argosy verifying layered storage systems with recovery
play

Argosy: Verifying layered storage systems with recovery refinement - PowerPoint PPT Presentation

Jan 30, 2023 •320 likes •1.08k views

Argosy: Verifying layered storage systems with recovery refinement Tej Chajed , Joseph Tassarotti, Frans Kaashoek, Nickolai Zeldovich MIT logical disk disk 1 disk 2 Bob writes a replication system 2 logical disk write 1 write 2 disk 1 disk

  1. Argosy: Verifying layered storage systems with recovery refinement Tej Chajed , Joseph Tassarotti, Frans Kaashoek, Nickolai Zeldovich MIT

  2. logical disk disk 1 disk 2 Bob writes a replication system � 2

  3. logical disk write 1 write 2 disk 1 disk 2 Bob writes a replication system � 2

  4. logical disk write 1 disk 1 disk 2 Bob writes a replication system � 3

  5. ? logical disk write 1 disk 1 disk 2 Bob writes a replication system � 3

  6. ? logical disk write 1 rep_recover disk 1 disk 2 Bob writes a replication system and implements its recovery procedure � 3

  7. ? logical disk write 1 rep_recover recovery restores invariants disk 1 disk 2 Bob writes a replication system and implements its recovery procedure � 3

  8. Bob is careful and writes a 
 machine-checked proof of correctness Disk interface replication read and write are atomic if you run rep_recover after every crash read rep_recover write Two-disk interface � 4

  9. Transactions write-ahead logging … log_recover Disk interface � 5

  10. Transactions write-ahead logging ops are atomic if you run log _recover after every crash … log_recover Disk interface � 5

  11. Transactions write-ahead log logging + ? replication Disk interface replication Two-disk interface � 6

  12. Transactions write-ahead log logging + ? replication Disk interface rep_recover ; log_recover replication Two-disk interface � 6

  13. Challenge: crashes during composed recovery rep_recover under crashes under crashes log_recover how do we prove correctness rep_recover ; log_recover ? under crashes using the existing proofs? � 7

  14. Prior work cannot handle multiple recovery procedures CHL [SOSP ’15] not modular write-ahead log Yggdrasil [OSDI ’16] single recovery replication restricted recovery Flashix [SCP ’16] procedures � 8

  15. Argosy supports modular recovery proofs Transactions developer proves write-ahead log Disk interface replication developer proves Two-disk interface � 9

  16. Argosy supports modular recovery proofs Transactions Argosy write-ahead log proves logging + Disk interface replication replication Two-disk interface � 9

  17. Contributions Recovery refinement for modular proofs � 10

  18. Contributions Recovery refinement for modular proofs CHL for proving recovery refinement see paper Verified example: logging + replication see paper � 10

  19. Contributions Recovery refinement for modular proofs CHL for proving recovery refinement see paper Verified example: logging + replication see paper Machine-checked proofs in Coq see code � 10

  20. Preview: recovery refinement Disk interface 1. Normal execution correctness 
 using refinement replication 2. Crash and recovery correctness 
 using recovery refinement Two-disk interface � 11

  21. Background Refinement � 12

  22. Background Disk interface replication Two-disk interface � 13

  23. Background Disk interface write replication write_impl Two-disk interface write 1 write 2 � 13

  24. Background Disk interface write replication write_impl Two-disk interface write 1 write 2 � 13

  25. Background Disk interface read write replication read_impl write_impl Two-disk interface write 1 write 2 read 1 read 2 � 13

  26. Background Disk interface read write correctness is based on how we use replication : run code using Disk interface on top of two disks replication code read read_impl read_impl write write_impl code_impl write_impl Two-disk interface write 1 write 2 read 1 read 2 � 13

  27. Background Correctness: trace inclusion Disk interface spec’s 
 code behaviors replication ⊇ running code’s code_impl behaviors Two-disk interface � 14

  28. Background Proving correctness with an abstraction relation spec state logical disk 1. developer provides 
 abstraction relation R R disk 1 disk 2 � 15

