Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers...
Transcript of Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers...
![Page 1: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/1.jpg)
UC San Diego
Pretend Synchrony
Klaus von Gleissenthall
![Page 2: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/2.jpg)
Software Systems Shouldn’t Fail
![Page 3: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/3.jpg)
Ariane 5 CrashCrashed due to float to int conversion bug
1996
![Page 4: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/4.jpg)
Marriott BreachData from 500 Mio customers (2018)
Name, Passport No., Credit Card Numbers
![Page 5: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/5.jpg)
The Nightmare
404
![Page 6: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/6.jpg)
The Nightmare
![Page 7: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/7.jpg)
The Nightmare
![Page 8: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/8.jpg)
The Nightmare
![Page 9: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/9.jpg)
Software Systems Shouldn’t Fail
![Page 10: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/10.jpg)
How to Make Sure Distributed Systems Don’t Crash?
![Page 11: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/11.jpg)
Distributed SystemsNodes run protocol
✉
✉Send & receive asynchronously
![Page 12: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/12.jpg)
Testing?
![Page 13: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/13.jpg)
Testing?
Input
Schedule
To fix a run, we need
![Page 14: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/14.jpg)
Testing?Schedule: order on message delivery
Schedule 1 A
B
C
![Page 15: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/15.jpg)
Testing?Schedule: order on message delivery
Schedule 2 B
A
C
![Page 16: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/16.jpg)
Testing?Schedule: order on message delivery
Schedule 3 B
C
A
![Page 17: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/17.jpg)
❌
✅
Given input & schedule check property Testing?
![Page 18: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/18.jpg)
Asynchrony: too many schedulesTesting?
❌
✅
☹
![Page 19: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/19.jpg)
Asynchrony: too many schedules
Testing?
![Page 20: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/20.jpg)
Model Checking?
![Page 21: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/21.jpg)
Model Checking?
MC
Enumerate all inputs & schedules
✅
✅ ✅
✅ ✅
![Page 22: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/22.jpg)
Model Checking?Problem: Unbounded State
MC✅ …
![Page 23: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/23.jpg)
Model Checking?Problem: Unbounded State
MC
☹
❓
![Page 24: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/24.jpg)
Model Checking?Problem: Unbounded State
![Page 25: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/25.jpg)
Deductive Verification?
![Page 26: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/26.jpg)
Deductive Verification?
SMT✅❌
Prove Protocol Correctness
…
![Page 27: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/27.jpg)
Deductive Verification?Can handle Unbounded State
… but needs Auxiliary Invariants
…👍θ1 θ2
![Page 28: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/28.jpg)
Deductive Verification?… but needs Auxiliary Invariants
…👍θ1 θ2
![Page 29: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/29.jpg)
Deductive Verification?
👍 …
that enumerate schedules and network state
☹Φ1 Φ2 Φ3
Φ4 Φ5 Φ6
Φ7 Φ8 Φ9
… but needs Auxiliary Invariants
θ1 θ2
![Page 30: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/30.jpg)
Deductive Verification?Too many Invariants!
![Page 31: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/31.jpg)
Pretend Synchrony: Make Proofs Easier!
![Page 32: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/32.jpg)
Pretend Synchrony
9.
10.
11.
1.2.
3.4.
5.6.7.
8.
Programmers don’t case-split on schedules & network
![Page 33: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/33.jpg)
Pretend Synchrony… they think about a representative schedule
![Page 34: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/34.jpg)
Pretend Synchrony… where messages are delivered instantaneously
![Page 35: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/35.jpg)
Pretend Synchronywe call this schedule synchronization
![Page 36: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/36.jpg)
To verify a protocol
1.
2. …
Pretend SynchronyA
B
C
B
A
C
![Page 37: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/37.jpg)
1.
2.
To verify a protocol
…
Pretend SynchronyA
B
C
B
A
C
… 1. compute its synchronization
;
;
A
B
C
![Page 38: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/38.jpg)
To verify a protocol
Pretend Synchrony
… 2. verify synchronization
;
;
A
B
C
![Page 39: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/39.jpg)
Φ1 Φ2 Φ3
Φ4 Φ5 Φ6
Φ7 Φ8 Φ9
☹
Pretend Synchrony
θ1 θ2
Synchronizations don’t case-split on schedules & network
![Page 40: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/40.jpg)
😌
Pretend Synchrony
… which significantly reduces invariants
θ1 θ2
Synchronizations don’t case-split on schedules & network
![Page 41: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/41.jpg)
Example 1: Two-Phase Commit
Synchronizations
![Page 42: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/42.jpg)
Two-Phase CommitPhase 1
Coordinator
Storage node
Storage node
Storage nodeCommit
a value
![Page 43: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/43.jpg)
Two-Phase Commit
SendValue
SaveValue
SaveValue
Phase 1
SaveValue
![Page 44: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/44.jpg)
Use value to commit
or abortAbort if any node aborts
Phase 1Two-Phase Commit
![Page 45: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/45.jpg)
Commit if all nodes commit
Two-Phase CommitPhase 1
Use value to commit
or abort
![Page 46: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/46.jpg)
Send commit/abort decision
If commitfinalize
Two-Phase CommitPhase 2
![Page 47: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/47.jpg)
Receive acks; done
Send acks
Two-Phase CommitPhase 2
![Page 48: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/48.jpg)
;
1. Send value to nodes
;1
;2
;3
2. Respond
commit/abort
;1
;2
;3
;
3. Relay decision
;1
;2
;3
;
4. Gather acks
;1
;2
;3
;
Two-Phase CommitSynchronization
![Page 49: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/49.jpg)
Example 2:Work stealing Queue
Synchronizations
![Page 50: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/50.jpg)
Work stealing Queue
Queue Collector
Workers
Workers
Workers
![Page 51: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/51.jpg)
Work stealing QueueWorker
requestsa task
![Page 52: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/52.jpg)
Work stealing Queue
Assigns task to worker
![Page 53: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/53.jpg)
Work stealing QueueOther workers request task
![Page 54: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/54.jpg)
Work stealing QueueOther workers request task
![Page 55: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/55.jpg)
Work stealing QueueSends
result to coordinator
![Page 56: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/56.jpg)
Work stealing QueueThe other workers finish
![Page 57: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/57.jpg)
Work stealing Queue
Done!
