Presentation is loading. Please wait.

Presentation is loading. Please wait.

The ConCert Project Trustless Grid Computing

Published byEsther Bosmans Modified over 5 years ago

Similar presentations

Presentation on theme: "The ConCert Project Trustless Grid Computing"— Presentation transcript:

1 The ConCert Project Trustless Grid Computing
Robert Harper Carnegie Mellon University May, 2002 12/27/2018 Carnegie Mellon University

2 Carnegie Mellon University
Credits Co-PI’s Karl Crary Peter Lee Frank Pfenning Students Tom Murphy, Evan Chang, Margaret Delap, Jason Liszka Many, many others! 12/27/2018 Carnegie Mellon University

3 Carnegie Mellon University
Grid Computing Zillions of computers on the internet. Lots of wasted cycles. Can we harness them? 12/27/2018 Carnegie Mellon University

4 Carnegie Mellon University
Grid Computing Some well-known examples: GIMPS Each is a project unto itself. Hosts explicitly choose to participate. 12/27/2018 Carnegie Mellon University

5 Carnegie Mellon University
Grid Computing Many more solutions than applications. Common run-time systems. Frameworks for building grid app’s. Many more problems than solutions. How to program the grid? How to exploit the grid efficiently? Lots of interest, though! Regularly in the NYTimes. 12/27/2018 Carnegie Mellon University

6 Carnegie Mellon University
Some Issues Trust: hosts must run foreign code. Currently on a case-by-case basis. Explicit intervention / attention required. Is it a virus? Safety: won’t crash my machine. Resource usage: won’t soak up cycles, memory. 12/27/2018 Carnegie Mellon University

7 Carnegie Mellon University
Some Issues Reliability: application developers must ensure that hosts play nice. Hosts could maliciously provide bad results. Current methods based on redundancy and randomization to avoid collusion. 12/27/2018 Carnegie Mellon University

8 Carnegie Mellon University
Some Issues Programming: how to write grid app’s? Model of parallelism? Massively parallel. No shared resources. Failures. Language? Run-time environment? Portability across platforms. How to write grid code? 12/27/2018 Carnegie Mellon University

9 Carnegie Mellon University
Some Issues Implementation: What is a grid framework? Establishing and maintaining a grid. Distribution of work, load balancing, scheduling. Fault recovery. Many different applications with different characteristics. 12/27/2018 Carnegie Mellon University

10 Carnegie Mellon University
Some Issues Applications: Can we get work done? How effectively can we exploit the resources of the grid? Amortizing overhead. Are problems of interest amenable to grid solutions? Depth > 1 feasible? 12/27/2018 Carnegie Mellon University

11 Carnegie Mellon University
The ConCert Project Trustless Grid Computing General framework for grid computing. Trust model based on code certification. Advanced languages for grid computing. Applications of trustless grid computing. Interplay between fundamental theory and programming practice. Model: The Fox Project. 12/27/2018 Carnegie Mellon University

12 Trustless Grid Computing
Minimize trust relationships among applications and hosts. Increase flexibility of the grid. “The network as computer”, with many keyboards. Avoid explicit intervention by host owners for running a grid application. 12/27/2018 Carnegie Mellon University

13 Trustless Grid Computing
Adopt a policy-based framework. Hosts state policy for running grid applications in a declarative formalism. Application developers must prove compliance with host policies. Proof of compliance is mechanically checkable. 12/27/2018 Carnegie Mellon University

14 Trustless Grid Computing
Example policies: Type- and memory safety: no memory overruns, no violations of abstraction boundaries. Resource bounds: limitations on memory and cpu usage. Authentication: only from .edu, only from Robert Harper, only if pre-negotiated. 12/27/2018 Carnegie Mellon University

15 Trustless Grid Computing
Compliance is a matter of proof! Policies are a property of the code. Host wishes to know that the code complies with its policies. Certified binary = object code plus proof of compliance with host policy. Burden of proof is on the developer. Hosts simply state requirements. 12/27/2018 Carnegie Mellon University

