• Stars
    star
    883
  • Rank 51,702 (Top 2 %)
  • Language
    Go
  • License
    MIT License
  • Created over 7 years ago
  • Updated 6 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A fast linearizability checker written in Go ๐Ÿ”Ž

Porcupine Build Status Go Reference

Porcupine is a fast linearizability checker for testing the correctness of distributed systems. It takes a sequential specification as executable Go code, along with a concurrent history, and it determines whether the history is linearizable with respect to the sequential specification. Porcupine also implements a visualizer for histories and linearization points.

Linearizability visualization demo
(click for interactive version)

Porcupine implements the algorithm described in Faster linearizability checking via P-compositionality, an optimization of the algorithm described in Testing for Linearizability.

Porcupine is faster and can handle more histories than Knossos's linearizability checker. Testing on the data in test_data/jepsen/, Porcupine is generally 1,000x-10,000x faster and has a much smaller memory footprint. On histories where it can take advantage of P-compositionality, Porcupine can be millions of times faster.

Usage

Porcupine takes an executable model of a system along with a history, and it runs a decision procedure to determine if the history is linearizable with respect to the model. Porcupine supports specifying history in two ways, either as a list of operations with given call and return times, or as a list of call/return events in time order. Porcupine can also visualize histories, along with partial linearizations, which may aid in debugging.

See the documentation for how to write a model and specify histories. You can also check out some example implementations of models from the tests.

Once you've written a model and have a history, you can use the CheckOperations and CheckEvents functions to determine if your history is linearizable. If you want to visualize a history, along with partial linearizations, you can use the Visualize function.

Testing linearizability

Suppose we're testing linearizability for operations on a read/write register that's initialized to 0. We write a sequential specification for the register like this:

type registerInput struct {
    op    bool // false = put, true = get
    value int
}

// a sequential specification of a register
registerModel := porcupine.Model{
    Init: func() interface{} {
        return 0
    },
    // step function: takes a state, input, and output, and returns whether it
    // was a legal operation, along with a new state
    Step: func(state, input, output interface{}) (bool, interface{}) {
        regInput := input.(registerInput)
        if regInput.op == false {
            return true, regInput.value // always ok to execute a put
        } else {
            readCorrectValue := output == state
            return readCorrectValue, state // state is unchanged
        }
    },
}

Suppose we have the following concurrent history from a set of 3 clients. In a row, the first | is when the operation was invoked, and the second | is when the operation returned.

C0:  |-------- put('100') --------|
C1:     |--- get() -> '100' ---|
C2:        |- get() -> '0' -|

We encode this history as follows:

events := []porcupine.Event{
    // C0: put('100')
    {Kind: porcupine.CallEvent, Value: registerInput{false, 100}, Id: 0, ClientId: 0},
    // C1: get()
    {Kind: porcupine.CallEvent, Value: registerInput{true, 0}, Id: 1, ClientId: 1},
    // C2: get()
    {Kind: porcupine.CallEvent, Value: registerInput{true, 0}, Id: 2, ClientId: 2},
    // C2: Completed get() -> '0'
    {Kind: porcupine.ReturnEvent, Value: 0, Id: 2, ClientId: 2},
    // C1: Completed get() -> '100'
    {Kind: porcupine.ReturnEvent, Value: 100, Id: 1, ClientId: 1},
    // C0: Completed put('100')
    {Kind: porcupine.ReturnEvent, Value: 0, Id: 0, ClientId: 0},
}

We can have Porcupine check the linearizability of the history as follows:

ok := porcupine.CheckEvents(registerModel, events)
// returns true

Porcupine can visualize the linearization points as well:

Example 1

Now, suppose we have another history:

C0:  |---------------- put('200') ----------------|
C1:    |- get() -> '200' -|
C2:                           |- get() -> '0' -|

