teaching rigorous distributed systems with e ffj cient
play

Teaching Rigorous Distributed Systems With E ffj cient Model - PowerPoint PPT Presentation

Aug 29, 2023 •374 likes •1k views

Teaching Rigorous Distributed Systems With E ffj cient Model Checking Ellis Michael Doug Woos Thomas Anderson Michael D. Ernst Zachary Tatlock UW CSE 452 Course on distributed systems for undergraduates and 5th year Master's

  1. Teaching Rigorous Distributed Systems With E ffj cient 
 Model Checking Ellis Michael Doug Woos Thomas Anderson Michael D. Ernst Zachary Tatlock

  2. UW CSE 452 • Course on distributed systems for undergraduates and 5th year Master's students, enrollment grown to approximately 200 • Lab assignments building fault-tolerant, consistent distributed systems, based on assignments developed for MIT 6.824: 1. Exactly-once RPC 2. Primary-backup 3. Paxos-based state machine replication 4. Sharded key-value store 5. Distributed transactions using two-phase commit • Tests used for grading assignments given to students Goal: Tests which identify common bugs, provide timely feedback, and assist debugging to help students build systems to rigorous standards.

  3. Systems solution for teaching distributed systems

  4. Testing Distributed Systems is Di ffj cult p 1 p 2 p 3 p 4 p 5 • Simple Paxos bug: leader checks for quorum with matching values (rather than proposal numbers). • Finding such a bug is di ffj cult with current tools. • This false quorum bug could be CHOSEN caused by a fundamental misunderstanding . CHOSEN

  5. "Just 3 days before the deadline of the project, my partner and I discovered that our Paxos failed 1 of 100,000 tests . …We realized that the bug comes from our optimization of duplicate request detection before putting request on the Paxos operation log. … We needed to rewrite fj fty percent of the whole project but we did not give up. Finally, after 30 hours of work in 2 days, we fj xed the design fm aw and eliminated the bug. We were so excited that we started to dance in the lab. ” – CSE 452 Student

  6. Checking Correctness • Execution-based testing is insu ffj cient; can miss bugs unlikely to occur based on timing. • Manual review does not scale or provide feedback quickly enough. • Formal veri fj cation is di ffj cult and time-consuming, not approachable for students.

  7. Checking Correctness: Model Checking • Researchers and practitioners use model checking to validate protocols and software, systematically searching through possible executions. • Some speci fj cation languages are di ffj cult to learn, do not produce runnable code. • Naïve methods do not scale well, fail to fj nd rare bugs quickly and reliably.

  8. DSLabs A framework for creating distributed systems labs and test suites … capable of fj nding common bugs in students' implementations quickly and reliably … using a widely-used programming language (Java) and easily-learned tools … that helps students write correct , e ffj cient , runnable code … and understand errors when they do arise.

  9. The Rest of This Talk 1. The DSLabs programming model 2. Model checking strategies and optimizations 3. Understandability and Oddity visual debugger 4. Experiences

  10. DSLabs Programming Model • A distributed system consists of a set of nodes which communicate over an asynchronous network , working together to run a protocol. • Nodes are I/O automata; they run as single-threaded event loops. • Nodes are split between client and server nodes.

  11. 
 DSLabs Programming Model • A distributed system consists of a set of nodes which communicate over an asynchronous network , working together to run a 1: init() protocol. 2: loop 
 3: e <- rcv_timer() || 
 • Nodes are I/O automata; they { 
 rcv_msg() 
 foo: 42, 
 run as single-threaded event bar: "towel" 
 4: update_state( e ) 
 loops. } 5: send_msgs() 
 • Nodes are split between client 6: set_timers() 
 and server nodes. 7: endloop

  12. DSLabs Programming Model • A distributed system consists of a set of nodes which communicate over an asynchronous network , working together to run a protocol. • Nodes are I/O automata; they run as single-threaded event loops. • Nodes are split between client and server nodes.