16 Carnegie Mellon University
Code Certification Example: type safety. Source language enjoys safety properties. Eg, Java, Standard ML, Safe C. Compiler transfers safety properties to object code. Depends on compiler correctness. But the compiler “knows why” the object code is type safe! 12/27/2018 Carnegie Mellon University

17 Carnegie Mellon University
Certifying Compilers Idea: propagate types from the source to the object code. Can be checked by a code recipient. Avoids reliance on compiler correctness. Needs a new approach to compilation. Typed intermediate languages. Type-directed translation. 12/27/2018 Carnegie Mellon University

18 Typed Intermediate Languages
Generalize syntax-directed translation to type-directed translation. Intermediate languages come equipped with a type system. Compiler transformations translate both a program and its type. Translation preserves typing: if e:t then e*:t* after translation. 12/27/2018 Carnegie Mellon University

19 Typed Intermediate Languages
Classical syntax-directed translation: Source = L1  L2  …  Ln = target. : T1. Type system applies to the source language only. Type check, then throw away types. 12/27/2018 Carnegie Mellon University

20 Typed Intermediate Languages
Type-directed translation: Source = L1  L2  …  Ln = target. : : : T1  T2  …  Tn. Maintain types during compilation. Translate a program and its type. Types guide translation process. 12/27/2018 Carnegie Mellon University

21 Carnegie Mellon University
Typed Object Code Typed assembly language (TAL) Type information ensures safety Generated by compiler Very close to standard x86 assembly Type information captures Types of registers and stack Type assumptions at branch targets (including join points) 12/27/2018 Carnegie Mellon University

22 Typed Assembly Language
fact: ALL rho.{r1:int, sp:{r1:int, sp:rho}::rho} jgz r1, positive mov r1,1 ret positive: push r1 ; sp : int::{t1:int,sp:rho}::rho sub r1,r1,1 call fact[int::{r1:int,sp:rho}::rho] imul r1,r1,r2 pop r2 ; sp : {r1:int,sp:rho}:: ret 12/27/2018 Carnegie Mellon University

23 Carnegie Mellon University
Certifying Compilers SpecialJ: Java byte code. Generates x86 machine code. Formal proof of safety in a formalized logic represented as an LF term. PopCorn: Safe C dialect. Also generates x86 code. Certificate consists of type annotations on assembly code. 12/27/2018 Carnegie Mellon University

24 Carnegie Mellon University
Certifying Compilers What can we certify? Type and memory safety. Including system call or device access. Authenticity. Code signing. What might we be able to certify? Resource usage: memory bounds, time bounds. But there are hard problems here! 12/27/2018 Carnegie Mellon University

25 Carnegie Mellon University
The ConCert Framework Each host runs a steward. Locator: building the grid. Conductor: serving work. Player: performing work. Inspired by Cilk/NOW (Leiserson, et al.) Work-stealing model. Dataflow-like scheduling. 12/27/2018 Carnegie Mellon University

26 Carnegie Mellon University
The ConCert Framework The steward is parameterized by the host policy. But currently it is fixed to be TAL safety. Host can either trust our steward or write her own! Declarative formalism for policies and proofs. Essentially just a proof checker. 12/27/2018 Carnegie Mellon University

27 Carnegie Mellon University
The Locator Peer-to-peer discovery protocol. Based on GnuTella ping-pong protocol. Hosts send ping’s, receive pong’s. Start with well-known neighbors. Generalize file sharing to cycle sharing. State willingness to contribute cycles, rather than music files. 12/27/2018 Carnegie Mellon University

28 Carnegie Mellon University
The Conductor Serves work to grid hosts. Implements dataflow scheduling. Unit of work: chord. Entirely passive. Components: Listener on well-known port. Scheduler to manage dependencies. 12/27/2018 Carnegie Mellon University

29 Carnegie Mellon University
Player Executes chords on behalf of a host. Stolen from a host via its conductor. Sends result back to host. Ensures compliance with host policy. Components: Communication with neighboring conductors. Proof check for certified binaries. 12/27/2018 Carnegie Mellon University

