verifying distributed programs via canonical
play

Verifying Distributed Programs via Canonical Sequentialization - PowerPoint PPT Presentation

Jun 14, 2023 •18 likes •808 views

Verifying Distributed Programs via Canonical Sequentialization Klaus von Gleissenthall Joint work with Alexander Bakst, Ranjit Jhala and Rami Gkhan Kc 1 Writing distributed programs A bug appears Issue: random hangs / deadlock in

  1. Verifying Distributed Programs via Canonical Sequentialization Klaus von Gleissenthall Joint work with Alexander Bakst, Ranjit Jhala and Rami Gökhan Kıcı 1

  2. Writing distributed programs A bug appears… Issue: random hangs / deadlock in mono

  3. Writing distributed programs … haunts you … occurs in about Issue: 10% of our runs random hangs / deadlock in mono

  4. Writing distributed programs … then you write some more code… moved to version 4.8.0.483.

  5. Writing distributed programs … and the bug disappears… yet to reproduce moved to the issue in 
 version 4.8.0.483. 4.8.0.483

  6. Writing distributed programs …leaving you hoping it stays gone. yet to reproduce moved to the issue in 
 version 4.8.0.483. 4.8.0.483 should be more confident in a few weeks

  7. A better world Can we catch all deadlocks during compile-edit cycle?

  8. A better world let’s fix it coord :: Transaction -> Int -> SymSet ProcessId -> Process () coord transaction n nodes = do fold query () nodes n_ <- fold countVotes 0 nodes if n == n_ then sent wrong forEach nodes commit () else response address forEach nodes abort () forEach nodes expect :: Ack unmatched where query () pid = do { me <- myPid; send pid (pid, transaction) } receive countVotes init nodes = do msg <- expect :: Vote case msg of Accept _ -> return (x + 1) Reject -> return x acceptor :: Process () acceptor = do me <- myPid (who, transaction) <- expect :: (ProcessId, Transaction) unmatched vote <- chooseVote transaction send send who vote check

  9. A better world A better world proof No deadlocks can occur! coord :: Transaction -> Int -> SymSet ProcessId -> Process () coord transaction n nodes = do fold query () nodes n_ <- fold countVotes 0 nodes if n == n_ then forEach nodes commit () else forEach nodes abort () forEach nodes expect :: Ack where query () pid = do { me <- myPid; send pid (me, transaction) } countVotes init nodes = do msg <- expect :: Vote case msg of Accept _ -> return (x + 1) Reject -> return x acceptor :: Process () acceptor = do me <- myPid (who, transaction) <- expect :: (ProcessId, Transaction) vote <- chooseVote transaction send who vote check

  10. This talk: Brisk Proves absence of deadlocks Provides counterexamples Fast enough for interactive use Restricted computation model

  11. Restricted computation model But Expressive Enough to Implement: - Work Stealing - Map Reduce - Distributed File System

  12. Outline The Problems The Key Idea The Implementation The Evaluation

  13. The Problems

  14. Example: Two phase commit (2PC) Goal: Commit Transaction to all nodes nodes coordinator

  15. Example: Two phase commit (2PC) Phase 1 depending on the value, votes to commit or abort data sends data

  16. Example: Two phase commit (2PC) Phase 1 depending on the value, votes to commit or abort commit commits if no one voted to abort commit commit aborts otherwise commit

  17. Example: Two phase commit (2PC) Phase 2 commits transaction commit sends decision to commit (or abort)

  18. Example: Two phase commit (2PC) Phase 2 send acknowledgement ACK done

  19. How to verify 2PC? Sends match receives? Does Implementation Deadlock?

  20. How to verify 2PC?

  21. How to verify 2PC? Problem: Asynchrony messages may travel at different speeds data commit processes execute at 
 different speeds commit Races trigger different behaviors commit

  22. How to verify 2PC? Problem: Unbounded Processes … … don’t know how many nodes at runtime

  23. How to verify 2PC? Testing? No guarantees Proofs? High user burden Model checking…? Infinite number of states

  24. Outline The Problems The Key Idea The Implementation The Evaluation

  25. Outline The Problems The Key Idea The Implementation The Evaluation

  26. The Key Idea Canonical Sequentialization

  27. Canonical Sequentialization Don’t enumerate execution orders… 1 ; 1 ; 2 2 3 3 … Reason about single representative execution