![Page 58: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/58.jpg)
1. Queue assigns
tasks to workers that write result to set
;;
;
;
;
2. Workers pick results
from set and send to collector
;
;
;
SynchronizationWork stealing Queue
![Page 59: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/59.jpg)
Outline
Extensions
1. Computing SynchronizationsKey Idea: Pretend Synchrony
Evaluation
2. Verifying the Synchronization
![Page 60: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/60.jpg)
1. Computing Synchronizations (By Rewriting and By Example)
![Page 61: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/61.jpg)
Example 1: Loop Free
Synchronize by Rewriting
![Page 62: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/62.jpg)
Example 1Synchronize by Rewriting
![Page 63: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/63.jpg)
process p process q
Synchronize by RewritingExample 1
send q Ping; v <- recv p;||w <- recv q; send p Pong;
![Page 64: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/64.jpg)
send q Ping; v <- recv p;||w <- recv q; send p Pong;
Synchronize by RewritingExample 1
Since there is only a single order
![Page 65: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/65.jpg)
Synchronize by RewritingExample 1
send q Ping;
v <- recv p;
Since there is only a single order
||w <- recv q; send p Pong;
… we can sequentialize the send & receive (Lipton’75)
![Page 66: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/66.jpg)
Synchronize by RewritingExample 1
send q Ping;
v <- recv p;
||w <- recv q; send p Pong;
… we can sequentialize the send & receive (Lipton’75)
![Page 67: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/67.jpg)
Synchronize by RewritingExample 1
… we can sequentialize the send & receive (Lipton’75)
… and replace them by an assignments
q.v <- Ping;
||w <- recv q; send p Pong;
![Page 68: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/68.jpg)
Synchronize by RewritingExample 1
… we can sequentialize the send & receive (Lipton’75)
… and replace them by an assignments
q.v <- Ping;
w <- recv q;
send p Pong;
![Page 69: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/69.jpg)
Synchronize by RewritingExample 1
… we can sequentialize the send & receive (Lipton’75)
… and replace them by an assignments
q.v <- Ping;
p.w <- Pong;
![Page 70: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/70.jpg)
Synchronization
Synchronize by RewritingExample 1
q.v <- Ping;
p.w <- Pong;
![Page 71: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/71.jpg)
Example 2 : Loop over Processes
Synchronize by Rewriting
![Page 72: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/72.jpg)
Example 2Synchronize by Rewriting
![Page 73: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/73.jpg)
∏ q∈qs||
Example 2Synchronize by Rewriting
![Page 74: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/74.jpg)
Synchronize by RewritingExample 2
send q Ping; v <- recv p;||w <- recv q; send p Pong;
∏ q∈qs
for q in qs do
end
p loops over qs
![Page 75: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/75.jpg)
send q Ping; v <- recv p;||w <- recv q; send p Pong;
∏ q∈qs
for q in qs do
end
Synchronize by RewritingExample 2
… and each iteration talks to a single process
Since iterations are sequential
![Page 76: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/76.jpg)
send q Ping; v <- recv p;||w <- recv q; send p Pong;
∏ q∈qs
for q in qs do
end
Synchronize by RewritingExample 2
… focus on arbitrary iteration, synchronize
![Page 77: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/77.jpg)
for q in qs do
end
Synchronize by RewritingExample 2
… focus on arbitrary iteration, synchronize
q.v <- Ping;
p.w <- Pong;
![Page 78: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/78.jpg)
end
for q in qs do
Synchronize by RewritingExample 2
… focus on arbitrary iteration, synchronize
q.v <- Ping;
p.w <- Pong;
… and generalize (Materialization, Sagiv’99)
![Page 79: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/79.jpg)
Synchronize by RewritingExample 2
Synchronization
end
for q in qs do
q.v <- Ping;
p.w <- Pong;
![Page 80: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/80.jpg)
Example 3 : Symmetric Races
Synchronize by Rewriting
![Page 81: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/81.jpg)
Example 3Synchronize by Rewriting
![Page 82: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/82.jpg)
send q Ping; v <- recv p;||send p Pong;
∏ q∈qs
for q in qs do
end
two loops
w <- recv qs;
for _ in qs do
end
{{
Synchronize by RewritingExample 3
![Page 83: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/83.jpg)
send q Ping; v <- recv p;||send p Pong;
∏ q∈qs
for q in qs do
end
w <- recv qs;
for _ in qs do
end
Synchronize by RewritingExample 3
… the first loop and its receive, then the rest
Split the rewrite into two sequential steps
![Page 84: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/84.jpg)
… some qs might send during the first loop
send q Ping; v <- recv p;||send p Pong;
∏ q∈qs
for q in qs do
end
w <- recv qs;
for _ in qs do
end
Synchronize by RewritingExample 3
we can pretend the sends happen later (Lipton’75)
![Page 85: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/85.jpg)
send q Ping; v <- recv p;||send p Pong;
∏ q∈qs
for q in qs do
end
w <- recv qs;
for _ in qs do
end
Synchronize by RewritingExample 3
Since the loop is sequential
![Page 86: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/86.jpg)
||send p Pong;
∏ q∈qs
for q in qs do
end
w <- recv qs;
for _ in qs do
end
Synchronize by RewritingExample 3
… synchronize arbitrary an iteration
Since the loop is sequential
q.v <- Ping;
![Page 87: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/87.jpg)
for q in qs do
end
|| send p Pong;∏ q∈qsw <- recv qs;
for _ in qs do
end
Synchronize by RewritingExample 3
… and generalize
Since the loop is sequential
q.v <- Ping;
![Page 88: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/88.jpg)
|| send p Pong;∏ q∈qsw <- recv qs;
for _ in qs do
end
Synchronize by RewritingExample 3
… there is a race between the processes in qs
Problem: Iterations are no longer sequential
![Page 89: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/89.jpg)
|| send p Pong;∏ q∈qsw <- recv qs;
for _ in qs do
end
Synchronize by RewritingExample 3
… how can we synchronize?
