Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building reliable, high- performance communication systems from components Xiaoming Liu, Christoph Kreitz, Robbert van Renesse, Jason Hickey, Mark Hayden,

Published byDennis Fox Modified over 8 years ago

Similar presentations

Presentation on theme: "Building reliable, high- performance communication systems from components Xiaoming Liu, Christoph Kreitz, Robbert van Renesse, Jason Hickey, Mark Hayden,"— Presentation transcript:

1 Building reliable, high- performance communication systems from components Xiaoming Liu, Christoph Kreitz, Robbert van Renesse, Jason Hickey, Mark Hayden, Ken Birman, Bob Constable (shepherd: Peter Lee) Cornell, Caltech, Compaq (CMU, Cedilla)

2 Why software components? 1.Ease design and development 2.Tuning to environment 3.Customization to user app 4.Extensibility 5.Verification and robustness

3 Why not? Configuration is hard Performance is bad –Abstraction barriers –Poor locality –Redundant code Not reliable Not faster

4 Group Communication Network

5 History V Ensemble Isis Horus Multicast Membership CATOCS Layers  Protocols ML Formal methods

6 Specification Concrete (ML) Implementation Properties (English) code of a layer logical predicates

7 Specification Abstract Spec Concrete (ML) Implementation Properties (English) refinement proof (I/O Automata)

8 Abstract IOA specification of totally ordered multicast S: array[integer] of message next: integer deliv: array[process] of integer action Multicast(m) { S[next++] := m; } action Deliver(p, m) precond: deliv[p] < next && m == S[deliv[p]] { deliv[p]++; } global state

9 Layer correctness abstract FIFO network spec abstract Total Order network spec Hickey, Lynch, Van Renesse, TACAS’99 network + layer == network++ Token layer on each CPU

10 Stack correctness Seqno layer FIFO total unreliable Token layer For example: Seqno Token

11 Efficiency? Ensemble stacks have many layers, improving clarity, but inefficient. 5 optimization techniques: 1.Avoiding (in-line) garbage collection 2.Avoiding marshaling 3.Delaying non-critical message processing 4.Identifying common paths 5.Header compression

12 A protocol layer is a function! old state new state input event output events layer

13 (off-line) partial evaluation Common Case Predicate original code Specialized code Hacker + Formal person NuPrl layer

14 Two-phase optimization ProgrammerFormalUser codeCCP bypass function Off-line On-line TT

15 Header compaction T_Data seqno T_Last Hash seqno Less space Faster processing

16 Architecture (deliver only) Network Application ? generated bypass original stack CCP (e.g., hdr.seq = win.lo) Transport driver (marshaling, device independence)

17 Architecture Network Application ? ? generated bypass original stack CCP Transport driver (marshaling, device independence)

18 Performance Three different versions: 1.Original (ORIG) 2.Hand-optimized (HAND) 3.Machine-optimized (MACH) 300 MHz UltraSparc/Solaris 2.6 OCaml 2.0 native code compiler

19 Code latency (  sec) 10 layer4 layer stack ORIGMACHORIGMACHHAND Down Stack 209 13 22 + 4 Down Transport 27866 Up Transport 207876 + 2 Up Stack 148104 Total 8132371914 (See paper for CPU cycles and TLB misses)

20 Lessons learned 1.Design with formalization in mind 2.Use small, but not too small components 3.Use a language with formal semantics 4.Use IOA as a specification language 5.Use formal tool with in-house expertise

21 Final remarks See CD or Web for code samples, links to all code, as well as how to reproduce our results Still working on a machine-generated proof of correctness

Download ppt "Building reliable, high- performance communication systems from components Xiaoming Liu, Christoph Kreitz, Robbert van Renesse, Jason Hickey, Mark Hayden,"

Similar presentations

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Berkeley dsn declarative sensor networks problem David Chu, Lucian Popa, Arsalan Tavakoli, Joe Hellerstein approach related dsn architecture status  B.

Berkeley dsn declarative sensor networks problem David Chu, Lucian Popa, Arsalan Tavakoli, Joe Hellerstein approach related dsn architecture status  B.
© Chinese University, CSE Dept. Software Engineering / 1 - 1 Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.

© Chinese University, CSE Dept. Software Engineering / Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Distributed Data Flow Language for Multi-Party Protocols Krzysztof Ostrowski †, Ken Birman †, Danny Dolev § † Cornell University, § Hebrew University

Distributed Data Flow Language for Multi-Party Protocols Krzysztof Ostrowski †, Ken Birman †, Danny Dolev § † Cornell University, § Hebrew University
Online Performance Auditing Using Hot Optimizations Without Getting Burned Jeremy Lau (UCSD, IBM) Matthew Arnold (IBM) Michael Hind (IBM) Brad Calder (UCSD)

Online Performance Auditing Using Hot Optimizations Without Getting Burned Jeremy Lau (UCSD, IBM) Matthew Arnold (IBM) Michael Hind (IBM) Brad Calder (UCSD)
Stuart AllenMark Bickford Robert Constable (PI) Christoph KreitzLori LorigoRobbert Van Renesse Secure software infrastructure Logic Programming Communications.

Stuart AllenMark Bickford Robert Constable (PI) Christoph KreitzLori LorigoRobbert Van Renesse Secure software infrastructure Logic Programming Communications.
Algorithm for Virtually Synchronous Group Communication Idit Keidar, Roger Khazan MIT Lab for Computer Science Theory of Distributed Systems Group.

Algorithm for Virtually Synchronous Group Communication Idit Keidar, Roger Khazan MIT Lab for Computer Science Theory of Distributed Systems Group.
Formal Methods. Importance of high quality software ● Software has increasingly significant in our everyday activities - manages our bank accounts - pays.

Formal Methods. Importance of high quality software ● Software has increasingly significant in our everyday activities - manages our bank accounts - pays.
Behavioral Design Outline –Design Specification –Behavioral Design –Behavioral Specification –Hardware Description Languages –Behavioral Simulation –Behavioral.

Behavioral Design Outline –Design Specification –Behavioral Design –Behavioral Specification –Hardware Description Languages –Behavioral Simulation –Behavioral.
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.

CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.

Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
Group Communication using Ensemble Part II. 2 Introduction From previous tutorial: Ensemble’s application interface: Concepts of Group Membership, View,

Group Communication using Ensemble Part II. 2 Introduction From previous tutorial: Ensemble’s application interface: Concepts of Group Membership, View,
Illinois Institute of Technology

Illinois Institute of Technology
Microkernels: Mach and L4

Microkernels: Mach and L4
A Type System for Expressive Security Policies David Walker Cornell University.

A Type System for Expressive Security Policies David Walker Cornell University.
State Machines Timing Computer Bus Computer Performance Instruction Set Architectures RISC / CISC Machines.

State Machines Timing Computer Bus Computer Performance Instruction Set Architectures RISC / CISC Machines.
CS294-9 :: Fall 2003 vic and NAÏVE K. Mayer-Patel.

CS294-9 :: Fall 2003 vic and NAÏVE K. Mayer-Patel.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
Stuart AllenMark Bickford Robert Constable Richard Eaton Christoph KreitzLori Lorigo Secure software infrastructure Logic Programming Communications Advances.

Stuart AllenMark Bickford Robert Constable Richard Eaton Christoph KreitzLori Lorigo Secure software infrastructure Logic Programming Communications Advances.

Similar presentations

Ads by Google