a mechanized model for can protocols
Download
Skip this Video
Download Presentation
A Mechanized Model for CAN Protocols

Loading in 2 Seconds...

play fullscreen
1 / 26

A Mechanized Model for CAN Protocols - PowerPoint PPT Presentation


  • 141 Views
  • Uploaded on

A Mechanized Model for CAN Protocols. Francesco Bongiovanni and Ludovic Henrio. Context and objectives Our mechanized model Results Conclusions and Future Works. Context and Objectives. General motivation: supporting RDF data storage.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' A Mechanized Model for CAN Protocols' - gaetan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
a mechanized model for can protocols

A Mechanized Model for CAN Protocols

Francesco Bongiovanni

and

Ludovic Henrio

Contextand objectives

Our mechanized model

Results

Conclusions and Future Works

context and objectives
Context and Objectives

A Mechanised model for CAN - FASE 2013

general motivation supporting rdf data storage
General motivation: supporting RDF data storage
  • RDF data isat the heart of the Semantic Web
  • Supporting RDF meansalsosupportingitsquerylanguage

Main challenge

store and retrieve RDF data in large scalesettings,thatis, with a large number of geographicallydistributedparticipatingnodes ?

Our solution: Content Addressable Network (CAN)

A Mechanised model for CAN - FASE 2013

can general principles
CAN – General principles
  • Virtual Cartesian coordinate space of N dimensions
  • Space partitioned amongst nodes
    • every node “owns” a zone
    • A node only knows its adjacent neighbours
  • Stored Items mapped to points
    • Routing performance:
            • O(d.N1/d)

CAN [Ratnasamy et al. SIGCOMM 01]

(x,y)

  • CAN for RDF (our view):
  • No hashing  easier to look for a “range query”
  • One dimension per concern  handling variables

A Mechanised model for CAN - FASE 2013

rdf queries
RDF queries

q= (s,p,o)

q= (s,p,?o)

q= (?s,?p,?o)

q= (s,?p,?o)

A Mechanised model for CAN - FASE 2013

problem cost of queries
Problem: cost of queries

2 queries over 2 variables: conjunction of two 2-dimensional broadcasts

1 query over 2 variables

1 query over 1 variable

A Mechanised model for CAN - FASE 2013

duplicates problem and existing solutions
Duplicates: problem and existing solutions
  • Meghdoot:
    • worksonlystartingwith« corner »inefficient with range
  • M-CAN; claims:
    • No duplicate in 2D
    • Few duplicates in highdimensionsional CAN (<5%)
    • Impossible to getrid of all duplicates in higher dimensions

[Gupta et al. Middleware 2004]

[Ratnasamy, et al. NetworkedGroup Communication 2001]

A Mechanised model for CAN - FASE 2013

evaluating the impact of duplicated messages
Evaluating the impact of duplicated messages

Flooding

M-CAN

Our algorithm

A Mechanised model for CAN - FASE 2013

our objectives here
Our objectives here
  • Is there an “optimal” broadcast algorithm for CAN? Can we be sure?
  • More generally, we think that providing mechanised formalisations of our systems:
  • Increase the confidence in the system
  • Help programmers implement correct (and efficient) systems
  • HERE: a framework to reason on CAN networks, focusing on communications and broadcasts
  • + a proof that there exists an optimal algorithm

! Here: optimal = no duplicate !

A Mechanised model for CAN - FASE 2013

a mechanised model of can
A mechanised model of can

A Mechanised model for CAN - FASE 2013

defining a can first attempt
Defining a CAN: First attempt
  • Definition 1: Constructive from the seminalpaper
  • Split alternating dimension
  • When a nodeleaves,
  • The organisation canbemaintained by keeping thesplit history (+data transfers)
  • or one neighbourtakestwozones (no more rectangles?)
  • Alternative: change the reachable configurations

Main drawback:difficult to define in a theorem prover

What is the invariant verified by the CAN construction?

A Mechanised model for CAN - FASE 2013

defining a can a more general version
Defining a CAN: A more general version
  • Definition 2: Each zone is a rectangle
  • More freedom in the implementation
  • easier to define in a theorem prover
  • Rectangles are necessary to prove optimality of some broadcasts (eg. M-CAN in 2D)
  • But no guarantee on the lookup time in general
  • Churns: more flexible, but can one node manage two zones?

