This document provides an introduction to TLA+ and model checking distributed systems. It discusses how TLA+ uses temporal logic and model checking to verify safety and liveness properties of distributed algorithms. Examples include modeling a childcare facility, dining philosophers problem, and an alternate bit protocol over lossy channels. The key aspects of TLA+ covered are processes, labels, awaits, non-determinism, and model checking with TLC. Major users of TLA+ like Amazon and Microsoft are also mentioned.
Block-box testing (or functional testing, or behavior testing) focuses on the functional requirements of the software.
Gray box testing is a combination of white and black box testing
Flexible reporting tools (Report Designer, Find Variables, Check Report)
Learn more about our chromatography data system Chromeleon: http://www.thermoscientific.com/en/about-us/general-landing-page/chromeleon-resource-center.html?ca=chromeleon
Avoiding Deadlocks: Lessons Learned with Zephyr Health Using Neo4j and MongoD...Neo4j
Z-Platform is the new innovative powerful and complex platform to ingest data of any kind and store the data in the form of JSON documents in MongoDB and represent a sparse representation of the same in Neo4j graph database. Mahesh discusses how he tackled deadlocks and improved the performance of the system significantly. The test environment included small graphs (ranging up to 10000 relationships to very large graphs (ranging up to 39 million relationships). The average performance of the system is 3741 relationships per minute.
In this presentation, you will learn various aspects of ad hoc testing such as its characteristics, scenarios in which ad hoc testing is not recommended, ad hoc testing advantages and disadvantages.
This is the presentation describing different techniques used to write test cases for software testing. You can have overview with detailed example for test case techniques. After reading this, You'll able to assume which technique can be more useful to you software testing.
Block-box testing (or functional testing, or behavior testing) focuses on the functional requirements of the software.
Gray box testing is a combination of white and black box testing
Flexible reporting tools (Report Designer, Find Variables, Check Report)
Learn more about our chromatography data system Chromeleon: http://www.thermoscientific.com/en/about-us/general-landing-page/chromeleon-resource-center.html?ca=chromeleon
Avoiding Deadlocks: Lessons Learned with Zephyr Health Using Neo4j and MongoD...Neo4j
Z-Platform is the new innovative powerful and complex platform to ingest data of any kind and store the data in the form of JSON documents in MongoDB and represent a sparse representation of the same in Neo4j graph database. Mahesh discusses how he tackled deadlocks and improved the performance of the system significantly. The test environment included small graphs (ranging up to 10000 relationships to very large graphs (ranging up to 39 million relationships). The average performance of the system is 3741 relationships per minute.
In this presentation, you will learn various aspects of ad hoc testing such as its characteristics, scenarios in which ad hoc testing is not recommended, ad hoc testing advantages and disadvantages.
This is the presentation describing different techniques used to write test cases for software testing. You can have overview with detailed example for test case techniques. After reading this, You'll able to assume which technique can be more useful to you software testing.
Cruise Control: Effortless management of Kafka clustersPrateek Maheshwari
Kafka has become the de facto standard for streaming data with high-throughput, low-latency, and fault-tolerance. However, its rising adoption raises new challenges. In particular, the growing cluster sizes, increasing volume and diversity of user traffic, and aging network and server components induce an overhead in managing the system. This overhead makes it infeasible for human operators to constantly monitor, identify, and mitigate issues. The resulting utilization imbalance across brokers leads to unpredictable client performance due to the high variation in their throughput and latency. Finally, properly expanding, shrinking, or upgrading clusters also incurs a management overhead. Hence, adopting a principled approach to manage Kafka clusters is integral to the sustainability of the infrastructure.
This talk will describe how LinkedIn alleviates the management overhead of large-scale Kafka clusters using Cruise Control. To this end, first, we will discuss the reactive and proactive techniques that Cruise Control uses to support admin operations for cluster maintenance, enable anomaly detection with self-healing, and provide real-time monitoring for Kafka clusters. Next, we will examine how Cruise Control performs in production. Finally, we will conclude with questions and further discussion.