  13. DSLabs Programming Model • A distributed system consists of a set of nodes which communicate over an asynchronous network , working together to run a protocol. • Nodes are I/O automata; they run as single-threaded event loops. • Nodes are split between client and server nodes.

  14. DSLabs Programming Model • A distributed system consists of a set of nodes which communicate over an asynchronous network , working together to run a protocol. • Nodes are I/O automata; they run as single-threaded event interface Client { loops. void sendCommand(Command command); • Nodes are split between client boolean hasResult(); and server nodes. Result getResult(); }

  15. DSLabs Programming Model • A distributed system consists of a set of nodes which communicate over an asynchronous network , working together to run a protocol. • Nodes are I/O automata ; they run as single-threaded event loops. • Nodes are split between client and server nodes.

  16. Programming Model Bene fj ts • Isolates concurrency to coarsest possible granularity • Lets students focus on distributed protocols, avoiding issues such as deadlock within a node • Allows for model checking at the protocol level without signi fj cant modi fj cation or overhead

  17. Model Checking

  18. Model Checking

  19. Model Checking

  20. Model Checking

  21. Model Checking

  22. Model Checking

  23. Model Checking

  24. Model Checking

  25. Model Checking

  26. Outline 1. The DSLabs programming model 2. Model checking strategies and optimizations 3. Understandability and Oddity visual debugger 4. Experiences

  27. How can the model checker evaluate states of student implementations? What should the interface be between the tests and student implementations ?

  28. Black-Box • Tests can check end-to-end properties, nothing else • Allows maximum fm exibility during implementation • Doesn't allow checking more complicated properties, optimizations

  29. Black-Box Gray-Box White-box • Tests can check end-to- • Students implement • Message formats, and end properties, nothing limited, informational even internal data else interface structures de fj ned for students • Allows maximum • Allows enough • Allows for thorough, fm exibility during insight into state for implementation thorough checking incremental checking • Doesn't allow checking • Leaves most design • Solves design challenges more complicated decisions to students for students properties, optimizations • Couples tests to implementation

  30. Black-Box Gray-Box White-box • Tests can check end- • Students implement • Message formats, and to-end properties, limited, informational even internal data nothing else interface structures de fj ned for students • Allows maximum • Allows enough • Allows for thorough, fm exibility during insight into state for implementation thorough checking incremental checking • Doesn't allow • Leaves most design • Solves design checking more decisions to students challenges for complicated students properties, • Couples tests to optimizations implementation

  31. Black-Box Gray-Box White-box • Tests can check end- • Students implement • Message formats, and to-end properties, limited, informational even internal data nothing else interface structures de fj ned for students • Allows maximum • Allows enough • Allows for thorough, fm exibility during insight into state for implementation thorough checking incremental checking • Doesn't allow • Leaves most design • Solves design checking more decisions to students challenges for complicated students properties, • Couples tests to optimizations implementation

  32. Improving Model Checking Performance, Reliability Model checking faces state-space explosion problem. Strategies: 1. Pruning the search space 2. Punctuated search 3. Searching for progress

  33. Pruning the Search Space • Not all states are interesting. • We can prune uninteresting states, refusing to expand them during the search. • If we're interested in linearizability, we can safely ignore states in which clients have received all results.

  34. Pruning the Search Space • Not all states are interesting. • We can prune uninteresting states, refusing to expand them during the search. • If we're interested in linearizability, we can safely ignore states in which clients have received all results.

  35. Punctuated Search • BFS is limited primarily by the depth to which it can search. • First, the model checker fj nds a state matching an intermediate constraint . Then, resumes checking starting from the new state. • Repeatable, allows for scripting complex searches

  36. Punctuated Search • BFS is limited primarily by the depth to which it can search. • First, the model checker fj nds a state matching an intermediate constraint . Then, resumes checking starting from the new state. • Repeatable, allows for scripting complex searches

  37. Punctuated Search • BFS is limited primarily by the depth to which it can search. • First, the model checker fj nds a state matching an intermediate constraint . Then, resumes checking starting from the new state. • Repeatable, allows for scripting complex searches

