310 likes | 544 Vues
GUESSTIMATE: A Programming Model for Collaborative Distributed Systems. Kaushik Rajan (MSR India) Sriram Rajamani (MSR India) Shashank Yaduvanshi (IIT Delhi). Collaborative distributed systems. Distributed systems design choices Strong consistency vs. availability
E N D
GUESSTIMATE: A Programming Model for Collaborative Distributed Systems Kaushik Rajan (MSR India) Sriram Rajamani (MSR India) Shashank Yaduvanshi (IIT Delhi) Rigorous Software Engineering Microsoft Research, India
Collaborative distributed systems • Distributed systems design choices • Strong consistency vs. availability • Sharing vs. replication • Single master vs. multimaster • … Responsiveness Rigorous Software Engineering Microsoft Research, India
Optimistic replication • M1 UI1 UI1 1 S UI2 UI2 2 • One copy serializability • Replicated execution • + strong consistency, easy to program against • Not latency tolerant, poor responsiveness • + high responsiveness, latency tolerant • No consistency, Hard to program against Rigorous Software Engineering Microsoft Research, India
Guesstimate • Guesstimate Programming model • Latency tolerant and responsive • Eventual consistency guarantee in the presence of conflicts • Language features to define semantic conflicts and associate compensations for them • Gives a really simple object oriented programming model that hides many complexities that arise when designing for distributed systems Rigorous Software Engineering Microsoft Research, India
Guesstimated Sudoku Rigorous Software Engineering Microsoft Research, India
Guesstimated Sudoku Rigorous Software Engineering Microsoft Research, India
Guesstimated Sudoku Rigorous Software Engineering Microsoft Research, India
Guesstimated Sudoku Rigorous Software Engineering Microsoft Research, India
System state with guesstimate • C1 • C2 Atomic commit eventual consistency Replicated execution for responsiveness Pending queue (P) Committed state (C) Guesstimated state (G) Ci= Cjfor all pairs of machines Miand Mj Gi=[Pi](Ci)for each machine Mi Rigorous Software Engineering Microsoft Research, India
Issue Operation • C • C UI1 • M1 ‘ • G1 Reflects the expected outcome of the operation, makes system responsive UI2 Ci= Cjfor all pairs of machines Miand Mj Gi=[Pi](Ci)for each machine Mi Rigorous Software Engineering Microsoft Research, India
Commit Operation • C • C UI1 ’ Atomic commitment of the operation, same final outcome of the operation on all machines UI2 • M2 C’ ‘ • G2 Ci= Cjfor all pairs of machines Miand Mj Gi=[Pi](Ci)for each machine Mi Rigorous Software Engineering Microsoft Research, India
Conflict • C • C • C’ • C’ • At issue is applied on state UI1 UI1 5 ‘ 4 1 4 1 4 1 5 UI2 UI2 3 2 • At commit applied on state Conflict: If because of the execution of the final outcome of is different from the initial estimate then there is a conflict Rigorous Software Engineering Microsoft Research, India
Language features • C • C Object invariant • Associated with object state • Define valid state transitions • Express conflicts Completion routine • Associated with an operation • Updates UI • Handle conflicts UI1 UI2 precondition completion routine Rigorous Software Engineering Microsoft Research, India
Issue Operation • C • C UI1 • M1 ‘ • G1 Check precondition Drop operation on failure Insert into P on success UI2 Ci= Cjfor all pairs of machines Miand Mj Gi=[Pi](Ci)for each machine Mi Rigorous Software Engineering Microsoft Research, India
Commit Operation Completion routine Updates UI state C” • C’ UI2 • M2 C” ‘ • G2 • C’ Ci= Cjfor all pairs of machines Miand Mj Gi=[Pi](Ci)for each machine Mi Rigorous Software Engineering Microsoft Research, India
Guesstimated Sudoku Object Rigorous Software Engineering Microsoft Research, India
Creating and issuing operations Rigorous Software Engineering Microsoft Research, India
Eventual consistency guarantee • An operation s conforms to its specification if for every pair of shared states • If all operations conform to their specification then guesstimate guarantees • Eventual consistency (for guesstimated state): final state will be equivalent to a subset of some interleaving of operations submitted • Only operations with conflicts will be dropped • Appropriate completion routines for succeeding and failing operations will be run Rigorous Software Engineering Microsoft Research, India