30 Carnegie Mellon University
Chords A task is broken into chords. A chord is the unit of work distribution. Chords form nodes in an and/or dependency graph (dataflow network). Conductor schedules cords for stealing. Ensures dependencies are met. Collects results, updates dependencies. 12/27/2018 Carnegie Mellon University

31 Carnegie Mellon University
Chords A chord is essentially a closure: Code for the chord. Bindings for free variables. Arguments to the chord. Type information / proof of compliance. Representation splits code from data. Facilitates code sharing. Reduces network traffic. MD5 hash as a code pointer. 12/27/2018 Carnegie Mellon University

32 Carnegie Mellon University
Chord Scheduling Done Wait Done 3 7 Wait 12/27/2018 Carnegie Mellon University

33 Carnegie Mellon University
Chord Scheduling Done Wait Wait 3 Ready 12/27/2018 Carnegie Mellon University

34 Carnegie Mellon University
Failures Simple fail-stop model. Processors fail explicitly, rather than maliciously. Timeout’s for slow or dead hosts. Assume chords are repeatable. No hidden state in or among chords. Easily met in a purely functional setting. 12/27/2018 Carnegie Mellon University

35 Application: Ray Tracing
GML language from ICFP01 programming contest. Simple graphics rendering language. Implemented in PopCorn. Generates TAL binaries. Depth-1 and-dependencies only! Divide work into regions. One chord per region. 12/27/2018 Carnegie Mellon University

36 Application: Parallel Theorem Proving
Fragment of linear logic. Sufficient to model Petri net reachability. Stresses and/or dependencies, depth > 1. Focusing strategy to control parallelism. Currently uses grid simulator. No certifying ML compiler. Requires linguistic support for programming model. 12/27/2018 Carnegie Mellon University

37 Carnegie Mellon University
A Programming Model An ML interface for grid programming. Task abstraction. Synchronization. Theorem prover uses this interface. Maps down to chords at the grid level. Currently only simulated, for lack of suitable compiler support. 12/27/2018 Carnegie Mellon University

38 Carnegie Mellon University
A Programming Model signature Task = sig type ‘r task val inject : (‘e -> ‘r) * ‘e -> ‘r task val enable : ‘r task -> unit val forget : ‘r task -> unit val status : ‘r task -> status val sync : ‘r task -> ‘r val relax : ‘r task list -> ‘r * ‘r task list end 12/27/2018 Carnegie Mellon University

39 Carnegie Mellon University
Example: Mergesort fun mergesort (l) = let val (lt, md, rt) = partition ((length l) div 3, l) val t1 = inject (mergesort, lt) val t2 = inject (mergesort, md) val t3 = inject (mergesort, rt) val (a, rest) = relax [t1,t2,t3] val (b, [last]) = relax [rest] in merge (merge (a, b), sync last) end 12/27/2018 Carnegie Mellon University

40 Carnegie Mellon University
Tasks and Chords A task is the application-level unit of parallelism. Cf mergesort example A chord is the grid-level unit of work. Tasks spawn chords at synch points. Each synch creates a chord. Dependencies determined by the form of the synch. 12/27/2018 Carnegie Mellon University

41 Carnegie Mellon University
Malice Aforethought What about malicious hosts? Deliberately spoof answers. Example: TP always answers “yes”. What about malicious failures? Arbitrary bad behavior by hosts. 12/27/2018 Carnegie Mellon University

42 Carnegie Mellon University
Result Certification Solution: prove authenticity of answers! Application computes answer plus a certificate of authenticity. Example: GCD(m,n) returns (d,k,l) such that d = km+ln and d|m and d|n. Example: TP computes a formal proof of the theorem! Cf. Blum’s self-checking programs. Probabilistic methods for many problems. 12/27/2018 Carnegie Mellon University

