A Rigorous Correctness Proof for Pastry

Azmy, Noran; Merz, Stephan; Weidenbach, Christoph

doi:10.1007/978-3-319-33600-8_5

Cited by 9 publications

(13 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One can use a model checker to help catch errors before attempting any proof. TLA + has been used in a large number of projects such as [43,31,15,50,51,8,7] to cite only a few. At its current stage, TLAPS allows one to prove safety properties (the safety property of a variant of Paxos has been verified using TLAPS) but not liveness/non-blocking properties (we have not yet proved such properties either).…”

Section: Event-b Event-b [1]mentioning

confidence: 99%

EventML: Specification, verification, and implementation of crash-tolerant state machine replication systems

Rahli

Guaspari²,

Bickford

et al. 2017

Science of Computer Programming

View full text Add to dashboard Cite

Distributed programs are known to be extremely difficult to implement, test, verify, and maintain. This is due in part to the large number of possible unforeseen interactions among components, and to the difficulty of precisely specifying what the programs should accomplish in a formal language that is intuitively clear to the programmers. We discuss here a methodology that has proven itself in building a state of the art implementation of Multi-Paxos and other distributed protocols used in a deployed database system. This article focuses on the logical foundations as well as the basic ideas of formal EventML programming, illustrated by implementing a fault-tolerant consensus protocol and showing how we prove its safety properties with the Nuprl proof assistant.

show abstract

Section: Event-b Event-b [1]mentioning

confidence: 99%

EventML: Specification, verification, and implementation of crash-tolerant state machine replication systems

Rahli

Guaspari²,

Bickford

et al. 2017

Science of Computer Programming

View full text Add to dashboard Cite

show abstract

“…is a formal specification language that is mainly intended for modeling concurrent and distributed algorithms and systems, and that has successfully been used in academic and industrial environments [3,7,13]. It is based on untyped Zermelo-Fraenkel set theory for modeling the data manipulated by the system, and on the Temporal Logic of Actions, a variant of linear-time temporal logic, for describing executions.…”

Section: The Tlamentioning

confidence: 99%

Proving Determinacy of the PharOS Real-Time Operating System

Azaiez

Doligez

Lemerre

et al. 2016

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Executions in the PharOS real-time system are deterministic in the sense that the sequence of local states for every process is independent of the order in which processes are scheduled. The essential ingredient for achieving this property is that a temporal window of execution is associated with every instruction. Messages become visible to receiving processes only after the time window of the sending message has elapsed. We present a high-level model of PharOS in TLA + and formally state and prove determinacy using the TLA + Proof System.

show abstract

“…It was later extended to TLA + [18], which provides the user with a concrete syntax for writing expressions over sets, functions, integers, sequences, etc. TLA + does not fix a model of computation, and thus it found applications in the design of concurrent and distributed systems, e.g., see [12,23,24,22,2].…”

Section: Introductionmentioning

confidence: 99%

Extracting symbolic transitions from TLA+ specifications

Kukovec

Tran

Konnov

2020

Science of Computer Programming

View full text Add to dashboard Cite

In TLA + , a system specification is written as a logical formula that restricts the system behavior. As a logic, TLA + does not have assignments and other imperative statements that are used by model checkers to compute the successor states of a system state. Model checkers compute successors either explicitly-by evaluating program statementsor symbolically-by translating program statements to an SMT formula and checking its satisfiability. To efficiently enumerate the successors, TLA's model checker TLC introduces side effects. For instance, an equality x = e is interpreted as an assignment of e to the yet unbound variable x. Inspired by TLC, we introduce an automatic technique for discovering expressions in TLA + formulas such as x = e and x ∈ {e1,. .. , e k } that can be provably used as assignments. In contrast to TLC, our technique does not explicitly evaluate expressions, but it reduces the problem of finding assignments to the satisfiability of an SMT formula. Hence, we give a way to slice a TLA + formula in symbolic transitions, which can be used as an input to a symbolic model checker. Our prototype implementation successfully extracts symbolic transitions from a few TLA + benchmarks.

show abstract

A Rigorous Correctness Proof for Pastry

Cited by 9 publications

References 9 publications

EventML: Specification, verification, and implementation of crash-tolerant state machine replication systems

EventML: Specification, verification, and implementation of crash-tolerant state machine replication systems

Proving Determinacy of the PharOS Real-Time Operating System

Extracting symbolic transitions from TLA+ specifications

Contact Info

Product

Resources

About