Presentation is loading. Please wait.

Presentation is loading. Please wait.

Colin Scott, Andreas Wundsam, Barath Raghavan, Aurojit Panda, Andrew Or, Jefferson Lai, Eugene Huang, Zhi Liu, Ahmed El-Hassany, Sam Whitlock, Hrishikesh.

Published byLisa Lester Modified over 9 years ago

Similar presentations

Presentation on theme: "Colin Scott, Andreas Wundsam, Barath Raghavan, Aurojit Panda, Andrew Or, Jefferson Lai, Eugene Huang, Zhi Liu, Ahmed El-Hassany, Sam Whitlock, Hrishikesh."— Presentation transcript:

1 Colin Scott, Andreas Wundsam, Barath Raghavan, Aurojit Panda, Andrew Or, Jefferson Lai, Eugene Huang, Zhi Liu, Ahmed El-Hassany, Sam Whitlock, Hrishikesh B. Acharya, Kyriakos Zarifis, Arvind Krishnamurthy, Scott Shenker Troubleshooting SDN Control Software with Minimal Causal Sequences

2 SDN is a Distributed System Controller 1Controller N Controller 2

3 Distributed Systems are Bug-Prone Distributed correctness faults: Race conditions Atomicity violations Deadlock Livelock … + Normal software bugs

4 Example Bug (Floodlight, 2012) Master Backup Ping Pong Ping Blackhole persists! Crash Link Failure Notify Switch ACK Notify Master

5 Best Practice: Logs Human analysis of log files

6 Best Practice: Logs Master Backup Ping Pong Ping Blackhole persists! Crash Link Failure Notify Switch ACK Notify Master

7 Best Practice: Logs Controller A Controller B Controller C Switch 1 Switch 2 Switch3 Switch 4 Switch 5 Switch 6 Switch 7 Switch 8 Switch 9 ? …

8 Our Goal Allow developers to focus on fixing the underlying bug

9 Problem Statement Identify a minimal sequence of inputs that triggers the bug in a blackbox fashion

10 Why minimization? G. A. Miller. The Magical Number Seven, Plus or Minus Two: Some Limits on Our Capacity for Processing Information. Psychological Review ’56. Smaller event traces are easier to understand

11 Minimal Causal Sequence Output: V (i.e. violation occurs) V

12 Minimal Causal Sequence Controller A Controller B Controller C Switch 1 Switch 2 Switch3 Switch 4 Switch 5 Switch 6 Switch 7 Switch 8 Switch 9 ? …

13 Minimal Causal Sequence Master Backup Ping Pong Ping Blackhole persists! Crash Link Failure Notify Switch ACK Notify Master

14 Outline What are we trying to do? How do we do it? Does it work?

15 Where Bugs are Found Symptoms found: On developer’s local machine (unit and integration tests)

16 Where Bugs are Found Symptoms found: On developer’s local machine (unit and integration tests) In production environment

17 Where Bugs are Found Symptoms found: On developer’s local machine (unit and integration tests) In production environment On quality assurance testbed

18 Approach: Delta Debugging 1 Replay 1. A. Zeller et al. Simplifying and Isolating Failure-Inducing Input. IEEE TSE ’02 ✔ ✗ ?

19 Approach: Modify Testbed Controller 1Controller N Test Coordinator QA Testbed Control Software

20 Testbed Observables Invariant violation detected by testbed Event Sequence: External events (link failures, host migrations,..) injected by testbed Internal events (message deliveries) observed by testbed (incomplete)

21 Approach: Delta Debugging 1 Replay 1. A. Zeller et al. Simplifying and Isolating Failure-Inducing Input. IEEE TSE ’02 ✔ ✗ ? Events (link failures, crashes, host migrations) injected by test orchestrator

22 Key Point Must Carefully Schedule Replay Events To Achieve Minimization!

23 Challenges Asynchrony Divergent execution Non-determinism

24 Challenge: Asynchrony Asynchrony definition: No fixed upper bound on relative speed of processors No fixed upper bound on time for messages to be delivered Dwork & Lynch. Consensus in the Presence of Partial Synchrony. JACM ‘88

25 Challenge: Asynchrony Need to maintain original event order Master Backup Ping Pong Ping Crash Link Failure port_status Switch ACK port_status Master Timeout Blackhole persists!

