Concurrent, Distributed Systems Stock ExchangesTelecoms Commuter Rail.

Slides:



Advertisements
Similar presentations
1 Data Link Protocols By Erik Reeber. 2 Goals Use SPIN to model-check successively more complex protocols Using the protocols in Tannenbaums 3 rd Edition.
Advertisements

Chapter 5: Tree Constructions
1 Process groups and message ordering If processes belong to groups, certain algorithms can be used that depend on group properties membership create (
CAN 1.Distributed Hash Tables a)DHT recap b)Uses c)Example – CAN.
Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.
Outline  Recap Network components & basic mechanisms Routing Flow control  Continue Basic queueing analysis Construct routing table.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
Chapter 15 Basic Asynchronous Network Algorithms
Presented by: Quinn Gaumer CPS 221.  16,384 Processing Nodes (32 MHz)  30 m x 30 m  Teraflop  1992.
Consensus Hao Li.
Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.
CHESS: A Systematic Testing Tool for Concurrent Software CSCI6900 George.
SCRIBE A large-scale and decentralized application-level multicast infrastructure.
Common approach 1. Define space: assign random ID (160-bit) to each node and key 2. Define a metric topology in this space,  that is, the space of keys.
P2p, Spring 05 1 Topics in Database Systems: Data Management in Peer-to-Peer Systems March 29, 2005.
Peer to Peer File Sharing Huseyin Ozgur TAN. What is Peer-to-Peer?  Every node is designed to(but may not by user choice) provide some service that helps.
Asynchronous Consensus (Some Slides borrowed from ppt on Web.(by Ken Birman) )
Mesh Networks A.k.a “ad-hoc”. Definition A local area network that employs either a full mesh topology or partial mesh topology Full mesh topology- each.
Exploring Tradeoffs in Failure Detection in P2P Networks Shelley Zhuang, Ion Stoica, Randy Katz HIIT Short Course August 18-20, 2003.
DTNLite: Reliable Data Delivery in Sensornets Rabin Patra and Sergiu Nedevschi UCB Nest Retreat 2004.
1 Today Another approach to “coverage” Cover “everything” – within a well-defined, feasible limit Bounded Exhaustive Testing.
Checking Properties Of Software Static Safety Verification Dynamic Liveness Testing.
A General approach to MPLS Path Protection using Segments Ashish Gupta Ashish Gupta.
Applying Dynamic Analysis to Test Corner Cases First Penka Vassileva Markova Madanlal Musuvathi.
Composition Model and its code. bound:=bound+1.
“Umbrella”: A novel fixed-size DHT protocol A.D. Sotiriou.
Jan 2003: Slammer Worm Exploits Buffer Overflow August, 2004: North American Blackout Caused by Race Condition.
Multicast Transport Protocols: A Survey and Taxonomy Author: Katia Obraczka University of Southern California Presenter: Venkatesh Prabhakar.
Pastry: Scalable, decentralized object location and routing for large-scale peer-to-peer systems (Antony Rowstron and Peter Druschel) Shariq Rizvi First.
Presenter: Chi-Hung Lu 1. Problems Distributed applications are hard to validate Distribution of application state across many distinct execution environments.
Highly Available ACID Memory Vijayshankar Raman. Introduction §Why ACID memory? l non-database apps: want updates to critical data to be atomic and persistent.
1 VeriSoft A Tool for the Automatic Analysis of Concurrent Reactive Software Represents By Miller Ofer.
CS4231 Parallel and Distributed Algorithms AY 2006/2007 Semester 2 Lecture 10 Instructor: Haifeng YU.
1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.
Content Addressable Network CAN. The CAN is essentially a distributed Internet-scale hash table that maps file names to their location in the network.
Locating Mobile Agents in Distributed Computing Environment.
Growth Codes: Maximizing Sensor Network Data Persistence abhinav Kamra, Vishal Misra, Jon Feldman, Dan Rubenstein Columbia University, Google Inc. (SIGSOMM’06)
Many random walks are faster than one Noga AlonTel Aviv University Chen AvinBen Gurion University Michal KouckyCzech Academy of Sciences Gady KozmaWeizmann.
The Complexity of Distributed Algorithms. Common measures Space complexity How much space is needed per process to run an algorithm? (measured in terms.
The Relational Model1 Transaction Processing Units of Work.
 Communication Distributed Systems IT332. Outline  Fundamentals  Layered network communication protocols  Types of communication  Remote Procedure.
Chord Advanced issues. Analysis Theorem. Search takes O (log N) time (Note that in general, 2 m may be much larger than N) Proof. After log N forwarding.
CS603 Fault Tolerance - Communication April 17, 2002.
Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 2: Distributed Hash.
Chord Advanced issues. Analysis Search takes O(log(N)) time –Proof 1 (intuition): At each step, distance between query and peer hosting the object reduces.
Consensus and leader election Landon Cox February 6, 2015.
D u k e S y s t e m s Asynchronous Replicated State Machines (Causal Multicast and All That) Jeff Chase Duke University.
Taking Stock ‣ What is a network made of? ‣ How is it shared? ‣ How do we evaluate a network? ‣ How is communication architected? 1.
Mutual Exclusion Algorithms. Topics r Defining mutual exclusion r A centralized approach r A distributed approach r An approach assuming an organization.
Classifying fault-tolerance Masking tolerance. Application runs as it is. The failure does not have a visible impact. All properties (both liveness & safety)
CSEN 404 Transport Layer II Amr El Mougy Lamia AlBadrawy.
Reliable multicast Tolerates process crashes. The additional requirements are: Only correct processes will receive multicasts from all correct processes.
Multi Node Label Routing – A layer 2.5 routing protocol
PROTOCOL CORRECTNESS Tutorial 3 Theoretical
Operating System Reliability
Operating System Reliability
Routing in Packet Networks Shortest Path Routing
Chord Advanced issues.
Operating System Reliability
Chapter 5 Peer-to-Peer Protocols and Data Link Layer
Operating System Reliability
Advanced Operating System
Chord Advanced issues.
COS 561: Advanced Computer Networks
Fault-tolerance techniques RSM, Paxos
Chord Advanced issues.
EEC 688/788 Secure and Dependable Computing
Operating System Reliability
Distributed Systems and Concurrency: Synchronization in Distributed Systems Majeed Kassis.
Operating System Reliability
Presentation transcript:

Concurrent, Distributed Systems Stock ExchangesTelecoms Commuter Rail

Concurrent, Distributed Systems System Nodes exchanging Messages Execution 1.Node gets message event 2.Executes event handler - Updates node state - Sends new messages 3. Repeat…

Distributed Systems: Challenges System Nodes exchanging Messages Challenges Nodes: enter, leave, fail Messages: reordered, lost System must stay available - Eventually, all nodes regroup - Eventually, all packets delivered - Eventually, some good happens Liveness Properties

The Space of System Executions Initial State At each state, scheduler picks: 1.Node n 3.Executes code

An Execution = Sequence of Choices

An Execution = Sequence of Choices

An Execution = Sequence of Choices

An Execution = Sequence of Choices

Bad States Safety Bugs: Execution that drives system to bad state Safety Bugs Bad States Null Dereferences Buffer overflows Assertion Failures Low-level crash

How to find Safety Bugs? Find path from Initial to Bad By systematically exploring executions (Iterating over sequences of choices) Initial State Bad States

Model Checking for Safety Bugs Bad States Find path from Initial to Bad By systematically exploring executions [Verisoft 97, Cmc 04, Chess 07]

Safety Properties are too Low Level Find path from Initial to Bad By systematically exploring executions [Verisoft 97, Cmc 04, Chess 07]

Safety Properties are too Low Level Distributed Systems: Designed for crashes & failures Challenge: End-to-end Problems Liveness bugs

Live States Bad States Initial State Good States: All nodes regroup All packets delivered Live States: Eventually Good Happens

Live Executions Initial State Live States

Liveness Violations Initial State Live States Execution never reaches live state

How to Find Liveness Violations? Live States Explore all executions ? Infinitely many...