Problem: Iterations are no longer sequential
![Page 90: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/90.jpg)
Exploit
Synchronize by Rewriting
SymmetrySequence Symmetry
![Page 91: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/91.jpg)
Exploit
Synchronize by Rewriting
SymmetrySequence
![Page 92: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/92.jpg)
SymmetryInvariance under transformation
![Page 93: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/93.jpg)
Invariance under transformation
Symmetry
![Page 94: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/94.jpg)
Invariance under rotation
Symmetry
![Page 95: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/95.jpg)
Invariance under rotation
Symmetry
![Page 96: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/96.jpg)
Symmetry in Distributed Systems
… doesn’t affect halting states (Ip &Dill 1996)
Invariance under process-id permutation
![Page 97: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/97.jpg)
Symmetry in Distributed SystemsName nodes …
1
2
3
![Page 98: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/98.jpg)
Symmetry in Distributed Systemspermuting process names
3
1
2
… does not affect halting states
![Page 99: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/99.jpg)
Use Symmetry to Synchronize!
![Page 100: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/100.jpg)
|| send p Pong;∏ q∈qsw <- recv qs;
for _ in qs do
end
Synchronize by RewritingExample 3
… we can receive the messages in any order
Since the processes in qs are symmetric
![Page 101: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/101.jpg)
|| send p Pong;∏ q∈qsw <- recv qs;
for _ in qs do
end
Synchronize by RewritingExample 3
… we can receive the messages in any order
![Page 102: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/102.jpg)
|| send p Pong;∏ q∈qsw <- recv q;
for q in qs do
end
Synchronize by RewritingExample 3
… we can receive the messages in any order
… in particular, we the iteration order of the loop
![Page 103: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/103.jpg)
|| send p Pong;∏ q∈qsw <- recv q;
for q in qs do
end
Synchronize by RewritingExample 3
… in particular, we the iteration order of the loop
… since the loop is now sequential
![Page 104: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/104.jpg)
|| send p Pong;∏ q∈qsw <- recv q;
for q in qs do
end
Synchronize by RewritingExample 3
… since the loop is now sequential
![Page 105: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/105.jpg)
p.w <- Pong;
for _ in qs do
end
Synchronize by RewritingExample 3
… since the loop is now sequential
… we can synchronize, as before
![Page 106: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/106.jpg)
end
for _ in qs do
p.w <- Pong;
Synchronize by RewritingExample 3
… since the loop is now sequential
… we can synchronize, as before
![Page 107: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/107.jpg)
end
for _ in qs do
p.w <- Pong;
Synchronize by RewritingExample 3
… we can synchronize, as before
![Page 108: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/108.jpg)
Synchronize by RewritingExample 3
… we can synchronize, as before
… and get the overall synchronization
for q in qs do
end
q.v <- Ping;
for _ in qs do
p.w <- Pong;
end
![Page 109: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/109.jpg)
for q in qs do
end
Synchronize by RewritingExample 3
q.v <- Ping;
for _ in qs do
p.w <- Pong;
end
Synchronization
![Page 110: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/110.jpg)
Example 4: Two Phase Commit
Synchronize by Rewriting
![Page 111: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/111.jpg)
for p in dbs do send p (c,val) (id,val) <-recv
vote <- * ? C : A
send id vote
abort <- False
for p in dbs do msg <-recv if msg == A abort <- True
∏ p∈dbs||
Synchronize by RewritingTwo Phase Commit: Phase 1
![Page 112: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/112.jpg)
for p in dbs do send p dec
dec <- recv
if dec == C value <- val
send id Ack for p in dbs do _ <-recv
dec <- abort ? A : C
Synchronize by Rewriting
∏ p∈dbs||
Two Phase Commit: Phase 2
![Page 113: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/113.jpg)
for p in dbs do send p (c,val) (id,val) <-recv
vote <- * ? C : A
send id vote
abort <- False
for p in dbs do msg <-recv if msg == A abort <- True
∏ p∈dbs||
Synchronize by Rewriting: Synchronizing Phase 1Two Phase Commit
… by example 3
![Page 114: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/114.jpg)
vote <- * ? C : A
send id vote
abort <- False
for p in dbs do msg <-recv if msg == A abort <- True
∏ p∈dbs||
Synchronize by Rewriting
p.id<-c;
p.val<-c.val;
for p in dbs do
… by example 3
: Synchronizing Phase 1Two Phase Commit
![Page 115: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/115.jpg)
vote <- * ? C : A
send id vote
for p in dbs do msg <-recv if msg == A abort <- True
∏ p∈dbs||
Synchronize by Rewriting
… by example 3
: Synchronizing Phase 1Two Phase Commit
p.id<-c;
p.val<-c.val;
for p in dbs do
c.abort<-False;
![Page 116: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/116.jpg)
Synchronize by Rewritingp.id<-c;
p.val<-c.val;
for p in dbs do
for p in dbs do
c.abort<-False;
vote <-* ? C : A
c.msg<-p.vote;
if msg == A abort <- True
Synchronized Phase 1
![Page 117: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/117.jpg)
Outline
Extensions
1. Computing SynchronizationsKey Idea: Pretend Synchrony
Evaluation
2. Verifying the Synchronization
![Page 118: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/118.jpg)
2. Verifying the Synchronization
Synchronous Proofs Are Easy!