A Mechanised model for CAN - FASE 2013

our definition the most general one
Our definition: the mostgeneral one
  • Definition 3: each zone can have anyshape
  • A CAN is a finite set of nodes,Zones,neighboursuchthat
  • The neighbour relation issymmetric
  • Zones cover the wholespace
  • Each point belongs to a single zone

Neighbouring is not related to the topology

We abstracted away all reasoning on geometry

Note: we can always add constraints to reach the other definitions

HERE: no churn (but easier to encode)

A Mechanised model for CAN - FASE 2013

the formal version math vs isabelle
The formal version (math vs. Isabelle)

A Mechanised model for CAN - FASE 2013

broadcast and proofs
broadcast and proofs

A Mechanised model for CAN - FASE 2013

other definitions
Otherdefinitions
  • Connected zone: a zone in which communications is possible
  • Path = sequence of messages whereeach message is sent fromthe destination of the previous one
  • Broadcast message:

Source, dest, zone to becovered

  • ZNL = Zone nodelist:
    • Splits the zone yet to becovered
    • Intoseveral destinations and(connected) zones
  • A ZNL isoptimal if no nodebelong to twosub-zones

! Zones are not necessarily associated to a node!

A Mechanised model for CAN - FASE 2013

defining broadcast principles
Definingbroadcast - principles
  • A broadcastis a functionthattakesan initiator and a ZNLmapfunction (Nodex Zone  ZNL).
  • Computes the set of messages resulting of the inductive application of the ZNLmapfunction

Init

Is it possible to define an optimal broadcast?

What is the good ZNLmap function?

Can it rely only on local information?

A Mechanised model for CAN - FASE 2013

naive optimal broadcast
Naive optimal broadcast
  • Idea: Only split whenitisnecessary = when the zone to becoveredisdisconnected

Init

A Mechanised model for CAN - FASE 2013

overview of our framework
Overview of ourframework

P2P protocol

CAN

Distributed

algorithm

(reusable)

abstractions

Combining

proofs

Fine grain

Properties

+

proofs

Existence of an optimal broadcast

Induction principles on zones

Connectedexistingneighbors

Finite messages

Finite zones

Finitepathsinside zone

Coverage

Optimality

Messages

Zones

Nodes

ZNL properties

Zone decomposition

A Mechanised model for CAN - FASE 2013

principle of the proofs
Principle of the proofs
  • Coverage:

valid ZNL coverage

  • Existence of an optimal BC:
    • OptimalZNL Optimal broadcast
    • $ ZNLmapsuchthateach ZNL is an OptimalZNL (using the « naive » decomposition)

Is it possible to define an optimal broadcast? YES

What is the good ZNLmap function? The naïve decomposition

Can it rely only on local information?

A Mechanised model for CAN - FASE 2013

locality arguments is it really a peer to peer solution
Locality arguments: Is itreally a peer-to-peer solution?
  • Prerequisite: only part of the ZNLmapisuseful (history)
  • The ZNLmapcanbeconstructedstep by step (proved)
  • Provedstep-by-stepprogress, building an optimal ZNL locally

….

….

Is it possible to define an optimal broadcast? YES

What is the good ZNLmap function? The naïve decomposition

Can it rely only on local information?

In ourframeworkthe knowledge of the whole CAN isonlynecessary to computeconnectedness (no topology)

A Mechanised model for CAN - FASE 2013

conclusions and future works
Conclusions and future works

A Mechanised model for CAN - FASE 2013

conclusions results
Conclusions: Results
  • Properties:
    • The ZNL-approachissufficient for addressingcoverage
    • There exists a way to construct a ZNL for optimal broadcast
  • There exists a broadcastalgorithmthatproduces no duplicate; itisonlybased on local decisions

A Mechanised model for CAN - FASE 2013

conclusion mechanisation
Conclusion: Mechanisation
  • A framework for reasoning on CAN:
    • A possible definition of CAN (verygeneric)
    • Basic abstractions, induction principle
  • Constructs for reasoning on messages and broadcasts
  • The only non-proved arguments are related to topology and geometry (locality of connectedness, and 1 axiom: the wholespaceisconnected)
  • Around5000 lines of Isabelle/HOL

www-sop.inria.fr/oasis/personnel/Ludovic.Henrio/misc

A Mechanised model for CAN - FASE 2013

current and future work
Current and future work
  • We have a non-naive optimal algorithm!
    • Close to M-CAN but no duplicate at all
    • Experimented
    • To bepublished and provenformally
  • About churns (= nodesarriving and leavingfrequently)
    • Our definition of CAN isquite flexible
    • But neighboursevolveatruntime
    • TODO: improve the mechanised model, whatis a good algorithm/good properties in presence of churns? (#duplicates≤#churns?)

[Henrio, HDR 2012; Bongiovanni, PhD 2012]

A Mechanised model for CAN - FASE 2013

thank you
THANK YOU 

A Mechanised model for CAN - FASE 2013

ad