1,124 research outputs found
Recommended from our members
Applications of lattice theory to model checking
textSociety is increasingly dependent on the correct operation of concurrent and distributed software systems. Examples of such systems include computer networks, operating systems, telephone switches and flight control systems. Model checking is a useful tool for ensuring the correctness of such systems, because it is a fully automatic technique whose use does not require expert knowledge. Additionally, model checking allows for the production of error trails when a violation of a desired property is detected. Error trails are an invaluable debugging aid, because they provide the programmer with the sequence of events that lead to an error. Model checking typically operates by performing an exhaustive exploration of the state space of the program. Exhaustive state space exploration is not practical for industrial use in the verification of concurrent systems because of the well-known phenomenon of state space explosion caused by the exploration of all possible interleavings of concurrent events. However, the exploration of all possible interleavings is not always necessary for verification. In this dissertation, we show that results from lattice theory can be applied to ameliorate state space explosion due to concurrency, and to produce short error trails when an error is detected. We show that many CTL formulae exhibit lattice-theoretic structure that can be exploited to avoid exploring multiple interleavings of a set of concurrent events. We use this structural information to develop efficient model checking techniques for both implicit (partial order) and explicit (interleaving) models of the state space. For formulae that do not exhibit the required structure, we present a technique called predicate filtering, which uses a weaker property with the desired structural characteristics to obtain a reduced state space which can then be exhaustively explored. We also show that lattice theory can be used to obtain a path of shortest length to an error state, thereby producing short error trails that greatly ease the task of debugging. We provide experimental results from a wide range of examples, showing the effectiveness of our techniques at improving the efficiency of verifying and debugging concurrent and distributed systems. Our implementation is based on the popular model checker SPIN, and we compare our performance against the state-of-the-art state space reduction strategies implemented in SPIN.Electrical and Computer Engineerin
Multi-value distributed key-value stores
Tese de Doutoramento em InformaticsMany large scale distributed data stores rely on optimistic replication to
scale and remain highly available in the face of network partitions. Managing
data without strong coordination results in eventually consistent
data stores that allow for concurrent data updates. To allow writing applications
in the absence of linearizability or transactions, the seminal
Dynamo data store proposed a multi-value API in which a get returns
the set of concurrent written values. In this scenario, it is important to
be able to accurately and efficiently identify updates executed concurrently.
Logical clocks are often used to track data causality, necessary
to distinguish concurrent from causally related writes on the same key.
However, in traditional mechanisms there is a non-negligible metadata
overhead per key, which also keeps growing with time, proportional to
the node churn rate. Another challenge is deleting keys while respecting
causality: while the values can be deleted, per-key metadata cannot
be permanently removed in current data stores.
These systems often use anti-entropy mechanisms (like Merkle Trees)
to detect and repair divergent data versions across nodes. However,
in practice hash-based data structures are not suitable to a store using
consistent hashing and create too many false positives.
Also, highly available systems usually provide eventual consistency,
which is the weakest form of consistency. This results in a programming
model difficult to use and to reason about. It has been proved that
causal consistency is the strongest consistency model achievable if we
want highly available services. It provides better programming semantics
such as sessions guarantees. However, classical causal consistency
is a memory model that that is problematic for concurrent updates, in
the absence of concurrency control primitives. Used in eventually consistent
data stores, it leads to arbitrating between concurrent updates
which leads to data loss. We propose three novel techniques in this thesis. The first is Dotted
Version Vectors: a solution that combines a new logical clock mechanism
and a request handling workflow that together support the traditional
Dynamo key-value store API while capturing causality in an
accurate and scalable way, avoiding false conflicts. It maintains concise
information per version, linear only on the number of replicas, and includes
a container data structure that allows sets of concurrent versions
to be merged efficiently, with time complexity linear on the number of
replicas plus versions.
The second is DottedDB: a Dynamo-like key-value store, which uses
a novel node-wide logical clock framework, overcoming three fundamental
limitations of the state of the art: (1) minimize the metadata per
key necessary to track causality, avoiding its growth even in the face
of node churn; (2) correctly and durably delete keys, with no need for
tombstones; (3) offer a lightweight anti-entropy mechanism to converge
replicated data, avoiding the need for Merkle Trees.
The third and final contribution is Causal Multi-Value Consistency: a
novel consistency model that respects the causality of client operations
while properly supporting concurrent updates without arbitration, by
having the same Dynamo-like multi-value nature. In addition, we extend
this model to provide the same semantics with read and write
transactions. For both models, we define an efficient implementation
on top of a distributed key-value store.Várias bases de dados de larga escala usam técnicas de replicação otimista
para escalar e permanecer altamente disponíveis face a falhas e partições
na rede. Gerir os dados sem coordenação forte entre os nós
do servidor e o cliente resulta em bases de dados "inevitavelmente coerentes"
que permitem escritas de dados concorrentes. Para permitir
que aplicações escrevam na base de dados na ausência de transações
e mecanismos de coerência forte, a influente base de dados Dynamo
propôs uma interface multi-valor, que permite a uma leitura devolver
um conjunto de valores escritos concorrentemente para a mesma chave.