![Page 119: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/119.jpg)
= Nodes agree on same value
2PC: Correctness
![Page 120: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/120.jpg)
Asynchronous Proofs are Ugly!
![Page 121: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/121.jpg)
Φ1 Φ2 Φ3
Φ4 Φ5 Φ6
Φ7 Φ8 Φ9
Asynchronous Proofs
☹θ1 θ2
![Page 122: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/122.jpg)
Φ1 Φ2 Φ3
Φ4 Φ5 Φ6
Φ7 Φ8 Φ9
Asynchronous ProofsEnumerate schedules and network state
☹
θ1 θ2
![Page 123: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/123.jpg)
Φ1 Φ2
Φ4 Φ5 Φ6
Φ7 Φ8 Φ9
Asynchronous Proofs
did send to Φ3
☹
Enumerate schedules and network state
θ1 θ2
![Page 124: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/124.jpg)
Φ1 Φ2
Φ4 Φ6
Φ7 Φ8 Φ9
Asynchronous Proofs
did send to Φ3
Φ5
☹
∨ didn’t execute its receive
Enumerate schedules and network state
θ1 θ2
![Page 125: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/125.jpg)
Φ6
Φ1 Φ2
Φ4
Φ7 Φ8 Φ9
Asynchronous Proofs
did send to Φ3
☹
∨ there is messages from to
containing ’s ID and value
Φ5∨ didn’t execute its receive
Enumerate schedules and network state
θ1 θ2
![Page 126: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/126.jpg)
Synchronous Proofs are Nice!
![Page 127: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/127.jpg)
Φ1 Φ2 Φ3
Φ4 Φ5 Φ6
Φ7 Φ8 Φ9
Asynchronous Proofs
☹θ1 θ2
![Page 128: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/128.jpg)
😌
Synchronous Proofs
θ1 θ2
![Page 129: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/129.jpg)
😌
Synchronous Proofs
θ1 θ2
![Page 130: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/130.jpg)
😌
for p in dbs do
p.id<-c;
p.val<-c.val;
∀p ∈ dbs . p ∈ done → p . val = c . val=
Synchronous Proofs
θ2
θ1
θ1
![Page 131: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/131.jpg)
for p in dbs do
if msg == C p.value <- p.val;
_<-Ack;
😌= ∀p ∈ dbs . p ∈ done ∧ c . dec = C ⇒ p . value = c . val
Synchronous Proofs
θ1
θ2
θ2
![Page 132: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/132.jpg)
Recap
SymmetrySequence
Compute synchronizations using sequence and symmetry
9.
10.
11.
1.
2.3.
4.
5.6.7.
8.
![Page 133: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/133.jpg)
Recap
Makes Deductive Proofs Easier
☹Φ1 Φ2 Φ3
Φ4 Φ5 Φ6
Φ7 Φ8 Φ9
θ1 θ2
![Page 134: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/134.jpg)
😌
Recap
Makes Deductive Proofs Easier
θ1 θ2
![Page 135: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/135.jpg)
1. Computing Synchronizations
2. Verifying the Synchronization
Outline
Extensions
Key Idea: Pretend Synchrony
Evaluation
![Page 136: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/136.jpg)
Message Drops
Rounds
Multicasts
Extensions1.
2.
3.
✉❌
![Page 137: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/137.jpg)
Multicasts
![Page 138: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/138.jpg)
Multicasts
∏ q∈qs||∏
p∈ps
![Page 139: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/139.jpg)
Multicasts
||send q (Ping,p);
w <- recv q;
for q in qs do
end
∏ p∈ps
(v,id) <- recv ps;
send id Pong;∏
q∈qs
for _ in ps do
end
Problem: neither sequential nor symmetric
… can’t compose in sequence? Compose in parallel!
![Page 140: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/140.jpg)
Multicasts
||send q (Ping,p);
w <- recv q;
for q in qs do
end
∏ p∈ps
(v,id) <- recv ps;
send id Pong;∏
q∈qs
for _ in ps do
end
… can’t compose in sequence? Compose in parallel!
![Page 141: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/141.jpg)
Multicasts
||send q (Ping,p);
w <- recv q;
for q in qs do
end
∏ p∈ps
(v,id) <- recv p;
send id Pong;∏
q∈qs
for _ in ps do
end
… can’t compose in sequence? Compose in parallel!
… focus on arbitrary process p
![Page 142: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/142.jpg)
Multicasts
||send q (Ping,p);
w <- recv q;
for q in qs do
end
∏ p∈ps
(v,id) <- recv p;
send id Pong;∏
q∈qs
for _ in ps do
end
… focus on arbitrary process p
… the interaction is sequential!
![Page 143: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/143.jpg)
Multicasts
||send q (Ping,p);
w <- recv q;
for q in qs do
end
∏ p∈ps
(v,id) <- recv p;
send id Pong;∏
q∈qs
for _ in ps do
end
… the interaction is sequential!