  29. Background Proving correctness with an abstraction relation spec state logical disk 1. developer provides 
 abstraction relation R R disk 1 write 1 write 2 disk 2 � 15

  30. Background Proving correctness with an abstraction relation spec state write logical disk 1. developer provides 
 abstraction relation R R 2. prove spec execution exists disk 1 write 1 write 2 disk 2 � 15

  31. Background Proving correctness with an abstraction relation spec state write logical disk 1. developer provides 
 abstraction relation R R R 2. prove spec execution exists 3. and abstraction relation is preserved disk 1 write 1 write 2 disk 2 � 15

  32. Recovery refinement � 16

  33. Disk interface read write replication read_impl write_impl Two-disk interface write 1 write 2 read 1 read 2 � 17

  34. Disk interface read write replication read_impl rep_recover write_impl Two-disk interface write 1 write 2 read 1 read 2 � 17

  35. Disk interface read write replication read_impl rep_recover write_impl Two-disk interface write 1 write 2 read 1 read 2 � 17

  36. Extending trace inclusion with recovery code ⊇ Disk interface code_impl replication specification for crash behavior Two-disk interface ⊇ crash & recovery behavior � 18

  37. Extending trace inclusion with recovery code ⊇ Disk interface code_impl replication crash semantics ? specification for crash behavior Two-disk interface ⊇ recovery semantics ? recover crash & recovery behavior � 18

  38. code ⊇ Disk interface one of these code_impl replication | | | := op 1 op 1 op 2 code … Two-disk interface ⊇ recovery semantics ? recover crash & recovery behavior � 19

  39. code ⊇ Disk interface code_impl replication | | | := op 1 op 1 op 2 code … Two-disk interface ⊇ recovery semantics ? recover crash & recovery behavior � 19

  40. code ⊇ Disk interface code_impl replication code Two-disk interface ⊇ code_impl recover � 20

  41. code ⊇ Disk interface code_impl replication code Two-disk interface ⊇ ⋆ code_impl recover recover zero-or-more iterations � 21

  42. code ⊇ Disk interface code_impl replication code Two-disk interface ⊇ ⋆ code_impl recover recover � 21

  43. Trace inclusion, with recovery code ⊇ Disk interface code_impl replication code Two-disk interface ⊇ ⋆ code_impl recover recover � 22

  44. Proving trace inclusion, with recovery ⋆ op1_impl op2_impl recover recover � 23

  45. Proving trace inclusion, with recovery ⋆ op1_impl op2_impl recover recover crash must occur during some operation � 23

  46. Proving trace inclusion, with recovery ⋆ op1_impl op2_impl recover recover � 23

  47. Proving trace inclusion, with recovery op 1 R R ⋆ op1_impl op2_impl recover recover � 23

  48. Proving trace inclusion, with recovery R ⋆ op2_impl recover recover � 23

  49. Proving trace inclusion, with recovery op 2 | R R ⋆ op2_impl recover recover � 23

  50. Recovery refinement non-crash execution crash and recovery execution | op op R R R R ⋆ op_impl recover recover op_impl � 24

  51. Recovery refinement non-crash execution crash and recovery execution | op op R R R R ⋆ op_impl recover recover op_impl Trace inclusion implies specification behavior ⊇ running code behavior � 24

  52. Composition theorem � 25

  53. Kleene algebra for transition relations expression op 1 op 2 op | ⋆ r � 26

  54. Kleene algebra for transition relations expression matching transitions op 1 op 2 op 1 op 2 op | op ⋆ r r r r … � 26

  55. Theorem: recovery refinements compose Transactions write-ahead log … log_recover If Disk interface replication … rep_recover Two-disk interface � 27

  56. Theorem: recovery refinements compose Transactions Transactions write-ahead log … log_recover logging + replication If then Disk interface … rep_recover; log_recover replication … rep_recover Two-disk interface Two-disk interface � 27

