Rachid Guerraoui – Adversary Oriented Computing


Published on

Recent technological evolutions, including the cloud, the multicore and the social ones, are turning computing ubiquitously distributed. Yet, building high-assurance distributed programs is notoriously challenging. This talk will describe Adversary-Oriented Computing (AOC), a new paradigm to build high-assurance distributed programs. The underlying idea consists in introducing a new dimension for separating the concerns of a distributed program and a new corresponding way to achieve their modular design, proof, verification, implementation and debugging.

Published in: Science, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Lac de Geneve/Lausanne; Plus grand lac d’Europe
    EPFL/ETHZ; Classement premier; 8000 étudiants; pas de prépa; bonne qualité de la vie
  • A 50mn
  • A 100m; A 100m en été / programme d’années sabattique / département de 40 profs a peu près; Il n’y a aucun autre corps stable
  • Anyone who tried to design and prove or implement and test a distributed system has realized how hard it is; This is true for systems that are distributed over the Internet, over a cluster or simply above a dual processor; When I say “distributed” here I mean both concurrent and distributed; So any one who tried to devise a distributed system has realized how hard it is; The more practical the systems seeks to be, the more difficult it is to prove or test;
    AOC is a computing discipline that might change our lives (or not) to simplify this state of affairs; I will tell here what it is at some level of abstraction;
    Le titre est aiguicheur; je ne présente pas un article technique ici; mais une idée; comme le titre de mon exposé l’indique, il s’agit de spéculation.
    La thèse spéculative défendue ici est la suivante: (1) l’informatique théorique est plus que jamais nécessaire pour comprendre ce que peuvent faire les machines et les réseaux; (2) A la base de l’informatique théorique réside ce que l’on appelle la théorie de la complexité: La théorie de la complexité des algorithmes étudie formellement la quantité de ressources (en temps et en espace) nécessitée par l'exécution d'un algorithme ainsi que la difficulté intrinsèque des problèmes algorithmiques.; (3) Cette théorie est très vieille (Euclide), même si le nom est attribué a Mohammed Algorithmi (qui donnerait le tournis à nos Claude Gueant) – 700; (4) Cette théorie repose sur des bases désormais fausses; (5) Les théries alternative sont des versionstrès partielles de la réalité
  • So what you do, or what you should be doing, is find the best algorithm: if you are running on a single computer, the situation is relatively easy;
    it is very likely that the algorithm exists: why; because all machines are the same and are equivalent to a Turing machine; so the complexity of a queue is known; in a centralized system, that is easy; complexity depends only on your object only; universal model
    Turing: Record player
    The Turing machine is the max that one can compute (Lamdba calculs and recursive functions cannot do more)
    The computer is a good approximation of a Turing machine; measuring the time It takes to execute a program by couting the number of steps of a Turing correspond to the number of elementary instructions In modern programming languages
    This assumes a program is a batch with a clear input and a clear output
  • We have to duplicate
  • What if your problem needs to be solved by several Turing Machines
    No universal model anymore; why? Because there are tons of ways according to which these machines communicate and are scheduled with respect to each other;
    The adversary is the entity that represents that; and hence the algorithm depends on the adversary
  • There are all kinds of adversaries out there; strictly speaking: an adversary is a set of runs; the bigger the set, the strongest is the adversary;…
    For example: the strongest adversary: every one is a free Turing machine; every one executes the algorithm assigned to it: they might stop at any time
  • For example, if I need to devise a queue algorithm, my algorithm will depend on the adversary; parler de la pile ici…
    No contention; I update the queue locally; I inform the others
    Contention; we go through a leader; k steps
    Failure: round-robin: a priori; n steps
    Tons of algorithms and papers; books
    Link Failure: infinity
  • Intuitition: for instance; there might be contention; but usually there is not; so we send a message to all; if everybody replies, fine; if there is, we abort and try to do something else; so we go one by one; say p1 goes first etc; but what if p1 does not receive a reply; if the system is synchronous We speculate that the system is synchronous; so we approximate a bound; if it does not happen, we increase it; of course, we need to be careful; for example, if we suspect the leader, we should use a majority; so things get very complicated Very messyOnce we measure complexity, it is a vectorOn peut parler de complexité spéculative 
    Thinks are however more complicated because when building a distributed queue, I need to consider several adversaries at the same time: a polymorphic adversary
  • Première étape consiste bien entendu à créer des classes d’équivalence entre adversaires; Cette étape est très intéressante en elle-même; elle permet de réduire le nombre de résultats et d’algorithmes
  • La seconde étape consiste à résoudre les problèmes de la manière suivante: étant donné le pire cas, cad AN, l’idée est de résoudre le problème de la manière suivante: N is the biggest class; les autres sont des sous-classes, incomparables: On va concevoir algorithm1 pour A1; etc; La conception, preuve, test etc sont complètement séparées; We would like to divide the design, test, implementation and verification of the system; how can we do that? Ideally, the switch could be dynamic and adaptive; but let’s focus on this; why is this hard; because it is distributed; you speculate that there is no contention; but if there is, you switch (Notice: the parallel to OO; Polymorphic):
  • Comment on met en oeuvre ceci: détecteur d’adversaire; détecter la concurrence; détecter l’asymchronisme;
  • With and without contention
    A comparer avec la composition de la linéarizability
  • En fait: on change le problème, les adversaires et la métrique de complexité
  • In fact, it is all about divide and conquer; this is complementary to ADT and OOP
  • Rachid Guerraoui – Adversary Oriented Computing

