Presentation is loading. Please wait.

Presentation is loading. Please wait.

FlyMC: Highly Scalable Testing of Complex Interleavings in Distributed Systems Jeffrey F. Lukman, Huan Ke, Cesar Stuardo, Riza Suminto, Daniar Kurniawan,

Published byMervyn Washington Modified over 5 years ago

Similar presentations

Presentation on theme: "FlyMC: Highly Scalable Testing of Complex Interleavings in Distributed Systems Jeffrey F. Lukman, Huan Ke, Cesar Stuardo, Riza Suminto, Daniar Kurniawan,"— Presentation transcript:

1 FlyMC: Highly Scalable Testing of Complex Interleavings in Distributed Systems
Jeffrey F. Lukman, Huan Ke, Cesar Stuardo, Riza Suminto, Daniar Kurniawan, Dikaimin Simon1, Satria Priambada2, Chen Tian3, Feng Ye3, Tanakorn Leesatapornwongsa4, Aarti Gupta5, Shan Lu, and Haryadi Gunawi 1 2 3 4 5

2 Distributed System Outages
EuroSys ’19 Distributed System Outages Distributed Concurrency Bug

3 Distributed Concurrency Bug
EuroSys ’19 Distributed Concurrency Bug Caused by non-deterministic timing of concurrent events involving multiple nodes Events: Messages, crashes, reboots, timeouts, local computations Data loss, downtimes, inconsistent replicas, hanging jobs, etc.

4 Let’s look at a simple dist. conc. bug pattern, Msg-Msg Race
EuroSys ’19 Let’s look at a simple dist. conc. bug pattern, Msg-Msg Race

5 Let’s look at a real complex bug, Paxos Msg-Msg Race
EuroSys ’19 Let’s look at a real complex bug, Paxos Msg-Msg Race Prepare #2 Commit #1 Prepare #3 Propose #2 race race 2 pairs!!! Workload 3 concurrent updates Red, blue, green

6 Another simple dist. conc. bug pattern, Msg-Fault Timing
EuroSys ’19 Another simple dist. conc. bug pattern, Msg-Fault Timing A B m1 m2 A B m1 m2

7 Let’s look at a real complex bug, Msg-Fault Timing
EuroSys ’19 Let’s look at a real complex bug, Msg-Fault Timing A B C 1. Nodes A, B, C start (w/ latest txid id-1) 2. B becomes leader 3. B crashes 4. C becomes leader 5. C commits new txid-value pair (id, X) 6. A crashes, before committing (id, X) 7. C loses quorum and C crashes 8. A and B are back online 9. A becomes leader 10. A's commits new txid-value pair (id, Y) 11. C is back online 12. C announces to B (id, X) 13. B replies the diff from tx 8 14. Inconsistency: A and B say “Y”, C says “X” F L F L x F L x L x x L F y y x L F y y x Result: Permanently inconsistent replicas L F

8 How to unearth these complex bugs?
EuroSys ’19 Msg-Fault Timing 1. Nodes A, B, C start (w/ latest txid id-1) 2. B becomes leader 3. B crashes 4. C becomes leader 5. C commits new txid-value pair (id, X) 6. A crashes, before committing (id, X) 7. C loses quorum and C crashes 8. A and B are back online 9. A becomes leader 10. A's commits new txid-value pair (id, Y) 11. C is back online 12. C announces to B (id, X) 13. B replies the diff from tx 8 14. Inconsistency: A and B say “Y”, C says “X” 1. Out-of-order messages 2. Multiple crashes Specific Order 3. Multiple reboots How to unearth these complex bugs? HAPPEN IN ANY ORDER Result: Permanently inconsistent replicas

9 Dev’s discussion on Dist. Conc. bugs
EuroSys ’19 Dev’s discussion on Dist. Conc. bugs “Do we have to rethink this entire [HBase] root and meta ’huh hah’? There isn’t a week going by without some new bugs about races between splitting and assignment [distributed protocols].” — HBase #4397 “That is one monster of a race!” — MapReduce #3274 “This has become quite messy, we didn’t foresee some of this [message races] during design, sigh.” — MapReduce #4819 It’s hard to unearth conc. bugs!

10 Unearth Dist. Conc. bugs? Key: Re-order events!
EuroSys ’19 Unearth Dist. Conc. bugs? Key: Re-order events! Software/Impl-Level Model Checking (Checker) Popular Checkers: MaceMC [NSDI’07] dBug [SSV’10] MoDist [NSDI’09] Demeter [SOSP’13] CrystalBall [NSDI’09] SAMC [OSDI’14], etc.

