inferring and asserting distributed system invariants
play

Inferring and Asserting Distributed System Invariants - PowerPoint PPT Presentation

Apr 22, 2023 •348 likes •943 views

Inferring and Asserting Distributed System Invariants https://bitbucket.org/bestchai/dinv Stewart Grant , Hendrik Cech , Ivan Beschastnikh University of British Columbia , University of Bamberg 1 Distributed Systems are pervasive

  1. Inferring and Asserting Distributed System Invariants https://bitbucket.org/bestchai/dinv Stewart Grant § , Hendrik Cech ¶ , Ivan Beschastnikh § University of British Columbia § , University of Bamberg ¶ 1

  2. Distributed Systems are pervasive ● Graph processing ● Stream processing ● Distributed databases ● Failure detectors ● Cluster schedulers ● Version control ● ML frameworks ● Blockchains ● KV stores ● ... 2

  3. Distributed Systems are Notoriously Difficult to Build ● Concurrency ● No Centralized Clock Partial Failure ● Network Variance ● 3

  4. Today’s state of the art (building robust dist. sys) Verification - [ (verification) IronFleet SOSP’15, VerdiPLDI’15, Chapar POPL’16, (modeling), Lamport et.al SIGOPS’02, Holtzman IEEE TSE’97 ] Bug Detection - [ MODIST NSDI’09, Demi NSDI’16, ] Runtime Checkers - [ D3S NSDI’18, ] Tracing - [ PivotTracing SOSP’15, XTrace NSDI’07, Dapper TR’10 , ] Log Analysis - [ ShiViz CACM ‘16 ] 5

  5. Today’s state of the art (building robust dist. sys) Verification - [ (verification) IronFleet SOSP’15, VerdiPLDI’15, Chapar POPL’16, (modeling), Lamport et.al SIGOPS’02, Holtzman IEEE TSE’97 ] ← R e q u i r e Bug Detection - [ MODIST NSDI’09, Demi NSDI’16, ] S p e c i f i c a t i o n s Runtime Checkers - [ D3S NSDI’18, ] Tracing - [ PivotTracing SOSP’15, XTrace NSDI’07, Dapper TR’10 , ] Log Analysis - [ ShiViz CACM ‘16 ] 6

  6. Little work has been done to infer distributed specs Some notable exceptions None of these can capture stateful properties like: ● CSight ICSE’14 ○ Communicatin finite state machines ● Partitioned Key Space (Memcached): Avenger SRDS’11 ● ○ ∀ nodes i,j keys_i != keys_j ○ Requires enormous manual effort ● Strong Leadership (raft) ● Udon ICSE’15 ○ ∀ followers i length(log_leader) >= Requires shared state ○ length(log_follower_i) 7

  7. Design goal: handle real distributed systems Wanted: distributed state invariants Make the fewest assumptions about the system as possible. N nodes ● ● Message passing ● Lossy, reorderable channels Joins and failures ● 8

  8. Goal: Infer key correctness and safety properties Mutual exclusion: Key Partitioning: ∀ nodes i, j keys_i != keys_j ∀ nodes i,j InCritical_i → ¬InCritical_j 9

  9. Goal: Infer key correctness and safety properties Mutual exclusion: Key Partitioning: ∀ nodes i, j keys_i != keys_j ∀ nodes i,j InCritical_i → ¬InCritical_j “Distributed State” 10

  10. Goal: Infer key correctness and safety properties Mutual exclusion: Key Partitioning: ∀ nodes i, j keys_i != keys_j ∀ nodes i,j InCritical_i → ¬InCritical_j “Distributed State” Running Example 11

  11. This talk: distributed invariants and Dinv ● Automatic distributed invariant inference (techniques & challenges) Runtime checking: distributed assertions ● ● Evaluation: 4 large scale distributed systems Static Analysis Dynamic Analysis 12

  12. Capturing Distributed State Automatically 1. Interprocedural Program Slicing 2. Logging Code Injection 13

  13. Capturing Distributed State Automatically 1. Interprocedural Program Slicing 2. Logging Code Injection 14

  14. Capturing Distributed State Automatically 1. Interprocedural Program Slicing 2. Logging Code Injection 15

  15. Capturing Distributed State Automatically 1. Interprocedural Program Slicing 2. Logging Code Injection 16

  16. Capturing Distributed State Automatically 1. Interprocedural Program Slicing 2. Logging Code Injection 17

  17. Capturing Distributed State Automatically 1. Interprocedural Program Slicing 2. Logging Code Injection 3. Vector Clock Injection 18

  18. Capturing Distributed State Automatically 1. Interprocedural Program Slicing 2. Logging Code Injection 3. Vector Clock Injection 19

  19. Capturing Distributed State Automatically 1. Interprocedural Program Slicing 2. Logging Code Injection 3. Vector Clock Injection 20

