Using Lightweight Formal Methods to Validate a Key-Value Storage Node in Amazon S3

Bornholt, James; Joshi, Rushikesh K.; Astrauskas, Vytautas; Cully, Brendan; Kragl, Bernhard; Markle, Seth M.; Sauri, Kyle; Schleit, Drew; Slatton, Grant; Tasiran, Serdar; Geffen, Jacob Van; Warfield, Andrew

doi:10.1145/3477132.3483540

Cited by 43 publications

(20 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Now in order to enable compositional checking in our IPA framework, we strengthen the definition of the refinement relation with additional requirement on the mapping between actions. Similar enhancement of the refinement relation is also used in the existing work [6]. First we present the formal definition of refinement between protocols:…”

Section: Formal Definition Of Interaction-preservationmentioning

confidence: 99%

Compositional Model Checking of Consensus Protocols Specified in TLA+ via Interaction-Preserving Abstraction

Gu¹,

Cao²,

Zhu³

et al. 2022

Preprint

View full text Add to dashboard Cite

Section: Formal Definition Of Interaction-preservationmentioning

confidence: 99%

Compositional Model Checking of Consensus Protocols Specified in TLA+ via Interaction-Preserving Abstraction

Gu¹,

Cao²,

Zhu³

et al. 2022

Preprint

View full text Add to dashboard Cite

“…These two frontends are complementary. They enable a lightweight approach that helps developers iterate quickly on new code, while still offering stronger confidence as the code gets "closer to production" [10].…”

Section: Lessons Learnedmentioning

confidence: 99%

Finding and Analyzing Crash-Consistency Bugs in Persistent-Memory File Systems

LeBlanc¹,

Pailoor²,

Dillig³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

We present a study of crash-consistency bugs in persistentmemory (PM) file systems and analyze their implications for file-system design and testing crash consistency. We develop FLYTRAP, a framework to test PM file systems for crash-consistency bugs. FLYTRAP discovered 18 new bugs across four PM file systems; the bugs have been confirmed by developers and many have been already fixed. The discovered bugs have serious consequences such as breaking the atomicity of rename or making the file system unmountable. We present a detailed study of the bugs we found and discuss some important lessons from these observations. For instance, one of our findings is that many of the bugs are due to logic errors, rather than errors in using flushes or fences; this has important applications for future work on testing PM file systems. Another key finding is that many bugs arise from attempts to improve efficiency by performing metadata updates in-place and that recovery code that deals with rebuilding in-DRAM state is a significant source of bugs. These observations have important implications for designing and testing PM file systems. Our code is available at https://github.com/utsaslab/flytrap.

show abstract

“…We use and apply a varied set of automated reasoning techniques at AWS. For example, we use (i) bounded model checking [35] to verify memory safety properties of boot code running in AWS data centers and of real-time operating system used in IoT devices [22,25,26], (ii) proof assistants such as EasyCrypt [12] and domain-specific languages such as Cryptol [38] to verify cryptographic protocols [3,4,23], (iii) HOL-Lite [33] to verify the BigNum implementation [2], (iv) P [28] to test key storage components in Amazon S3 [18], and (v) Dafny [37] to verify key authorization and crypto libraries [1]. Automated reasoning capabilities for external AWS users leverage (i) data-flow analysis [17] to prove correct usage of cloud APIs [29,40], (ii) monotonic SAT theories [14] to check properties of network configurations [5,13], and (iii) theories for strings and automaton in SMT solvers [16,39,46] to provide security for access controls [6,19].…”

Section: Introductionmentioning

confidence: 99%

A Billion SMT Queries a Day (Invited Paper)

Rungta

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Amazon Web Services (AWS) is a cloud computing services provider that has made significant investments in applying formal methods to proving correctness of its internal systems and providing assurance of correctness to their end-users. In this paper, we focus on how we built abstractions and eliminated specifications to scale a verification engine for AWS access policies, Zelkova, to be usable by all AWS users. We present milestones from our journey from a thousand SMT invocations daily to an unprecedented billion SMT calls in a span of five years. In this paper, we talk about how the cloud is enabling application of formal methods, key insights into what made this scale of a billion SMT queries daily possible, and present some open scientific challenges for the formal methods community.

show abstract

Using Lightweight Formal Methods to Validate a Key-Value Storage Node in Amazon S3

Cited by 43 publications

References 20 publications

Compositional Model Checking of Consensus Protocols Specified in TLA+ via Interaction-Preserving Abstraction

Compositional Model Checking of Consensus Protocols Specified in TLA+ via Interaction-Preserving Abstraction

Finding and Analyzing Crash-Consistency Bugs in Persistent-Memory File Systems

A Billion SMT Queries a Day (Invited Paper)

Contact Info

Product

Resources

About