26 Challenge: Asynchrony Master Backup Ping Pong Ping Link Failure port_status Switch Master Timeout Blackhole avoided! New Routing Table! Crash Need to maintain original event order

27 Coping with Asynchrony Use interposition to maintain causal dependencies

28 Challenge: Divergence Asynchrony Divergent execution Syntactic Changes Absent Events Unexpected Events Non-determinism

29 Divergence: Absent Internal Events Prune Earlier Input.. Master Backup Ping Pong Ping Crash Link Failure Notify Switch ACK Notify Master Policy change Host Migration

30 Divergence: Absent Internal Events Master Backup Ping Pong Ping Crash Link Failure Notify Switch Master Some Events No Longer Appear Policy change Host Migration

31 Solution: Peek Ahead Master Backup Crash Link FailureSwitch Ping Notify Host Migration Ping Pong Infer which internal events will occur Master Policy change

32 Challenge: Non-determinism Asynchrony Divergent execution Non-determinism

33 Coping With Non-Determinism Replay multiple times per subsequence Assuming i.i.d., probability of not finding bug modeled by: If not i.i.d., override gettimeofday(), multiplex sockets, interpose on logging statements

34 Approach Recap Replay events in QA testbed Apply delta debugging to inputs Asynchrony: interpose on messages Divergence: infer absent events Non-determinism: replay multiple times

35 Outline What are we trying to do? How do we do it? Does it work?

36 Evaluation Methodology Evaluate on 5 open source SDN controllers (Floodlight, NOX, POX, Frenetic, ONOS) Quantify minimization for: Synthetic bugs Bugs found in the wild Qualitatively relay experience troubleshooting with MCSes

37 Case Studies Not replayable Discovered BugsKnown Bugs Synthetic Bugs Substantial minimization except for 1 case Conservative input sizes 17 case studies total (m) 1596719 (n)

38 Comparison to Naïve Replay Naïve replay: ignore internal events Naïve replay often not able to replay at all 5 / 7 discovered bugs not replayable 1 / 7 synthetic bugs not replayable Naïve replay did better in one case 2 event MCS vs. 7 event MCS with our techniques

39 Qualitative Results 15 / 17 MCSes useful for debugging 1 non-replayable case (not surprising) 1 misleading MCS (expected)

40 Related Work

41 Conclusion Possible to automatically minimize execution traces for SDN control software System (23K+ lines of Python) evaluated on 5 open source SDN controllers (Floodlight, NOX, POX, Frenetic, ONOS) and one proprietary controller Currently generalizing, formalizing approach ucb-sts.github.com/sts/

42 Backup

43 Related work Thread Schedule Minimization Isolating Failure-Inducing Thread Schedules. SIGSOFT ’02. A Trace Simplification Technique for Effective Debugging of Concurrent Programs. FSE ’10. Program Flow Analysis Enabling Tracing of Long-Running Multithreaded Programs via Dynamic Execution Reduction. ISSTA ’07. Toward Generating Reducible Replay Logs. PLDI ’11. Best-Effort Replay of Field Failures A Technique for Enabling and Supporting Debugging of Field Failures. ICSE ’07. Triage: Diagnosing Production Run Failures at the User’s Site. SOSP ’07.

44 Bugs are costly and time consuming Software bugs cost US economy $59.5 Billion in 2002 [1] Developers spend ~50% of their time debugging [2] Best developers devoted to debugging 1.National Institute of Standards and Technology 2002 Annual Report 2.P. Godefroid et al., Concurrency at Microsoft- An Exploratory Study. CAV ‘08

45 Ongoing work Formal analysis of approach Apply to other distributed systems (databases, consensus protocols) Investigate effectiveness of various interposition points Integrate STS into ONOS (ON.Lab) development workflow

46 Scalability

47 Case Studies Discovered BugsKnown Bugs Synthetic Bugs Not replayable inflated non-replayablemisleading (expected) Techniques provide notable benefit vs. naïve replay 15 / 17 MCSes useful for debugging

48 Case Studies

49 Runtime

50 Coping with Non-Determinism

51 Replay Requirements Need to maintain original happens-before relation Includes internal events Message Deliveries State Transitions

52 Naïve Replay Approach t 1 t 2 t 3 t 4 t 5 t 6 t 7 t 8 t 9 t 10 Schedule events according to wall-clock time

53 Complexity Best CaseWorst Case -Delta Debugging: (log n) replays -Each replay: O(n) events -Total: (nlog n) -Delta Debugging: O(n) replays -Each replay: O(n) events -Total: O(n 2 )

54 Assumptions of Delta Debugging

55 Local vs. Global Minimality

56 Forensic Analysis of Production Logs  Logs need to capture causality: Lamport Clocks or accurate NTP  Need clear mapping between input/internal events and simulated events  Must remove redundantly logged events  Might employ causally consistent snapshots to cope with length of logs

57 Instrumentation Complexity  Code to override gettimeofday(), interpose on logging statements, and multiplex sockets:  415 LOC for POX (Python)  722 LOC for Floodlight (Java )

58 Improvements Many improvements: Parallelize delta debugging Smarter delta debugging time splits Apply program flow analysis to further prune Compress time (override gettimeofday)

59 Divergence: Syntactic Changes Prune Earlier Input.. Master Backup Ping Seq=3 Pong Seq=4 Ping Seq=5 Crash Link Failure port_status xid=12 Switch ACK port_status xid=13 Master Timeout