  20. Consistent Cuts / Ground States 1. Interprocedural Program Slicing 2. Logging Code Injection 3. Vector Clock Injection 21

  21. Consistent Cuts / Ground States ● Fast Forward 22

  22. Consistent Cuts / Ground States ● Fast Forward. 23

  23. Consistent Cuts / Ground States ● Fast Forward.. 24

  24. Consistent Cuts / Ground States ● Fast Forward... 25

  25. Consistent Cuts / Ground States ● Fast Forward…. 26

  26. Consistent Cuts / Ground States ● Fast Forward…... 27

  27. Consistent Cuts / Ground States ● Fast Forward……. 28

  28. Consistent Cuts / Ground States ● Fast Forward…….. 29

  29. Consistent Cuts / Ground States ● Green lines mark consistent cuts ○ No messages are in flight ○ Message sent but not received ● The red line is not a consistent cut ○ The ping sent by Node 0 happened before the pings receipt on node 1. 30

  30. Consistent Cuts / Ground States ● Huge number of consistent cuts 31

  31. Consistent Cuts / Ground States ● Huge number of consistent cuts ● Require sampling heuristic 32

  32. Consistent Cuts / Ground States ● Huge number of consistent cuts ● Require sampling heuristic ● Ground States: A consistent cut with no in flight messages 33

  33. Consistent Cuts / Ground States ● Huge number of consistent cuts ● Require sampling heuristic ● Ground States: A consistent cut with no in flight messages ● Dramatically collapses search space 34

  34. Consistent Cuts / Ground States ● Huge number of consistent cuts ● Require sampling heuristic ● Ground States: A consistent cut with no in flight messages ● Dramatically collapses search space Ground State sampling used exclusively in evaluation 35

  35. Reasoning About Global State: State Bucketing 37

  36. Reasoning About Global State: State Bucketing 38

  37. Reasoning About Global State: State Bucketing 39

  38. Reasoning About Global State: State Bucketing 40

  39. Reasoning About Global State: State Bucketing = 41

  40. Reasoning About Global State: State Bucketing 42

  41. Reasoning About Global State: State Bucketing 43

  42. Reasoning About Global State: State Bucketing 44

  43. Reasoning About Global State: State Bucketing 45

  44. Reasoning About Global State: State Bucketing 46

  45. Reasoning About Global State: State Bucketing 47

  46. Reasoning About Global State: State Bucketing 48

  47. Reasoning About Global State: State Bucketing 49

  48. Reasoning About Global State: State Bucketing ... Node_ 3 _InCritical == True “Likely” Invariants Node_ 2 _InCritical != Node_ 3 _InCritical Node_ 2 _InCritical == Node_ 1 _InCritical 50

  49. Distributed Asserts ● Distributed asserts enforce invariants at runtime 51

  50. Distributed Asserts ● Distributed asserts enforce invariants at runtime ● Snapshots are constructed using approximate synchrony 52

  51. Distributed Asserts ● Distributed asserts enforce invariants at runtime ● Snapshots are constructed using approximate synchrony 53

  52. Distributed Asserts ● Distributed asserts enforce invariants at runtime ● Snapshots are constructed using approximate synchrony ● Asserter constructs global state by aggregating snapshots 54

  53. Distributed Asserts ● Distributed asserts enforce invariants at runtime ● Snapshots are constructed using approximate synchrony ● Asserter constructs global state by aggregating snapshots 55

  54. Evaluated Systems Etcd: Key-Value store running Raft - 120K LOC Serf: large scale gossiping failure detector - 6.3K LOC Taipei-Torrent: Torrent engine written in Go - 5.8K LOC Groupcache: Memcached written in Go - 1.7K LOC 56

  55. Etcd ~ 120K Lines of Code System and Targeted property Dinv-inferred invariant Description Raft ∀ follower i , len(leader log) ≥ len( i ’s All appended log entries must be propagated Strong Leader principle log) by the leader Raft ∀ nodes i, j if i -log[ c ] = j -log[ c ] → ∀ ( x ≤ If two logs contain an entry with the same index Log matching c ), i -log[ x ] = j -log[ x ] and term, then the logs are identical on all previous entries. Raft If ∃ node i , s.t i leader, than ∀ j ≠ i, j If a leader exists, then all other nodes are Leader agreement follower followers. *Raft: In search of an understandable consensus algorithm, D.Ongaro et. al 57

