177 research outputs found
This is not the End: Rethinking Serverless Function Termination
Elastic scaling is one of the central benefits provided by serverless
platforms, and requires that they scale resource up and down in response to
changing workloads. Serverless platforms scale-down resources by terminating
previously launched instances (which are containers or processes). The
serverless programming model ensures that terminating instances is safe
assuming all application code running on the instance has either completed or
timed out. Safety thus depends on the serverless platform's correctly
determining that application processing is complete.
In this paper, we start with the observation that current serverless
platforms do not account for pending asynchronous I/O operations when
determining whether application processing is complete. These platforms are
thus unsafe when executing programs that use asynchronous I/O, and incorrectly
deciding that application processing has terminated can result in data
inconsistency when these platforms are used. We show that the reason for this
problem is that current serverless semantics couple termination and response
generation in serverless applications. We address this problem by proposing an
extension to current semantics that decouples response generation and
termination, and demonstrate the efficacy and benefits of our proposal by
extending OpenWhisk, an open source serverless platform
A Logic of Reachable Patterns in Linked Data-Structures
We define a new decidable logic for expressing and checking invariants of
programs that manipulate dynamically-allocated objects via pointers and
destructive pointer updates. The main feature of this logic is the ability to
limit the neighborhood of a node that is reachable via a regular expression
from a designated node. The logic is closed under boolean operations
(entailment, negation) and has a finite model property. The key technical
result is the proof of decidability. We show how to express precondition,
postconditions, and loop invariants for some interesting programs. It is also
possible to express properties such as disjointness of data-structures, and
low-level heap mutations. Moreover, our logic can express properties of
arbitrary data-structures and of an arbitrary number of pointer fields. The
latter provides a way to naturally specify postconditions that relate the
fields on entry to a procedure to the fields on exit. Therefore, it is possible
to use the logic to automatically prove partial correctness of programs
performing low-level heap mutations
Data representation synthesis
We consider the problem of specifying combinations of data structures with complex sharing in a manner that is both declarative and results in provably correct code. In our approach, abstract data types are specified using relational algebra and functional dependencies. We describe a language of decompositions that permit the user to specify different concrete representations for relations, and show that operations on concrete representations soundly implement their relational specification. It is easy to incorporate data representations synthesized by our compiler into existing systems, leading to code that is simpler, correct by construction, and comparable in performance to the code it replaces
- …