60 Divergence: Syntactic Changes Sequence Numbers Differ! Master Backup Ping Seq= 2 Pong Seq= 3 Ping Seq= 4 Crash Link Failure port_status xid= 11 Switch port_status xid= 12 Master Timeout ACK

61 Solution: Equivalence Classes Mask Over Extraneous Fields

62 Solution: Peek ahead

63 Divergence: Unexpected Events Prune Input.. Master Backup Ping Pong Switch Ping … Crash Master

64 Divergence: Unexpected Events Unexpected Events Appear Master Backup Ping Pong Switch Ping … Crash Master LLDP

65 Solution: Emperical Heuristic Theory: Divergent paths  Exponential possibilities Practice: Allow unexpected events through

Download ppt "Colin Scott, Andreas Wundsam, Barath Raghavan, Aurojit Panda, Andrew Or, Jefferson Lai, Eugene Huang, Zhi Liu, Ahmed El-Hassany, Sam Whitlock, Hrishikesh."

Similar presentations

Remus: High Availability via Asynchronous Virtual Machine Replication

Remus: High Availability via Asynchronous Virtual Machine Replication
Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.

Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.
D u k e S y s t e m s Time, clocks, and consistency and the JMM Jeff Chase Duke University.

D u k e S y s t e m s Time, clocks, and consistency and the JMM Jeff Chase Duke University.
Testing Concurrent/Distributed Systems Review of Final CEN 5076 Class 14 – 12/05.

Testing Concurrent/Distributed Systems Review of Final CEN 5076 Class 14 – 12/05.
HP Quality Center Overview.

HP Quality Center Overview.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
CHESS: A Systematic Testing Tool for Concurrent Software CSCI6900 George.

CHESS: A Systematic Testing Tool for Concurrent Software CSCI6900 George.
Statistical Approaches for Finding Bugs in Large-Scale Parallel Systems Leonardo R. Bachega.

Statistical Approaches for Finding Bugs in Large-Scale Parallel Systems Leonardo R. Bachega.
Troubleshooting SDN Control Software with Minimal Causal Sequences COLIN SCOTT, ANDREAS WUNDSAM, BARATH RAGHAVANAUROJIT PANDA, ANDREW OR, JEFFERSON LAI,EUGENE.

Troubleshooting SDN Control Software with Minimal Causal Sequences COLIN SCOTT, ANDREAS WUNDSAM, BARATH RAGHAVANAUROJIT PANDA, ANDREW OR, JEFFERSON LAI,EUGENE.
EEC 688/788 Secure and Dependable Computing Lecture 12 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 12 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Virtual Synchrony Jared Cantwell. Review Multicast Causal and total ordering Consistent Cuts Synchronized clocks Impossibility of consensus Distributed.

Virtual Synchrony Jared Cantwell. Review Multicast Causal and total ordering Consistent Cuts Synchronized clocks Impossibility of consensus Distributed.
Continuously Recording Program Execution for Deterministic Replay Debugging.

Continuously Recording Program Execution for Deterministic Replay Debugging.
Transaction Processing Lecture 2005 09 22 ACID 2 phase commit.

Transaction Processing Lecture ACID 2 phase commit.
CMPT 431 Dr. Alexandra Fedorova Lecture VIII: Time And Global Clocks.

CMPT 431 Dr. Alexandra Fedorova Lecture VIII: Time And Global Clocks.
CS 290C: Formal Models for Web Software Lecture 10: Language Based Modeling and Analysis of Navigation Errors Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 10: Language Based Modeling and Analysis of Navigation Errors Instructor: Tevfik Bultan.
EEC 688/788 Secure and Dependable Computing Lecture 12 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 12 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
DISTRIBUTED CONSISTENCY MANAGEMENT IN A SINGLE ADDRESS SPACE DISTRIBUTED OPERATING SYSTEM Sombrero.

DISTRIBUTED CONSISTENCY MANAGEMENT IN A SINGLE ADDRESS SPACE DISTRIBUTED OPERATING SYSTEM Sombrero.
Statistical Debugging: A Tutorial Steven C.H. Hoi Acknowledgement: Some slides in this tutorial were borrowed from Chao Liu at UIUC.

Statistical Debugging: A Tutorial Steven C.H. Hoi Acknowledgement: Some slides in this tutorial were borrowed from Chao Liu at UIUC.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 12 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 12 Wenbing Zhao Department of Electrical and Computer Engineering.
1 Principles of Reliable Distributed Systems Lecture 5: Failure Models, Fault-Tolerant Broadcasts and State-Machine Replication Spring 2005 Dr. Idit Keidar.

1 Principles of Reliable Distributed Systems Lecture 5: Failure Models, Fault-Tolerant Broadcasts and State-Machine Replication Spring 2005 Dr. Idit Keidar.

Similar presentations

Ads by Google