  28. Canonical Sequentialization Example 2PC 1. Sends 4. Send 3. Relay decision transaction it wants to 2. Send votes acknowledgments commit ; ; ; ; 1 1 1 1 ; ; ; ; ; ; ; ; ; 2 2 2 2 ; ; ; 3 3 3 3

  29. Canonical Sequentialization A Trickier Example Work stealing queue

  30. Work stealing queue workers perform tasks queue 1 coordinator assigns work collects results 2 3

  31. Work stealing queue idle workers ask for work queue assigns an 1 item 2 3 sends result to the coordinator compute results

  32. Sequentialized queue arbitrary who assigns task for sends it to worker picks computes to arbitrary each master result from writes result worker item set to result set 1 ; ; 1 ; ; ; 3 ; 1 ; 1 ; 3

  33. How can sequentialization help verify programs?

  34. How can sequentialization help verify programs? no sequentialization means likely compute its wrong canonical sequentialization use to implies same on simpler, prove deadlock halting sequential additional freedom states program properties

  35. Outline The Problems The Key Idea The Implementation The Evaluation

  36. Outline The Problems The Key Idea The Implementation The Evaluation

  37. The Implementation

  38. The Implementation 1. Restrict Computation Model 2. Sequentialize by Rewriting

  39. 1. Restrict Computation Model Symmetric Nondeterminism Races yield equivalent outcomes

  40. Symmetric Nondeterminism Example: Phase 1 of 2PC data coordinator sends transaction no race

  41. Symmetric Nondeterminism Example: Phase 1 of 2PC Send vote commit Race same outcome? commit processes are symmetric commit

  42. Symmetry Symmetry means invariant under invariance under not this one rotation transformation look at from above

  43. Symmetry In Distributed Systems [Norris and Dill 1996] Permuting Process Identifiers Yields equivalent halting states

  44. Symmetry Example: Phase 1 of 2PC Name the processes n1 Permuting n1 and n2 n2 equivalent halting states n3

  45. Symmetric Nondeterminism Example: Phase 1 of 2PC choose between picking n1 commit n1 and n2 (msg,id) <-recv; (commit,n1) pick n1 n2 commit did we lose any states? n3 commit

  46. Symmetric Nondeterminism Example: Phase 1 of 2PC No! n1 commit if we pick n2 (msg,id)<-recv; (commit,n1) (commit,n2) we can n2 commit permute ids to end up in same state so the n3 commit states have the same behavior

  47. How can we use symmetry to sequentialize?

  48. Symmetric Nondeterminism Example: Phase 1 of 2PC receive directly after sending data [Lipton75] coordinator sends transaction no race

  49. Symmetric Nondeterminism Example: Phase 1 of 2PC ; ; ;

  50. Symmetric Nondeterminism Example: Phase 1 of 2PC Send vote commit What Race now? processes commit are symmetric equivalent pick any! outcomes commit

  51. Symmetric Nondeterminism Example: Phase 1 of 2PC ; ; ;

  52. The Implementation 1. Restrict Computation Model 2. Sequentialize by Rewriting

  53. 2. Sequentialize by Rewriting (by example)

  54. 2. Sequentialize by Rewriting Example 1 send q ping v <- recv p; v <- ping ; q || w <- recv q send p pong p q p, q are in parallel

  55. 2. Sequentialize by Rewriting Example 1 Sequentialization v <- ping ; q || w <- recv q send p pong w <- pong p q p p, q are in parallel

  56. 2. Sequentialize by Rewriting Example 2 loop over set processes of symmetric processes for q in qs do v <- recv p; ∏ send q ping || send p pong w <- recv q q ∈ qs q end p p, qs={q1…qn} are in parallel

  57. 2. Sequentialize by Rewriting Example 2 Arbitrary Generalize iteration for q in qs do for q in qs do v <- recv p; ∏ v <- ping ; send q ping || q send p pong w <- pong w <- recv q q ∈ qs p q end end p p, qs={q1…qn} are in parallel

  58. 2. Sequentialize by Rewriting Example 3 two loops { for q in qs do send q ping end ∏ v <- recv p; || { for q in qs do q ∈ qs send p pong w <- recv qs q end p

