vector clocks in coq
play

Vector Clocks in Coq An Experience Report Christopher Meiklejohn - PowerPoint PPT Presentation

Sep 13, 2022 •149 likes •546 views

Vector Clocks in Coq An Experience Report Christopher Meiklejohn Basho Technologies, Inc. Cambridge, MA 02139 cmeiklejohn@basho.com March 6, 2014 Outline of the talk Introduction Background Implementation Evaluation Future

  1. Vector Clocks in Coq An Experience Report Christopher Meiklejohn Basho Technologies, Inc. Cambridge, MA 02139 cmeiklejohn@basho.com March 6, 2014

  2. Outline of the talk ◮ Introduction ◮ Background ◮ Implementation ◮ Evaluation ◮ Future Work

  3. Introduction ◮ Goals of the project ◮ Goals of the talk ◮ Contributions ◮ Out of scope

  4. Goals of the project ◮ Distributed data structures (RICON West, 2012) ◮ Explore applicability of code extraction from Coq ◮ Attempt to provide an alternative to rigorous testing ◮ Prevent flaws in building QuickCheck models

  5. Goals of the talk ◮ Introduction to Coq ◮ Introduction to Core Erlang ◮ Introduction of vector clocks ◮ Overall experience report of implementation

  6. Contributions ◮ Coq model providing vector clock implementation ◮ Extracted Erlang model from the Coq proof assistant ◮ Erlang glue-code support module ◮ Detailed experience report ◮ Rebar extension

  7. Out of scope ◮ Verification of the actual model ◮ Proofs, theorems, lemmas, axioms, etc... ◮ Efficiency

  8. Background ◮ Coq ◮ Core Erlang ◮ verlang ◮ Vector clocks

  9. Coq ◮ Interactive theorem prover ◮ Dependently typed programming language ◮ Code extraction; Scheme, Haskell, OCaml, Core Erlang

  10. Example Coq Inductive Data Type Inductive nat : Type := | O : nat | S : nat nat.

  11. Example Coq Function Fixpoint ble nat (n m : nat) {struct n} : bool := match n with | O => true | S n => match m with | O => false | S m => ble nat n m end end.

  12. Core Erlang ◮ Intermediate representation of Erlang ◮ Designed for programatic manipulation ◮ Simple grammar ◮ c ( module name , [ to core ]) , c ( module name , [ from core ]) .

  13. Example Core Erlang Function ’ble_nat’/2 = fun (_n, _m) -> case _n of ’O’ when ’true’ -> ’True’ {’S’, _n@} when ’true’ -> case _m of ’O’ when ’true’ -> ’False’ {’S’, _m@} when ’true’ -> call ’vvclock’:’ble_nat’ ( _n@ , _m@ ) end end

  14. verlang ◮ Experimental extraction module for Coq ◮ Extracts to Core Erlang from MiniML ◮ Number of caveats

  15. verlang caveats ◮ Lack of module nesting ◮ No currying ◮ Intra- vs. inter-module calls ◮ receieve

  16. Vector clocks ◮ Method for reasoning about events in a distributed system. ◮ Identifying causal vs. concurrent events. ◮ List of pairs; made of up actors and operation counts. ◮ Structurally the same as version vectors; different semantics.

  17. Implementation ◮ Vector clocks in Coq ◮ Code extraction to Core Erlang ◮ Adapter layer

  18. Vector clocks in Coq ◮ Provide compatible API for use with Riak Core ◮ fresh, increment, equal, descends, merge, get counter, get timestamp, all nodes, prune

  19. Vector clocks in Coq Definition actor := nat. Definition count := nat. Definition timestamp := nat. Definition clock := prod actor (prod count timestamp). Definition vclock := (list clock)%type.

