Efficient Decentralized Monitoring of Safety in Distributed System

/ 30Hong,Shin @ PSWLAB

K Sen, A Vardhan, G Agha, G Rosu

20th July 2007Presented by Shin Hong at PSWLAB, KAIST

1Efficient Decentralized Monitoring of Safety in Distributed System23年 4月 21日

Contents• Introduction• Distributed System• Past-time Linear Temporal Logic• Past-time Distributed Temporal Logic• Monitoring Algorithm for PT-DTL• Conclusion

23年 4月 21日

Introduction (1/6)• The correctness of a software is very important

today. Model Checking and Testing are two approaches to assure the correctness of software.

• Model Checking The size of systems for which model checking is feasible remains limited.

• Traditional Testing Ad-hoc Test coverage is limited.

3Efficient Decentralized Monitoring of Safety in Distributed System

23年 4月 21日

Introduction (2/6)• Runtime Verification

Dynamic monitoring of target system with formal specifications. Monitors are automatically synthesized from formal specifications. Scalable

23年 4月 21日

Introduction (3/6)• Runtime Verification has been used

to monitor distributed systems that have concurrency and asynchrony.

• In many distributed systems,it’s quite impractical to monitor requirements expressed in classical temporal logics such as LTL.

23年 4月 21日

Introduction (4/6)Ex. Mobile Networks

Requirement:

No node receives a reply from a node to which is has not previously issued a request.

How to specify this requirement with LTL?

23年 4月 21日

Introduction (5/6)• Propositional LTL is impractical to specify

the requirements in distributed systems.– Not scalable– Hard to capture global snapshot

• To address these difficulties,introduce new specification logic for runtime verification in distributed system,Past-time Distributed Temporal Logic.

23年 4月 21日

Introduction (6/6)• Past-time DTL specifies requirements in

local monitor on each node.

Previous Mobile Networks exampleRequirement can be re-written :

If NodeA has received a value, then it must be the case that previously in the past, NodeB has computed the value and at NodeA a request to NodeB was made.

ReceivedValue →@NodeB(◈ (computedValue && @NodeA(◈requestedValue)))

23年 4月 21日

Distributed System (1/5)

Characteristics of Distributed System

• A collection of n processes (p1, p2, … pn) each with its own local state.

• No global or shared variables.

• A process communicates with others using asynchronous messages whose order of arrival is indeterminate.

23年 4月 21日

Distributed System (2/5)• Modeling of Distributed System

Event: a computation of each process.

internal eventssend eventsreceive events

Process: A set of events.

23年 4月 21日

Distributed System (3/5)Partial Order ≺Ei: set of events of process pi

E : Ui Ei

⋖ : E ✕ Ee ⋖ e’ if e, e’∈ Ei then e happens immediately before e’

e ⋖ e’ if e is the send event of a message at some process and e’ is the corresponding receive event of the message at the recipient process.

≺ : transtive closure of ⋖ relation.

≼ : reflexive and transitive closure of ⋖ relation.23年 4月 21日

Distributed System (4/5)↓e := {e’ | e’ ≼ e}

can be thought as the local state

LSi := {↓e | e∈ Ei }

the set of local states of a process pi

causalj(si) : the latest state of process pj that the process pi knows while in state si ∈ LSi .

23年 4月 21日

Distributed System (5/5)

23年 4月 21日

causalp1(↓e23) = ↓e12

23年 4月 21日

Past-Time Linear Temporal Logic (1/3)• PT-LTL has been used to express,

monitor, and predict violation of safety properties of software system.

• SyntaxF ::= true | false | a ∈ A | ￢ F |

F ∧ F | F ∨ F | F → F |⊙ F | ⊡ F | ◈ F | F S F

where A is the set of atomic propositions

23年 4月 21日

Past-Time Linear Temporal Logic (2/3)• Temporal Logics in PT-LTL

⊙ : previouslyρ ⊨ ⊙F iff ρ’ ⊨ F where ρ’= ρn-1 if n>1, and ρ’=ρ

if n=1

⊡ : always in the past ρ ⊨ ⊡F iff ρi ⊨ F for all 1≤ i < n,

◈: eventually in the pastρ ⊨ ◈ F iff ρi ⊨ F for some 1≤ i < n,

S : sinceρ ⊨ F1 S F2 iff ρj ⊨ F2 for some 1≤ j ≤ n

and ρi ⊨ F1 for all j ≤ i ≤ n

23年 4月 21日

Past-Time Linear Temporal Logic (3/3)

⊡((action ∧ ⊙ ￢ action) → ￢ Stop S Start))

23年 4月 21日

Past-Time Distributed Temporal Logic (1/4)• Distributed systems are usually

asynchronous and the absolute global state of the system is not available to processes.

• The best thing that each process can do is to reason about the global state that it is aware of.

• PT-DTL expresses safety properties of distributed message passing system.

