'Cause I'm strong enough: Reasoning about consistency choices in distributed systems

Gotsman, Alexey; Yang, Hongseok; Ferreira, Carla; Najafzadeh, Mahsa; Shapiro, Marc

doi:10.1145/2837614.2837625

Cited by 95 publications

(86 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…A number of other works have proposed techniques to verify the correctness of distributed systems that run under weak consistency, identifying when coordination is necessary [46,10,62,33,73,6]. Some of these works focused on systems that use CRDTs.…”

Section: Verificationmentioning

confidence: 99%

“…In runtime, depending on the operation parameters, the system runs an operation under weak or strong consistency. Some works [10,33,73] require the developer to specify the properties that the distributed system must maintain, and a specification of the operations in the system (that is often independent of the actual code of the system). As a result, they state which operations cannot execute concurrently.…”

Section: Verificationmentioning

confidence: 99%

See 1 more Smart Citation

Conflict-Free Replicated Data Types CRDTs

Preguiça

Baquero

Shapiro

2018

Encyclopedia of Big Data Technologies

Self Cite

View full text Add to dashboard Cite

Section: Verificationmentioning

confidence: 99%

Section: Verificationmentioning

confidence: 99%

Conflict-Free Replicated Data Types CRDTs

Preguiça

Baquero

Shapiro

2018

Encyclopedia of Big Data Technologies

Self Cite

View full text Add to dashboard Cite

“…This is good news because checking if an object is invariant closed is more straightforward than checking if it is invariant confluent. Existing systems typically use an SMT solver like Z3 to check if an object is invariant closed [16,9,20]. If it is, then by Theorem 1, it is invariant confluent.…”

Section: Invariant Closurementioning

confidence: 99%

Interactive checks for coordination avoidance

Whittaker

Hellerstein

2018

Proc. VLDB Endow.

View full text Add to dashboard Cite

Strongly consistent distributed systems are easy to reason about but face fundamental limitations in availability and performance. Weakly consistent systems can be implemented with very high performance but place a burden on the application developer to reason about complex interleavings of execution. Invariant confluence provides a formal framework for understanding when we can get the best of both worlds. An invariant confluent object can be efficiently replicated with no coordination needed to preserve its invariants. However, actually determining whether or not an object is invariant confluent is challenging.In this paper, we establish conditions under which a commonly used sufficient condition for invariant confluence is both necessary and sufficient, and we use this condition to design (a) a general-purpose interactive invariant confluence decision procedure and (b) a novel sufficient condition that can be checked automatically. We then take a step beyond invariant confluence and introduce a generalization of invariant confluence, called segmented invariant confluence, that allows us to replicate non-invariant confluent objects with a small amount of coordination.We implemented these formalisms in a prototype called Lucy and found that our decision procedures efficiently handle common real-world workloads including foreign keys, rollups, escrow transactions, and more. We also found that segmented invariant confluent replication can deliver up to an order of magnitude more throughput than linearizable replication for low contention workloads and comparable throughput for medium to high contention workloads.

show abstract

“…The effector must have the same effect at every replica, and therefore may not depend on testing shared state. We assume an operation's preconditions are stable, i.e., evaluating the precondition to true does not change under any concurrent operation [6]. 1 We assume causal consistency, i.e., one operation's effector is delivered (to some replica) only after the effectors of operations that are visible to it.…”

Section: System Model and Pseudocodementioning

confidence: 99%

Ensuring referential integrity under causal consistency

Shapiro

Bieniusa

Zeller

et al. 2018

Proceedings of the 5th Workshop on the Principles and Practice of Consistency for Distributed Data

Self Cite

View full text Add to dashboard Cite

Referential integrity (RI) is an important correctness property of a shared, distributed object storage system. It is sometimes thought that enforcing RI requires a strong form of consistency. In this paper, we argue that causal consistency suffices to maintain RI. We support this argument with pseudocode for a reference CRDT data type that maintains RI under causal consistency. QuickCheck has not found any errors in the model. % A reference to an object of type T containing an inref. 4 % Key of embedding object. If object has multiple outrefs, assume 5 % each one has a distinct object_key. 6 object_key: write_once register of Key 7 % routing information to referenced object 8 dest_keys: MV_register of (outkey: Key, id: uid), 9 initial (nullkey, nulluid) 11 datatype inref 12 % key of embedding object 13 object_key: write_once register of Key 14 % set of reverse references 15 rev_refs: 2P_set of (inkey: Key, id: uid), 16 initial emptyset 17 % call init only once 18 inuse: CRDT_flag, initial false 20 % if outref exists, inref exists 21 invariant 22 forall r: outref of T 23

show abstract

'Cause I'm strong enough: Reasoning about consistency choices in distributed systems

Cited by 95 publications

References 40 publications

Conflict-Free Replicated Data Types CRDTs

Conflict-Free Replicated Data Types CRDTs

Interactive checks for coordination avoidance

Ensuring referential integrity under causal consistency

Contact Info

Product

Resources

About