Neste cenário, é importante identificar com exatidão e eficiência quais
as escritas efetuadas numa chave de forma potencialmente concorrente.
Relógios lógicos são normalmente usados para gerir a causalidade das
chaves, de forma a detetar escritas causalmente concorrentes na mesma
chave. No entanto, mecanismos tradicionais adicionam metadados cujo
tamanho cresce proporcionalmente com a entrada e saída de nós no
servidor. Outro desafio é a remoção de chaves do sistema, respeitando
a causalidade e ao mesmo tempo não deixando metadados permanentes
no servidor.
Estes sistemas de dados utilizam também mecanismos de anti-entropia
(tais como Merkle Trees) para detetar e reparar dados replicados em diferentes
nós que divirjam. No entanto, na prática estas estruturas de dados
baseadas em hashes não são adequados para sistemas que usem hashing
consistente para a partição de dados e resultam em muitos falsos positivos.
Outro aspeto destes sistemas é o facto de normalmente apenas suportarem
coerência inevitável, que é a garantia mais fraca em termos
de coerência de dados. Isto resulta num modelo de programação difícil
de usar e compreender. Foi provado que coerência causal é a forma
mais forte de coerência de dados que se consegue fornecer, de forma a que se consiga também ser altamente disponível face a falhas. Este
modelo fornece uma semântica mais interessante ao cliente do sistema,
nomeadamente as garantias de sessão. No entanto, a coerência causal
tradicional é definida sobre um modelo de memória não apropriado
para escritas concorrentes não controladas. Isto leva a que se arbitre
um vencedor quando escritas acontecem concorrentemente, levando a
perda de dados.
Propomos nesta tese três novas técnicas. A primeira chama-se Dotted
Version Vectors: uma solução que combina um novo mecanismo de
relógios lógicos com uma interação entre o cliente e o servidor, que permitem
fornecer uma interface multi-valor ao cliente similar ao Dynamo
de forma eficiente e escalável, sem falsos conflitos. O novo relógio lógico
mantém informação precisa por versão de uma chave, de tamanho linear
no número de réplicas da chave no sistema. Permite também que
versão diferentes sejam corretamente e eficientemente reunidas.
A segunda contribuição chama-se DottedDB: uma base de dados similar
ao Dynamo, mas que implementa um novo mecanismo de relógios
lógicos ao nível dos nós, que resolve três limitações fundamentais do estado
da arte: (1) minimiza os metadados necessários manter por chave
para gerir a causalidade, evitando o seu crescimento com a entrada e
saída de nós; (2) permite remover chaves de forma permanente, sem
a necessidade de manter metadados indefinidamente no servidor; (3)
um novo protocolo de anti-entropia para reparar dados replicados, de
modo a que todas as réplicas na base de dados convirjam, sem que seja
necessário operações dispendiosas como as usadas com Merkle Trees.
A terceira e última contribuição é Coerência Causal Multi-Valor: um
novo modelo de coerência de dados que respeita a causalidade das operações
efetuadas pelos clientes e que também suporta operações concorrentes,
sem que seja necessário arbitrar um vencedor entre as escritas,
seguindo o espírito da interface multi-valor do Dynamo. Adicionalmente,
estendemos este modelo para fornecer transações de escritas ou
leituras, respeitando a mesma semântica da causalidade. Para ambos
os modelos, definimos uma implementação eficiente em cima de uma
base de dados distribuída.Fundação para a Ciência e Tecnologia (FCT) - with the research grant SFRH/BD/86735/201
Scalable and accurate causality tracking for eventually consistent stores
Lecture Notes in Computer Science 8460, 2014In cloud computing environments, data storage systems often rely on optimistic replication to provide good performance and availability even in the presence of failures or network partitions. In this scenario, it is important to be able to accurately and efficiently identify updates executed concurrently. Current approaches to causality tracking in optimistic replication have problems with concurrent updates: they either (1) do not scale, as they require replicas to maintain information that grows linearly with the number of writes or unique clients; (2) lose information about causality, either by removing entries from client-id based version vectors or using server-id based version vectors, which cause false conflicts. We propose a new logical clock mechanism and a logical clock framework that together support a traditional key-value store API, while capturing causality in an accurate and scalable way, avoiding false conflicts. It maintains concise information per data replica, only linear on the number of replica servers, and allows data replicas to be compared and merged linear with the number of replica servers and versions.(undefined
- …