Software Testing: History, Trends, Perspectives - a Brief OverviewSoftheme
In this presentation you can learn about different types of software testing, new technologies and methodologies. It contains an overview of software testing perspectives.
Verification and validation process in software testingpooja deshmukh
Students are often confused between the verification and validation process, as far as Software Testing is concerned. Let us initially define both the processes.
Advanced Threats are rising in the Windows 10 environment, where sophisticated attack vectors are being used to evade threat detection tools and extract privileged data from the user. This talk presents a collection of tools and techniques developed after reverse engineering and playing with Windows interfaces, aim to evade detection system (A/V or A/C) and to escalate kernel privileges.
Flink Forward Berlin 2017: Stefan Richter - A look at Flink's internal data s...Flink Forward
Stateful stream processing with exactly-once guarantees is one of Apache Flink's distinctive features and we have observed that the scale of state that is managed by Flink in production is constantly growing. This development created new challenges for state management in Flink, in particular for state checkpointing, which is the core of Flink's fault tolerance mechanism. Two of the most important problems that we had to solve were the following: (i) how can we limit the duration and size of checkpoints to something that does not grow linearly in the size of the state and (ii) how can we take checkpoints without blocking the processing pipeline in the meantime? We have implemented incremental checkpoints to solve the first problem by checkpointing only the changes between checkpoints, instead of always recording the whole state. Asynchronous checkpoints address the second problem and enable Flink to continue processing concurrently to running checkpoints. In this talk, we will take a deep dive into the details of Flink's new checkpointing features. In particular, we will talk about the underlying datastructures, log-structured merge trees and copy-on-write hash tables, and how those building blocks are assembled and orchestrated to advance Flink's checkpointing.
Effective Software Test Case Design Approach highlights typical wrong approaches to software test case design and focuses on an effective methodology in test case design from a collaborative approach.
Through the use of an example requirement/user story, this presentation highlights the "interactions" between the stakeholders, i.e. Product Owner, Developer, and Test Engineer in the development of user story acceptance criteria, details, test scope, and effective, consistent and valid test cases.
Combinatorial software test design beyond pairwise testingJustin Hunter
Pairwise and combinatorial testing explained. Orthogonal array-based testing, pair-wise software testing, and other more thorough n-way combinatorial test design strategies are proven to be efficient and effective. Unfortunately, much of the material on the internet about these test design techniques are dense, impenetrable tomes filled with long Greek-letter-infused equations that only a mathematician could love. This presentation aims to explain the principles behind this powerful but under-appreciated software test design approach.
Using Modular Topologies in Kafka Streams to scale ksqlDB’s persistent querie...HostedbyConfluent
ksqlDB is a streaming database that uses Kafka Streams to execute queries against data in Apache Kafka®. Historically, each query was compiled into its own Kafka Streams program to be executed inside the ksqlDB servers. As ksqlDB moved to support broader and more complex use cases, this query execution strategy became the bottleneck for scaling up the number of persistent queries. This talk will examine the problems faced and how we addressed them.
Using too many Kafka Streams instances requires too many resources in both threads and consumers. One way to avoid this is using Modular Topologies, which are coming to Kafka Streams in KIP-809. Modular Topologies allow us to dynamically change the workload of a Kafka Streams application while it’s running and share resources such as consumer/producer clients and processing threads. This makes it possible to use a single Kafka Streams runtime for multiple topologies that share consumers and threads across them. We will see in detail how this makes it possible for ksqlDB to consolidate queries into a shared Kafka Streams runtime.
Kafka Streams developers will take away from this talk an understanding of how to utilize ModularTopologies, and dynamically upgrade their Kafka Streams workload effectively.
Ship Faster, Reduce Risk, and Build Scale with Feature FlagsAtlassian
Today's software companies are trying to move faster than ever before. Feature flagging is a way for to reduce risk, increase the amount of visibility, and improve your ability to respond to change. Learn how you can begin utilizing feature flagging effectively, and how Atlassian flags with LaunchDarkly to ship software daily.
