Formal Specification, Verification, and Implementation of Fault-Tolerant Systems using EventML

Rahli, Vincent; Guaspari, David; Bickford, Mark; Constable, Robert L.

doi:10.14279/tuj.eceasst.72.1013

Cited by 4 publications

(4 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The blue parts of the diagram constitute node-local instantiations of the TPC modules invoked by the nodes to handle the consensus process. As noted by Sergey et al [35], clients of core consensus protocols have not received much focus from other major verification efforts [7,30,40].…”

Section: A Replicated Logmentioning

confidence: 99%

“…EventML [30,31] is a functional language in the ML family that can be used for coding distributed protocols using high-level combinators from the Logic of Events, and verify them in the Nuprl interactive theorem prover. It is not quite clear how modular reasoning works, since one works within the model, however, the notion of a central main observer is akin to our distinguished system node.…”

Section: Related Workmentioning

confidence: 99%

“…In particular, in the context of model checking, where safety and liveness assertions [29] are considered, tools such as SPIN [9], TLA+ [23], and Mace [17] have been developed. More recently, significant contributions have been made in the field of formal proofs of implementations of challenging protocols, such as two-phase-commit, lease-based key-value stores, Paxos, and Raft [7,25,30,35,40]. All of these developments define domain specific languages (DSLs) specialized for distributed systems verification.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Aneris: A Mechanised Logic for Modular Reasoning about Distributed Systems

Gregersen¹

2021

Preprint

View full text Add to dashboard Cite

Building network-connected programs and distributed systems is a powerful way to provide scalability and availability in a digital, always-connected era. However, with great power comes great complexity. Reasoning about distributed systems is well-known to be difficult. In this paper we present Aneris, a novel framework based on separation logic supporting modular, node-local reasoning about concurrent and distributed systems. The logic is higher-order, concurrent, with higherorder store and network sockets, and is fully mechanized in the Coq proof assistant. We use our framework to verify an implementation of a load balancer that uses multi-threading to distribute load amongst multiple servers and an implementation of the two-phase-commit protocol with a replicated logging service as a client. The two examples certify that Aneris is well-suited for both horizontal and vertical modular reasoning.

show abstract

Section: A Replicated Logmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Aneris: A Mechanised Logic for Modular Reasoning about Distributed Systems

Gregersen¹

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…We are not aware of works based on interactive theorem provers that verified protocols with complex thresholds as we do in this work (although doing so is of course possible). However, many works used interactive theorem provers to verify related protocols, e.g., [43,37,26,35,11,36] (the most related protocols use either n 2 or 2n 3 as the only thresholds, other protocols do not involve any thresholds). The downside of verification using interactive theorem provers is that it requires tremendous human efforts and skills.…”

Section: Related Workmentioning

confidence: 99%

Verification of Threshold-Based Distributed Algorithms by Decomposition to Decidable Logics

Berkovits

Lazić

Losa

et al. 2019

Computer Aided Verification

View full text Add to dashboard Cite

Verification of fault-tolerant distributed protocols is an immensely difficult task. Often, in these protocols, thresholds on set cardinalities are used both in the process code and in its correctness proof, e.g., a process can perform an action only if it has received an acknowledgment from at least half of its peers. Verification of threshold-based protocols is extremely challenging as it involves two kinds of reasoning: first-order reasoning about the unbounded state of the protocol, together with reasoning about sets and cardinalities. In this work, we develop a new methodology for decomposing the verification task of such protocols into two decidable logics: EPR and BAPA. Our key insight is that such protocols use thresholds in a restricted way as a means to obtain certain properties of "intersection" between sets. We define a language for expressing such properties, and present two translations: to EPR and BAPA. The EPR translation allows verifying the protocol while assuming these properties, and the BAPA translation allows verifying the correctness of the properties. We further develop an algorithm for automatically generating the properties needed for verifying a given protocol, facilitating fully automated deductive verification. Using this technique we have verified several challenging protocols, including Byzantine one-step consensus, hybrid reliable broadcast and fast Byzantine Paxos.

show abstract