We can check the history with Porcupine and see that it's not linearizable:

events := []porcupine.Event{
    // C0: put('200')
    {Kind: porcupine.CallEvent, Value: registerInput{false, 200}, Id: 0, ClientId: 0},
    // C1: get()
    {Kind: porcupine.CallEvent, Value: registerInput{true, 0}, Id: 1, ClientId: 1},
    // C1: Completed get() -> '200'
    {Kind: porcupine.ReturnEvent, Value: 200, Id: 1, ClientId: 1},
    // C2: get()
    {Kind: porcupine.CallEvent, Value: registerInput{true, 0}, Id: 2, ClientId: 2},
    // C2: Completed get() -> '0'
    {Kind: porcupine.ReturnEvent, Value: 0, Id: 2, ClientId: 2},
    // C0: Completed put('200')
    {Kind: porcupine.ReturnEvent, Value: 0, Id: 0, ClientId: 0},
}

ok := porcupine.CheckEvents(registerModel, events)
// returns false

Example 2

See porcupine_test.go for more examples on how to write models and histories.

Visualizing histories

Porcupine provides functionality to visualize histories, along with the linearization (or partial linearizations and illegal linearization points, in the case of a non-linearizable history). The result is an HTML page that draws an interactive visualization using JavaScript. The output looks like this:

Visualization demo

You can see the full interactive version here.

The visualization is by partition: all partitions are essentially independent, so with the key-value store example above, operations related to each unique key are in a separate partition.

Statically, the visualization shows all history elements, along with linearization points for each partition. If a partition has no full linearization, the visualization shows the longest partial linearization. It also shows, for each history element, the longest partial linearization containing that event, even if it's not the longest overall partial linearization; these are greyed out by default. It also shows illegal linearization points, history elements that were checked to see if they could occur next but which were illegal to linearize at that point according to the model.

When a history element is hovered over, the visualization highlights the most relevant partial linearization. When it exists, the longest partial linearization containing the event is shown. Otherwise, when it exists, the visualization shows the longest partial linearization that ends with an illegal LP that is the event being hovered over. Hovering over an event also shows a tooltip showing extra information, such as the previous and current states of the state machine, as well as the time the operation was invoked and when it returned. This information is derived from the currently selected linearization.

Clicking on a history element selects it, which highlights the event with a bold border. This has the effect of making the selection of a partial linearization "sticky", so it's possible to move around the history without de-selecting it. Clicking on another history element will select that one instead, and clicking on the background will deselect.

All that's needed to visualize histories is the CheckOperationsVerbose / CheckEventsVerbose functions, which return extra information that's used by the visualization, and the Visualize function, which produces the visualization. For the visualization to be good, it's useful to fill out the DescribeOperation and DescribeState fields of the model. See visualization_test.go for an end-to-end example of how to visualize a history using Porcupine.

Notes

If Porcupine runs really slowly on your model/history, it may be inevitable, due to state space explosion. See this issue for a discussion of this challenge in the context of a particular model and history.

Citation

If you use Porcupine in any way in academic work, please cite the following:

@misc{athalye2017porcupine,
  author = {Anish Athalye},
  title = {Porcupine: A fast linearizability checker in {Go}},
  year = {2017},
  howpublished = {\url{https://github.com/anishathalye/porcupine}}
}

License

Copyright (c) Anish Athalye. Released under the MIT License. See LICENSE.md for details.

More Repositories

1

dotbot

A tool that bootstraps your dotfiles โšก๏ธ
Python
7,030
star
2

neural-style

Neural style in TensorFlow! ๐ŸŽจ
Python
5,539
star
3

git-remote-dropbox

A transparent bridge between Git and Dropbox - use a Dropbox (shared) folder as a Git remote! ๐ŸŽ
Python
3,055
star
4

lumen

Magic auto brightness based on screen contents ๐Ÿ’ก
Objective-C
2,286
star
5

gemini

Gemini is a modern LaTex beamerposter theme ๐Ÿ–ผ
TeX
982
star
6

obfuscated-gradients

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples
Jupyter Notebook
881
star
7

seashells

The official client for seashells.io ๐Ÿš
Python
707
star
8

dotfiles

~anish โ€ข powered by https://github.com/anishathalye/dotbot ๐Ÿ’พ
Shell
704
star
9

