erin 1 , Heithem Abbes 1 , 2 , Mohamed Jemni 2 , Yazid

Fault-Tolerance for PastryGrid Middleware erin 1 , Heithem Abbes 1 , 2 , Mohamed Jemni 2 , Yazid

Introduction PastryGrid Fault Tolerance in PastryGrid Conclusion Fault-Tolerance for PastryGrid Middleware erin 1 , Heithem Abbes 1 , 2 , Mohamed Jemni 2 , Yazid Christophe C Missaoui 2 1 LIPN, Universit e de Paris XIII, CNRS UMR 7030,

835 views • 71 slides
Comparison and Evaluation of Application Level Multicast for Mobile Networks Ingo Juchem Email:

Comparison and Evaluation of Application Level Multicast for Mobile Networks Ingo Juchem Email:

Telematics group University of Gttingen, Germany Comparison and Evaluation of Application Level Multicast for Mobile Networks Ingo Juchem Email: ijuchem@cs.uni-goettingen.de Advanced Topics in Mobile Communications (SS04) 1 Telematics

462 views • 22 slides
11/10/08 Today P561: Network Systems Finding content and services Week 7: Finding content

11/10/08 Today P561: Network Systems Finding content and services Week 7: Finding content

11/10/08 Today P561: Network Systems Finding content and services Week 7: Finding content Infrastructure hosted (DNS) Peer-to-peer hosted (Napster, Gnutella, DHTs) Multicast Multicast: one to many content dissemination

368 views • 14 slides
inDecentralizedOnlineSocialNetworks OnlineSocialNetworks(OSNs)

inDecentralizedOnlineSocialNetworks OnlineSocialNetworks(OSNs)

Privacy,Cost,andAvailabilityTradeoffs inDecentralizedOnlineSocialNetworks OnlineSocialNetworks(OSNs) areenormouslypopular

178 views • 16 slides
Peer-to-Peer Networks Distribution Decentralized control Self-organization Outline

Peer-to-Peer Networks Distribution Decentralized control Self-organization Outline

Background Peer-to-Peer Networks Distribution Decentralized control Self-organization Outline Symmetric communication Survey Self-organizing overlay network File system on top of P2P network Contributions from Peter

158 views • 5 slides
Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems

Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems

Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems Data is distributed among many sources Ex. Distributed database systems Frequently utilize a centralized lookup server for addressing

500 views • 15 slides
Security of P2P Systems Faraz Makari March 6, 2008 Seminar on Advanced Topics in Distributed

Security of P2P Systems Faraz Makari March 6, 2008 Seminar on Advanced Topics in Distributed

Security of P2P Systems Faraz Makari March 6, 2008 Seminar on Advanced Topics in Distributed Computing WS 07/08 MPI-SWS (Saarland University), Petr Kuznetsov Motivation 1. Introduction 2. Secure Routing 3. Fairness and trust 4. Secure

989 views • 77 slides
Big Data Processing Technologies Chentao Wu Associate Professor Dept. of Computer Science and

Big Data Processing Technologies Chentao Wu Associate Professor Dept. of Computer Science and

Big Data Processing Technologies Chentao Wu Associate Professor Dept. of Computer Science and Engineering wuct@cs.sjtu.edu.cn Schedule lec1: Introduction on big data and cloud computing Iec2: Introduction on data storage lec3: Data

976 views • 84 slides
Adaptive Routing of QoS-Constrained Media Streams over Scalable Overlay Topologies Gerald Fry

Adaptive Routing of QoS-Constrained Media Streams over Scalable Overlay Topologies Gerald Fry

Adaptive Routing of QoS-Constrained Media Streams over Scalable Overlay Topologies Gerald Fry and Richard West Boston University Boston, MA 02215 {gfry,richwest}@cs.bu.edu Computer Science Introduction Computer Science Internet growth

407 views • 28 slides
Structured P2P Networks Niels Olof Bouvin 1 Distributed Hash Tables DHTs are designed to be

Structured P2P Networks Niels Olof Bouvin 1 Distributed Hash Tables DHTs are designed to be

Structured P2P Networks Niels Olof Bouvin 1 Distributed Hash Tables DHTs are designed to be infrastructure for other applications General concept Assign peers IDs evenly across an ID space (e.g., [0, 2 n -1]) Assign resources IDs in the same

668 views • 65 slides
Brief Summary on Topology and Performance of Distributed Hash Tables Zhirong Yang Helsinki

Brief Summary on Topology and Performance of Distributed Hash Tables Zhirong Yang Helsinki

Brief Summary on Topology and Performance of Distributed Hash Tables Zhirong Yang Helsinki University of Technology rozyang@cc.hut.fi Agenda Introduction Basic DHTs Pastry (mentioned later) CAN (coming soon) Tapestry

531 views • 21 slides
CS 3700 Networks and Distributed Systems Overlay Networks (P2P DHT via KBR FTW) Revised

CS 3700 Networks and Distributed Systems Overlay Networks (P2P DHT via KBR FTW) Revised

CS 3700 Networks and Distributed Systems Overlay Networks (P2P DHT via KBR FTW) Revised 10/26/2016 Outline 2 Consistent Hashing Structured Overlays / DHTs Key/Value Storage Service 3 Imagine a simple service that stores

1.8k views • 177 slides
Matali Crasset Matali Crasset My Style I try not to work object by object; I prefer to make

Matali Crasset Matali Crasset My Style I try not to work object by object; I prefer to make

Matali Crasset Matali Crasset My Style I try not to work object by object; I prefer to make networks of things , because I like to concieve an object as a life scenario. - Matali Crasset Matali Crassets work can be seen as child-like

392 views • 8 slides
Overlay-based IP Routing Richard Hartmann Chair for Network Architectures and Services

Overlay-based IP Routing Richard Hartmann Chair for Network Architectures and Services

Overlay-based IP Routing Richard Hartmann Chair for Network Architectures and Services Department for Computer Science Technische Universit at M unchen November 10, 2010 Richard Hartmann: Overlay-based IP Routing 1 Outline Motivation

571 views • 19 slides
III.4 Statistical Language Models 1. Basics of Statistical Language Models 2. Query-Likelihood

III.4 Statistical Language Models 1. Basics of Statistical Language Models 2. Query-Likelihood

III.4 Statistical Language Models 1. Basics of Statistical Language Models 2. Query-Likelihood Approaches 3. Smoothing Methods 4. Divergence Approaches 5. Extensions Based on MRS Chapter 12 and

459 views • 45 slides
Efficient Triangulation for P2P Networked Virtual Environments Eliya Buyukkaya, Maha Abdallah

Efficient Triangulation for P2P Networked Virtual Environments Eliya Buyukkaya, Maha Abdallah

Efficient Triangulation for P2P Networked Virtual Environments Eliya Buyukkaya, Maha Abdallah CS Department (LIP6) University of Paris 6 Networked Virtual Environment Features A way of communication & interaction Immersion in

406 views • 23 slides

More recommend