  57. Goal: prove composed recovery correct rep_recover under crashes under crashes log_recover rep_recover ; log_recover ? � 28

  58. Goal: prove composed recovery correct rep_recover rep under crashes log_recover under crashes log rep log ; ? � 29

  59. ⋆ rep rep ⋆ log log � 30

  60. ⋆ rep rep ⋆ log log ( ) ⋆ rep rep log rep log | � 30

  61. ⋆ rep rep ⋆ log log ( ) ⋆ rep rep log rep log | how to re-use recovery proofs here? � 30

  62. Using Kleene algebra for reasoning ( ) ⋆ rep rep log rep log | � 31

  63. Using Kleene algebra for reasoning ( ) ⋆ rep rep log rep log | after de-nesting ( p ∣ q ) ⋆ = p ⋆ ( qp ⋆ ) ⋆ � 31

  64. Using Kleene algebra for reasoning ( ) ⋆ rep rep log rep log | after de-nesting ( p ∣ q ) ⋆ = p ⋆ ( qp ⋆ ) ⋆ ⋆ ⋆ ⋆ ( ) = rep log rep rep log rep � 31

  65. Using Kleene algebra for reasoning ( ) ⋆ rep rep log rep log | after de-nesting ( p ∣ q ) ⋆ = p ⋆ ( qp ⋆ ) ⋆ ⋆ ⋆ ⋆ ( ) = rep log rep rep log rep ( pq ) ⋆ p = p ( qp ) ⋆ after sliding rep ( ⋆ ⋆ ) ⋆ = log rep rep rep log � 31

Recommend

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 10 November, 2017 1/34 Outline Motivation and related work Our approach

681 views • 34 slides
Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 09 March, 2017 Overview 1. Why we need a verified filesystem 2. Our approach

514 views • 29 slides
Layered Systems Software Design and Architectures Layered Systems BSD Unix Layered Architecture

Layered Systems Software Design and Architectures Layered Systems BSD Unix Layered Architecture

Software Design and Architectures 4 Software Architectures: Layered Systems Software Design and Architectures Layered Systems BSD Unix Layered Architecture lorem 1 examples examples patten ipsum 2 responsibilities dolor 3 communication

243 views • 10 slides
Lecture 4: Storage Management 1 / 57 Storage Management Administrivia Assignment 1 is due on

Lecture 4: Storage Management 1 / 57 Storage Management Administrivia Assignment 1 is due on

Storage Management Lecture 4: Storage Management 1 / 57 Storage Management Administrivia Assignment 1 is due on September 7th @ 11:59pm 2 / 57 Storage Management Layered Architecture Layered Architecture 3 / 57 Storage Management Layered

844 views • 57 slides
Green Bond Offer Argosy Property Limited 20 February 2019 www.argosy.co.nz Important

Green Bond Offer Argosy Property Limited 20 February 2019 www.argosy.co.nz Important

Green Bond Offer Argosy Property Limited 20 February 2019 www.argosy.co.nz Important Information and Disclaimer This presentation has been prepared by Argosy Property Limited (Argosy) . The details in this presentation provide general

323 views • 30 slides
Chapter 15: Recovery System Failure Classification Storage Structure Recovery and

Chapter 15: Recovery System Failure Classification Storage Structure Recovery and

' $ Chapter 15: Recovery System Failure Classification Storage Structure Recovery and Atomicity Log-Based Recovery Shadow Paging Recovery With Concurrent Transactions Buffer Management Failure with Loss of

375 views • 21 slides
Interim Results Presentation Argosy Property Limited 23 November 2016 www.argosy.co.nz Agenda

Interim Results Presentation Argosy Property Limited 23 November 2016 www.argosy.co.nz Agenda

Interim Results Presentation Argosy Property Limited 23 November 2016 www.argosy.co.nz Agenda Highlights Page 4 Financials Page 6 Strategy Overview Page 16 Leasing Update Page 24 Outlook Page 29 PRESENTED BY: Peter Mence CEO Dave