![Page 144: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/144.jpg)
Multicasts
for q in qs do
end
∏ p∈ps
… the interaction is sequential!
p.w<-Pong
(q.v,q.id)<-(Ping,p);
… synchronize (by example 2)
![Page 145: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/145.jpg)
∏ p∈ps
Multicasts
for q in qs do
end
p.w<-Pong
(q.v,q.id)<-(Ping,p);
… synchronize (by example 2)
![Page 146: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/146.jpg)
< >
Multicasts… synchronize (by example 2)
for q in qs do
end
p.w<-Pong
(q.v,q.id)<-(Ping,p);∏ p∈ps
… and generalize!
![Page 147: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/147.jpg)
< >
Multicasts
results in a concurrent, shared memory program
for q in qs do
end
p.w<-Pong
(q.v,q.id)<-(Ping,p);∏ p∈ps
atomic
… and generalize!
![Page 148: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/148.jpg)
Message Drops
Rounds
Multicasts
Extensions1.
2.
3.
✉❌
![Page 149: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/149.jpg)
Message Drops
❌
❌
Extensions
![Page 150: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/150.jpg)
Message DropsExtensions
send q Ping; v <- recvTO p;|| ∏ q∈qs
for q in qs do
end
Receive non-deterministically
times out
![Page 151: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/151.jpg)
Message Drops
send q Ping; v <- recvTO p;|| ∏ q∈qs
for q in qs do
end
ExtensionsThe interaction is sequential
![Page 152: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/152.jpg)
Message Drops
send q Ping; v <- recvTO p;|| ∏ q∈qs
for q in qs do
end
ExtensionsThe interaction is sequential
… focus on a single iteration
![Page 153: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/153.jpg)
Message Drops
send q Ping; v <- recvTO p;|| ∏ q∈qs
for q in qs do
end
Extensions… focus on a single iteration
![Page 154: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/154.jpg)
Message Drops
send q Ping;
v <- recvTO p;
for q in qs do
end
Extensions… focus on a single iteration
… match up the send and receive
![Page 155: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/155.jpg)
Message Drops
send q Ping;
v <- recvTO p;
for q in qs do
end
Extensions… match up the send and receive
![Page 156: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/156.jpg)
Message Drops
for q in qs do
end
Extensions… match up the send and receive
q.v <-* ?
Just Ping:
None
… case-split whether the message was received
![Page 157: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/157.jpg)
Message Drops
for q in qs do
end
Extensions
q.v <-* ?
Just Ping:
None
… case-split whether the message was received
![Page 158: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/158.jpg)
Message Drops
for q in qs do
end
Extensions… case-split whether the message was received
q.v <-* ?
Just Ping:
None
… and generalize
![Page 159: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/159.jpg)
Message Drops
for q in qs do
end
Extensions
q.v <-* ?
Just Ping:
None
Synchronization
![Page 160: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/160.jpg)
Message Drops
Rounds
Multicasts
Extensions1.
2.
3.
✉❌
![Page 161: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/161.jpg)
Extensions
Instead of running only once
Rounds
![Page 162: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/162.jpg)
… repeat protocol in multiple rounds
ExtensionsRounds
![Page 163: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/163.jpg)
… repeat protocol in multiple rounds
12
ExtensionsRounds
![Page 164: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/164.jpg)
send q Ping|| ∏
q∈qs
for q in qs do
end
send p Ack;_<- recv q;
To repeat the protocol (from Ex. 2)
w<-recv p;
ExtensionsRounds
![Page 165: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/165.jpg)
send q (Ping, r)|| ∏
q∈qs
for q in qs do
end
send p Ack;_<- recv q;
To repeat the protocol (from Ex. 2)
w<-recv p;
… we send a round number r
ExtensionsRounds
![Page 166: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/166.jpg)
send q (Ping, r)|| ∏
q∈qs
for q in qs do
end
send p Ack;_<- recv q;
To repeat the protocol (from Ex. 2)
(w,r)<-recv p;
… bind the round number at the receive
ExtensionsRounds
![Page 167: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/167.jpg)
send q (Ping, r)|| ∏
q∈qs
for q in qs do
end
send p Ack;_<- recv q;
To repeat the protocol (from Ex. 2)
… and turn w into an array
(w[r],r)<-recv p;
ExtensionsRounds
![Page 168: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/168.jpg)
send q (Ping, r)|| ∏
q∈qs
for q in qs do
end
send p r Ack;_<- recv q;
To repeat the protocol (from Ex. 2)
… reply with a message for round number r
(w[r],r)<-recv p;
ExtensionsRounds
![Page 169: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/169.jpg)
send q (Ping, r)|| ∏
q∈qs
for q in qs do
end
_<- recv q r;
To repeat the protocol (from Ex. 2)
… receive for round r
send p r Ack;
(w[r],r)<-recv p;
ExtensionsRounds
![Page 170: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/170.jpg)
send q (Ping, r)|| ∏
q∈qs
for q in qs do
end
_<- recv q r;
To repeat the protocol (from Ex. 2) for r in rounds do
end
… repeat the for-loop, once for each round
send p r Ack;
(w[r],r)<-recv p;
ExtensionsRounds
![Page 171: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/171.jpg)
send q (Ping, r)|| ∏
q∈qs
for q in qs do
end
_<- recv q r;
To repeat the protocol (from Ex. 2)
… and repeat each process q, indefinitely
for r in rounds do
end
repeat do
end
send p r Ack;
(w[r],r)<-recv p;
