944 research outputs found
Fisheye Consistency: Keeping Data in Synch in a Georeplicated World
Over the last thirty years, numerous consistency conditions for replicated
data have been proposed and implemented. Popular examples of such conditions
include linearizability (or atomicity), sequential consistency, causal
consistency, and eventual consistency. These consistency conditions are usually
defined independently from the computing entities (nodes) that manipulate the
replicated data; i.e., they do not take into account how computing entities
might be linked to one another, or geographically distributed. To address this
lack, as a first contribution, this paper introduces the notion of proximity
graph between computing nodes. If two nodes are connected in this graph, their
operations must satisfy a strong consistency condition, while the operations
invoked by other nodes are allowed to satisfy a weaker condition. The second
contribution is the use of such a graph to provide a generic approach to the
hybridization of data consistency conditions into the same system. We
illustrate this approach on sequential consistency and causal consistency, and
present a model in which all data operations are causally consistent, while
operations by neighboring processes in the proximity graph are sequentially
consistent. The third contribution of the paper is the design and the proof of
a distributed algorithm based on this proximity graph, which combines
sequential consistency and causal consistency (the resulting condition is
called fisheye consistency). In doing so the paper not only extends the domain
of consistency conditions, but provides a generic provably correct solution of
direct relevance to modern georeplicated systems
A Metric Encoding for Bounded Model Checking (extended version)
In Bounded Model Checking both the system model and the checked property are
translated into a Boolean formula to be analyzed by a SAT-solver. We introduce
a new encoding technique which is particularly optimized for managing
quantitative future and past metric temporal operators, typically found in
properties of hard real time systems. The encoding is simple and intuitive in
principle, but it is made more complex by the presence, typical of the Bounded
Model Checking technique, of backward and forward loops used to represent an
ultimately periodic infinite domain by a finite structure. We report and
comment on the new encoding technique and on an extensive set of experiments
carried out to assess its feasibility and effectiveness
Assurance of Distributed Algorithms and Systems: Runtime Checking of Safety and Liveness
This paper presents a general framework and methods for complete programming
and checking of distributed algorithms at a high-level, as in pseudocode
languages, but precisely specified and directly executable, as in formal
specification languages and practical programming languages, respectively. The
checking framework, as well as the writing of distributed algorithms and
specification of their safety and liveness properties, use DistAlgo, a
high-level language for distributed algorithms. We give a complete executable
specification of the checking framework, with a complete example algorithm and
example safety and liveness properties.Comment: Small fixes to improve property specifications, including
improvements not in the RV 2020 final versio
Solving the liar detection problem using the four-qubit singlet state
A method for solving the Byzantine agreement problem [M. Fitzi, N. Gisin, and
U. Maurer, Phys. Rev. Lett. 87, 217901 (2001)] and the liar detection problem
[A. Cabello, Phys. Rev. Lett. 89, 100402 (2002)] is introduced. The main
advantages of this protocol are that it is simpler and is based on a four-qubit
singlet state already prepared in the laboratory.Comment: REVTeX4, 4 page
A Quantum solution to the Byzantine agreement problem
We present a solution to an old and timely problem in distributed computing.
Like Quantum Key Distribution (QKD), quantum channels make it possible to
achieve taks classically impossible. However, unlike QKD, here the goal is not
secrecy but agreement, and the adversary is not outside but inside the game,
and the resources require qutrits.Comment: 4 pages, 1 figur
Timed Implementation Relations for the Distributed Test Architecture
In order to test systems that have physically distributed interfaces, called ports, we might use a distributed approach in which there is a separate tester at each port. If the testers do not synchronise during testing then we cannot always determine the relative order of events observed at different ports and this leads to new notions of correctness that have been described using corresponding implementation relations. We study the situation in which each tester has a local clock and timestamps its observations. If we know nothing about how the local clocks relate then this does not affect the implementation relation while if the local clocks agree exactly then we can reconstruct the sequence of observations made. In practice, however, we are likely to be between these extremes: the local clocks will not agree exactly but we have some information regarding how they can differ. We start by assuming that a local tester interacts synchronously with the corresponding port of the system under test and then extend this to the case where communications can be asynchronous, considering both the first-in-first-out (FIFO) case and the non-FIFO case. The new implementation relations are stronger than implementation relations for distributed testing that do not use timestamps but still reflect the distributed nature of observations. This paper explores these alternatives and derives corresponding implementation relations
Locality and Singularity for Store-Atomic Memory Models
Robustness is a correctness notion for concurrent programs running under
relaxed consistency models. The task is to check that the relaxed behavior
coincides (up to traces) with sequential consistency (SC). Although
computationally simple on paper (robustness has been shown to be
PSPACE-complete for TSO, PGAS, and Power), building a practical robustness
checker remains a challenge. The problem is that the various relaxations lead
to a dramatic number of computations, only few of which violate robustness.