392 views • 36 slides
Lets Talk About Storage & Recovery Methods for Non-Volatile Memory OLTP Database Systems

Lets Talk About Storage & Recovery Methods for Non-Volatile Memory OLTP Database Systems

Lets Talk About Storage & Recovery Methods for Non-Volatile Memory OLTP Database Systems Andy Pavlo + Joy Arulraj Carnegie Mellon University Winter Winter 2013: 2013: Fir irst B t Blood lood Initial evaluation of existing DBMSs

536 views • 20 slides
FY19 Annual Results Presentation Argosy Property Limited 23 May 2019 www.argosy.co.nz AGENDA

FY19 Annual Results Presentation Argosy Property Limited 23 May 2019 www.argosy.co.nz AGENDA

FY19 Annual Results Presentation Argosy Property Limited 23 May 2019 www.argosy.co.nz AGENDA Highlights Page 4 Strategy / Portfolio Page 6 Financials Page 15 Leasing Update Page 24 Looking Ahead Page 28 PRESENTED BY: Peter Mence CEO

538 views • 36 slides
FY19 Interim Results Presentation Argosy Property Limited 20 November 2018 www.argosy.co.nz

FY19 Interim Results Presentation Argosy Property Limited 20 November 2018 www.argosy.co.nz

FY19 Interim Results Presentation Argosy Property Limited 20 November 2018 www.argosy.co.nz AGENDA Highlights Page 4 Strategy / Portfolio Page 6 Financials Page 13 Leasing Update Page 22 Looking Ahead Page 26 PRESENTED BY: Peter

455 views • 34 slides
Confluence of Layered Rewrite Systems Jean-Pierre Jouannaud Jiaxiang Liu and Mizuhito Ogawa 24th

Confluence of Layered Rewrite Systems Jean-Pierre Jouannaud Jiaxiang Liu and Mizuhito Ogawa 24th

Confluence of Layered Rewrite Systems Jean-Pierre Jouannaud Jiaxiang Liu and Mizuhito Ogawa 24th CSL, Berlin, September 6, 2015 Outline 1 Problem and Result 2 Layered rewrite systems 3 Sub-rewriting 4 Cyclic unification 5 Decreasing diagrams 6

437 views • 39 slides
Disk Storage Systems CloudPlus Ch2 Topics Disk Storage Systems Disk Types and

Disk Storage Systems CloudPlus Ch2 Topics Disk Storage Systems Disk Types and

Disk Storage Systems CloudPlus Ch2 Topics Disk Storage Systems Disk Types and Configurations RAID File Systems Rotational Media Disk storage Generic term used to describe storage where data is digitally recorded by

619 views • 37 slides
Verifying the Adaptation Behavior of Embedded Systems Klaus Schneider 1 Tobias Schuele 1 Mario

Verifying the Adaptation Behavior of Embedded Systems Klaus Schneider 1 Tobias Schuele 1 Mario

Introduction Modeling Adaptation Behavior Verifying Adaptation Behavior Tool Demonstration Summary and Conclusion Verifying the Adaptation Behavior of Embedded Systems Klaus Schneider 1 Tobias Schuele 1 Mario Trapp 2 1 Reactive Systems Group,

438 views • 14 slides
Recovery Theory Non-volatile storage tape, disk, which survive crashes. Stable storage

Recovery Theory Non-volatile storage tape, disk, which survive crashes. Stable storage

Storage Types Volatile storage main memory, which does not survive crashes. Recovery Theory Non-volatile storage tape, disk, which survive crashes. Stable storage information in stable storage is "never" lost.

698 views • 5 slides
Verifying Finality for Blockchain Systems Karl Palmskog Milos Gligoric Lucas Pe na

Verifying Finality for Blockchain Systems Karl Palmskog Milos Gligoric Lucas Pe na

Verifying Finality for Blockchain Systems Verifying Finality for Blockchain Systems Karl Palmskog Milos Gligoric Lucas Pe na Grigore Ro su The University of Texas at Austin University of Illinois at Urbana-Champaign

739 views • 30 slides
Evaluation of Dependable Layered Systems with a Fault Management Architecture Olivia Das, C.