Powerful tools give a lot room for improvements. In order to make it valuable for you, I define your way of configuration. This talk will represent use cases of ReportPortal and the most beneficial configurations of usage. Based on real project examples, with collected metrics and efficiency improvement for them
Slides from Software Testing Techniques course offered at Kansas State University in Spring'16 and Spring'17. Entire course material can be found at https://github.com/rvprasad/software-testing-course.
Introduction to interprocess communication issues like race conditions and critical regions. Solutions such as mutual exclusion with busy waiting, sleep and wakeup, Semaphores, mutexes, monitors, barriers, and message passing.
Cruise Control: Effortless management of Kafka clustersPrateek Maheshwari
Kafka has become the de facto standard for streaming data with high-throughput, low-latency, and fault-tolerance. However, its rising adoption raises new challenges. In particular, the growing cluster sizes, increasing volume and diversity of user traffic, and aging network and server components induce an overhead in managing the system. This overhead makes it infeasible for human operators to constantly monitor, identify, and mitigate issues. The resulting utilization imbalance across brokers leads to unpredictable client performance due to the high variation in their throughput and latency. Finally, properly expanding, shrinking, or upgrading clusters also incurs a management overhead. Hence, adopting a principled approach to manage Kafka clusters is integral to the sustainability of the infrastructure.
This talk will describe how LinkedIn alleviates the management overhead of large-scale Kafka clusters using Cruise Control. To this end, first, we will discuss the reactive and proactive techniques that Cruise Control uses to support admin operations for cluster maintenance, enable anomaly detection with self-healing, and provide real-time monitoring for Kafka clusters. Next, we will examine how Cruise Control performs in production. Finally, we will conclude with questions and further discussion.
Software Testing: History, Trends, Perspectives - a Brief OverviewSoftheme
In this presentation you can learn about different types of software testing, new technologies and methodologies. It contains an overview of software testing perspectives.
Verification and validation process in software testingpooja deshmukh
Students are often confused between the verification and validation process, as far as Software Testing is concerned. Let us initially define both the processes.
Advanced Threats are rising in the Windows 10 environment, where sophisticated attack vectors are being used to evade threat detection tools and extract privileged data from the user. This talk presents a collection of tools and techniques developed after reverse engineering and playing with Windows interfaces, aim to evade detection system (A/V or A/C) and to escalate kernel privileges.
Flink Forward Berlin 2017: Stefan Richter - A look at Flink's internal data s...Flink Forward
Stateful stream processing with exactly-once guarantees is one of Apache Flink's distinctive features and we have observed that the scale of state that is managed by Flink in production is constantly growing. This development created new challenges for state management in Flink, in particular for state checkpointing, which is the core of Flink's fault tolerance mechanism. Two of the most important problems that we had to solve were the following: (i) how can we limit the duration and size of checkpoints to something that does not grow linearly in the size of the state and (ii) how can we take checkpoints without blocking the processing pipeline in the meantime? We have implemented incremental checkpoints to solve the first problem by checkpointing only the changes between checkpoints, instead of always recording the whole state. Asynchronous checkpoints address the second problem and enable Flink to continue processing concurrently to running checkpoints. In this talk, we will take a deep dive into the details of Flink's new checkpointing features. In particular, we will talk about the underlying datastructures, log-structured merge trees and copy-on-write hash tables, and how those building blocks are assembled and orchestrated to advance Flink's checkpointing.
Effective Software Test Case Design Approach highlights typical wrong approaches to software test case design and focuses on an effective methodology in test case design from a collaborative approach.
Through the use of an example requirement/user story, this presentation highlights the "interactions" between the stakeholders, i.e. Product Owner, Developer, and Test Engineer in the development of user story acceptance criteria, details, test scope, and effective, consistent and valid test cases.
Combinatorial software test design beyond pairwise testingJustin Hunter
Pairwise and combinatorial testing explained. Orthogonal array-based testing, pair-wise software testing, and other more thorough n-way combinatorial test design strategies are proven to be efficient and effective. Unfortunately, much of the material on the internet about these test design techniques are dense, impenetrable tomes filled with long Greek-letter-infused equations that only a mathematician could love. This presentation aims to explain the principles behind this powerful but under-appreciated software test design approach.