In the present paper, we set out to reduce the search space for robustness
checkers. We focus on store-atomic consistency models and establish two
completeness results. The first result, called locality, states that a
non-robust program always contains a violating computation where only one
thread delays commands. The second result, called singularity, is even stronger
but restricted to programs without lightweight fences. It states that there is
a violating computation where a single store is delayed.
As an application of the results, we derive a linear-size source-to-source
translation of robustness to SC-reachability. It applies to general programs,
regardless of the data domain and potentially with an unbounded number of
threads and with unbounded buffers. We have implemented the translation and
verified, for the first time, PGAS algorithms in a fully automated fashion. For
TSO, our analysis outperforms existing tools
A Scalable Byzantine Grid
Modern networks assemble an ever growing number of nodes. However, it remains
difficult to increase the number of channels per node, thus the maximal degree
of the network may be bounded. This is typically the case in grid topology
networks, where each node has at most four neighbors. In this paper, we address
the following issue: if each node is likely to fail in an unpredictable manner,
how can we preserve some global reliability guarantees when the number of nodes
keeps increasing unboundedly ? To be more specific, we consider the problem or
reliably broadcasting information on an asynchronous grid in the presence of
Byzantine failures -- that is, some nodes may have an arbitrary and potentially
malicious behavior. Our requirement is that a constant fraction of correct
nodes remain able to achieve reliable communication. Existing solutions can
only tolerate a fixed number of Byzantine failures if they adopt a worst-case
placement scheme. Besides, if we assume a constant Byzantine ratio (each node
has the same probability to be Byzantine), the probability to have a fatal
placement approaches 1 when the number of nodes increases, and reliability
guarantees collapse. In this paper, we propose the first broadcast protocol
that overcomes these difficulties. First, the number of Byzantine failures that
can be tolerated (if they adopt the worst-case placement) now increases with
the number of nodes. Second, we are able to tolerate a constant Byzantine
ratio, however large the grid may be. In other words, the grid becomes
scalable. This result has important security applications in ultra-large
networks, where each node has a given probability to misbehave.Comment: 17 page
An Epistemic Perspective on Consistency of Concurrent Computations
Consistency properties of concurrent computations, e.g., sequential
consistency, linearizability, or eventual consistency, are essential for
devising correct concurrent algorithms. In this paper, we present a logical
formalization of such consistency properties that is based on a standard logic
of knowledge. Our formalization provides a declarative perspective on what is
imposed by consistency requirements and provides some interesting unifying
insight on differently looking properties
Verifying linearizability on TSO architectures
Linearizability is the standard correctness criterion for fine-grained, non-atomic concurrent algorithms, and a variety of methods for verifying linearizability have been developed. However, most approaches assume a sequentially consistent memory model, which is not always realised in practice. In this paper we define linearizability on a weak memory model: the TSO (Total Store Order) memory model, which is implemented in the x86 multicore architecture. We also show how a simulation-based proof method can be adapted to verify linearizability for algorithms running on TSO architectures. We demonstrate our approach on a typical concurrent algorithm, spinlock, and prove it linearizable using our simulation-based approach. Previous approaches to proving linearizabilty on TSO architectures have required a modification to the algorithm's natural abstract specification. Our proof method is the first, to our knowledge, for proving correctness without the need for such modification
- …