neural-hash-collider

Preimage attack against NeuralHash ๐Ÿ’ฃ
Python
664
star
10

gavel

A project expo judging system ๐Ÿ“Š
Python
433
star
11

periscope

Periscope gives you "duplicate vision" to help you organize and de-duplicate your files without losing data ๐Ÿ”ญ
Go
379
star
12

auriga

Auriga is a minimalist LaTeX beamer presentation theme ๐Ÿ“ฝ
TeX
328
star
13

offix

"Who is in the office?" ๐Ÿ‘€
JavaScript
186
star
14

dotfiles_template

A template for structuring dotfiles (using Dotbot as an installer) ๐Ÿ“œ
PowerShell
184
star
15

ribosome

Synthesize photos from PhotoDNA using machine learning ๐ŸŒฑ
Python
141
star
16

imagenet-simple-labels

Simpler human-readable labels for ImageNet ๐Ÿท
122
star
17

dotfiles-local

~anish [local config] โ€ขย powered by https://github.com/anishathalye/dotbot ๐Ÿ 
Shell
75
star
18

mathematics-of-deep-learning

The Mathematics of Deep Learning, SIPB IAP 2018
Jupyter Notebook
74
star
19

proof-html

A GitHub Action to validate HTML, check links, and more โœ…
Ruby
57
star
20

seashells-server

The seashells.io server ๐Ÿš
Go
53
star
21

knox

A framework for formally verifying hardware security modules to be free of hardware, software, and timing side-channel vulnerabilities ๐Ÿ”
Racket
29
star
22

notary

Notary: A Device for Secure Transaction Approval ๐Ÿ“Ÿ
Verilog
28
star
23

hubot-group

A hubot script that expands mentions of groups ๐Ÿ‘ซ
CoffeeScript
26
star
24

synox

Rust library for program synthesis of string transformations from input-output examples ๐Ÿ”ฎ
Rust
26
star
25

knox-hsm

Circuits and hardware security modules formally verified with Knox ๐Ÿ”
Verilog
23
star
26

disposable

Create a Reddit throwaway account with the click of a button! ๐Ÿšฎ
JavaScript
23
star
27

skipchat

SkipChat - MHacks V
C
20
star
28

rtlv

Tools for reasoning about circuits in Rosette/Racket ๐Ÿ”Œ
Racket
18
star
29

micro-wwvb

A tiny WWVB station ๐Ÿ“ก
C
17
star
30

linux-bootstrap

get a debian-based system set up the way I like it, with minimal effort on my part
17
star
31

hubot-shortcut

A macro system for hubot ๐Ÿ’จ
JavaScript
16
star
32

bin2coe

A tool to convert binary files to COE files ๐Ÿ’ซ
Python
14
star
33

anishathalye

A self-updating GitHub profile ๐Ÿฏ
Python
12
star
34

hubot-conf

A simple configuration management system for hubot ๐Ÿ”ง
JavaScript
11
star
35

gitlive

the source code that powered gitlive.net
Java
11
star
36

chroniton

A tool for formally verifying constant-time software against hardware ๐Ÿ•ฐ๏ธ
Racket
10
star
37

unblock

A tiny utility to make shell pipes behave as if they have unlimited buffering โ™พ
Go
7
star
38

countdown

A simple countdown timer you can set as your homepage โฐ
HTML
5
star
39

coqioa

A formalization of IO automata in the Coq proof assistant
Coq
5
star
40

x

playground for testing stuff on github
4
star
41

assets

README assets for my GitHub projects ๐ŸŽญ
4
star
42

easy-security

Slides from the SIPB Cluedump on Low Effort High Impact Security
HTML
3
star
43

learn-pgp

Slides from the SIPB Cluedump on PGP
HTML
3
star
44

learn-git

An introduction to using Git - prepared for HackMIT / Hack Week 2015
HTML
2
star
45

deterministic-start-benchmark

Verilog
2
star
46

ipr

A formalization of information-preserving refinement (IPR) in the Coq Proof Assistant ๐Ÿงฉ
Coq
2
star
47

xclips

Rust
1
star
48

scripts

Python
1
star
49

formal-methods-tutorial-2022-10-11

Racket
1
star