11 Here is how it works, Checker
EuroSys ’19 Here is how it works, Checker Intercept! Node 1 Node 2 Inflight messages: [a, b, c] [a, b, c, d] a enable (d) To-explore paths: b - abdc - bacd - acbd - badc - … c d Control Event Timing Checker

12 Checker Goal: Unearth buggy paths! Path/state-space explosion problem
EuroSys ’19 Checker In reality, millions/billions of paths 1. Nodes A, B, C start (w/ latest txid id-1) 2. B becomes leader 3. B crashes 4. C becomes leader 5. C commits new txid-value pair (id, X) 6. A crashes, before committing (id, X) 7. C loses quorum and C crashes 8. A and B are back online 9. A becomes leader 10. A's commits new txid-value pair (id, Y) 11. C is back online 12. C announces to B (id, X) 13. B replies the diff from tx 8 14. Inconsistency: A and B say “Y”, C says “X” 3 4 1 5 2 6 7 8 9 12 11 10 14 13 2 7 1 4 5 6 3 8 11 10 9 12 14 13 6 9 3 4 5 1 7 8 2 10 11 13 12 14 1 2 3 4 5 6 7 8 9 10 11 12 13 14 2 1 3 4 5 7 6 8 9 10 11 14 12 13 Path/state-space explosion problem Path #1 #2 #3 #4 #5 #… Specific order of events Goal: Unearth buggy paths!

13 Challenge Reduction Algorithms! Reduction algorithms!
EuroSys ’19 Challenge Reduction Algorithms! Reduction algorithms! #Paths To Evaluate By Each Checker ~100 of paths > millions of paths > millions of paths > millions of paths > millions of paths > millions of paths 12 paths ~500 paths ~20,000 paths ~2000 paths Complex workloads

14 Challenge Checker needs more advanced algorithms
EuroSys ’19 Challenge Path explosion problem prevails in complex workloads #Paths To Evaluate By Each Checker Checker needs more advanced algorithms The Paxos bug earlier…

15 Uniquely targeting dist. sys.
EuroSys ’19 FlyMC Fast, Scalable, and Systematic Software Model Checker Uniquely targeting dist. sys. Reduction Algorithms State Symmetry Reduce symmetrical state transitions paths Event Independence Detect pair of events with disjoint/commutative updates Supported by static analysis Prioritization Algorithm Parallel Flips Prioritize paths with multiple flips

16 FlyMC Results At least up to 78X, on avg 16X faster
EuroSys ’19 FlyMC Fast, Scalable, and Systematic Software Model Checker Integrated to 8 systems Results At least up to 78X, on avg 16X faster Unearth 10 new bugs

17 Outline Introduction Design Evaluation Conclusion State Symmetry
EuroSys ’19 Outline Introduction Design State Symmetry Event Independence Parallel Flips Evaluation Conclusion

18 Principles Goal: Quickly unearth conc. bugs Reduction Algorithm
EuroSys ’19 Principles Goal: Quickly unearth conc. bugs Reduction Algorithm Reduce redundant paths State Symmetry Event Independence

19 Communication Symmetry
EuroSys ’19 Communication Symmetry Reduce! k x y l k l x y x y k l Let’s reorder! Communication Symmetry is NOT effective when messages content are unique

20 Hence, reorder both paths
EuroSys ’19 A B A B k l x y y x l k k x y l l y x k Other way to reduce? No Comm. Symmetry Hence, reorder both paths

21 Reduce! State Symmetrical! k x y l l x y k (mirrored) A B A B A B 1 2
EuroSys ’19 State Symmetrical! if node.v < msg.v { node.v = msg.v } (mirrored) A B A B A B 1 2 A B 1 2 v=1 k v=2 l x x y y l k k x y l l x y k Reduce!

22 State Symmetry is great, but … Still, many events to one node
EuroSys ’19 State Symmetry is great, but … Still, many events to one node A B C n o p m Reorder 4! paths How to reduce?

23 Let’s recap, Dependency vs Independency
EuroSys ’19 Let’s recap, Dependency vs Independency events a,b a,b s2 s1 s1 s2 global state b,a s3 b,a Reduce! a & b = Dependent a & b = Independent Independent = Reduce!