  56. Etcd ~ 120K Lines of Code System and Targeted property Dinv-inferred invariant Description Raft ∀ follower i , len(leader log) ≥ len( i ’s All appended log entries must be propagated Strong Leader principle log) by the leader Raft ∀ nodes i, j if i -log[ c ] = j -log[ c ] → ∀ ( x ≤ If two logs contain an entry with the same index Log matching c ), i -log[ x ] = j -log[ x ] and term, then the logs are identical on all previous entries. Raft If ∃ node i , s.t i leader, than ∀ j ≠ i, j If a leader exists, then all other nodes are Leader agreement follower followers. Injected Bugs for each invariant caught with assertions *Raft: In search of an understandable consensus algorithm, D.Ongaro et. al 58

Recommend

Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely

Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely

Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely Program Invariants to Support Program Evolution 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich What is an Invariant? A

361 views • 22 slides
Daikon: Dynamic Analysis for Inferring Likely Invariants Reading:

Daikon: Dynamic Analysis for Inferring Likely Invariants Reading:

Daikon: Dynamic Analysis for Inferring Likely Invariants Reading:

650 views • 17 slides
Invariants in Distributed Algorithms Y. Annie Liu, Scott D. Stoller Computer Science Department

Invariants in Distributed Algorithms Y. Annie Liu, Scott D. Stoller Computer Science Department

Invariants in Distributed Algorithms Y. Annie Liu, Scott D. Stoller Computer Science Department Stony Brook University joint work with Saksham Chand, Bo Lin, and Xuetian Weng Distributed algorithms and correctness distributed systems:

773 views • 39 slides
Distributed Coordination What makes a system distributed? Time in a distributed system

Distributed Coordination What makes a system distributed? Time in a distributed system

CPSC-410/611: Operating Systems Distr Coord Distributed Coordination What makes a system distributed? Time in a distributed system How do we determine the global state of a distributed system? Event ordering Mutual exclusion

405 views • 12 slides
Course introduction Defining distributed system s A distributed system is one in which

Course introduction Defining distributed system s A distributed system is one in which

Distributed System s Fall 2 0 0 8 Course introduction Defining distributed system s A distributed system is one in which components located at networked computers communicate and coordinate their actions by passing messages. (Coulouris,

579 views • 42 slides
Proving and inferring invariants David Monniaux CNRS / VERIMAG Grenoble, France December 13,

Proving and inferring invariants David Monniaux CNRS / VERIMAG Grenoble, France December 13,

Proving and inferring invariants David Monniaux CNRS / VERIMAG Grenoble, France December 13, 2013 David Monniaux (CNRS / VERIMAG) Proving and inferring invariants December 13, 2013 1 / 54 Grenoble David Monniaux (CNRS / VERIMAG) Proving

956 views • 70 slides
Distributed Systems Just what is a Distributed System? Definitions "A Distributed System

Distributed Systems Just what is a Distributed System? Definitions "A Distributed System

Distributed Systems Just what is a Distributed System? Definitions "A Distributed System is one in which components located at networked computers communicate and coordinate their actions only by passing messages". [Coulouris,

800 views • 42 slides
Distributed Databases 1 19.1 Distributed Database System A distributed database system

Distributed Databases 1 19.1 Distributed Database System A distributed database system

Distributed Databases 1 19.1 Distributed Database System A distributed database system consists of loosely coupled sites that share no physical component Database systems that run on each site are independent of each other

761 views • 42 slides
Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a distributed Definitions implementation of a classical time-sharing model of a file Distributed system - A number of loosely coupled system. machines

997 views • 8 slides
Petri Net-Flavored Places An Advanced Transition System for Distributed Computing in Racket J

Petri Net-Flavored Places An Advanced Transition System for Distributed Computing in Racket J

Petri Net-Flavored Places An Advanced Transition System for Distributed Computing in Racket J orgen Brandt 2018-09-29 Software Engineering Petri Nets Visually understandable Defined semantics (properties, invariants, correctness)

493 views • 33 slides
Data Invariants, Abstraction and Refinement Liam OConnor University of Edinburgh LFCS (and

Data Invariants, Abstraction and Refinement Liam OConnor University of Edinburgh LFCS (and

Data Invariants and ADTs Validation Data Refinement Administrivia Software System Design and Implementation Data Invariants, Abstraction and Refinement Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Data Invariants

1.07k views • 68 slides
Inferring Autonomous System Relationships in the Internet Lixin Gao Motivation Routing

Inferring Autonomous System Relationships in the Internet Lixin Gao Motivation Routing

Inferring Autonomous System Relationships in the Internet Lixin Gao Motivation Routing policies are constrained by the contractual commercial agreements between administrative domains For example : AS sets policy so that it does not

558 views • 23 slides
Inferring Temporal System Properties Samuel Huang, joint work with Rance Cleaveland University of

Inferring Temporal System Properties Samuel Huang, joint work with Rance Cleaveland University of

Inferring Temporal System Properties Samuel Huang, joint work with Rance Cleaveland University of Maryland, College Park April 28th, 2011 Samuel Huang, joint work with Rance Cleaveland Inferring Temporal System Properties Model Checking