  20. Vector clocks in Coq: increment Definition increment (actor : actor) (vclock : vclock) := match find (fun clock => match clock with | pair x _ => beq_nat actor x end) vclock with | None => cons (pair actor (pair init_count init_timestamp)) vclock | Some (pair x (pair count timestamp)) => cons (pair x (pair (incr_count count) (incr_timestamp timestamp))) (filter (fun clock => match clock with | pair x _ => negb (beq_nat actor x) end) vclock)

  21. Vector clocks in Coq: merge Definition max’ (vclock : vclock) (clock : clock) := match clock with | pair actor (pair count timestamp) => match find (fun clock => match clock with | pair x _ => beq_nat actor x end) vclock with | None => cons (pair actor (pair count timestamp)) vclock | Some (pair _ (pair y z)) => cons (pair actor (pair (max count y) (max timestamp z))) (filter (fun clock => match clock with | pair x _ => negb (beq_nat actor x) end) vclock) end end. Definition merge (vc1 vc2 : vclock) := fold_left max’ vc1 vc2.

  22. Vector clocks in Coq: prune Fixpoint prune’ (vclock : vclock) (small large : nat) (young old : timestamp) := match vclock with | nil => vclock | pair actor (pair count timestamp) :: clocks => match (ble_nat (length vclock) small) with | true => vclock | false => match (ble_nat timestamp young) with | true => vclock

  23. Vector clocks in Coq: descends Definition descends (vc1 vc2 : vclock) := match fold_left descends’ vc2 (pair true vc1) with | pair false _ => false | pair true _ => true end.

  24. Code extraction to Core Erlang ◮ Missing data constructors ◮ Incorrectly qualified calls ◮ Lack of currying

  25. Missing data constructors ’fresh’/0 = fun () -> []

  26. Incorrectly qualified calls call ’vvclock.VVClock’:’ble_nat’ ( _actor , _a )

  27. Missing arity ’descends’/2 = fun (_vc1, _vc2) -> case call ’Coq.Lists.List’:’fold_left’ ( ’descends@’ , _vc2 , { ’Pair’ , ’True’ , _vc1 } ) of

  28. Lack of currying Definition find’’ (actor : actor) := fun clock : clock => match clock with | pair x _ => negb (beq_nat actor x) end. ’find@’/2 = fun (_actor, _clock) -> case _clock of { ’Pair’ , _c , _x } when ’true’ -> call ’Coq.Arith.EqNat’:’beq_nat’ ( _actor , _c ) end

  29. Adapter layer ◮ Type conversions ◮ Timestamps; model as Peano numbers ◮ Actors; model as Peano numbers or Strings ◮ Environment variables ◮ API normalization ◮ Circular dependencies

  30. Type conversions natural_to_peano(0) -> ’O’; natural_to_peano(Natural) -> {’S’, natural_to_peano(Natural - 1)}. peano_to_natural(’O’) -> 0; peano_to_natural({’S’, Peano}) -> 1 + Peano.

  31. Type conversions equal(VClock1, VClock2) -> case vvclock:equal(VClock1, VClock2) of ’True’ -> true; ’False’ -> false end. descends(VClock1, VClock2) -> case vvclock:descends(VClock1, VClock2) of ’True’ -> true; ’False’ -> false end.

  32. Timestamps timestamp() -> calendar:datetime_to_gregorian_seconds(erlang:universaltime()). peano_timestamp() -> term_to_peano(timestamp()).

  33. Actors Inductive string : Set := | EmptyString : string | String : ascii -> string -> string. Definition zero := Ascii false false false false false false false false.

  34. Environment variables prune(VClock, _Timestamp, BProps) -> Old = term_to_peano(get_property(old_vclock, BProps)), Young = term_to_peano(get_property(young_vclock, BProps)), Large = term_to_peano(get_property(large_vclock, BProps)), Small = term_to_peano(get_property(small_vclock, BProps)), vvclock:prune(VClock, Small, Large, Young, Old).

  35. API normalization merge([VClock1,VClock2|VClocks]) -> merge([vvclock:merge(VClock1, VClock2)|VClocks]); merge([VClock]) -> VClock; merge([]) -> []. increment(Actor, VClock) -> vvclock:increment(term_to_peano(Actor), VClock).