Using Modular Topologies in Kafka Streams to scale ksqlDB’s persistent querie...HostedbyConfluent
ksqlDB is a streaming database that uses Kafka Streams to execute queries against data in Apache Kafka®. Historically, each query was compiled into its own Kafka Streams program to be executed inside the ksqlDB servers. As ksqlDB moved to support broader and more complex use cases, this query execution strategy became the bottleneck for scaling up the number of persistent queries. This talk will examine the problems faced and how we addressed them.
Using too many Kafka Streams instances requires too many resources in both threads and consumers. One way to avoid this is using Modular Topologies, which are coming to Kafka Streams in KIP-809. Modular Topologies allow us to dynamically change the workload of a Kafka Streams application while it’s running and share resources such as consumer/producer clients and processing threads. This makes it possible to use a single Kafka Streams runtime for multiple topologies that share consumers and threads across them. We will see in detail how this makes it possible for ksqlDB to consolidate queries into a shared Kafka Streams runtime.
Kafka Streams developers will take away from this talk an understanding of how to utilize ModularTopologies, and dynamically upgrade their Kafka Streams workload effectively.
Ship Faster, Reduce Risk, and Build Scale with Feature FlagsAtlassian
Today's software companies are trying to move faster than ever before. Feature flagging is a way for to reduce risk, increase the amount of visibility, and improve your ability to respond to change. Learn how you can begin utilizing feature flagging effectively, and how Atlassian flags with LaunchDarkly to ship software daily.
Powerful tools give a lot room for improvements. In order to make it valuable for you, I define your way of configuration. This talk will represent use cases of ReportPortal and the most beneficial configurations of usage. Based on real project examples, with collected metrics and efficiency improvement for them
Slides from Software Testing Techniques course offered at Kansas State University in Spring'16 and Spring'17. Entire course material can be found at https://github.com/rvprasad/software-testing-course.
Introduction to interprocess communication issues like race conditions and critical regions. Solutions such as mutual exclusion with busy waiting, sleep and wakeup, Semaphores, mutexes, monitors, barriers, and message passing.
LESSON 3A. INTRODUCTION TO ITERATION: LOOPS, TRACE TABLES, WHILE LOOPS
Introduction to Iteration and loops. The theory behind loops and how they work. Create and adapt programs using loops. Intro to the random number generator. Learn about trace tabling (white box testing). Example of a trace table and dry run. Wonders of the Fibonacci sequence. Examples of Iteration in game design. Focus on While loops. Challenges, tasks (with solutions), suggested videos, big ideas discussion and research and HW included. Introducing Ada Lovelace and Charles Babbage.
Java is a computer programming language that is concurrent, class-based, object-oriented, and specifically designed to have as few implementation dependencies as possible.
https://hasgeek.com/rootconf/data-privacy-conference/sub/synthetic-data-generation-VN92QpTzvTSAeepCW8YRMU
Synthetic data generation for relational data
per column density estimation
covariance
copula
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
2. Doveryai, no Proveryai
A Russian proverb which means “Trust,
but verify”.
Popular during the Cold War when the
US and Soviet Union were signing
nuclear disarmament accords.
2
3. Talk overview
1. Problem definition
2. What is TLA+, PlusCal, TLC...
3. Example 1 : Childcare facility
4. Example 2 : Dining Philosophers
5. Example 3 : Alternating Bit Protocol
6. Concluding observations
Code : https://github.com/sanjosh/tlaplus
Slides: https://www.slideshare.net/SandeepJoshi55/
3
4. Hard to prove correctness in a distributed system
In a distributed system, how do you prove
1. Safety : Something bad will never happen
2. Liveness : Something good will eventually happen
When you have
1. Multiple agents/actors, each with their state machine(FSM)
2. Non-determinism which leads to Arbitrary Interleaved execution
3. Failures and restarts
4
5. Microsoft .NET remote authentication FSMs https://msdn.microsoft.com/en-us/library/ms973909.aspx
Verify if this 2-process FSM (.NET) is correct.. ?