24 How to apply Event Independence to Dist. Sys.?
EuroSys ’19 How to apply Event Independence to Dist. Sys.? B B p1 To Explore To Explore r1 p1 cr1 r1 r1 r2 r3 cr1 p1 r1 cr1 r2 r1 r3 r2 cr1 p1 r1 r1 r3 r2 r1 r3 cr1 r1 p1 r2 r3 r1 r1 p1 cr1 r3 r1 r2 r1 cr1 p1 if r.resp { node.v++; } r3 r2 r1 All msgs update different node states Reduce! Reduce! Commutative updates Disjoint updates

25 Principles Goal: Quickly unearth complex conc. bugs
EuroSys ’19 Principles Goal: Quickly unearth complex conc. bugs Reduction Algorithm Reduce redundant paths State Symmetry Event Independence Prioritization Algorithm Prioritize paths to quickly discover new states Parallel Flips

26 wait 4! paths to hit the bug
EuroSys ’19 Single Flips: Suppose a2 a1 leads to , wait 4! paths to hit the bug

27 To quickly discover new states!
EuroSys ’19 Parallel Flips Yes: Parallel flips! And Prioritize! Conc. pairs of events? For Coverage, keep Single Flips paths in Lower Priority Queue Different nodes? To quickly discover new states!

28 EuroSys ’19 More details in paper Q1: How static analysis extract event independence? A1: Compare pair of events’ readSet, updateSet, IOSet, and sendSet Q2: Challenges in developing FlyMC algorithms? A2: Avoid missing necessary paths and hanging path execution Q3: How to speed up path execution? A3: Implement Local Ordering Enforcement & State-Event Caching

29 Outline Introduction Design Evaluation Conclusion State Symmetry
EuroSys ’19 Outline Introduction Design State Symmetry Event Independence Parallel Flips Evaluation Conclusion

30 Complex workloads w/ tens of events, multiple crashes/reboots
EuroSys ’19 Unearthing Known Bugs Complex workloads w/ tens of events, multiple crashes/reboots

31 Unearthing Known Bugs Lower is Better! Systematic Hybrid MoDist DPOR*
EuroSys ’19 Unearthing Known Bugs Lower is Better! MoDist DPOR* SAMC^ FlyMC Bounded Random DPOR* Random DPOR* Bounded DPOR* Random [*] MoDist paper. NSDI 2007. [^] SAMC paper. OSDI 2014. Systematic Hybrid

32 FlyMC up to 78X, on avg16X faster
EuroSys ’19 MoDist DPOR SAMC FlyMC Bounded Random DPOR Random DPOR Bounded DPOR Random FlyMC up to 78X, on avg16X faster (at least!) Done exploring; can’t reproduce

33 Confirmed! 2 3 5 FlyMC Unearth New Bugs? Yes!
EuroSys ’19 FlyMC Unearth New Bugs? Yes! Check Recent Stable Systems 2 Confirmed! Cassandra 3 ZooKeeper 5 Proprietary (2 y.o.)

34 Still checking Paxos-3 Correctness …
EuroSys ’19 Conclusion Graduate Next Year! abcdef bcefda fdcabe Still checking Paxos-3 Correctness … White hair Without FlyMC With FlyMC Thank you! Questions? FlyMC, a fast, scalable, and systematic software model checker to quickly unearth complex dist. conc. bugs State Symmetry, Event Independency, Parallel Flips

Download ppt "FlyMC: Highly Scalable Testing of Complex Interleavings in Distributed Systems Jeffrey F. Lukman, Huan Ke, Cesar Stuardo, Riza Suminto, Daniar Kurniawan,"

Similar presentations

What is RAID Redundant Array of Independent Disks.

What is RAID Redundant Array of Independent Disks.
Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.

Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.
1 Chao Wang, Yu Yang*, Aarti Gupta, and Ganesh Gopalakrishnan* NEC Laboratories America, Princeton, NJ * University of Utah, Salt Lake City, UT Dynamic.

1 Chao Wang, Yu Yang*, Aarti Gupta, and Ganesh Gopalakrishnan* NEC Laboratories America, Princeton, NJ * University of Utah, Salt Lake City, UT Dynamic.
CS 542: Topics in Distributed Systems Diganta Goswami.

CS 542: Topics in Distributed Systems Diganta Goswami.
SDN + Storage.

SDN + Storage.
 RAID stands for Redundant Array of Independent Disks  A system of arranging multiple disks for redundancy (or performance)  Term first coined in 1987.

 RAID stands for Redundant Array of Independent Disks  A system of arranging multiple disks for redundancy (or performance)  Term first coined in 1987.
The Case for Drill-Ready Cloud Computing Vision Paper Tanakorn Leesatapornwongsa and Haryadi S. Gunawi 1.