  36. Circular dependencies %% Call into vvclock.core from vclock.erl increment(Actor, VClock) -> vvclock:increment(term_to_peano(Actor), VClock). %% Calls back out to vclock for Riak/Erlang specifics ’init_timestamp’/0 = fun () -> call ’vclock’:’peano_timestamp’ ()

  37. Evaluation ◮ Passing test suite ◮ Performance problems ◮ Inefficient implementations ◮ Use of naturals, strings or other inductive types ◮ Testability; type conversion to/from

  38. Future Work ◮ Fixing bugs in verlang ◮ Explore other applications; CRDTs ◮ Adapter layer; performance, testability ◮ QuickCheck or PropEr integration

  39. Thanks! ◮ Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lamport Clocks Doug Woos Logistics notes Problem Set 1 due Friday Chandy-Lamport Snapshots

Lamport Clocks Doug Woos Logistics notes Problem Set 1 due Friday Chandy-Lamport Snapshots

Lamport Clocks Doug Woos Logistics notes Problem Set 1 due Friday Chandy-Lamport Snapshots thread up Today Lamport Clocks - Motivation - Basic ideas -Mutual exclusion - State machine replication Vector clocks Lamport Clocks Classic

743 views • 30 slides
Recall our discussion of time CS514: Intermediate Course Logical clocks: represent part of

Recall our discussion of time CS514: Intermediate Course Logical clocks: represent part of

Recall our discussion of time CS514: Intermediate Course Logical clocks: represent part of in Operating Systems relation, small overhead Vector clocks: accurately represent but more costly Professor Ken Birman Wall clocks:

388 views • 10 slides
Vector Clocks Collin J. Fidge, 1988. Timestamps in Message-Passing Systems That Preserve the

Vector Clocks Collin J. Fidge, 1988. Timestamps in Message-Passing Systems That Preserve the

Vector Clocks Collin J. Fidge, 1988. Timestamps in Message-Passing Systems That Preserve the Partial Order Order of events without global clock What happens when? event message time process A total order of events Lamport clocks 5 4 4

679 views • 20 slides
Clocks Some clocks use motion to mark their intervals Others clocks dont appear to

Clocks Some clocks use motion to mark their intervals Others clocks dont appear to

Clocks 1 Clocks 2 Observations About Clocks They divide time into uniform intervals The measure time by counting those intervals Clocks Some clocks use motion to mark their intervals Others clocks dont appear to involve motion

305 views • 3 slides
Important Lessons Lamport & vector clocks both give a logical timestamps Total

Important Lessons Lamport & vector clocks both give a logical timestamps Total

Important Lessons Lamport & vector clocks both give a logical timestamps Total ordering vs. causal ordering Other issues in coordinating node activities Exclusive access to resources/

150 views • 10 slides
Todays Topics Chapter 10. Clocks Physical Clocks. Synchronising physical clocks

Todays Topics Chapter 10. Clocks Physical Clocks. Synchronising physical clocks

Distributed Systems Lecture 3 1 Todays Topics Chapter 10. Clocks Physical Clocks. Synchronising physical clocks Logical Clocks Distributed Systems Lecture 3 2 What is time? What, then, is time? If no one asks me, I know

487 views • 22 slides
Question: Clocks Youre bouncing gently up and down at the end of a springboard, without

Question: Clocks Youre bouncing gently up and down at the end of a springboard, without

Clocks 1 Clocks 2 Question: Clocks Youre bouncing gently up and down at the end of a springboard, without leaving the boards surface. If you bounce harder, the time it takes for each bounce will become shorter become longer

501 views • 3 slides
Cold Atom Atom Clocks Clocks Cold Cold Atom Clocks and Fundamental Fundamental Tests Tests

Cold Atom Atom Clocks Clocks Cold Cold Atom Clocks and Fundamental Fundamental Tests Tests

