Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MetaData storage specification #42

Merged
merged 6 commits into from May 6, 2019
Merged

MetaData storage specification #42

merged 6 commits into from May 6, 2019

Conversation

andrershov
Copy link
Contributor

This PR adds metadata storage specification to prove that the way our storage layer underlying Zen2 implementation works correctly.
This specification does no model multipath, only a single data path is modeled.

DaveCTurner
DaveCTurner requested changes Apr 28, 2019
View reviewed changes
Copy link
Contributor

@DaveCTurner DaveCTurner left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

I suggest modelling the existence of files using the domain of metadata and manifest rather than using -1 sentinels: DaveCTurner@937a7b8

This would also means you could remove steps and limit the model size with a constraint like newMeta < 4. (Also, this should really be a state constraint not an action constraint).

(edit: I suggested newMeta < 4 /\ newManifest < 4 but in fact the newMeta constraint is enough)

@andrershov
Copy link
Contributor Author

@DaveCTurner thanks for your review! Modelling with domains looks much nicer. However, I'm not sure if we can avoid steps constraint. I've tried newMeta < 4 /\ newManifest < 4 and seems that the model is hanging.
In fact, the model can take the infinite number of execution steps without incrementing newMeta using the following execution path writeMeta -> writeMetaFail -> deleteMeta -> writeMeta -> writeMetaFail -> deleteMeta...

@DaveCTurner
Copy link
Contributor

In fact, the model can take the infinite number of execution steps without incrementing newMeta using the following execution path...

This is true, but if you remove steps then the state space becomes finite. An infinite path through a finite state space can be checked in finite time, because the model checker deduplicates its states.

@andrershov
Copy link
Contributor Author

@DaveCTurner thanks for your explanation, the reason why the model was running indefinitely is that I forgot to remove steps variable from the model and the number of states was infinite. Fixed by this commit d1346d7 .
I'm not sure if we shall commit the buggy version or correct implemented version to the repository. I think it's better to commit the correct implemented version.

@andrershov
Copy link
Contributor Author

@DaveCTurner I've made a change to the specification by splitting deleteNew and deleteOld into separately deleting manifest and metadata files, which makes clearer in my opinion. Ready for the next pass.

DaveCTurner
DaveCTurner approved these changes May 6, 2019
View reviewed changes
Copy link
Contributor

@DaveCTurner DaveCTurner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@andrershov andrershov merged commit ca30663 into elastic:master May 6, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DaveCTurner DaveCTurner DaveCTurner approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@andrershov @DaveCTurner