5
6. Or this 2-process FSM (for TCP) is correct ?
https://thewalnut.io/app/release/73/
6
8. How to reason about time in a distributed system
Required :
1. A formal theory
2. A language to express the problem
3. A tool to verify
8
9. How to reason about time in a distributed system
Required :
1. A formal theory : Temporal Logic
2. A language to express the problem : TLA+ and others.
3. A tool to verify : TLC and other model checkers
9
10. Temporal logic simplified
In programs, we write formulae using Boolean operators (AND, OR, NOT).
“Assert (a > 0 AND b < 0)”
Temporal logic provides you with temporal operators which hold over one or
more paths of execution (called “Path quantifiers”).
1. I will like chocolate from now on.
2. After weather becomes cold, at some point, I will start eating chocolate.
https://en.wikipedia.org/wiki/Computation_tree_logic#Examples
10
11. What is TLA+
● Language created by Leslie Lamport to express temporal logic.
● PlusCal is a simpler variant of TLA+ (This talk uses PlusCal).
● TLC is the “model checker” - the compiler which verifies if your PlusCal
program is correct.
● It has a GUI called Toolbox. In this talk, only command line tool is used.
11
12. How to get started with TLA+
● Read general background on model checkers
● Download the TLA toolbox (GUI + java jar file)
● Read the PlusCal manual and Lamport’s tutorial “Specifying systems”
● Read sample PlusCal programs written by others
● Start with a small problem and try writing your own program
● Run it...
$ java pcal.trans myspec.tla
$ java tlc2.TLC myspec.tla
12
13. Childcare facility problem
Children and adults continuously enter and exit a childcare facility.
Ensure that there is always one adult present for every three children.
[ from The Little Book of Semaphores by Allen Downey ]
13
14. Childcare constraints
Adult can enter anytime, but exit ONLY if
1. NEW number of adults is at least three times number of children
Children can exit anytime, but enter ONLY if
1. Number of adults is at least three times NEW number of children
14
15. Childcare - create child & parent process
Define a PlusCal “process” for each actor in your system
-- algorithm childcare {
Process (a in 1.. ADULTS) {... }
Process (c in 1..CHILDREN) {... }
}
15
16. Childcare - “labels” denote Atomic actions
Use one PlusCal label for each atomic action of Child.
Child performs two actions : enter and exit the childcare facility.
Process {
c_enter: number_children = number_children + 1
c_exit : number_children = number_children - 1
}
16
17. What are PlusCal Labels
All statements within a label are atomically executed by TLC.
TLC internally interleaves the execution of many processes in order
to verify correctness
LabelA : Y = X + 1
Label1 : X = Y + 1
17
Label2 : X = Y - 1
Child 1 Adult 2
18. Childcare - use “await” to wait for a condition
Every Child will wait until there are sufficient number of adults present inside
c_enter : Await (number_adults * 3 >= number_children + 1)
number_children = number_children + 1
c_exit : number_children = number_children - 1
Assert (number_adults * 3 >= number_children)
18
19. Childcare - specify adult process
Follow same steps to define adult process - using process, label, await
19
Process {
a_enter: number_adults = number_adults + 1
a_exit : Await ( number_adults * 3 >= number_children)
number_adults = number_adults - 1
Assert (number_adults * 3 >= number_children)
}
20. TLC (model checker) Failure output
At this point, assert fires
since adult exited due to
incorrect “await”
condition
20
21. Childcare - correct the condition
Change the await condition to check new value instead of old
21
Process {
a_enter: number_adults = number_adults + 1
a_exit : Await ((number_adults - 1)* 3 >= number_children)
number_adults = number_adults - 1
}
24. Dining Philosophers Problem
Each philosopher keeps doing the following
1. Think
2. Take right fork
3. Take left fork
4. Eat
5. Put down both forks
24
25. Dining Philosophers with PlusCal
Define five philosopher instances; Step through three labels (atomic actions)
25
Process (ph in 1..5) {
Wait_first_fork : await (forks[right] = FALSE);
forks[right] = TRUE;
}
26. Dining Philosophers with PlusCal
Define five philosopher instances; Step through three labels (atomic actions)
26
Process (ph in 1..5) {
Wait_first_fork : await (forks[right] = FALSE);
forks[right] = TRUE;
Wait_second_fork: await (forks[left] = FALSE);
forks[left] = TRUE;
}
27. Dining Philosophers with PlusCal
Define five philosopher instances; Step through three labels (atomic actions)
27
Process (ph in 1..5) {
Wait_first_fork : await (forks[right] = FALSE);
forks[right] = TRUE;
Wait_second_fork: await (forks[left] = FALSE);
forks[left] = TRUE;
Done_eating : forks[left] = forks[right] = FALSE;
}
34. Alternate bit protocol over lossy channel
34
Sender Receiver
Message channel
Ack channel
Both channels
are lossy
https://en.wikipedia.org/wiki/Alternating_bit_protocol
Discussed in Lamports’ book “Specifying Systems”.