  59. 2. Sequentialize by Rewriting Example 3 for q in qs do send q ping end for q in qs do ∏ v <- recv p; || for q in qs do v <- ping ; q ∈ qs send p pong q end w <- recv qs q end p

  60. 2. Sequentialize by Rewriting Example 3 partially for q in qs do sequentialized for q in qs do v <- ping ; q ; v <- ping ; q end end symmetric (checked) for q in qs do for q in qs do w <- pong ∏ p || send p pong w <- recv qs end q q ∈ qs end p

  61. The Implementation 1. Restrict Computation Model 2. Sequentialize by Rewriting

  62. Outline The Problems The Key Idea The Implementation The Evaluation

  63. Outline The Problems The Key Idea The Implementation The Evaluation

  64. The Evaluation

  65. The Evaluation computes canonical sequentialization Implemented in a Haskell library ; ; Brisk ; communication primitives like send / receive / foreach provides counterexample to sequentialization

Recommend

Verifying Safety and Accuracy of Approximate Parallel Programs via Canonical Sequentialization

Verifying Safety and Accuracy of Approximate Parallel Programs via Canonical Sequentialization

Verifying Safety and Accuracy of Approximate Parallel Programs via Canonical Sequentialization Vimuth Fernando , Keyur Joshi, Sasa Misailovic University of Illinois at Urbana-Champaign CCF-1629431 CCF-1703637 CCF-1846354 Compression

665 views • 63 slides
+ The HARPO Verifier Status 2018 October 15 Verifying the Correctness of HARPO Programs 1

+ The HARPO Verifier Status 2018 October 15 Verifying the Correctness of HARPO Programs 1

+ The HARPO Verifier Status 2018 October 15 Verifying the Correctness of HARPO Programs 1 Verifying the Correctness of HARPO Programs Presented at NECEC 2018, St. Johns NL Inaam Ahmed Computer Engineering Research Labs, Dept. ECE, MUN

492 views • 23 slides
Verifying distributed systems with unbounded channels egis Gascon &amp; R Eric Madelaine

Verifying distributed systems with unbounded channels egis Gascon &amp; R Eric Madelaine

Verifying distributed systems with unbounded channels egis Gascon &amp; R Eric Madelaine INRIA Sophia Antipolis SAFA Workshop - September 23rd, 2009 egis Gascon &amp; Verifying distributed systems with unbounded channels R Eric

601 views • 46 slides
Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems Analysis &amp; Verification Group

Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems Analysis &amp; Verification Group

Verifying Concurrent Programs (Tutorial) Aarti Gupta Systems Analysis &amp; Verification Group NEC Labs America, Princeton, USA www.nec-labs.com Tutorial: Verifying Concurrent Programs Oct 2011 Acknowledgements Malay Ganai, Vineet

982 views • 72 slides
Verifying functional correctness of message-passing programs in Coq Robbert Krebbers, TU Delft

Verifying functional correctness of message-passing programs in Coq Robbert Krebbers, TU Delft

Verifying functional correctness of message-passing programs in Coq Robbert Krebbers, TU Delft Joint work with Jonas Kastberg Hinrichsen, ITU Jesper Bengtson, ITU 4 June 2020 @ VEST Workshop, Online 1 Type checking message-passing programs

601 views • 25 slides
Building and verifying a quasi-certification entity over Distributed Hash Tables F. Kordon -

Building and verifying a quasi-certification entity over Distributed Hash Tables F. Kordon -

Building and verifying a quasi-certification entity over Distributed Hash Tables F. Kordon - Universit P. &amp; M. Curie - CC2016 Join work with X. Bonnaire, R. Cortes &amp; O. Marin UPMC (France), UFSM (Chile), NYUS (China)

648 views • 53 slides
Verifying Concurrent Programs Daniel Kroening 28 May 1 June 2012 Outline Shared-Variable

Verifying Concurrent Programs Daniel Kroening 28 May 1 June 2012 Outline Shared-Variable

Verifying Concurrent Programs Daniel Kroening 28 May 1 June 2012 Outline Shared-Variable Concurrency Predicate Abstraction for Concurrent Programs Boolean Programs with Bounded Replication Boolean Programs with Unbounded Replication D.

