FlyMC: Highly Scalable Testing of Complex Interleavings in Distributed Systems Jeffrey F. Lukman, Huan Ke, Cesar Stuardo, Riza Suminto, Daniar Kurniawan,

Slides:



Advertisements
Similar presentations
What is RAID Redundant Array of Independent Disks.
Advertisements

Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.
1 Chao Wang, Yu Yang*, Aarti Gupta, and Ganesh Gopalakrishnan* NEC Laboratories America, Princeton, NJ * University of Utah, Salt Lake City, UT Dynamic.
CS 542: Topics in Distributed Systems Diganta Goswami.
SDN + Storage.
 RAID stands for Redundant Array of Independent Disks  A system of arranging multiple disks for redundancy (or performance)  Term first coined in 1987.
The Case for Drill-Ready Cloud Computing Vision Paper Tanakorn Leesatapornwongsa and Haryadi S. Gunawi 1.
Garbage Collecting the World. --Bernard Lang, Christian and Jose Presented by Shikha Khanna coen 317 Date – May25’ 2005.
The SMART Way to Migrate Replicated Stateful Services Jacob R. Lorch, Atul Adya, Bill Bolosky, Ronnie Chaiken, John Douceur, Jon Howell Microsoft Research.
Effectively Model Checking Real-World Distributed Systems Junfeng Yang Joint work with Huayang Guo, Ming Wu, Lidong Zhou, Gang Hu, Lintao Zhang, Heming.
EEC 688/788 Secure and Dependable Computing Lecture 12 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Distributed Systems Fall 2010 Replication Fall 20105DV0203 Outline Group communication Fault-tolerant services –Passive and active replication Highly.
Distributed Systems Fall 2009 Replication Fall 20095DV0203 Outline Group communication Fault-tolerant services –Passive and active replication Highly.
What Bugs Live in the Cloud? A Study of Issues in Cloud Systems Authors: Haryadi S. Gunawi, Mingzhe Hao, Tanakorn Leesatapornwongsa, Tiratat Patana-anake,
Learning From Mistakes—A Comprehensive Study on Real World Concurrency Bug Characteristics Shan Lu, Soyeon Park, Eunsoo Seo and Yuanyuan Zhou Appeared.
What Bugs Live in the Cloud? A Study of Issues in Cloud Systems Jeffry Adityatama, Kurnia J. Eliazar, Agung Laksono, Jeffrey F. Lukman, Vincentius.
TRANSACTIONS AND CONCURRENCY CONTROL Sadhna Kumari.
Byzantine Fault Tolerance CS 425: Distributed Systems Fall Material drived from slides by I. Gupta and N.Vaidya.
Highly Available ACID Memory Vijayshankar Raman. Introduction §Why ACID memory? l non-database apps: want updates to critical data to be atomic and persistent.
Huayang Guo 1,2, Ming Wu 1, Lidong Zhou 1, Gang Hu 1,2, Junfeng Yang 2, Lintao Zhang 1 1 Microsoft Research Asia 2 Columbia University Practical Software.
Reliable Communication in the Presence of Failures Based on the paper by: Kenneth Birman and Thomas A. Joseph Cesar Talledo COEN 317 Fall 05.
Cloud Testing Haryadi Gunawi Towards thousands of failures and hundreds of specifications.
From Viewstamped Replication to BFT Barbara Liskov MIT CSAIL November 2007.
(C) 2003 Daniel SorinDuke Architecture Dynamic Verification of End-to-End Multiprocessor Invariants Daniel J. Sorin 1, Mark D. Hill 2, David A. Wood 2.
1 ZYZZYVA: SPECULATIVE BYZANTINE FAULT TOLERANCE R.Kotla, L. Alvisi, M. Dahlin, A. Clement and E. Wong U. T. Austin Best Paper Award at SOSP 2007.
S-Paxos: Eliminating the Leader Bottleneck
Precomputation- based Prefetching By James Schatz and Bashar Gharaibeh.
Tanakorn Leesatapornwongsa Haryadi S. Gunawi. ISSTA ’15 2 node1node2node3 TCP/UDP.
Speaker : Yu-Hui Chen Authors : Dinuka A. Soysa, Denis Guangyin Chen, Oscar C. Au, and Amine Bermak From : 2013 IEEE Symposium on Computational Intelligence.
1 Software Reliability in Wireless Sensor Networks (WSN) -Xiong Junjie
SOFTWARE TESTING LECTURE 9. OBSERVATIONS ABOUT TESTING “ Testing is the process of executing a program with the intention of finding errors. ” – Myers.
Tanakorn Leesatapornwongsa, Jeffrey F. Lukman, Shan Lu, Haryadi S. Gunawi.
BChain: High-Throughput BFT Protocols
Shuai Mu, Lamont Nelson, Wyatt Lloyd, Jinyang Li
Distributed Systems – Paxos
Alternative system models
Parallel Programming By J. H. Wang May 2, 2017.
Lecture 17: Leader Election
Parallel Algorithm Design
Understanding Real World Data Corruptions in Cloud Systems
View Change Protocols and Reconfiguration
Computer Simulation of Networks
Replication and Consistency
Lecture 7: Introduction to Distributed Computing.
Localizing the Delaunay Triangulation and its Parallel Implementation
Classifying Race Conditions in Web Applications
湖南大学-信息科学与工程学院-计算机与科学系
Concurrent Graph Exploration with Multiple Robots
Replication and Consistency
Generic and Automatic Address Configuration for Data Center Networks
Outline Announcements Fault Tolerance.
Principles of Computer Security
EEC 688/788 Secure and Dependable Computing
EEC 688/788 Secure and Dependable Computing
Fault-tolerance techniques RSM, Paxos
RAID Redundant Array of Inexpensive (Independent) Disks
From Viewstamped Replication to BFT
CSE 486/586 Distributed Systems Leader Election
Lecture 21: Replication Control
Fault-Tolerant State Machine Replication
Replicated state machine and Paxos
Hawk: Hybrid Datacenter Scheduling
Job-aware Scheduling in Eagle: Divide and Stick to Your Probes
View Change Protocols and Reconfiguration
Byzantine Fault-Tolerance
The SMART Way to Migrate Replicated Stateful Services
Cesar A. Stuardo, Tanakorn Leesatapornwongsa , Riza O
Lecture 21: Replication Control
CSE 486/586 Distributed Systems Reliable Multicast --- 2
Replication and Consistency
Presentation transcript:

FlyMC: Highly Scalable Testing of Complex Interleavings in Distributed Systems Jeffrey F. Lukman, Huan Ke, Cesar Stuardo, Riza Suminto, Daniar Kurniawan, Dikaimin Simon1, Satria Priambada2, Chen Tian3, Feng Ye3, Tanakorn Leesatapornwongsa4, Aarti Gupta5, Shan Lu, and Haryadi Gunawi 1 2 3 4 5

Distributed System Outages FlyMC @ EuroSys ’19 Distributed System Outages Distributed Concurrency Bug

Distributed Concurrency Bug FlyMC @ EuroSys ’19 Distributed Concurrency Bug Caused by non-deterministic timing of concurrent events involving multiple nodes Events: Messages, crashes, reboots, timeouts, local computations Data loss, downtimes, inconsistent replicas, hanging jobs, etc.

Let’s look at a simple dist. conc. bug pattern, Msg-Msg Race FlyMC @ EuroSys ’19 Let’s look at a simple dist. conc. bug pattern, Msg-Msg Race

Let’s look at a real complex bug, Paxos Msg-Msg Race FlyMC @ EuroSys ’19 Let’s look at a real complex bug, Paxos Msg-Msg Race Prepare #2 Commit #1 Prepare #3 Propose #2 race race 2 pairs!!! Workload 3 concurrent updates Red, blue, green

Another simple dist. conc. bug pattern, Msg-Fault Timing FlyMC @ EuroSys ’19 Another simple dist. conc. bug pattern, Msg-Fault Timing A B m1 m2 A B m1 m2

Let’s look at a real complex bug, Msg-Fault Timing FlyMC @ EuroSys ’19 Let’s look at a real complex bug, Msg-Fault Timing A B C 1. Nodes A, B, C start (w/ latest txid id-1) 2. B becomes leader 3. B crashes 4. C becomes leader 5. C commits new txid-value pair (id, X) 6. A crashes, before committing (id, X) 7. C loses quorum and C crashes 8. A and B are back online 9. A becomes leader 10. A's commits new txid-value pair (id, Y) 11. C is back online 12. C announces to B (id, X) 13. B replies the diff from tx 8 14. Inconsistency: A and B say “Y”, C says “X” F L F L x F L x L x x L F y y x L F y y x Result: Permanently inconsistent replicas L F

How to unearth these complex bugs? FlyMC @ EuroSys ’19 Msg-Fault Timing 1. Nodes A, B, C start (w/ latest txid id-1) 2. B becomes leader 3. B crashes 4. C becomes leader 5. C commits new txid-value pair (id, X) 6. A crashes, before committing (id, X) 7. C loses quorum and C crashes 8. A and B are back online 9. A becomes leader 10. A's commits new txid-value pair (id, Y) 11. C is back online 12. C announces to B (id, X) 13. B replies the diff from tx 8 14. Inconsistency: A and B say “Y”, C says “X” 1. Out-of-order messages 2. Multiple crashes Specific Order 3. Multiple reboots How to unearth these complex bugs? HAPPEN IN ANY ORDER Result: Permanently inconsistent replicas