ExtensionsRounds
![Page 172: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/172.jpg)
send q (Ping, r)|| ∏
q∈qs
for q in qs do
end
_<- recv q r;
Show
for r in rounds do
end
repeat do
end
send p r Ack;
(w[r],r)<-recv p;
∀r ∈ rounds, ∀q ∈ qs : q . w[r] = Ping
ExtensionsRounds
![Page 173: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/173.jpg)
Idea: Round Non-Interference
![Page 174: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/174.jpg)
Idea: Round Non-Interference
1 2 3
No shared state or communication between rounds
![Page 175: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/175.jpg)
∀r ∈ rounds : φ(r)φ(r*) r*
1 2 3
Idea: Round Non-Interference
Show by showing for an arbitrary round
![Page 176: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/176.jpg)
send q (Ping, r)|| ∏
q∈qs
for q in qs do
end
_<- recv q r;
for r in rounds do
end
repeat do
end
send p r Ack;
(w[r],r)<-recv p;
Check Round Non-interference via Syntax
ExtensionsRounds
![Page 177: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/177.jpg)
send q (Ping, r)|| ∏
q∈qs
for q in qs do
end
_<- recv q r;
for r in rounds do
end
repeat do
end
send p r Ack;
(w[r],r)<-recv p;
… round id only bound once
for r in
(w[r],r)<-recv
Check Round Non-interference via Syntax
ExtensionsRounds
![Page 178: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/178.jpg)
|| ∏ q∈qs
for q in qs do
end
_<- recv q r;
for r in rounds do
end
repeat do
end
(w[r],r)<-recv p;
… send only for bound round
send q (Ping, r)send p r Ack;
Check Round Non-interference via Syntax
ExtensionsRounds
![Page 179: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/179.jpg)
send q (Ping, r)|| ∏
q∈qs
for q in qs do
end
for r in rounds do
end
repeat do
end
send p r Ack;
(w[r],r)<-recv p;
… receive only for bound round
_<- recv q r;
Check Round Non-interference via Syntax
ExtensionsRounds
![Page 180: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/180.jpg)
send q (Ping, r)|| ∏
q∈qs
for q in qs do
end
_<- recv q r;
for r in rounds do
end
repeat do
end
send p r Ack;
… array indexed only for bound round
(w[r],r)<-recv p;
Check Round Non-interference via Syntax
ExtensionsRounds
![Page 181: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/181.jpg)
send q (Ping, r)|| ∏
q∈qs
for q in qs do
end
_<- recv q r;
To show for r in rounds do
end
repeat do
end
send p r Ack;
(w[r],r)<-recv p;
∀r ∈ rounds : q . w[r] = Ping
ExtensionsRounds
![Page 182: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/182.jpg)
To show ∀r ∈ rounds : q . w[r] = Ping
… show ∀q ∈ qs : q . w[r*] = Ping as before
send q (Ping, r*)|| ∏
q∈qs
for q in qs do
end
_<- recv q r*; send p r* Ack;
(w[r*],r*)<-recv p;
ExtensionsRounds
![Page 183: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/183.jpg)
Evaluation
![Page 184: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/184.jpg)
Evaluation
Goolong
Brisk
![Page 185: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/185.jpg)
Brisk: OOPSLA’17
Intermediate Language
Synchronization
❌Counterexample
Haskell Library
checks if a synchronization exists
On Github
![Page 186: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/186.jpg)
Brisk: OOPSLA’17
Intermediate Language
Synchronization
❌Counterexample
Haskell Library
…through rewrites implemented in Prolog
On Github
![Page 187: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/187.jpg)
Brisk: OOPSLA’17
… no deadlocks, spurious sends, etc.
Intermediate Language
Synchronization
❌Counterexample
Haskell Library
On Github
![Page 188: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/188.jpg)
Brisk: OOPSLA’17
Name Time Brisk Spin TO #n
ConcDB 20 ms 6DistDB 20 ms 2Firewall 30 ms 2LockServer 30 ms 12MapReduce 30 ms 4Parikh 20 ms -Registry 30 ms 10TwoBuyers 20 ms -2PC 50 ms 6
From the
literature
Really fast
Use interactively
![Page 189: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/189.jpg)
Brisk: OOPSLA’17
Name Time Brisk Spin TO #n
Map/Reduce 40 ms 5Theque
Filesystem 100 ms 3
Case studies
![Page 190: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/190.jpg)
Evaluation
Goolong
Brisk
![Page 191: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/191.jpg)
Go Library Intermediate Language
Goolong: POPL’19
Checker
❌ ✅
Synchronization
Counter- example❌On Github
![Page 192: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/192.jpg)
Go Library
x<-NewVar()
v<-x.Get()
x.Set(v){Declare
protocol variables
for q in qs @Inv do{Iteration over sets/ Invariants
send q v
w<- recv q;{Communication
Goolong: POPL’19
![Page 193: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/193.jpg)
Goolong: 2PC Phase 1
Send proposals
Declarations
Receive Votes
![Page 194: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/194.jpg)
2PCRaft
Leader Election
Single Decree Paxos
Multi-Paxos KV Store
Goolong: POPL’19Case-Studies
![Page 195: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/195.jpg)
2PCRaft
Leader Election
Single Decree Paxos
Multi-Paxos KV Store
If committed, all nodes have same
value
At most one candidate
elected leader, per term
Proposers agree on same value
Proposers agree on
same value, per instance
Goolong: POPL’19Case-Studies
![Page 196: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/196.jpg)
Goolong: POPL’19
Goolong vs. other verified KVstoresGoolong
*not able to run
PSync Ivy-Raft* IronKV*
Throughput (req/ms)
Multi-Paxos KV Store
![Page 197: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/197.jpg)
Does Synchrony Simplify Proofs?