23年 4月 21日

Past-Time Distributed Temporal Logic (2/4)• PT-DTL extends PT-LTL

• Remote operator @ Evaluate an expression or a formula in

the last known state of a remote process

x > @j y

a → @j b

23年 4月 21日

Past-Time Distributed Temporal Logic (3/4)• Syntax

op : ∧ , ∨ , → ξi is a tuple of expressions on process pi.

f is function over tuples.

23年 4月 21日

Past-Time Distributed Temporal Logic (4/4)• Semantics

The semantics of PT-DTL is a natural extension of PT-LTL.

the value of the expression ξj in the state

sj=causalj(si) which is the latest state of process pj of which process pi is aware of.

23年 4月 21日

Monitoring algorithm for PT-DTL (1/6)• Synthesized monitor is distributed local

monitors running on each processes.

• Goal Monitoring should be fast.

Little memory overhead.

# of messages that need to be sent between process for monitoring purpose should be minimal.

23年 4月 21日

Monitoring algorithm for PT-DTL (2/6)• A local monitor may attach additional

information to every outgoing message.

• Evaluating a remote expression at process pi, process pj send the value

of the expression attached on every messages with sequence number.

23年 4月 21日

Monitoring algorithm for PT-DTL (3/6)• Knowledge VectorAt process pi ,

KVi[j]: the entry for process pj on a vector KV.

KVi[j].seq: the sequence number of the last event seen at pj.

KVi[j].values : storing the values remote expressions and remote formulas on processj.

The monitor of process pi attaches a copy of KVi with every outgoing messages.

23年 4月 21日

Monitoring algorithm for PT-DTL (4/6)for internal event

update KVi[i]

for send eventKVi[i].seq := KVi[i].seq + 1 ;

for receive eventKVm : given KV from received message.

for all j, KVm[j].seq > KVi[j].seq → KVi[j] := KVm[j] ;

Every process should know initial value of all variables.

Initial value of all variables can be found by initial broadcast or static analysis.

23年 4月 21日

Monitoring algorithm for PT-DTL (5/6)• Once KV is properly updated, the local

monitor can compute the boolean value of the formula to be monitored, by recursively evaluating the boolean value of each of its subformulae in the current state.

23年 4月 21日

Monitoring algorithm for PT-DTL (6/6)

23年 4月 21日

Example3 processesp1 has a local variable x whose initial value is 5.p2 has a local variable y with initial value 7.And p2 monitors the formula

Conclusion

DIANA – Distributed Analysisbased on Javausing Actor formalisminstrumentation at bytecode

23年 4月 21日

Efficient Decentralized Monitoring of Safety in Distributed System

Documents

DISTRIBUTED AND DECENTRALIZED CONTROL OF THE POWER …

Running efficient distributed teams

Decentralized and distributed control - Dynamic feedback ...sisdin.unipv.it/.../EECI_DEDICO/...controllers_Dynamic_Feedback.pdf · Decentralized and distributed control Dynamic feedback

High efficient decentralized electricity generation and ... · Delft skyline project position paper number 3 1/5/2013 1/36 Highly Efficient Distributed Generation and High-Capacity

Re-visiting the Decentralized Distributed Generation

Decentralized Control Techniques Applied to …...Decentralized Control Techniques Applied to Electric Power Distributed Generation in Microgrids Juan Carlos Vasquez Quintero´ Advisor

The Distributed & Decentralized Cloud

Distributed Generation and Decentralized Grids: … Generation and Decentralized Grids: ... Mike Hogan and Bentham Paulos, ... for 300 MWh of load shifting

Decentralized spatial data mining for geosensor networks · Keywords: spatial data mining, distributed systems, decentralized spatial computing, ... 1 Introduction Conventional approaches

Decentralized Access Control in Distributed File …Decentralized Access Control in Distributed File Systems · 3 File 1 File 2 User X read read, write User Y read Fig. 2. An Access

Bitcoin, Blockchains and Efficient Distributed Spacecraft ... Blockchains and Distributed... · Bitcoin, Blockchains and Efficient Distributed Spacecraft Mission Control Dan Mandl

Hybrid distributed & decentralized secondary control

AN EFFICIENT APPROACH TO DISTRIBUTED INFORMATION

Efficient, Consistent Distributed Computation with ...jnfoster/papers/predictive-treaties.pdf · Efficient, Consistent Distributed Computation with Predictive Treaties Tom Magrino

Decentralized SDN Control Plane for a Distributed Cloud

Cost-efficient deployment of distributed software services · 2015-02-17 · Cost-efficient deployment of distributed software services Cost functions Bio-inspired decentralized optimization

Hierarchical distributed control for decentralized battery

Efficient Decentralized Collaborative Mapping for Outdoor

Decentralized Access Control in Distributed File Systems - Home | AEGIS … · 2019. 12. 8. · Decentralized Access Control in Distributed File Systems 10:3 Fig. 1.File sharing across

20 MINNO (01): Distributed, Decentralized Collaboration