Dev’s discussion on Dist. Conc. bugs FlyMC @ EuroSys ’19 Dev’s discussion on Dist. Conc. bugs “Do we have to rethink this entire [HBase] root and meta ’huh hah’? There isn’t a week going by without some new bugs about races between splitting and assignment [distributed protocols].” — HBase #4397 “That is one monster of a race!” — MapReduce #3274 “This has become quite messy, we didn’t foresee some of this [message races] during design, sigh.” — MapReduce #4819 It’s hard to unearth conc. bugs!

Unearth Dist. Conc. bugs? Key: Re-order events! FlyMC @ EuroSys ’19 Unearth Dist. Conc. bugs? Key: Re-order events! Software/Impl-Level Model Checking (Checker) Popular Checkers: MaceMC [NSDI’07] dBug [SSV’10] MoDist [NSDI’09] Demeter [SOSP’13] CrystalBall [NSDI’09] SAMC [OSDI’14], etc.

Here is how it works, Checker FlyMC @ EuroSys ’19 Here is how it works, Checker Intercept! Node 1 Node 2 Inflight messages: [a, b, c] [a, b, c, d] a enable (d) To-explore paths: b - abdc - bacd - acbd - badc - … c d Control Event Timing Checker

Checker Goal: Unearth buggy paths! Path/state-space explosion problem FlyMC @ EuroSys ’19 Checker In reality, millions/billions of paths 1. Nodes A, B, C start (w/ latest txid id-1) 2. B becomes leader 3. B crashes 4. C becomes leader 5. C commits new txid-value pair (id, X) 6. A crashes, before committing (id, X) 7. C loses quorum and C crashes 8. A and B are back online 9. A becomes leader 10. A's commits new txid-value pair (id, Y) 11. C is back online 12. C announces to B (id, X) 13. B replies the diff from tx 8 14. Inconsistency: A and B say “Y”, C says “X” 3 4 1 5 2 6 7 8 9 12 11 10 14 13 2 7 1 4 5 6 3 8 11 10 9 12 14 13 6 9 3 4 5 1 7 8 2 10 11 13 12 14 1 2 3 4 5 6 7 8 9 10 11 12 13 14 2 1 3 4 5 7 6 8 9 10 11 14 12 13 Path/state-space explosion problem Path #1 #2 #3 #4 #5 #… Specific order of events Goal: Unearth buggy paths!

Challenge Reduction Algorithms! Reduction algorithms! FlyMC @ EuroSys ’19 Challenge Reduction Algorithms! Reduction algorithms! #Paths To Evaluate By Each Checker ~100 of paths > millions of paths > millions of paths > millions of paths > millions of paths > millions of paths 12 paths ~500 paths ~20,000 paths ~2000 paths Complex workloads

Challenge Checker needs more advanced algorithms FlyMC @ EuroSys ’19 Challenge Path explosion problem prevails in complex workloads #Paths To Evaluate By Each Checker Checker needs more advanced algorithms The Paxos bug earlier…

Uniquely targeting dist. sys. FlyMC @ EuroSys ’19 FlyMC Fast, Scalable, and Systematic Software Model Checker Uniquely targeting dist. sys. Reduction Algorithms State Symmetry Reduce symmetrical state transitions paths Event Independence Detect pair of events with disjoint/commutative updates Supported by static analysis Prioritization Algorithm Parallel Flips Prioritize paths with multiple flips

FlyMC Results At least up to 78X, on avg 16X faster FlyMC @ EuroSys ’19 FlyMC Fast, Scalable, and Systematic Software Model Checker Integrated to 8 systems Results At least up to 78X, on avg 16X faster Unearth 10 new bugs

Outline Introduction Design Evaluation Conclusion State Symmetry FlyMC @ EuroSys ’19 Outline Introduction Design State Symmetry Event Independence Parallel Flips Evaluation Conclusion

Principles Goal: Quickly unearth conc. bugs Reduction Algorithm FlyMC @ EuroSys ’19 Principles Goal: Quickly unearth conc. bugs Reduction Algorithm Reduce redundant paths State Symmetry Event Independence

Communication Symmetry FlyMC @ EuroSys ’19 Communication Symmetry Reduce! k x y l k l x y x y k l Let’s reorder! Communication Symmetry is NOT effective when messages content are unique

Hence, reorder both paths FlyMC @ EuroSys ’19 A B A B k l x y y x l k k x y l l y x k Other way to reduce? No Comm. Symmetry Hence, reorder both paths

Reduce! State Symmetrical! k x y l l x y k (mirrored) A B A B A B 1 2 FlyMC @ EuroSys ’19 State Symmetrical! if node.v < msg.v { node.v = msg.v } (mirrored) A B A B A B 1 2 A B 1 2 v=1 k v=2 l x x y y l k k x y l l x y k Reduce!

