Mace

Killian, Charles; Anderson, James W.; Braud, Ryan; Jhala, Ranjit; Vahdat, Amin

doi:10.1145/1250734.1250755

Cited by 113 publications

(6 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Formal specification and verification of distributed systems and algorithms has been carried out by means of model checking [Holzmann 1997;Killian et al 2007;Lamport 1992;Pnueli 1977] and, more recently, using a variety of program logics: Disel [Sergey et al 2018] is a Hoare Type Theory for distributed program verification in Coq with ideas from separation logic. IronFleet [Hawblitzel et al 2015] allows for building provably correct distributed systems by combining TLA-style statemachine refinement with Hoare-logic verification in a layered approach, all embedded in Dafny [Leino 2010].…”

Section: Related Workmentioning

confidence: 99%

Distributed causal memory: modular specification and verification in higher-order distributed separation logic

Gondelman

Gregersen

Nieto

et al. 2021

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

We present the first specification and verification of an implementation of a causally-consistent distributed database that supports modular verification of full functional correctness properties of clients and servers. We specify and reason about the causally-consistent distributed database in Aneris, a higher-order distributed separation logic for an ML-like programming language with network primitives for programming distributed systems. We demonstrate that our specifications are useful, by proving the correctness of small, but tricky, synthetic examples involving causal dependency and by verifying a session manager library implemented on top of the distributed database. We use Aneris's facilities for modular specification and verification to obtain a highly modular development, where each component is verified in isolation, relying only on the specifications (not the implementations) of other components. We have used the Coq formalization of the Aneris logic to formalize all the results presented in the paper in the Coq proof assistant.

show abstract

Section: Related Workmentioning

confidence: 99%

Distributed causal memory: modular specification and verification in higher-order distributed separation logic

Gondelman

Gregersen

Nieto

et al. 2021

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…A benefit of using model-checking frameworks is that they allow to state both safety and liveness assertions as LTL assertions [29]. Mace [17] provides a suite for building and model-checking distributed systems with asynchronous protocols, including liveness conditions. Chapar [25] allows for model-checking of programs that use causally consistent distributed key-value stores.…”

Section: Related Workmentioning

confidence: 99%

“…This is largely the reason why previous work has traditionally focused on verification of protocols of core network components. In particular, in the context of model checking, where safety and liveness assertions [29] are considered, tools such as SPIN [9], TLA+ [23], and Mace [17] have been developed. More recently, significant contributions have been made in the field of formal proofs of implementations of challenging protocols, such as two-phase-commit, lease-based key-value stores, Paxos, and Raft [7,25,30,35,40].…”

Section: Introductionmentioning

confidence: 99%

Aneris: A Mechanised Logic for Modular Reasoning about Distributed Systems

Krogh-Jespersen

Timany

Ohlenbusch

et al. 2020

Programming Languages and Systems

View full text Add to dashboard Cite

Building network-connected programs and distributed systems is a powerful way to provide scalability and availability in a digital, always-connected era. However, with great power comes great complexity. Reasoning about distributed systems is well-known to be difficult. In this paper we present Aneris, a novel framework based on separation logic supporting modular, node-local reasoning about concurrent and distributed systems. The logic is higher-order, concurrent, with higherorder store and network sockets, and is fully mechanized in the Coq proof assistant. We use our framework to verify an implementation of a load balancer that uses multi-threading to distribute load amongst multiple servers and an implementation of the two-phase-commit protocol with a replicated logging service as a client. The two examples certify that Aneris is well-suited for both horizontal and vertical modular reasoning.

show abstract

“…Distributed Environments A plethora of systems assist in the construction of distributed software. At one end of the spectrum, distributed operating systems [4,22,58,64,67,69,72,73,76,89] and programming languages [25,43,77,88] provide a significant amount of flexibility in the resulting application. However, they involve significant manual effort using the provided abstractions, which are strongly coupled with the underlying operating or runtime system.…”

Section: Related Workmentioning

confidence: 99%

Ignis: scaling distribution-oblivious systems with light-touch distribution

Vasilakis

Karel

Palkhiwala

et al. 2019

Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

Distributed systems offer notable benefits over their centralized counterparts. Reaping these benefits, however, requires burdensome developer effort to identify and rewrite bottlenecked components. Light-touch distribution is a new approach that converts a legacy system into a distributed one using automated transformations. Transformations operate at the boundaries of bottlenecked modules and are parametrizable by light distribution recipes that guide the intended semantics of the resulting distribution. Transformations and recipes operate at runtime, adapting to load by scaling out only saturated components. Our Ignis prototype shows substantial speedups, attractive elasticity characteristics, and memory gains over full replication, achieved by small and backward-compatible code changes. CCS Concepts • Computer systems organization → Distributed architectures; Cloud computing; • Software and its engineering → Extra-functional properties; Software as a service orchestration system.

show abstract

Mace

Cited by 113 publications

References 22 publications

Distributed causal memory: modular specification and verification in higher-order distributed separation logic

Distributed causal memory: modular specification and verification in higher-order distributed separation logic

Aneris: A Mechanised Logic for Modular Reasoning about Distributed Systems

Ignis: scaling distribution-oblivious systems with light-touch distribution

Contact Info

Product

Resources

About