340 views • 19 slides
Distributed Databases Distributed database management system A distributed database (DDB) is

Distributed Databases Distributed database management system A distributed database (DDB) is

Distributed Databases Distributed database management system A distributed database (DDB) is a collection of multiple, logically interrelated databases distributed over a computer network. A distributed database management system

444 views • 10 slides
On Inferring and Characterizing On Inferring and Characterizing Internet Routing Policies

On Inferring and Characterizing On Inferring and Characterizing Internet Routing Policies

On Inferring and Characterizing On Inferring and Characterizing Internet Routing Policies Internet Routing Policies Feng Wang Lixin Gao Department of Electrical and Computer Engineering University of Massachusetts, Amherst MA 01002, USA 1

450 views • 18 slides
Mining Invariants from Logs for System Problem Detection Jian-Guang LOU, Qiang FU Software

Mining Invariants from Logs for System Problem Detection Jian-Guang LOU, Qiang FU Software

Mining Invariants from Logs for System Problem Detection Jian-Guang LOU, Qiang FU Software Analytics Microsoft Research Asia Background Many systems produce log messages for trouble-shooting. Logs usually record important system actions

706 views • 31 slides
R.A.I.D.F.S Randomized Aggregation Independent Distributed File System P2P Distributed File

R.A.I.D.F.S Randomized Aggregation Independent Distributed File System P2P Distributed File

R.A.I.D.F.S Randomized Aggregation Independent Distributed File System P2P Distributed File System with an API for Map-Reduce Integration Sven Reber, Jrmy Gotteland, David Froelicher, Alban Marguet, Pascal Cudr, Valrian Pittet Context

253 views • 21 slides
Regions and Permissions for Data Invariants Romain Bardou and Claude March e Septembre 2009

Regions and Permissions for Data Invariants Romain Bardou and Claude March e Septembre 2009

Regions and Permissions for Data Invariants Romain Bardou and Claude March e Septembre 2009 Regions and Permissions for Data Invariants 1 / 1 Motivation preservation of data invariants in pointer programs ownership system of Spec#

301 views • 29 slides
Distributed Systems Thierry Sans What is a distributed system? Cooperating processes in a

Distributed Systems Thierry Sans What is a distributed system? Cooperating processes in a

Distributed Systems Thierry Sans What is a distributed system? Cooperating processes in a computer network "A distributed system is one where I cant do work because some machine Ive never heard of isnt working!" Leslie

838 views • 28 slides
Distributed Systems [COMP9243] What is a distributed system? Session 1, 2018 Andrew Tannenbaum

Distributed Systems [COMP9243] What is a distributed system? Session 1, 2018 Andrew Tannenbaum

D ISTRIBUTED S YSTEMS Distributed Systems [COMP9243] What is a distributed system? Session 1, 2018 Andrew Tannenbaum defines it as follows: A distributed system is a collection of independent computers that appear to its users as a single

243 views • 10 slides
Hadoop Distributed File System (HDFS) 10/05/2018 1 HDFS Overview A distributed file system

Hadoop Distributed File System (HDFS) 10/05/2018 1 HDFS Overview A distributed file system

Hadoop Distributed File System (HDFS) 10/05/2018 1 HDFS Overview A distributed file system Built on the architecture of Google File System (GS) Shares a similar architecture to many other common distributed storage engines such as Amazon

1.72k views • 34 slides
from Functional Data-Parallel Programs Inferring data distributions using types Tristan

from Functional Data-Parallel Programs Inferring data distributions using types Tristan

Synthesizing MPI Implementations from Functional Data-Parallel Programs Inferring data distributions using types Tristan Aubrey-Jones Bernd Fischer People need to program distributed memory architectures: GPUs Server farms/compute clusters

364 views • 32 slides
Inferring Networked System Models from Behavior Traces Ivan Beschastnikh Yuriy Brun Michael D.

Inferring Networked System Models from Behavior Traces Ivan Beschastnikh Yuriy Brun Michael D.

Inferring Networked System Models from Behavior Traces Ivan Beschastnikh Yuriy Brun Michael D. Ernst Arvind Krishnamurthy University of Washington U. Mass. Amherst Thomas E. Anderson Motivating question A developer often asks.. Why does

600 views • 10 slides
Hadoop Distributed File System (HDFS) 1 HDFS Overview A distributed file system Built on the

Hadoop Distributed File System (HDFS) 1 HDFS Overview A distributed file system Built on the

Hadoop Distributed File System (HDFS) 1 HDFS Overview A distributed file system Built on the architecture of Google File System (GFS) Shares a similar architecture to many other common distributed storage engines such as Amazon S3 and

597 views • 34 slides

More recommend