State Symmetry is great, but … Still, many events to one node FlyMC @ EuroSys ’19 State Symmetry is great, but … Still, many events to one node A B C n o p m Reorder 4! paths How to reduce?

Let’s recap, Dependency vs Independency FlyMC @ EuroSys ’19 Let’s recap, Dependency vs Independency events a,b a,b s2 s1 s1 s2 global state b,a s3 b,a Reduce! a & b = Dependent a & b = Independent Independent = Reduce!

How to apply Event Independence to Dist. Sys.? FlyMC @ EuroSys ’19 How to apply Event Independence to Dist. Sys.? B B p1 To Explore To Explore r1 p1 cr1 r1 r1 r2 r3 cr1 p1 r1 cr1 r2 r1 r3 r2 cr1 p1 r1 r1 r3 r2 r1 r3 cr1 r1 p1 r2 r3 r1 r1 p1 cr1 r3 r1 r2 r1 cr1 p1 if r.resp { node.v++; } r3 r2 r1 All msgs update different node states Reduce! Reduce! Commutative updates Disjoint updates

Principles Goal: Quickly unearth complex conc. bugs FlyMC @ EuroSys ’19 Principles Goal: Quickly unearth complex conc. bugs Reduction Algorithm Reduce redundant paths State Symmetry Event Independence Prioritization Algorithm Prioritize paths to quickly discover new states Parallel Flips

wait 4! paths to hit the bug FlyMC @ EuroSys ’19 Single Flips: Suppose a2 a1 leads to , wait 4! paths to hit the bug

To quickly discover new states! FlyMC @ EuroSys ’19 Parallel Flips Yes: Parallel flips! And Prioritize! Conc. pairs of events? For Coverage, keep Single Flips paths in Lower Priority Queue Different nodes? To quickly discover new states!

FlyMC @ EuroSys ’19 More details in paper Q1: How static analysis extract event independence? A1: Compare pair of events’ readSet, updateSet, IOSet, and sendSet Q2: Challenges in developing FlyMC algorithms? A2: Avoid missing necessary paths and hanging path execution Q3: How to speed up path execution? A3: Implement Local Ordering Enforcement & State-Event Caching

Outline Introduction Design Evaluation Conclusion State Symmetry FlyMC @ EuroSys ’19 Outline Introduction Design State Symmetry Event Independence Parallel Flips Evaluation Conclusion

Complex workloads w/ tens of events, multiple crashes/reboots FlyMC @ EuroSys ’19 Unearthing Known Bugs Complex workloads w/ tens of events, multiple crashes/reboots

Unearthing Known Bugs Lower is Better! Systematic Hybrid MoDist DPOR* FlyMC @ EuroSys ’19 Unearthing Known Bugs Lower is Better! MoDist DPOR* SAMC^ FlyMC Bounded Random DPOR* Random DPOR* Bounded DPOR* Random [*] MoDist paper. NSDI 2007. [^] SAMC paper. OSDI 2014. Systematic Hybrid

FlyMC up to 78X, on avg16X faster FlyMC @ EuroSys ’19 MoDist DPOR SAMC FlyMC Bounded Random DPOR Random DPOR Bounded DPOR Random FlyMC up to 78X, on avg16X faster (at least!) Done exploring; can’t reproduce

Confirmed! 2 3 5 FlyMC Unearth New Bugs? Yes! FlyMC @ EuroSys ’19 FlyMC Unearth New Bugs? Yes! Check Recent Stable Systems 2 Confirmed! Cassandra 3 ZooKeeper 5 Proprietary (2 y.o.)

Still checking Paxos-3 Correctness … FlyMC @ EuroSys ’19 Conclusion Graduate Next Year! abcdef bcefda fdcabe Still checking Paxos-3 Correctness … White hair Without FlyMC With FlyMC http://ucare.cs.uchicago.edu Thank you! Questions? FlyMC, a fast, scalable, and systematic software model checker to quickly unearth complex dist. conc. bugs State Symmetry, Event Independency, Parallel Flips

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.