Static serializability analysis for causal consistency

Many distributed databases provide only weak consistency guarantees to reduce synchronization overhead and remain available under network partitions. However, this leads to behaviors not possible under stronger guarantees. Such behaviors can easily defy programmer intuition and lead to errors that are notoriously hard to detect. In this paper, we propose a static analysis for detecting non-serializable behaviors of applications running on top of causally-consistent databases. Our technique is based on a novel, local serializability criterion and combines a generalization of graph-based techniques from the database literature with another, complementary analysis technique that encodes our serializability criterion into first-order logic formulas to be checked by an SMT solver. This analysis is more expensive yet more precise and produces concrete counter-examples. We implemented our methods and evaluated them on a number of applications from two different domains: cloud-backed mobile applications and clients of a distributed database. Our experiments demonstrate that our analysis is able to detect harmful serializability violations while producing only a small number of false alarms.

[1]  Dennis Shasha,et al.  Efficient and correct execution of parallel programs that share memory , 1988, TOPL.

[2]  William E. Weihl,et al.  Commutativity-based concurrency control for abstract data types , 1988, [1988] Proceedings of the Twenty-First Annual Hawaii International Conference on System Sciences. Volume II: Software track.

[3]  Katherine A. Yelick,et al.  Analyses and Optimizations for Shared Address Space Programs , 1996, J. Parallel Distributed Comput..

[4]  Barbara Liskov,et al.  Weak Consistency: A Generalized Theory and Optimistic Implementations for Distributed Transactions , 1999 .

[5]  Rajeev Alur,et al.  Model-Checking of Correctness Conditions for Concurrent Objects , 2000, Inf. Comput..

[6]  Nancy A. Lynch,et al.  Brewer's conjecture and the feasibility of consistent, available, partition-tolerant web services , 2002, SIGA.

[7]  Jaejin Lee,et al.  Automatic fence insertion for shared memory multiprocessing , 2003, ICS '03.

[8]  Dennis Shasha,et al.  Making snapshot isolation serializable , 2005, TODS.

[9]  David A. Padua,et al.  Compiler techniques for high performance sequentially consistent java programs , 2005, PPOPP.

[10]  Frank Tip,et al.  Associating synchronization constraints with data in an object-oriented language , 2006, POPL '06.

[11]  Sebastian Burckhardt,et al.  CheckFence: checking consistency of concurrent data types on relaxed memory models , 2007, PLDI '07.

[12]  CheckFence: checking consistency of concurrent data types on relaxed memory models , 2007, PLDI.

[13]  Werner Vogels,et al.  Dynamo: amazon's highly available key-value store , 2007, SOSP.

[14]  S. Sudarshan,et al.  Automating the Detection of Snapshot Isolation Anomalies , 2007, VLDB.

[15]  Azadeh Farzan,et al.  Monitoring Atomicity in Concurrent Programs , 2008, CAV.

[16]  Prashant Malik,et al.  Cassandra: a decentralized structured storage system , 2010, OPSR.

[17]  Eran Yahav,et al.  Automatic inference of memory fences , 2010, Formal Methods in Computer Aided Design.

[18]  Laurie Hendren,et al.  Soot: a Java bytecode optimization framework , 2010, CASCON.

[19]  Nikolai Tillmann,et al.  TouchDevelop: programming cloud-connected mobile devices via touchscreen , 2011, Onward! 2011.

[20]  Michael J. Freedman,et al.  Don't settle for eventual: scalable causal consistency for wide-area storage with COPS , 2011, SOSP.

[21]  Marcos K. Aguilera,et al.  Transactional storage for geo-replicated systems , 2011, SOSP.

[22]  Sebastian Burckhardt,et al.  Cloud Types for Eventual Consistency , 2012, ECOOP.

[23]  Ali Ghodsi,et al.  Bolt-on causal consistency , 2013, SIGMOD '13.

[24]  Michael J. Freedman,et al.  Stronger Semantics for Low-Latency Geo-Replicated Storage , 2013, NSDI.

[25]  Daniel Kroening,et al.  Partial Orders for Efficient Bounded Model Checking of Concurrent Software , 2013, CAV.

[26]  Daniel Kroening,et al.  Don't Sit on the Fence - A Static Analysis Approach to Automatic Fence Insertion , 2014, CAV.

[27]  Scalable atomic visibility with RAMP transactions , 2014 .

[28]  Sebastian Burckhardt,et al.  Principles of Eventual Consistency , 2014, Found. Trends Program. Lang..

[29]  Sebastian Burckhardt,et al.  Replicated data types: specification, verification, optimality , 2014, POPL.

[30]  Pietro Ferrara,et al.  Static analysis for independent app developers , 2014, OOPSLA.

[31]  Constantin Enea,et al.  Verifying eventual consistency of optimistic replication systems , 2014, POPL.

[32]  Sebastian Burckhardt,et al.  Global Sequence Protocol: A Robust Abstraction for Replicated Shared State , 2015, ECOOP.

[33]  YangHongseok,et al.  'Cause I'm strong enough: Reasoning about consistency choices in distributed systems , 2016 .

[34]  Alexey Gotsman,et al.  Robustness against Consistency Models with Atomic Visibility , 2016, CONCUR.

[35]  Annette Bieniusa,et al.  Antidote: the highly-available geo-replicated database with strongest guarantees , 2016 .

[36]  'Cause I'm strong enough: reasoning about consistency choices in distributed systems , 2016, POPL.

[37]  Faith Ellen,et al.  Limitations of Highly-Available Eventually-Consistent Data Stores , 2017 .

[38]  George A. Constantinides,et al.  Automatically comparing memory consistency models , 2017, POPL.

[39]  Peter Müller,et al.  Serializability for eventual consistency: criterion, analysis, and applications , 2017, POPL.

[40]  Dimitar Dimitrov,et al.  Static Serializability Analysis for Causal Consistency (extended version) , 2018 .