774 views • 50 slides
Verifying Asynchronous programs with nested locks K Narayan Kumar CMI, Chennai Joint work with

Verifying Asynchronous programs with nested locks K Narayan Kumar CMI, Chennai Joint work with

Verifying Asynchronous programs with nested locks K Narayan Kumar CMI, Chennai Joint work with M.F. Atig A. Bouajjani Prakash Saivasan Programs with Locks: A collection of processes executing concurrently. A finite set of Locks

1.82k views • 169 slides
The Benefits of Duality in Verifying Concurrent Programs under TSO Parosh Aziz Abdulla 1 Ahmed

The Benefits of Duality in Verifying Concurrent Programs under TSO Parosh Aziz Abdulla 1 Ahmed

The Benefits of Duality in Verifying Concurrent Programs under TSO Parosh Aziz Abdulla 1 Ahmed Bouajjani 2 Mohamed Faouzi Atig 1 Tuan Phong Ngo 1 1 Uppsala University 2 IRIF, Universit Paris Diderot &amp; IUF CONCUR 2016 1 Motivation

1.66k views • 118 slides
Verifying Concurrent Programs using Contracts Ricardo J. Dias, Carla Ferreira, Jan Fiedor, Jo

Verifying Concurrent Programs using Contracts Ricardo J. Dias, Carla Ferreira, Jan Fiedor, Jo

Verifying Concurrent Programs using Contracts Ricardo J. Dias, Carla Ferreira, Jan Fiedor, Jo ao M. Lourenc o, Ale s Smr cka, Diogo G. Sousa, Tom a s Vojnar Brno University of Technology (BUT) Universidade Nova de Lisboa (UNL)

1.54k views • 125 slides
VeriMAP A Tool for Verifying Programs through Transformations Emanuele De Angelis, Fabio

VeriMAP A Tool for Verifying Programs through Transformations Emanuele De Angelis, Fabio

VeriMAP A Tool for Verifying Programs through Transformations Emanuele De Angelis, Fabio Fioravanti, Alberto Pettorossi, and Maurizio Proietti University of Chieti Pescara G. dAnnunzio, University of Rome Tor Vergata, and

508 views • 18 slides
Verifying Safety of Fault-Tolerant Distributed Components R. Ameur-Boulifa (1) , R. Halalai (2) ,

Verifying Safety of Fault-Tolerant Distributed Components R. Ameur-Boulifa (1) , R. Halalai (2) ,

Verifying Safety of Fault-Tolerant Distributed Components R. Ameur-Boulifa (1) , R. Halalai (2) , L. Henrio (2) , E. Madelaine (2) (1) Telecom-ParisTech Sophia-Antipolis (2) Oasis team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis

750 views • 27 slides
Verifying Concurrent ML programs a research proposal Gergely Buday Eszterhzy Kroly

Verifying Concurrent ML programs a research proposal Gergely Buday Eszterhzy Kroly

Verifying Concurrent ML programs a research proposal Gergely Buday Eszterhzy Kroly University Gyngys, Hungary Synchron 2016 Bamberg December 2016 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

486 views • 25 slides
Verifying Array Manipulating Programs by Tiling Authors: Supratik Chakraborty, Ashutosh Gupta,

Verifying Array Manipulating Programs by Tiling Authors: Supratik Chakraborty, Ashutosh Gupta,

Verifying Array Manipulating Programs by Tiling Authors: Supratik Chakraborty, Ashutosh Gupta, Divyesh Unadkat R Venkatesh TCS Research December 11-16, 2017 Winter School in Software Engineering Pune, India Authors: Supratik Chakraborty,

1.04k views • 76 slides
Verifying the entire hardware of distributed real time systems W. Paul Universitt Saarbrcken

Verifying the entire hardware of distributed real time systems W. Paul Universitt Saarbrcken

Verifying the entire hardware of distributed real time systems W. Paul Universitt Saarbrcken wiss. Gesamtprojektleiter bmb+f Projekt Verisoft www.verisoft.de You all know how to design hardware... Hardware verification is the process

472 views • 44 slides
Verifying Numerical Programs via Iterative Abstract Testing Banghu Yin 1 Liqian Chen 1 Jiangchao

