Safe replication through bounded concurrency verification

Kaki, Gowtham; Earanky, Kapil; Sivaramakrishnan, KC; Jagannathan, Suresh

doi:10.1145/3276534

Cited by 26 publications

(22 citation statements)

References 35 publications

(51 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…A final interesting remark is that we can show how our methodology can aid in the verification of distributed objects mediated by concurrency control. Some works [16,17,26,27] have considered this problem from the standpoint of synthesis, or from the point of view of which mechanisms can be used to check a certain property of the system.…”

Section: Related Workmentioning

confidence: 99%

Proving the Safety of Highly-Available Distributed Objects

Nair¹,

Petri

Shapiro³

2020

Programming Languages and Systems

View full text Add to dashboard Cite

To provide high availability in distributed systems, object replicas allow concurrent updates. Although replicas eventually converge, they may diverge temporarily, for instance when the network fails. This makes it difficult for the developer to reason about the object's properties, and in particular, to prove invariants over its state. For the subclass of state-based distributed systems, we propose a proof methodology for establishing that a given object maintains a given invariant, taking into account any concurrency control. Our approach allows reasoning about individual operations separately. We demonstrate that our rules are sound, and we illustrate their use with some representative examples. We automate the rule using Boogie, an SMT-based tool.

show abstract

Section: Related Workmentioning

confidence: 99%

Proving the Safety of Highly-Available Distributed Objects

Nair¹,

Petri

Shapiro³

2020

Programming Languages and Systems

View full text Add to dashboard Cite

show abstract

“…Verifying applications under weak consistency has received significant attention in recent years. A number of efforts [2,19,23,25,38] have looked at the problem of verifying arbitrary safety invariants while others have considered verification with respect to distributed database applications and specific high-level transactional properties [5][6][7]10,30,35]. These results are orthogonal to the work described here, since neither consider the question of safely migrating performant concurrent libraries to a replicated environment.…”

Section: Related Work and Conclusionmentioning

confidence: 99%

Semantics, Specification, and Bounded Verification of Concurrent Libraries in Replicated Systems

Nagar

Mukherjee

Jagannathan

2020

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

Geo-replicated systems provide a number of desirable properties such as globally low latency, high availability, scalability, and built-in fault tolerance. Unfortunately, programming correct applications on top of such systems has proven to be very challenging, in large part because of the weak consistency guarantees they offer. These complexities are exacerbated when we try to adapt existing highly-performant concurrent libraries developed for shared-memory environments to this setting. The use of these libraries, developed with performance and scalability in mind, is highly desirable. But, identifying a suitable notion of correctness to check their validity under a weakly consistent execution model has not been well-studied, in large part because it is problematic to naïvely transplant criteria such as linearizability that has a useful interpretation in a shared-memory context to a distributed one where the cost of imposing a (logical) global ordering on all actions is prohibitive. In this paper, we tackle these issues by proposing appropriate semantics and specifications for highly-concurrent libraries in a weakly-consistent, replicated setting. We use these specifications to develop a static analysis framework that can automatically detect correctness violations of library implementations parameterized with respect to the different consistency policies provided by the underlying system. We use our framework to analyze the behavior of a number of highly non-trivial library implementations of stacks, queues, and exchangers. Our results provide the first demonstration that automated correctness checking of concurrent libraries in a weakly geo-replicated setting is both feasible and practical.

show abstract

“…In general, behaviorally stable consistency policies do not consider the context in which events occur, but instead rely only on observable behavior of the events to constrain their ordering. A simple example of a consistency policy which is not behaviorally stable is a policy which maintains bounded concurrency [12] by limiting the number of concurrent operations across all replicas to a fixed bound. Such a policy would synchronize two events only if they occur in a context where keeping them concurrent would violate the bound, but behaviorally equivalent events in a different context may not be synchronized.…”

Section: Automated Verificationmentioning

confidence: 99%

“…A number of earlier efforts [2,21,10,12,11] have looked at the problem of verifying state-based invariants in distributed applications. These techniques typically target applications built using CRDTs, and assume their underlying correctness.…”

Section: Related Work and Conclusionmentioning

confidence: 99%

Automated Parameterized Verification of CRDTs

Nagar

Jagannathan

2019

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

Maintaining multiple replicas of data is crucial to achieving scalability, availability and low latency in distributed applications. Conflict-free Replicated Data Types (CRDTs) are important building blocks in this domain because they are designed to operate correctly under the myriad behaviors possible in a weakly-consistent distributed setting. Because of the possibility of concurrent updates to the same object at different replicas, and the absence of any ordering guarantees on these updates, convergence is an important correctness criterion for CRDTs. This property asserts that two replicas which receive the same set of updates (in any order) must nonetheless converge to the same state. One way to prove that operations on a CRDT converge is to show that they commute since commutative actions by definition behave the same regardless of the order in which they execute. In this paper, we present a framework for automatically verifying convergence of CRDTs under different weak-consistency policies. Surprisingly, depending upon the consistency policy supported by the underlying system, we show that not all operations of a CRDT need to commute to achieve convergence. We develop a proof rule parameterized by a consistency specification based on the concepts of commutativity modulo consistency policy and non-interference to commutativity. We describe the design and implementation of a verification engine equipped with this rule and show how it can be used to provide the first automated convergence proofs for a number of challenging CRDTs, including sets, lists, and graphs.

show abstract

Safe replication through bounded concurrency verification

Cited by 26 publications

References 35 publications

Proving the Safety of Highly-Available Distributed Objects

Proving the Safety of Highly-Available Distributed Objects

Semantics, Specification, and Bounded Verification of Concurrent Libraries in Replicated Systems

Automated Parameterized Verification of CRDTs

Contact Info

Product

Resources

About