  38. Punctuated Search • BFS is limited primarily by the depth to which it can search. • First, the model checker fj nds a state matching an intermediate constraint . Then, resumes checking starting from the new state. • Repeatable, allows for scripting complex searches

Recommend

Further Experience with Teaching Distributed Systems to Undergraduates Gregory M. Kapfhammer

Further Experience with Teaching Distributed Systems to Undergraduates Gregory M. Kapfhammer

Further Experience with Teaching Distributed Systems to Undergraduates Gregory M. Kapfhammer Department of Computer Science Allegheny College http : // cs . allegheny . edu / gkapfham / Further Experience with Teaching Distributed Systems to

165 views • 12 slides
Modular Reasoning for Actor Specification Diagrams Rigorous reasoning for open distributed

Modular Reasoning for Actor Specification Diagrams Rigorous reasoning for open distributed

Reasoning About Open Systems Project Collaboration with Agha, Mason, Smith, Talcott Modular Reasoning for Actor Specification Diagrams Rigorous reasoning for open distributed systems Scott F . Smith General multi-language framework

428 views • 10 slides
Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

5/17/2017 Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges scalability and performance apps require more resources than one computer has 13B. Distributed Systems: Communication grow

572 views • 7 slides
Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

5/19/2018 Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges scalability and performance apps require more resources than one computer has 13B. Distributed Systems: Communication grow

131 views • 9 slides
Teaching Parallel and Distributed Systems Programming for 4th year Computer Science and Other

Teaching Parallel and Distributed Systems Programming for 4th year Computer Science and Other

Chalenges Approach Techniques and tools Results Teaching Parallel and Distributed Systems Programming for 4th year Computer Science and Other Discipline Students Marcelo Arroyo Universidad Nacional de R o Cuarto Argentina 2013

78 views • 7 slides
Teaching Distributed Systems to Undergraduates: An Experience Report Gregory M. Kapfhammer

Teaching Distributed Systems to Undergraduates: An Experience Report Gregory M. Kapfhammer

Teaching Distributed Systems to Undergraduates: An Experience Report Gregory M. Kapfhammer (Geoffrey Arnold and Brian Zorman) Sixth Annual Jini Community Meeting Boston June 17-20, 2002 Presentation Outline Introduction

357 views • 18 slides
Distributed Systems Reasons for distributed systems Resource sharing sharing and

Distributed Systems Reasons for distributed systems Resource sharing sharing and

CSC 4103 - Operating Systems Motivation Spring 2007 Distributed system is collection of loosely coupled processors that do not share memory Lecture - XXII interconnected by a communications network Distributed Systems

477 views • 4 slides
Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a distributed Definitions implementation of a classical time-sharing model of a file Distributed system - A number of loosely coupled system. machines

997 views • 8 slides
Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp; Design , George Coulouris, et al. and Engineering Distributed Objects , Wolfgang Emmerich Outline What is a Distributed System? Examples of

565 views • 18 slides
Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp; Design , George Coulouris, et al. and Engineering Distributed Objects , Wolfgang Emmerich Outline What is a Distributed System? Examples of

961 views • 36 slides
Distributed Systems of distributed systems Types of Distributed Describe various

Distributed Systems of distributed systems Types of Distributed Describe various

Objectives/Outline (selected topics from chapter 16 &amp; 18) Objectives Outline Provide a high-level overview Introduction Distributed Systems of distributed systems Types of Distributed Describe various methods for

436 views • 9 slides
Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous

Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous

Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous lectures Distributed Storage Systems CAP Theorem Amazon Dynamo Cassandra 2 Today Distributed systems coordination Apache

1.57k views • 62 slides
Distributed Systems - III What about distributed systems? No common clock or memory

Distributed Systems - III What about distributed systems? No common clock or memory

CSC 4103 - Operating Systems Distributed Coordination Spring 2007 Ordering events and achieving synchronization in centralized systems is easier. Lecture - XXIV We can use common clock and memory Distributed Systems - III What