Cold Atom Atom Clocks Clocks Cold Cold Atom Clocks and Fundamental Fundamental Tests Tests and and Fundamental Tests C. Salomon Laboratoire Kastler Brossel, Ecole Normale Suprieure, Paris

768 views • 38 slides
Numb3rs 11 2 10 3 The Chinese Remainder Theorem 9 4 8 5 7 6 Chiming Clocks Two clocks,

Numb3rs 11 2 10 3 The Chinese Remainder Theorem 9 4 8 5 7 6 Chiming Clocks Two clocks,

0 12 1 Numb3rs 11 2 10 3 The Chinese Remainder Theorem 9 4 8 5 7 6 Chiming Clocks Two clocks, with a hours and b hours on their dials 0 1 12 Say they both start at 0, and move one step every 2 11 10 3 minute 9 4 e.g.,

310 views • 13 slides
Real clocks: a toy model for non-locality luis j. garay Universidad Complutense de Madrid

Real clocks: a toy model for non-locality luis j. garay Universidad Complutense de Madrid

Real clocks: a toy model for non-locality luis j. garay Universidad Complutense de Madrid NORDITA, Stockholm Non-locality: Aspects and Consequences 29 June 2012 Contents Non-ideal clocks Good clocks Evolution Loss of

622 views • 20 slides
Gravitational Physics Physics Gravitational with with Optical Clocks Clocks in in Space

Gravitational Physics Physics Gravitational with with Optical Clocks Clocks in in Space

Workshop on an Optical Clock Mission in ESAs Cosmic Vision Program Dsseldorf 8. - 9. 3. 2007 Gravitational Physics Physics Gravitational with with Optical Clocks Clocks in in Space Space Optical S. Schiller S. Schiller Heinrich-

691 views • 31 slides
Distributed Systems events vs. physical clocks : time of day Assume no central time source

Distributed Systems events vs. physical clocks : time of day Assume no central time source

Logical clocks Assign sequence numbers to messages All cooperating processes can agree on order of Distributed Systems events vs. physical clocks : time of day Assume no central time source Logical Clocks Each system maintains its

74 views • 5 slides
Time, Clocks, and State Machine Replication Dan Ports, CSEP 552 Todays question How

Time, Clocks, and State Machine Replication Dan Ports, CSEP 552 Todays question How

Time, Clocks, and State Machine Replication Dan Ports, CSEP 552 Todays question How do we order events in a distributed system? physical clocks logical clocks snapshots (break) application: state machine replication

1.06k views • 80 slides
Clocks for 4.5G Radio Access Networks S E P T E M B E R 2 0 1 7 Complete Timing Portfolio

Clocks for 4.5G Radio Access Networks S E P T E M B E R 2 0 1 7 Complete Timing Portfolio

Clocks for 4.5G Radio Access Networks S E P T E M B E R 2 0 1 7 Complete Timing Portfolio Leader in high performance clocks and oscillators Frequency flexibility + ultra-low jitter Best-in-class integration single IC clock trees

430 views • 17 slides
NOW Handout Page 1 1 Styles of Vector Architectures Components of Vector Processor Vector

NOW Handout Page 1 1 Styles of Vector Architectures Components of Vector Processor Vector

Alternative Model:Vector Processing EECS 252 Graduate Computer Vector processors have high-level operations that work on linear arrays of numbers: "vectors" Architecture SCALAR VECTOR (1 operation) (N operations) Lec 10

327 views • 10 slides
Vector addition: The zero vector The D -vector whose entries are all zero is the zero vector ,

Vector addition: The zero vector The D -vector whose entries are all zero is the zero vector ,

Vector addition: The zero vector The D -vector whose entries are all zero is the zero vector , written 0 D or just 0 v + 0 = v Vector addition: Vector addition is associative and commutative I Associativity ( x + y ) + z = x + ( y + z ) I

476 views • 36 slides
Integrated Retail and Wholesale Power System Operation with Smart-Grid Functionality Project

Integrated Retail and Wholesale Power System Operation with Smart-Grid Functionality Project

Integrated Retail and Wholesale Power System Operation with Smart-Grid Functionality Project Update Report May 21, 2010 Chengrui Cai Outline: 1. Introduction to GridLab-D 2. GridLab-D structure 3. Climate Module 4. Metronome example 5.

