Using TLA+ for fun and profit in the development of Elasticsearch

Slides:



Advertisements
Similar presentations
How We Manage SaaS Infrastructure Knowledge Track
Advertisements

Concurrency: introduction1 ©Magee/Kramer 2 nd Edition Concurrency State Models and Java Programs Jeff Magee and Jeff Kramer.
Chapter 4 Quality Assurance in Context
Feature requests for Case Manager By Spar Nord Bank A/S IBM Insight 2014 Spar Nord Bank A/S1.
CS CS 5150 Software Engineering Lecture 13 System Architecture and Design 1.
PaperScope: Visually Exploring the ADS Mark Holliman VOTECH Web Developer University of Edinburgh ADASS XVII, London,
From 3 weeks to 30 minutes – a journey through the ups and downs of test automation.
©Ian Sommerville 1995 Software Engineering, 5th edition. Chapter 22Slide 1 Verification and Validation u Assuring that a software system meets a user's.
CSC 456 Operating Systems Seminar Presentation (11/13/2012) Leon Weingard, Liang Xin The Google File System.
1 Yolanda Gil Information Sciences InstituteJanuary 10, 2010 Requirements for caBIG Infrastructure to Support Semantic Workflows Yolanda.
Cloud Distributed Computing Environment Content of this lecture is primarily from the book “Hadoop, The Definite Guide 2/e)
Presented by CH.Anusha.  Apache Hadoop framework  HDFS and MapReduce  Hadoop distributed file system  JobTracker and TaskTracker  Apache Hadoop NextGen.
1 Lecture 19 Configuration Management Software Engineering.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 3 Slide 1 Software Processes l Coherent sets of activities for specifying, designing,
Runtime Refinement Checking of Concurrent Data Structures (the VYRD project) Serdar Tasiran Koç University, Istanbul, Turkey Shaz Qadeer Microsoft Research,
DATABASE MIRRORING  Mirroring is mainly implemented for increasing the database availability.  Is configured on a Database level.  Mainly involves two.
Resisting Denial-of-Service Attacks Using Overlay Networks Ju Wang Advisor: Andrew A. Chien Department of Computer Science and Engineering, University.
SUMA: A Scientific Metacomputer Cardinale, Yudith Figueira, Carlos Hernández, Emilio Baquero, Eduardo Berbín, Luis Bouza, Roberto Gamess, Eric García,
Introduction to Nutch CSCI 572: Information Retrieval and Search Engines Summer 2010.
Open Search Office Web Services Database Doc Mgt Sys Pipeline Index Geospatial Analysis Text Search Faceting Caching Query parsing Clustering Synonyms.
Chapter 14 Part II: Architectural Adaptation BY: AARON MCKAY.
CYBERINFRASTRUCTURE FOR THE GEOSCIENCES Data Replication Service Sandeep Chandra GEON Systems Group San Diego Supercomputer Center.
Event Data History David Adams BNL Atlas Software Week December 2001.
1 A Heuristic Approach Towards Solving the Software Clustering Problem ICSM03 Brian S. Mitchell /
Improving the Efficiency of Fault-Tolerant Distributed Shared-Memory Algorithms Eli Sadovnik and Steven Homberg Second Annual MIT PRIMES Conference, May.
VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wananga o te Upoko o te Ika a Maui SWEN 432 Advanced Database Design and Implementation MongoDB Architecture.
Serverless Network File Systems Overview by Joseph Thompson.
Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle.
Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.
CS525: Big Data Analytics MapReduce Computing Paradigm & Apache Hadoop Open Source Fall 2013 Elke A. Rundensteiner 1.
Module 7: SQL Server Special Considerations. Overview SQL Server High Availability Unicode.
Progress Report - Year 2 Extensions of the PhD Symposium Presentation Daniel McEnnis.
A Technical Overview Bill Branan DuraCloud Technical Lead.
Cloud Distributed Computing Environment Hadoop. Hadoop is an open-source software system that provides a distributed computing environment on cloud (data.
Grid Activities in CMS Asad Samar (Caltech) PPDG meeting, Argonne July 13-14, 2000.
HBase Coprocessor to Index Columns into ElasticSearch Cluster Dibyendu Bhattacharya Architect – Big Data Analytics HappiestMinds.
By: Joel Dominic and Carroll Wongchote 4/18/2012.
BIG DATA/ Hadoop Interview Questions.
Designing Clock View and Search View Visualization for Visual Analytics Law Enforcement Toolkit Chang Yoon Kim, Peter Adjiwibawa, Shantanu Joshi Ahmad.
A presentation on ElasticSearch
Pilot Kafka Service Manuel Martín Márquez. Pilot Kafka Service Manuel Martín Márquez.
CREATED BY: JEAN LOIZIN CLASS: CS 345 DATE: 12/05/2016
Dockerize OpenEdge Srinivasa Rao Nalla.
Advanced Topics in Concurrency and Reactive Programming: Case Study – Google Cluster Majeed Kassis.
Spark Presentation.
Overview of Active Directory Domain Services
Lessons Learned, Future Plans and Conclusions
Staff Scheduling at USPS Mail Processing & Distribution Centers
CIS 409 RANK Lessons in Excellence-- cis409rank.com.
Replication Middleware for Cloud Based Storage Service
Database management concepts
Distributed P2P File System
Outline Announcements Fault Tolerance.
Fault Tolerance Distributed Web-based Systems
Starting Design: Logical Architecture and UML Package Diagrams
Database management concepts
Resilient Information Architecture Platform for Smart Grid
UNIT 5 EMBEDDED SYSTEM DEVELOPMENT
UNIT 5 EMBEDDED SYSTEM DEVELOPMENT
Automated Analysis and Code Generation for Domain-Specific Models
NoSQL Overview + Elasticsearch Quick Dive
Database System Architectures
SOFTWARE DEVELOPMENT LIFE CYCLE
Overview Activities from additional UP disciplines are needed to bring a system into being Implementation Testing Deployment Configuration and change management.
Indexing with ElasticSearch
MapReduce: Simplified Data Processing on Large Clusters
From Use Cases to Implementation
Logical Architecture & UML Package Diagrams
Distributed Systems and Algorithms
Presentation transcript:

Using TLA+ for fun and profit in the development of Elasticsearch Yannick Welsch ywelsch TLA+ Conference, St. Louis, Sept. 12 2019

Elasticsearch in 60 seconds distributed search and analytics engine initially released by Shay Banon in 2010 based on Apache Lucene typical use cases log analytics full-text search operational and security intelligence business analytics metrics, ...

Elasticsearch's data replication and clustering High-level architecture my-index Node 1 Node 2 Node 3 Node 4 Cluster state P0 P1 R2 P2 R1 R0

Towards a more resilient system A multi-year journey users with larger clusters and more demanding use cases stronger resiliency, fault-tolerance & scaling requirements first focus was on the data replication layer losing acknowledged writes, out-of-sync shard copies, slow recoveries, not flexible enough to build new features such as cross-cluster replication sequence numbers project: rework data replication layer to uniquely identify each write operation in the system started off with an informal specification explored ways to use formal methods

Data replication model A first formal specification for Elasticsearch Dedalus spec created by Kamala Ramasubramanian PhD student in Peter Alvaro's research group at UCSC specification validated using MOLLY (based on LdFI) no issues found with new model, but validated bugs of old replication model as follow-up, I investigated other techniques and tools (in particular TLA+) TLA+ model of the new data replication algorithm that is powering Elasticsearch since version 6, released in November 2017 860 lines of commented TLA+ code, checking safety properties

Studying bugs with TLA+

Investigating concurrency and algorithmic bugs From implementation to formal model and back validated two concurrency bugs using PlusCal spec explored and validated solutions using spec discovered an additional unknown bug in the implementation, which we only later observed in the wild in a different component, testing uncovered a bug which only surfaced after running for months on CI modeled with TLA+, TLC checker finds bug within seconds bug fixes first prototyped using spec and validated with model checker

Formal design first A specification for the cluster coordination subsystem

What is cluster coordination? A redesigned cluster coordination subsystem for Elasticsearch 7.0 elects master and publishes cluster state updates must be resilient to node failures, unreliable networks, ... quorum of available nodes sufficient to make progress Elasticsearch 6.x (Zen Discovery) quorum size user-defined through minimum_master_nodes setting algorithmic issues Elasticsearch 7.0 quorums managed by system itself new algorithm validated with TLA+

Cluster coordination TLA+ spec TLA+ spec (370 LOC) covers safety bits of the algorithm single rewritable register, dynamic reconfiguration, bootstrapping manually mapped to Java implementation (570 LOC) code looking very similar all interactions with relevant state of the system threaded through this Java class liveness layer built on top of safety layer (not covered with spec) powering Elasticsearch since version 7.0, released in April 2019 https://www.elastic.co/blog/a-new-era-for-cluster-coordination-in-elasticsearch

TLA+ (370 LOC) Java (570 LOC)

Lessons learned

Lessons learned resiliency improvements in Elasticsearch thanks to TLA+ versatile use (refine informal spec, map code to spec, formal spec first) state space explosion symmetry sets state constraints TLA+ toolbox very convenient to use TLC model checker great at finding bugs next step: expand use of TLA+ beyond distributed / concurrent issues

TLA+ specs available at https://github.com/elastic/elasticsearch-formal-models

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.