Pretend synchrony: synchronous verification of asynchronous distributed programs

Gleissenthall, Klaus v.; Kıcı, Rami Gökhan; Bakst, Alexander; Stefan, Deian; Jhala, Ranjit

doi:10.1145/3290372

Cited by 53 publications

(40 citation statements)

References 60 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…More importantly, our framework opens the door for applying more advanced techniques such as abstraction [Ball et al 2001;Clarke et al 2003] and reduction [Cohen and Lamport 1998;Lipton 1975]. Reductions were shown to be efficient for special classes of fault-tolerant distributed algorithms by [Damian et al 2019;Konnov et al 2017b;von Gleissenthall et al 2019]. We are going to explore similar techniques, in order to check complex TLA + specifications of Raft by [Ongaro 2014], Disk Paxos [Gafni and Lamport 2003], and Egalitarian Paxos by [Moraru et al 2013].…”

Section: Discussionmentioning

confidence: 99%

“…Several projects on proving correctness of distributed algorithms with interactive theorem provers were conducted by [Hawblitzel et al 2017], [Wilcox et al 2015], [Rahli et al 2017], [Sergey et al 2018], [Azmy et al 2018], and[von Gleissenthall et al 2019]. Although, guarantees provided by such proofs are much stronger, they demand a different level of verification efforts.…”

Section: Interactive Theorem Provers and Smtmentioning

confidence: 99%

See 1 more Smart Citation

TLA+ model checking made symbolic

Konnov

Kukovec²,

Tran³

2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

TLA + is a language for formal specification of all kinds of computer systems. System designers use this language to specify concurrent, distributed, and fault-tolerant protocols, which are traditionally presented in pseudo-code. TLA + is extremely concise yet expressive: The language primitives include Booleans, integers, functions, tuples, records, sequences, and sets thereof, which can be also nested. This is probably why the only model checker for TLA + (called TLC) relies on explicit enumeration of values and states. In this paper, we present APALACHE Ð a first symbolic model checker for TLA +. Like TLC, it assumes that all specification parameters are fixed and all states are finite structures. Unlike TLC, APALACHE translates the underlying transition relation into quantifier-free SMT constraints, which allows us to exploit the power of SMT solvers. Designing this translation is the central challenge that we address in this paper. Our experiments show that APALACHE outperforms TLC on examples with large state spaces. CCS Concepts: • Theory of computation → Logic and verification; • Software and its engineering → Model checking; Specification languages.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Interactive Theorem Provers and Smtmentioning

confidence: 99%

TLA+ model checking made symbolic

Konnov

Kukovec²,

Tran³

2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…Reduction recently received an increasing interest for verification purpose, e.g. by Kragl et al [11], or Gleissenthal et al [15].…”

Section: Concluding Remarks and Related Workmentioning

confidence: 99%

On the k-synchronizability of Systems

Giusto

Laversa

Lozes

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Asynchronous bounded or unbounded message passing is ubiquitous in communication-centric systems. When modelling distributed scenarios, it is important to understand whether buffers are bounded or not. In this paper, we work on the notion of k-synchronizability: a system is k-synchronizable if any of its executions, up to reordering causally independent actions, can be divided into a succession of k-bounded interaction phases. We show two results: first, the reachability problem is decidable for k-synchronizable systems; second, the membership problem (whether a given system is k-synchronizable) is decidable as well. Our proofs fix several important issues in previous attempts to prove these two results.

show abstract

“…More recently, Atkey [2017] adds external communication to classical processes, with a focus on the external high-level behavior, bringing the abstraction level closer to our goals for F R . v. Gleissenthall et al [2019] extracts typical communication structures from programs with only minimal annotations, and generates a synchronous model for those communications for which proofs apply to the original asynchronous program. This extraction fits the synchronous model of F R , so future could apply their analysis.…”

Section: Formal Models For Concurrent and Distributed Computationsmentioning

confidence: 99%

A fault-tolerant programming model for distributed interactive applications

Mogk

Drechsler

Salvaneschi

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Ubiquitous connectivity of web, mobile, and IoT computing platforms has fostered a variety of distributed applications with decentralized state. These applications execute across multiple devices with varying reliability and connectivity. Unfortunately, there is no declarative fault-tolerant programming model for distributed interactive applications with an inherently decentralized system model. We present a novel approach to automating fault tolerance using high-level programming abstractions tailored to the needs of distributed interactive applications. Specifically, we propose a calculus that enables formal reasoning about applications' dataflow within and across individual devices. Our calculus reinterprets the functional reactive programming model to seamlessly integrate its automated state change propagation with automated crash recovery of device-local dataflow and disconnection-tolerant distribution with guaranteed automated eventual consistency semantics based on conflict-free replicated datatypes. As a result, programmers are relieved of handling intricate details of distributing change propagation and coping with distribution failures in the presence of interactivity. We also provides proofs of our claims, an implementation of our calculus, and an empirical evaluation using a common interactive application. CCS Concepts: • Theory of computation → Distributed computing models; • Software and its engineering → Software fault tolerance; Data flow languages.

show abstract

Pretend synchrony: synchronous verification of asynchronous distributed programs

Cited by 53 publications

References 60 publications

TLA+ model checking made symbolic

TLA+ model checking made symbolic

On the k-synchronizability of Systems

A fault-tolerant programming model for distributed interactive applications

Contact Info

Product

Resources

About