Eventual consistency guarantee • An operation s conforms to its specification if for every pair of shared states • If all operations conform to their specification then guesstimate guarantees • Eventual consistency (for guesstimated state): final state will be equivalent to a some interleaving of issued operations with some operations becoming no-ops • Only operations with conflicts will become no-ops • Appropriate completion routines for succeeding and failing operations will be run Rigorous Software Engineering Microsoft Research, India
Guesstimate Library • Create and share objects • GSharedObjectCreateInstance(Type t)creates and returns a new shared object, like a new/mallocfor shared memory programs • GSharedObjectJoinInstance(string uniqueID)returns a reference to an existing object • List<string> AvailableObjects() returns details of all available shared objects • Read only operations • BeginRead(GsharedObject o) & EndRead(GsharedObject o) used to isolate reads to shared state performed by local operations from concurrent writes that the runtime might perform Rigorous Software Engineering Microsoft Research, India
Guesstimate Library • Create and issue operations • BoolIssueOperation(sharedOp s, completionOp c) issues a composite operation (s,c). s is created using one of the above three methods. c is a delegate with signature delegate void completionOp (bool b) • sharedOpCreateOperation(…) creates and returns a shared operation • sharedOpCreateAtomic(List<sharedOp> sList) creates an atomic operation given a list of shared operations • sharedOpCreateOrElse(sharedOp main, sharedOp alt) creates an orElse operation given a main and alternate operation Rigorous Software Engineering Microsoft Research, India
Guesstimate Library • Create and issue operations • BoolIssueOperation(sharedOp s, completionOp c) issues a composite operation (s,c). s is created using one of the above three methods. c is a delegate with signature delegate void completionOp (bool b) • sharedOpCreateOperation(…) creates and returns a shared operation • sharedOpCreateAtomic(List<sharedOp> sList) creates an atomic operation given a list of shared operations • sharedOpCreateOrElse(sharedOp main, sharedOp alt) creates an orElse operation given a main and alternate operation Rigorous Software Engineering Microsoft Research, India
Programming experience Collaborative applications (500-700 lines per app) • multiplayer sudoku • Event planner • Discussion forum • Car pooling application • Auction system … Rigorous Software Engineering Microsoft Research, India
Design patterns Completion Operations • If IssueOperation is successful mark as pending • On completion use boolean status to • Clear pending status on success • Propagate failure to user via the UI Rigorous Software Engineering Microsoft Research, India
Design patterns • Contract verification • Used code contracts+ boogie to verify shared operations • For swith a specification we verify that 2. • Sudoku example • Generates 323 assertions, • 271 verified statically • 52 converted into runtime checks Rigorous Software Engineering Microsoft Research, India
Design patterns Atomic and orElse operations • Atomic used in event planner for ensuring all or nothing semantics if user wants to join multiple events, like go for event only if transport is also available • OrElse used to register for an alternate event if main one is full Blocking operations • Sometimes blocking is inevitable and can be accomplished as follows Rigorous Software Engineering Microsoft Research, India
Design patterns Atomic and orElse operations • Atomic used in event planner for ensuring all or nothing semantics if user wants to join multiple events, like go for event only if transport is also available • OrElse used to register for an alternate event if main one is full Blocking operations • Sometimes blocking is inevitable and can be accomplished as follows Rigorous Software Engineering Microsoft Research, India
Some timing results Commit time histogram - Sudoku Rigorous Software Engineering Microsoft Research, India
conflicts Conflicts in a one hour period Rigorous Software Engineering Microsoft Research, India
Guesstimate access • Paper • Guesstimate: A programming model for distributed collaborative systems PLDI 2010 • Academic download • http://research.microsoft.com/guesstimate • Guesstimate Library with source • Sample applications Rigorous Software Engineering Microsoft Research, India
Thank you Rigorous Software Engineering Microsoft Research, India