How to Find Liveness Violations? Live States Explore all executions upto bound ? Combinatorial explosion (depth < 50) Liveness at depth >> 50 [Verisoft 97, Cmc 04, Chess 07]

How to Find Liveness Violations? Live States Looks pretty hopeless...

Live States Idea 1: Dead States Dead States No execution can reach live states Recovery is impossible

Idea 1: Dead States To find Liveness bugs, Look for Dead executions. How to tell if a state is Dead ?

Idea 2: Random Walks Live States Dead States Execute long random walks from state Pr[reaching live] = 0 Pr[reaching live] = 1 How to tell if a state is Dead ?

Executions and Random Walks At each execution step, 1.Scheduler picks node n 2.Schedular picks 3.Executes event code Random Walk: Scheduler picks randomly (from some Prob. Dist. over nodes, events)

Liveness Bugs = Search + Random Walks 1. Systematic Search: find candidates 2. Random Walk: test if candidate dead Live States Iterate

Liveness Bugs = Search + Random Walks Live States If walk length >> avg. steps to liveness Then non-live walk is likely liveness bug! 100k Events 1k Events 100,000 Step Execution (2 Gb Log file) How to pinpoint bug ?

Live States Idea 3: The Critical Transition Dead States System transitions from a recoverable to a dead state How to find Critical Transition without knowing Dead States?

Live States Idea 3: The Critical Transition Binary Search using Random Walks!

Live States Idea 3: The Critical Transition Binary Search using Random Walks! Binary Search

Live States Idea 3: The Critical Transition Critical Transition Dead States System transitions from a recoverable to a dead state Pinpoints bug

Recap Liveness Bugs Found System has shot itself (but doesnt know it) Systematic Search Finds candidate dead states Random Walks Determine if candidate is dead Critical Transition The event that makes recovery impossible

Bells and Whistles (1/2) Random Walk Bias Assign “likely” events higher weight e.g. application > network > timer > fail Bugs not missed Random walk only tests deadness Live state reached sooner Error traces shorter, simpler

Bells and Whistles (2/2) Prefix-Based Search Restart search after reaching liveness Analyzes effect of failures in “steady-state”

Evaluation Liveness Bugs, Critical Transition Mace (C++) System MaceMC Liveness Properties

Systems RandTree Random Overlay Tree with max degree. MaceTransport User-level, reliable messaging service. Pastry Key-based routing, using an overlay ring. Chord Key-based routing, using an overlay ring.

Liveness Properties RandTree Random Overlay Tree with max degree. MaceTransport User-level, reliable transport service. Pastry Key-based routing, using an overlay ring. Chord Key-based routing, using an overlay ring. Eventually, all messages acknowledged. Eventually, all nodes form single tree. Eventually, all nodes form a ring.

Sample Bug: RandTree Nodes With Child, Parent pointers Property Eventually nodes form tree

Sample Bug: RandTree C C A A C requests to join under A A sends ack C fails and restarts C ignores ack from A C joins under B Bug: System stuck as a DAG! C’s failure not propagated to A B B

Liveness Bugs Yield Safety Assertions Dead States Violations of a priori unknown safety properties Critical Transition Helps identify dead states Yields new safety properties and bugs

New Safety Property: Chord Nodes with Fwd, Back pointers Property Eventually nodes form a ring Critical Transition To Dead State Where: n.back=n, n.fwd = m New Safety Property IF n.back=n THEN n.fwd=n

Scorecard SystemBugsLivenessSafety MaceTransport1156 RandTree17125 Pastry550 Chord19910 Totals Several “protocol level” bugs Routinely used by Mace programmers

Programming Challenges How to handle unexpected events ? How to propagate effects of failures ? How to limit impact on performance?

Take Away Message Liveness Bugs Are Very Important Randomness Helps.