![Page 198: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/198.jpg)
Goolong: POPL’19Invariants
Number of Invariants Dafny vs. Goolong
2PC Raft Paxos
#Invariants
Dafny
Goolong
Reduce Invariants
by 6x
![Page 199: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/199.jpg)
Goolong: POPL’19
Name TimeDafny
Time Goolong
2PC 12.8s 0.04s
Raft 301.6s 0.18s
Paxos 1141.3s 1.51s
Total 1455.8s 1.73s
Reduce checking time by 3 orders of magnitude
![Page 200: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/200.jpg)
Recap: Evaluation
Competitive with verified KV-stores
😌θ1 θ2
Reduces Invariants and Checking Time
Brisk: Synchronization in ms
Goolong: Go Library
![Page 201: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/201.jpg)
?
![Page 202: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/202.jpg)
Inference Rules
![Page 203: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/203.jpg)
Limitations
Round Non-Interference
Symmetric Non-Determinism
Structured Loops
![Page 204: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/204.jpg)
Limitations:Structured Loops
In each iteration, talk to a single process,
only
Loops over sets of
processes
Easy: transform to broadcast/gather
![Page 205: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/205.jpg)
Limitations:Structured Loops
Loops over sets of
processes
Hard: arbitrary loop carried state
Encode as rounds
![Page 206: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/206.jpg)
Limitations
Round Non-Interference
Symmetric Non-Determinism
Structured Loops
![Page 207: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/207.jpg)
Limitations:Symmetric Non-Determinism
Sends have matching receives!
Easy: check with static analysis
Easy: remove “deadlocks”/
spurious sends
![Page 208: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/208.jpg)
Limitations:Symmetric Non-Determinism
Hard: Topologies e.g., Chord, Stoica et al.,
SIGCOMM ’01.
Sends have matching receives!
More inspiration from shape analysis!
![Page 209: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/209.jpg)
Limitations
Round Non-Interference
Symmetric Non-Determinism
Structured Loops
![Page 210: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/210.jpg)
Limitations:Round Non-Interference
Rounds don’t share messages/
state
Enough for Multi-Paxos, Raft-Leader Election, Zab
Prevents Optimization such as stable leader
Algorithms like Stoppable Paxos, 2008
![Page 211: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/211.jpg)
Limitations:Round Non-Interference
Rounds don’t share messages/
state
Generalize: HO-model, communication closed
layers?
![Page 212: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/212.jpg)
Future WorkLanguage Restrictions
![Page 213: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/213.jpg)
Future WorkLanguage Restrictions
![Page 214: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/214.jpg)
Goolong: POPL’19
Name #Inv Async
Time Async/Dafny
#InvSync
Time Sync
2PC 30 12.8s 3 0.04s
Raft 50 301.6s 6 0.18s
Paxos 72 1141.3s 14 1.51s
Total 152 1455.8s 23 1.73s
Reduce Invariants
by 6x
Reduce checking time by 3 orders of magnitude
Invariants
![Page 215: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/215.jpg)
Multi-Paxos KV Store
Goolong: POPL’19
System Throughput (req/ms)
Goolong 118.5PSync 32.4Ivy-Raft* 13.5IronKV* 30
Case-Studies1.5-3x slowdown over unverified
KV store
*not able to run
![Page 216: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/216.jpg)
Brisk: OOPSLA’17
coord :: Transaction -> Int -> SymSet ProcessId -> Process ()coord transaction n nodes = do fold query () nodes n_ <- fold countVotes 0 nodes if n == n_ then forEach nodes commit () else forEach nodes abort () forEach nodes expect :: Ack where query () pid = do { me <- myPid; send pid (me, transaction) } countVotes init nodes = do msg <- expect :: Vote case msg of Accept _ -> return (x + 1) Reject -> return x
acceptor :: Process ()acceptor = do me <- myPid (who, transaction) <- expect :: (ProcessId, Transaction) vote <- chooseVote transaction send who vote
Two Phase Commit in Brisk
![Page 217: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/217.jpg)
Leftovers
![Page 218: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/218.jpg)
Synchronous Proofs for p in dbs do
p.id<-c;
p.val<-c.val;
for p in dbs do
c.abort<-False;
vote <-* ?
Commit : Abort
c.msg<-p.vote;
if msg == Abort abort <- True
![Page 219: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/219.jpg)
for p in dbs do @Inv1
p.id<-c;
p.val<-c.val;
for p in dbs do @Inv2
c.abort<-False;
vote <-* ?
Commit : Abort
c.msg<-p.vote;
if msg == Abort abort <- True
@Inv1
@Inv2
Synchronous Proofs
![Page 220: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/220.jpg)
for p in dbs do @Inv1
p.id<-c;
p.val<-c.val;
for p in dbs do @Inv2
c.abort<-False;
vote <-* ?
Commit : Abort
c.msg<-p.vote;
if msg == Abort abort <- True
@Inv1
@Inv2
=
=
∀p∈dbs:p∈done=>p.val=c.val
true
Synchronous Proofs
![Page 221: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/221.jpg)
for p in dbs do @Inv3
c.dec <- c.abort ?
Abort : Commit
p.dec<-c.dec;
for p in dbs do @Inv4
if msg == Commit p.value <- p.val;
_<-Ack;
@Inv3
@Inv4
Synchronous Proofs
![Page 222: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/222.jpg)
for p in dbs do @Inv3
c.dec <- c.abort ?
Abort : Commit
p.dec<-c.dec;
for p in dbs do @Inv4
if msg == Commit p.value <- p.val;
@Inv3
@Inv4
=
=
∀p∈dbs: (p∈done ∧ c.dec= Commit)=> p.value=c.val
true
_<-Ack;
No case-splits! No network
state!
Synchronous Proofs
![Page 223: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/223.jpg)
Outline
From 2PC to Paxos
ImplementationKey Idea: Pretend Synchrony
Evaluation
Limitations
![Page 224: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/224.jpg)
Implementation
![Page 225: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/225.jpg)
Implementation
Symmetric Nondeterminism
Synchronize by Rewriting
Key ingredients
![Page 226: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/226.jpg)
Two-phase Commit: Phase 1
No races!
