Exploring Design Alternatives for RAMP Transactions Through Statistical Model Checking

Liu, Si; Ölveczky, Peter Csaba; Ganhotra, Jatin; Gupta, Indranil; Meseguer, José

doi:10.1007/978-3-319-68690-5_18

Cited by 11 publications

(14 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our next planned step is to implement ROLA, evaluate it experimentally, and compare the experimental results with the formal analysis ones. In previous work on existing systems such as Cassandra [17], RAMP [7], and Walter [34], the performance estimates obtained by formal analysis and those obtained by experimenting with the real system were basically in agreement with each other [19,21,24]. This confirmed the useful predictive power of the formal analyses.…”

Section: Discussionsupporting

confidence: 76%

“…Maude and PVeStA have been used to model and analyze the correctness and performance of a number of distributed data stores: the Cassandra key-value store [25,19,20], different versions of RAMP [22,21], Walter [24], P-Store [30], and Google's Megastore [14,15]. In contrast to these papers, our paper uses formal methods to develop and validate an entirely new design, ROLA, for a new consistency model.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Read atomic transactions with prevention of lost updates: ROLA and its formal analysis

et al. 2019

Self Cite

View full text Add to dashboard Cite

Designers of distributed database systems face the choice between stronger consistency guarantees and better performance. A number of applications only require read atomicity (RA) (either all or none of a transaction's updates are visible to other transactions) and prevention of lost updates (PLU). Existing distributed transaction systems that meet these requirements also provide additional stronger consistency guarantees (such as causal consistency), but this comes at the price of lower performance. In this paper we propose a new distributed transaction protocol, ROLA, that targets application scenarios where only RA and PLU are needed. We formally specify ROLA in Maude. We then perform model checking to analyze both the correctness and the performance of ROLA. For correctness, we use standard model checking to analyze ROLA's satisfaction of RA and PLU. To analyze performance we: (a) perform statistical model checking to analyze key performance properties; and (b) compare these performance results with those obtained by also modeling and analyzing in Maude the well-known protocols Walter and Jessy that also guarantee RA and PLU. Our statistical model checking results show that ROLA outperforms both Walter and Jessy. guarantee PLU: the new friendship between Edinson and Neymar must not be lost. Finally, CC could be sacrificed for the sake of performance: Assume that Dani is a friend of Neymar. When Edinson becomes Neymar's friend, he sees that Dani is Neymar's friend, and therefore also becomes friend with Dani. The second friendship therefore causally depends on the first one. However, it does not seem crucial that others are aware of this causality: If Thomas sees that Edinson and Dani are friends, then it is not necessary that he knows that (this happened because) Edinson and Neymar are friends.Regarding question (b), Section 7 shows that ROLA clearly outperforms both Walter and Jessy in all performance requirements for all read/write transaction rates. For a fair comparison, we have compared the performance of ROLA with those of Jessy and Walter without their replication features.Maude-Based Formal Modeling and Analysis. In rewriting logic [26], distributed systems are specified as rewrite theories. Maude [12] is a high-performance language implementing rewriting logic and supporting various model checking analyses. To model time and performance issues, ROLA is specified in Maude as a probabilisitic rewrite theory [4,12]. ROLA's RA and PLU requirements are then analyzed by standard model checking, where we disregard time issues. To estimate ROLA's performance, and to compare it with those of Jessy and Walter, we have also specified Walter and Jessy-without their data replication features-in Maude, and have subjected the Maude models of ROLA, Walter, and Jessy to statistical model checking analysis using the PVeStA [5] tool. Main Contributions include:(1) the design, formal modeling, and model checking analysis of ROLA, a new transaction protocol having useful applications and meeting RA and PLU consistency pr...

show abstract

Section: Discussionsupporting

confidence: 76%

Section: Related Workmentioning

confidence: 99%

Read atomic transactions with prevention of lost updates: ROLA and its formal analysis

et al. 2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…These requirements are not very strict. The Maude models of the DTSs RAMP [29], Faster [24], Walter [26], ROLA [25], Jessy [28], and P-Store [32] can all be seen as instantiations of our modeling framework, with very small syntactic changes, such as defining transaction and replica objects as subclasses of Txn and Replica, changing the names of the attributes and sorts, etc. The Apache Cassandra NoSQL key-value store can be seen as a transaction system where each transaction is a single operation; the Maude model of Cassandra in [30] can also be easily modified to fit within our modeling framework.…”

Section: Modeling Dtss In Maudementioning

confidence: 99%

Automatic Analysis of Consistency Properties of Distributed Transaction Systems in Maude

Liu

Ölveczky

Zhang

et al. 2019

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

Many transaction systems distribute, partition, and replicate their data for scalability, availability, and fault tolerance. However, observing and maintaining strong consistency of distributed and partially replicated data leads to high transaction latencies. Since different applications require different consistency guarantees, there is a plethora of consistency properties-from weak ones such as read atomicity through various forms of snapshot isolation to stronger serializability propertiesand distributed transaction systems (DTSs) guaranteeing such properties. This paper presents a general framework for formally specifying a DTS in Maude, and formalizes in Maude nine common consistency properties for DTSs so defined. Furthermore, we provide a fully automated method for analyzing whether the DTS satisfies the desired property for all initial states up to given bounds on system parameters. This is based on automatically recording relevant history during a Maude run and defining the consistency properties on such histories. To the best of our knowledge, this is the first time that model checking of all these properties in a unified, systematic manner is investigated. We have implemented a tool that automates our method, and use it to model check state-ofthe-art DTSs such as P-Store, RAMP, Walter, Jessy, and ROLA.

show abstract

“…Having higher-level smaller formal models allowed us to explore the design state of RAMP quite extensively. In particular, in [10] we used statistical model checking to evaluate the performance along a number of parameters, with many different distributions of transactions. In this way, we could evaluate the performance of a number RAMP designs not explored by Bailis et al, and for many more parameters and workloads than evaluated by the RAMP developers.…”

Section: Ramp Ramp [2]mentioning

confidence: 99%

Design and Validation of Cloud Storage Systems Using Formal Methods

Ölveczky¹

2017

Topics in Theoretical Computer Science

Self Cite

View full text Add to dashboard Cite

To deal with large amounts of data while offering high availability and throughput and low latency, cloud computing systems rely on distributed, partitioned, and replicated data stores. Such cloud storage systems are complex software artifacts that are very hard to design and analyze. Formal specification and model checking should therefore be beneficial during their design and validation. In particular, I propose rewriting logic and its accompanying Maude tools as a suitable framework for formally specifying and analyzing both the correctness and the performance of cloud storage systems. This abstract of an invited talk gives a short overview of the use of rewriting logic at the University of Illinois' Assured Cloud Computing center on industrial data stores such as Google's Megastore and Facebook/Apache's Cassandra. I also briefly summarize the experiences of the use of a different formal method for similar purposes by engineers at Amazon Web Services.

show abstract

Exploring Design Alternatives for RAMP Transactions Through Statistical Model Checking

Cited by 11 publications

References 21 publications

Read atomic transactions with prevention of lost updates: ROLA and its formal analysis

Read atomic transactions with prevention of lost updates: ROLA and its formal analysis

Automatic Analysis of Consistency Properties of Distributed Transaction Systems in Maude

Design and Validation of Cloud Storage Systems Using Formal Methods

Contact Info

Product

Resources

About