286 views • 4 slides
Towards a Theory of Formal Distributed Systems Why and how distributed systems can solve

Towards a Theory of Formal Distributed Systems Why and how distributed systems can solve

Towards a Theory of Formal Distributed Systems Why and how distributed systems can solve distributed problems ? Towards = immature or not ready for presenting Formal = unrealistic or useless Masafumi Yamashita (Kyushu Univ.) Table of

578 views • 33 slides
CSE 452 Distributed Systems Arvind Krishnamurthy Distributed Systems How to make a set of

CSE 452 Distributed Systems Arvind Krishnamurthy Distributed Systems How to make a set of

CSE 452 Distributed Systems Arvind Krishnamurthy Distributed Systems How to make a set of computers work together Correctly Efficiently At (huge) scale With high availability Despite messages being lost and/or taking a

779 views • 29 slides
CSE 452 Distributed Systems Tom Anderson Distributed Systems How to make a set of computers

CSE 452 Distributed Systems Tom Anderson Distributed Systems How to make a set of computers

CSE 452 Distributed Systems Tom Anderson Distributed Systems How to make a set of computers work together Reliably Efficiently At (huge) scale With high availability Despite messages being lost and/or taking a variable

833 views • 40 slides
The Network Operation Centre of a RREN: The Network Operation Centre of a RREN: Anella Cient

The Network Operation Centre of a RREN: The Network Operation Centre of a RREN: Anella Cient

The Network Operation Centre of a RREN: The Network Operation Centre of a RREN: Anella Cient Anella Cient fica fica Maria Isabel Ganda Carriedo Communications Area, Systems &amp; Networks Department, CESCA TF-NOC Preparation Meeting

731 views • 48 slides
Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems

Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems

Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems Data is distributed among many sources Ex. Distributed database systems Frequently utilize a centralized lookup server for addressing

500 views • 15 slides
WHAT WE TALK ABOUT WHEN WE TALK ABOUT DISTRIBUTED SYSTEMS ALVARO VIDELA DISTRIBUTED SYSTEMS

WHAT WE TALK ABOUT WHEN WE TALK ABOUT DISTRIBUTED SYSTEMS ALVARO VIDELA DISTRIBUTED SYSTEMS

WHAT WE TALK ABOUT WHEN WE TALK ABOUT DISTRIBUTED SYSTEMS ALVARO VIDELA DISTRIBUTED SYSTEMS FOR THE IKEA FAMILY ALVARO VIDELA HTTP://BIT.LY/DIST-SYS101 @HINTJENS DISTRIBUTED SYSTEMS A DISTRIBUTED SYSTEM IS ONE IN WHICH THE FAILURE

1.58k views • 118 slides
Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

5/20/2018 Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure sessions processes cannot

129 views • 9 slides
Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

5/27/2017 Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure Sessions processes cannot

253 views • 9 slides
Distributed Systems Time and Global States MISM 95-702 Distributed Systems

Distributed Systems Time and Global States MISM 95-702 Distributed Systems

Distributed Systems Time and Global States MISM 95-702 Distributed Systems 1 Learning Goals To understand: The challenge of time in a distributed system How to synchronize distributed clocks How you can

723 views • 47 slides
NFS Heterogeneous systems must be supported Different HW, OS, underlying file system

NFS Heterogeneous systems must be supported Different HW, OS, underlying file system

Distributed File Systems Distributed Systems Case Studies NFS AFS CODA DFS SMB CIFS Distributed File Systems Dfs WebDAV GFS Gmail -FS ? xFS Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted,

430 views • 19 slides
CSE 452 Distributed Systems Arvind Krishnamurthy Ellis Michael Distributed Systems How

CSE 452 Distributed Systems Arvind Krishnamurthy Ellis Michael Distributed Systems How

CSE 452 Distributed Systems Arvind Krishnamurthy Ellis Michael Distributed Systems How to make a set of computers work together Correctly Efficiently At (huge) scale With high availability Despite messages being lost

524 views • 24 slides

More recommend