43 Carnegie Mellon University
Summary ConCert: a trustless approach to grid computing. Hosts don’t trust applications. Applications don’t trust hosts. Lots of good research opportunities! Compilers, languages. Systems, applications. Algorithms, semantics. 12/27/2018 Carnegie Mellon University

44 Carnegie Mellon University
Project URL 12/27/2018 Carnegie Mellon University

Download ppt "The ConCert Project Trustless Grid Computing"

Similar presentations

Trustless Grid Computing in Bor-Yuh Evan Chang, Karl Crary, Margaret DeLap, Robert Harper, Jason Liszka, Tom Murphy VII, Frank Pfenning

Trustless Grid Computing in Bor-Yuh Evan Chang, Karl Crary, Margaret DeLap, Robert Harper, Jason Liszka, Tom Murphy VII, Frank Pfenning
Comparing Semantic and Syntactic Methods in Mechanized Proof Frameworks C.J. Bell, Robert Dockins, Aquinas Hobor, Andrew W. Appel, David Walker 1.

Comparing Semantic and Syntactic Methods in Mechanized Proof Frameworks C.J. Bell, Robert Dockins, Aquinas Hobor, Andrew W. Appel, David Walker 1.
Certified Typechecking in Foundational Certified Code Systems Susmit Sarkar Carnegie Mellon University.

Certified Typechecking in Foundational Certified Code Systems Susmit Sarkar Carnegie Mellon University.
ECE 454 Computer Systems Programming Compiler and Optimization (I) Ding Yuan ECE Dept., University of Toronto

ECE 454 Computer Systems Programming Compiler and Optimization (I) Ding Yuan ECE Dept., University of Toronto
Resource Management §A resource can be a logical, such as a shared file, or physical, such as a CPU (a node of the distributed system). One of the functions.

Resource Management §A resource can be a logical, such as a shared file, or physical, such as a CPU (a node of the distributed system). One of the functions.
Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.

Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.
The Interface Definition Language for Fail-Safe C Kohei Suenaga, Yutaka Oiwa, Eijiro Sumii, Akinori Yonezawa University of Tokyko.

The Interface Definition Language for Fail-Safe C Kohei Suenaga, Yutaka Oiwa, Eijiro Sumii, Akinori Yonezawa University of Tokyko.
March 4, 2005Susmit Sarkar 1 A Cost-Effective Foundational Certified Code System Susmit Sarkar Thesis Proposal.

March 4, 2005Susmit Sarkar 1 A Cost-Effective Foundational Certified Code System Susmit Sarkar Thesis Proposal.
The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI 297 5.31.2005.

The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI
Trustless Grid Computing in ConCert (Progress Report) Robert Harper Carnegie Mellon University.

Trustless Grid Computing in ConCert (Progress Report) Robert Harper Carnegie Mellon University.
Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider.

Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider.
Conductor A Framework for Distributed, Type-checked Computing Matthew Kehrt.

Conductor A Framework for Distributed, Type-checked Computing Matthew Kehrt.
Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.

Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.
1 A Dependently Typed Assembly Language Hongwei Xi University of Cincinnati and Robert Harper Carnegie Mellon University.

1 A Dependently Typed Assembly Language Hongwei Xi University of Cincinnati and Robert Harper Carnegie Mellon University.
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.

Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
8/14/03ALADDIN REU Symposium 20031 Implementing TALT William Lovas with Karl Crary.

8/14/03ALADDIN REU Symposium Implementing TALT William Lovas with Karl Crary.
Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?

Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?
A Type System for Expressive Security Policies David Walker Cornell University.

A Type System for Expressive Security Policies David Walker Cornell University.
The Practice of Type Theory in Programming Languages Robert Harper Carnegie Mellon University August, 2000.

The Practice of Type Theory in Programming Languages Robert Harper Carnegie Mellon University August, 2000.
Introduction to Parallel Programming MapReduce Except where otherwise noted all portions of this work are Copyright (c) 2007 Google and are licensed under.

Introduction to Parallel Programming MapReduce Except where otherwise noted all portions of this work are Copyright (c) 2007 Google and are licensed under.

Similar presentations

Ads by Google