    1. 1. Rachid Guerraoui, EPFL Adversary-Oriented Computing
    2. 2. AOC Adversary-Oriented Computing
    3. 3. Act 1: from centralized to distributed Act 3: Adversary-Oriented Computing Act 2: from algorithms to systems
    4. 4. Queue Storage e-X Objects
    5. 5. Storage Queue enQueue() deQueue() read() write()
    6. 6. Algorithm Minimize complexity C(O)
    7. 7. enQueue() deQueue() Queue Queue Queue clients messages messages
    8. 8. Distributed Algorithm C(O,A)
    9. 9. P1;P1;P1;P2;P2;P2;P3;P3;P3;.. P1;P2;P3;P1;P2;P3;P1;P2;P3;.. Sequential P1;P1;P1;P1;P1;P1;P1;..Centralized Synchronous P1;P2;P1;P3;P2;P3;P1;P1;P3;..Asynchronous P1;P3;P1;P3;P2;P3;P1;P1;P3;.. Synchronous-F1 P1;P2;P3;P2;P3;P2;P3;P2;P3;.. P1;P2;P3;P1;P2;P1;P2;P1;..
    10. 10. Adversary Set of runs
    11. 11. The Game
    12. 12. Object (e.g., Queue) State: a history of requests A client invokes a request req and delivers a response h(req)
    13. 13. Linearizable Shared Object Safety: if c1 delivers history h1 and c2 delivers history h2, then one is the prefix of the other Liveness: if a correct client c invokes a request req, then c eventually delivers response h (req)
    14. 14. Asynchronous: infinity Sequential: 0 step Concurrency: k steps Node failures: n steps What Complexity?
    15. 15. Act 1: from centralized to distributed C(O,A) Act 2: from algorithms to systems
    16. 16. enQueue() deQueue() Queue Queue Queue messages messages Current Practices? clients
    17. 17. Polymorphic adversary C(O,A1,A2,A3,A4) = (2,O(k),O(f),infinity) What Complexity?
    18. 18. Paxos saga Tons of examples X.000 lines of intricate C code The Distributed System’s Nightmare In each implementation
    19. 19. Act 1: from centralized to distributed Act 2: from algorithms to systems C(O,A) C(O,A1,A2,..An)
    20. 20. Act 1: from centralized to distributed Act 3: Adversary-Oriented Computing Act 2: from algorithms to systems C(O,A) C(O,A1,A2,..An)
    21. 21. Dissecting Adversaries Equivalence classes Disagreement power (DISC 2010) Complexity relations (STOC 2009)
    22. 22. Switch(adversary) Case A1: algorithm1(); Case A2: algorithm2(); … Case AK: algorithmK(); … Case AN: algorithmN() Adversary-Oriented Computing
    23. 23. ”Premature optimization is the root of all evil” Knuth Adversary-Oriented Computing
    24. 24. Queue Queue Queue Adversary detector Adversary-Oriented Computing Progressive abortability clients
    25. 25. Object State: a history of requests A client invokes a request req and delivers a response h(req)
    26. 26. Shared Object (linearizable) Safety: if c1 delivers history h1 and c2 delivers history h2, then one is the prefix of the other Liveness: if a correct client c invokes a request req, then c eventually delivers response h (req)
    27. 27. AOC Object (A) speculative linearizability Liveness (1): if a correct client c invokes a request req, then c commits or aborts h (req) Liveness (2) : h (req) is committed if the adversary is weaker than A
    28. 28. AOC Object Safety (1): if c1 commits history h1 and c2 commits h2, then one is prefix of the other Safety (2): if c1 commits history h1 and c2 aborts h2, then h1 is prefix of h2
    29. 29. Composition Theorem AOC Object A1 + AOC Object A2 AOC Object (A1 U A2) =
    30. 30. Examples/References Indulgent algorithms (PODC 00,PODC 02) 700 BFT protocols (Eurosys 10) Test-and-Set (SPAA 12) Speculative Linearizability (PLDI 12) Speculation & Stabilization (PODC 13)
    31. 31. Simplifying Tests Revisiting The Paxos Family Proofs Optimizations (online)
    32. 32. Act 1: from centralized to distributed Act 3: Adversary-Oriented Computing C(O,A) C(O,A1,A2,..An) Act 2: from algorithms to systems C(O,A1) C(O,A2) C(O,An)..
    33. 33. Queue Storage e-X Dimensions of modularity control vs. data
    34. 34. AOC Thank you for your attention
    35. 35. Wandida.com Internet is an opportunity for teaching Being recorded while giving a long class Registering and following a full curriculum