35. Alternate bit protocol - define channel
Use “Sequences” module to define the communication channels
Declare the channels as a Sequence
Variables msgChan = <<>>, ackChan = <<>>
Append to channel
Append(msgChan, m)
Extract using
“Head(msgChan)” or “Tail(msgChan)”
35
36. Alternate bit protocol - sender and receiver process
Process (Sender = “S”) {
Send message
OR
Receive Ack
}
36
Define one Process each for Sender and Receiver
Process (Receiver = “S”) {
Receive message
OR
Send Ack
}
37. Alternate bit protocol - sender and receiver process
Process (Sender = “S”) {
Either {
Append(<<input>>, msgChan)
} or {
Recv(ack, ackChan)
}
}
37
Define one Process each for Sender and Receiver
Process (Receiver = “S”) {
Either {
Append(rbit, ackChan)
} or {
Recv(msg, msgChan)
}
}
38. PlusCal - Either Or
“Either Or” is an important feature of PlusCal language (TLA+)
It allows you to simulate non-determinism
TLC (model checker) will test both options at runtime.
38
Either { Do this }
Or { Do that }
39. Alternate Bit protocol - simulate lossy channel
To simulate lossy channel, add another process which randomly deletes
messages.
39
Process (LoseMsg = “L”) {
randomly delete messages from either channel
}
40. Alternate Bit protocol - simulate lossy channel
To simulate lossy channel, add another process which randomly deletes
messages.
40
Process (LoseMsg = “L”) {
While TRUE{
Either with (1 in 1..Len(msgChan)) {
msgChan = Remove(i, msgChan)
} or with (1 in 1..Len(ackChan)) {
ackChan = Remove(i, ackChan);
}
41. PlusCal constructs introduced
1. Algorithm : A problem that you want to model.
2. Process : An actor/thread of execution within the algorithm.
3. Labels : All statements inside a label are atomically executed.
4. Await : only execute after condition becomes true
5. Either-Or : non-deterministic execution of alternatives
6. With : Non-deterministically choose one element out of a Set.
41
42. Notable users of TLA+
1. Intel CPU cache coherence protocol [Brannon Batson]
2. Microsoft CosmosDB
3. Amazon : S3, DynamoDB, EBS, Distributed Lock manager [Chris
Newcombe]
Newcombe(Amazon) has released two of their TLA+ specs
(See my github for a copy)
None of the others are publicly available
42
43. Conclusion
1. TLC can find bugs.
2. Complex programs can take hours to run (TLC also has “simulation” mode
which does random verification)
Learning curve
1. Formulation : Lack of sample programs, but google group is helpful.
2. Debugging : Check the backtrace; add prints !
3. Mastery over TLA+ requires some Mathematics knowledge (i.e. Set theory).
4. [Newcombe, Experience of Software Engineers using TLA+]
http://tla2012.loria.fr/contributed/newcombe-slides.pdf
43
45. TLA+ operators
1. <> P : atleast one execution path has P true
2. [] P : P is eventually true
3. Q ~> P : If Q becomes true, P will be true
4. <>[] P : at some point P becomes true and stays true
45
46. Other model checkers besides TLA+
46
https://en.wikipedia.org/wiki/List_of_model_checking_tools
