/elasticsearch-formal-models

Formal models of core Elasticsearch algorithms
  1. Isabelle 72.8%
  2. TLA 26.9%
  3. TeX 0.3%
Switch branches/tags
Nothing to show
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching Xcode...

If nothing happens, download Xcode and try again.

Launching Visual Studio...

If nothing happens, download the GitHub extension for Visual Studio and try again.

Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
ReplicaEngine/tla Translate ReplicaEngine model from PlusCal code Mar 28, 2018
ZenWithTerms/tla Cosmetic changes to ZenWithTerms (#37) Jul 20, 2018
cluster [cluster/tla] Don't remove messages from the message set (#25) Jan 9, 2018
data/tla Move TLA+ models to tla subdirectory (#9) Nov 23, 2017
.gitignore Zen with terms (#30) Apr 5, 2018
LICENSE Add Apache License to repository Jan 29, 2018
README.md Update README (#31) Apr 16, 2018

README.md

Formal models of core Elasticsearch algorithms

This repository contains formal models of core Elasticsearch algorithms and is directly related to ongoing implementation efforts around data replication and cluster consensus. We consider this work-in-progress: Models as well as implementations are still evolving and might differ in substantial ways. The formal models mainly serve to illustrate some of the high-level concepts and help to validate resiliency-related aspects.

Models

Data replication

The data replication model consists of two files:

Cluster consensus

The cluster consensus TLA+ model consists of two files:

The cluster consensus Isabelle model consists of the following theories:

Replica engine

A TLA+ model of how the engine handles replication requests.

Zen with terms

An alternative idea for improving the consistency of cluster state updates, effectively by adding the notion of a term to the existing Zen algorithm.

How to edit/run TLA+:

How to run the model checker in headless mode:

  • Download tla2tools.jar
  • Run the model checker once in TLA+ Toolbox on desktop (can be aborted once started). This generates the folder elasticsearch.toolbox/model/ that contains all model files that are required to run the model checker in headless mode.
  • Copy the above folder and tla2tools.jar to the server running in headless mode.
  • cd to the folder and run java -Xmx30G -cp ../tla2tools.jar tlc2.TLC MC -deadlock -workers 12. The setting -Xmx30G denotes the amount of memory to allocate to the model checker and -workers 12 the number of worker threads (should be equal to the number of cores on machine). The setting -deadlock ensures that TLC explores the full reachable state space, not searching for deadlocks.