Evaluation of Dependable Layered Systems with a Fault Management Architecture Olivia Das, C.

WADS Workshop at ICSE 2002 Woodside 1 Evaluation of Dependable Layered Systems with a Fault Management Architecture Olivia Das, C. Murray Woodside Dept. of Systems and Computer Engineering, Carleton University, Ottawa, Canada email:

444 views • 10 slides
The Architecture of an OS Monolithic Operating Systems Structure and Layered Processes

The Architecture of an OS Monolithic Operating Systems Structure and Layered Processes

The Architecture of an OS Monolithic Operating Systems Structure and Layered Processes Virtual Machine, Library, Exokernel Micro kernel and Client/Server Otto J. Anshus Hybrids University of Troms/Oslo 27.08.03 1

276 views • 8 slides
CIS 330: Applied Database Systems Lecture 31: Transactions and Recovery Alan Demers

CIS 330: Applied Database Systems Lecture 31: Transactions and Recovery Alan Demers

CIS 330: Applied Database Systems Lecture 31: Transactions and Recovery Alan Demers ademers@cs.cornell.edu (Last of) Three Topics 1. Storage and Indexing 2. Query Processing 3. Transaction Management Transactions v Concurrent execution

619 views • 24 slides
Exhaust Heat Recovery Systems Boiler Economizer Systems Gas & Diesel Cogeneration Systems

Exhaust Heat Recovery Systems Boiler Economizer Systems Gas & Diesel Cogeneration Systems

Exhaust Heat Recovery Systems Boiler Economizer Systems Gas & Diesel Cogeneration Systems Fume Incineration Systems Finned Tubing The Cain Industries Family of Heat Recovery Systems Manufacturing Waste Heat Transfer Products to

881 views • 21 slides
Exhaust Heat Recovery Systems Boiler Economizer Systems Gas & Diesel Cogeneration Systems

Exhaust Heat Recovery Systems Boiler Economizer Systems Gas & Diesel Cogeneration Systems

Exhaust Heat Recovery Systems Boiler Economizer Systems Gas & Diesel Cogeneration Systems Fume Incineration Systems Finned Tubing The Cain Industries Family of Heat Recovery Systems Manufacturing Waste Heat Transfer Products to

268 views • 13 slides
Recovery and Resilience: How to get Power Back to the Islands October 24, 2017 Hosted by Todd

Recovery and Resilience: How to get Power Back to the Islands October 24, 2017 Hosted by Todd

Energy Storage Technology Advancement Partnership (ESTAP) Webinar: Energy Storage Systems for Disaster Recovery and Resilience: How to get Power Back to the Islands October 24, 2017 Hosted by Todd Olinsky-Paul ESTAP Project Director Clean

936 views • 58 slides
Verifying distributed systems with unbounded channels egis Gascon & R Eric Madelaine

Verifying distributed systems with unbounded channels egis Gascon & R Eric Madelaine

Verifying distributed systems with unbounded channels egis Gascon & R Eric Madelaine INRIA Sophia Antipolis SAFA Workshop - September 23rd, 2009 egis Gascon & Verifying distributed systems with unbounded channels R Eric

601 views • 46 slides
Storage Systems Main Points Survey of physical storage

Storage Systems Main Points Survey of physical storage

Storage Systems Main Points Survey of physical storage hardware devices SRAM, DRAM, Flash, magne>c disk, tape File systems Useful abstrac>on

667 views • 62 slides
Storage Systems OSPP Chap 12 Main Points File systems Useful abstractions on top of

Storage Systems OSPP Chap 12 Main Points File systems Useful abstractions on top of

Storage Systems OSPP Chap 12 Main Points File systems Useful abstractions on top of physical devices Storage hardware characteristics Disks and flash memory File Systems Abstraction on top of persistent storage Magnetic

905 views • 25 slides

More recommend