Verifying Numerical Programs via Iterative Abstract Testing Banghu Yin 1 Liqian Chen 1 Jiangchao

Verifying Numerical Programs via Iterative Abstract Testing Banghu Yin 1 Liqian Chen 1 Jiangchao Liu 1 Ji Wang 1 Patrick Cousot 2 1 National University of Defense Technology, Changsha, China 2 New York University, New York, USA SAS 2019@Porto,

563 views • 29 slides
Verifying Pointer Programs using Graph Grammars Christina Jansen, Joost-Pieter Katoen, Christoph

Verifying Pointer Programs using Graph Grammars Christina Jansen, Joost-Pieter Katoen, Christoph

Verifying Pointer Programs using Graph Grammars Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll Overview The Abstract Execution Approach Juggrnaut Abstract State Space Pointer-Program 1 1 l r l r completeness

547 views • 31 slides
Understanding and Verifying JavaScript Programs Philippa Gardner Imperial College London LFCS

Understanding and Verifying JavaScript Programs Philippa Gardner Imperial College London LFCS

Understanding and Verifying JavaScript Programs Philippa Gardner Imperial College London LFCS 30th Anniversary 1/31 JavaScript at Imperial Philippa Gardner Jos e Fragoso Santos Petar Maksimovi c Daiva Naud zi unien e Azalea

666 views • 54 slides
Understanding and Verifying JavaScript Programs Philippa Gardner Imperial College London LFCS

Understanding and Verifying JavaScript Programs Philippa Gardner Imperial College London LFCS

Understanding and Verifying JavaScript Programs Philippa Gardner Imperial College London LFCS 30th Anniversary 1/33 JavaScript at Imperial Philippa Gardner Jos e Fragoso Santos Petar Maksimovi c Daiva Naud zi unien e Azalea

446 views • 27 slides
Distributed Computing Programs that cooperate and communicate over a network E-mail

Distributed Computing Programs that cooperate and communicate over a network E-mail

CMSC 433 Programming Language Technologies and Paradigms Java RMI Distributed Computing Programs that cooperate and communicate over a network E-mail Web server and web client SETI @Home 2 1 Distributed Computing

565 views • 17 slides
Reduction Revisited: Verifying Round-Based Distributed Algorithms Stephan Merz INRIA Nancy &amp;

Reduction Revisited: Verifying Round-Based Distributed Algorithms Stephan Merz INRIA Nancy &amp;

Reduction Revisited: Verifying Round-Based Distributed Algorithms Stephan Merz INRIA Nancy &amp; LORIA joint work with Bernadette Charron-Bost, LIX &amp; CNRS MPC 2010 June 23, 2010 Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 1

576 views • 56 slides
Detecting Erroneous Assumptions when verifying software using SMT solvers David R. Cok Eastman

Detecting Erroneous Assumptions when verifying software using SMT solvers David R. Cok Eastman

Detecting Erroneous Assumptions when verifying software using SMT solvers David R. Cok Eastman Kodak Company Research Laboratories 14 July 2008 AFM 08 (Note: E-version distributed at CAV is the preliminary, not final version) Context

455 views • 44 slides
Canonical Typology Danny Hieber Hieber, Daniel W. 2011. Canonical Typology. Talk given to the

Canonical Typology Danny Hieber Hieber, Daniel W. 2011. Canonical Typology. Talk given to the

Canonical Typology Danny Hieber Hieber, Daniel W. 2011. Canonical Typology. Talk given to the Content Development 1 Department, Rosetta Stone, Harrisonburg, VA, Sept 2011. Outline 1. Overview of Typology 2. Overview of Canonical Typology 3.

647 views • 31 slides
Hierarchical Pointer Analysis for Distributed Programs Distributed Programs Amir Kamil and

Hierarchical Pointer Analysis for Distributed Programs Distributed Programs Amir Kamil and

Hierarchical Pointer Analysis for Distributed Programs Distributed Programs Amir Kamil and Katherine Yelick U.C. Berkeley A August 23, 2007 t 23 2007 1 Hierarchical Pointer Analysis Amir Kamil Background 2 Hierarchical Pointer Analysis

650 views • 41 slides

More recommend