The Case for Drill-Ready Cloud Computing Vision Paper Tanakorn Leesatapornwongsa and Haryadi S. Gunawi 1.
Garbage Collecting the World. --Bernard Lang, Christian and Jose Presented by Shikha Khanna coen 317 Date – May25’ 2005.

Garbage Collecting the World. --Bernard Lang, Christian and Jose Presented by Shikha Khanna coen 317 Date – May25’ 2005.
The SMART Way to Migrate Replicated Stateful Services Jacob R. Lorch, Atul Adya, Bill Bolosky, Ronnie Chaiken, John Douceur, Jon Howell Microsoft Research.

The SMART Way to Migrate Replicated Stateful Services Jacob R. Lorch, Atul Adya, Bill Bolosky, Ronnie Chaiken, John Douceur, Jon Howell Microsoft Research.
Effectively Model Checking Real-World Distributed Systems Junfeng Yang Joint work with Huayang Guo, Ming Wu, Lidong Zhou, Gang Hu, Lintao Zhang, Heming.

Effectively Model Checking Real-World Distributed Systems Junfeng Yang Joint work with Huayang Guo, Ming Wu, Lidong Zhou, Gang Hu, Lintao Zhang, Heming.
EEC 688/788 Secure and Dependable Computing Lecture 12 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 12 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Distributed Systems Fall 2010 Replication Fall 20105DV0203 Outline Group communication Fault-tolerant services –Passive and active replication Highly.

Distributed Systems Fall 2010 Replication Fall 20105DV0203 Outline Group communication Fault-tolerant services –Passive and active replication Highly.
Distributed Systems Fall 2009 Replication Fall 20095DV0203 Outline Group communication Fault-tolerant services –Passive and active replication Highly.

Distributed Systems Fall 2009 Replication Fall 20095DV0203 Outline Group communication Fault-tolerant services –Passive and active replication Highly.
What Bugs Live in the Cloud? A Study of 3000+ Issues in Cloud Systems Authors: Haryadi S. Gunawi, Mingzhe Hao, Tanakorn Leesatapornwongsa, Tiratat Patana-anake,

What Bugs Live in the Cloud? A Study of Issues in Cloud Systems Authors: Haryadi S. Gunawi, Mingzhe Hao, Tanakorn Leesatapornwongsa, Tiratat Patana-anake,
Learning From Mistakes—A Comprehensive Study on Real World Concurrency Bug Characteristics Shan Lu, Soyeon Park, Eunsoo Seo and Yuanyuan Zhou Appeared.

Learning From Mistakes—A Comprehensive Study on Real World Concurrency Bug Characteristics Shan Lu, Soyeon Park, Eunsoo Seo and Yuanyuan Zhou Appeared.
What Bugs Live in the Cloud? A Study of 3000+ Issues in Cloud Systems Jeffry Adityatama, Kurnia J. Eliazar, Agung Laksono, Jeffrey F. Lukman, Vincentius.

What Bugs Live in the Cloud? A Study of Issues in Cloud Systems Jeffry Adityatama, Kurnia J. Eliazar, Agung Laksono, Jeffrey F. Lukman, Vincentius.
TRANSACTIONS AND CONCURRENCY CONTROL Sadhna Kumari.

TRANSACTIONS AND CONCURRENCY CONTROL Sadhna Kumari.
Byzantine Fault Tolerance CS 425: Distributed Systems Fall 2011 1 Material drived from slides by I. Gupta and N.Vaidya.

Byzantine Fault Tolerance CS 425: Distributed Systems Fall Material drived from slides by I. Gupta and N.Vaidya.
Highly Available ACID Memory Vijayshankar Raman. Introduction §Why ACID memory? l non-database apps: want updates to critical data to be atomic and persistent.

Highly Available ACID Memory Vijayshankar Raman. Introduction §Why ACID memory? l non-database apps: want updates to critical data to be atomic and persistent.
Huayang Guo 1,2, Ming Wu 1, Lidong Zhou 1, Gang Hu 1,2, Junfeng Yang 2, Lintao Zhang 1 1 Microsoft Research Asia 2 Columbia University Practical Software.

Huayang Guo 1,2, Ming Wu 1, Lidong Zhou 1, Gang Hu 1,2, Junfeng Yang 2, Lintao Zhang 1 1 Microsoft Research Asia 2 Columbia University Practical Software.

Similar presentations

Ads by Google