![Page 227: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/227.jpg)
Two-phase Commit: Phase 1
Race between storage
nodes! Need to case-split?
![Page 228: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/228.jpg)
Two-phase Commit: Phase 1
No! Because races are symmetric
![Page 229: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/229.jpg)
Two-phase Commit: Phase 1
No races!
Theory of Movers [Lipton 1975]
Receive directly after
sending
![Page 230: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/230.jpg)
Two-phase Commit: Phase 1
Theory of Movers [Lipton 1975]
;
;
;
![Page 231: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/231.jpg)
Two-phase Commit: Phase 1
Race between storage
nodes!
3
2
1
Need to case-split?
![Page 232: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/232.jpg)
Two-phase Commit: Phase 1
3
2
1
No! Because races are symmetricVerify
arbitrary interleaving
![Page 233: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/233.jpg)
Two-phase Commit: Phase 1
3
2
1 ;
;
;
![Page 234: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/234.jpg)
Implementation
Symmetric Nondeterminism
Synchronize by Rewriting
Key ingredients
![Page 235: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/235.jpg)
Implementation
Example 2PC
![Page 236: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/236.jpg)
Example: Two-phase Commit
![Page 237: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/237.jpg)
Example: Two-phase Commit
Commit a value
Coordinator
Storage node
Storage node
Storage node
![Page 238: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/238.jpg)
Two-phase Commit: Phase 1
SendValue
SaveValue
SaveValue
SaveValue
![Page 239: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/239.jpg)
Two-phase Commit: Phase 1Use
value to commitor abort
Abort if any node aborts
![Page 240: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/240.jpg)
Two-phase Commit: Phase 1Use
value to commitor abort
Commit if all node commit
![Page 241: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/241.jpg)
Two-phase Commit: Phase 2
Send commit/abort
decision
If commit
finalize
![Page 242: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/242.jpg)
Two-phase Commit: Phase 2
Receive acks; done
Send acks
![Page 243: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/243.jpg)
Problem: Asynchronous Proofs are Hard
![Page 244: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/244.jpg)
Make Proofs Easier!
![Page 245: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/245.jpg)
Synchronous Proofs are Easy
![Page 246: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/246.jpg)
Verilog Primer
![Page 247: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/247.jpg)
Example FPU
FPU-Mult
xy out
Given floats x and y
… compute x*y
![Page 248: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/248.jpg)
Example FPU
FPU-Mult
xy out
Given floats x and y
… but exhibits timing variability
![Page 249: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/249.jpg)
Example FPUalways @(posedge clk) begin
if (iszero)
end
out <= 0;
...
else if (isNaN)
else
out <= flp_res;
![Page 250: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/250.jpg)
Example FPUalways @(posedge clk) begin
if (iszero)
end
out <= 0;
...
else if (isNaN)
else
out <= flp_res;
always @(posedge clk) begin
end
flp_res <= // x*y;
...
![Page 251: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/251.jpg)
Influence set: cycles that influenced value
![Page 252: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/252.jpg)
Example FPUInfluence set: for x=0
cycle x y flp_res out
0 {0} {0} ∅ ∅
1 {1} {1} ∅ {0}
…
k-1 {k-1} {k-1} {0} {k-2}
k {k} {k} {1} {k-1}
![Page 253: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/253.jpg)
Example FPUInfluence set: x=1
cycle x y flp_res out
0 {0} {0} ∅ ∅
1 {1} {1} ∅ {0}
…
k-1 {k-1} {k-1} {0} {k-2}
k {k} {k} {1} {0,k-1}
sets for out at k differ: timing variability
![Page 254: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/254.jpg)
Example FPUHow to verify?
Produce product program, track eqivalence of influence sets through equivalence of
membership
![Page 255: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/255.jpg)
Example FPUThe FPU takes a fast path, if x is 0
cycle x y flp_res out
0 0 1 X X
1 0 1 X 0
…
k-1 0 1 0 0
k 0 1 0 0
![Page 256: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/256.jpg)
Example FPUThe FPU takes the slow path, if x is 1
cycle x y flp_res out
0 1 1 X X
1 0 1 X 0
…
k-1 0 1 1 0
k 0 1 0 1
![Page 257: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/257.jpg)
Example FPUInfluence set: all cycles that influenced value
cycle x y flp_res out
0 {0} {0} ∅ ∅
1 {1} {1} ∅ {0}
…
k-1 {k-1} {k-1} {0} {k-2}
k {k} {k} {1} {k-1}
![Page 258: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/258.jpg)
BACKUP
![Page 259: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/259.jpg)
Results
![Page 260: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/260.jpg)
BACKUP
![Page 261: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/261.jpg)
BACKUP
![Page 262: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/262.jpg)
BACKUP
![Page 263: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/263.jpg)
Problem 1: Asynchrony
Processes/messages have
different speed
![Page 264: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/264.jpg)
Problem 2: Message Drops
Network may be unreliable
❌
![Page 265: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/265.jpg)
Problem 3: Parametrized
Number of nodes not
known...
![Page 266: Pretend Synchronygleissen/papers/ps-slides.pdf · Marriott Breach Data from 500 Mio customers (2018) Name, Passport No., Credit Card Numbers](https://reader036.fdocuments.us/reader036/viewer/2022071020/5fd4457e2954810cf7309af3/html5/thumbnails/266.jpg)
How to make sure they don’t?Too many
possibilitie
Infinite Number of States:
No guarantees
Testing
Model Checking
DeductiveProofs