403 views • 13 slides
1 CIPAA Act 2011 Bill Passed in Dewan Rakyat 2.4.2012 2 nd reading presently in

1 CIPAA Act 2011 Bill Passed in Dewan Rakyat 2.4.2012 2 nd reading presently in

1 CIPAA Act 2011 Bill Passed in Dewan Rakyat 2.4.2012 2 nd reading presently in Dewan Negara (formality) Then Royal Assent Then Gazette Then Binding Regulations from Minister Expect binding by end of Year 2

865 views • 73 slides
1 Background: Located in Cochrane, Alberta, Canada n Officially incorporated in 1994 n Rick

1 Background: Located in Cochrane, Alberta, Canada n Officially incorporated in 1994 n Rick

1 Background: Located in Cochrane, Alberta, Canada n Officially incorporated in 1994 n Rick Littlewood President & Founder n Dedicated to the Forage Export Industry n Designed & Manufactured over 86 Forage n Presses;

466 views • 27 slides
Powering the Future of Decentralized Systems and Applications Nuco networks connect multiple

Powering the Future of Decentralized Systems and Applications Nuco networks connect multiple

Powering the Future of Decentralized Systems and Applications Nuco networks connect multiple entities in an industry Nuco smart contracts facilitate automated industry processes SMART CONTRACT The infrastructure is built to scale and to

435 views • 15 slides
Tim ing Analysis in Presence of Supply Voltage and Tem perature Variations Benot Lasbouygues,

Tim ing Analysis in Presence of Supply Voltage and Tem perature Variations Benot Lasbouygues,

Tim ing Analysis in Presence of Supply Voltage and Tem perature Variations Benot Lasbouygues, Robin W ilson STMicroelectronics, Crolles France Nadine Azem ard, Philippe Maurine LI RMM, Montpellier France Motivation Delay is strongly

439 views • 18 slides
Formal Timing Analysis of Ethernet AVB for Industrial Automation 802.1Qav Meeting, Munich, Jan

Formal Timing Analysis of Ethernet AVB for Industrial Automation 802.1Qav Meeting, Munich, Jan

Formal Timing Analysis of Ethernet AVB for Industrial Automation 802.1Qav Meeting, Munich, Jan 16-20, 2012 Jonas Rox, Jonas Diemer, Rolf Ernst {rox|diemer}@ida.ing.tu-bs.de | January 16, 2012 Outline Introduction Formal Analysis Approach

836 views • 31 slides
Michelle Bachman NEFMC Staff, Habitat PDT Chair NEFMC January 30, 2018 Portsmouth, NH

Michelle Bachman NEFMC Staff, Habitat PDT Chair NEFMC January 30, 2018 Portsmouth, NH

7. HABITAT (Jan. 30 -31, 2018) M #5 Michelle Bachman NEFMC Staff, Habitat PDT Chair NEFMC January 30, 2018 Portsmouth, NH Upcoming wind leases NYSERDA areas for consideration off New York Call for information and nominations

478 views • 15 slides
Stephen | Currently designing at Yelp 1 Year in SF 2 Years remote 2012 2 Designers 2012 300+

Stephen | Currently designing at Yelp 1 Year in SF 2 Years remote 2012 2 Designers 2012 300+

Stephen | Currently designing at Yelp 1 Year in SF 2 Years remote 2012 2 Designers 2012 300+ Developers 50+ Project managers Yoni Allison iOS Android WWW Biz site Hi there! Yoni Allison iOS Android WWW Biz site 2012 State of

1.02k views • 66 slides

More recommend