Verdi: a framework for implementing and formally verifying distributed systems

Wilcox, J. R.; Woos, Doug; Panchekha, Pavel; Tatlock, Zachary; Wang, Xi; Ernst, M.; Anderson, Thomas E.

doi:10.1145/2813885.2737958

Cited by 59 publications

(23 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several recent major efforts have fully mechanised and verified implementations of more traditional consensus protocols, such as versions of Paxos [7,13,18,25,29], Raft [35,37], or the classical Two-Phase Commit [31,34]. Even though none of those works consider blockchain consensus, we believe, many of those frameworks can handle it, as long as they can adopt our model and support reasoning about block forests.…”

Section: Verification Of Distributed Consensusmentioning

confidence: 99%

Mechanising blockchain consensus

Pîrlea

Sergey

2018

Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs - CPP 2018

View full text Add to dashboard Cite

We present the first formalisation of a blockchain-based distributed consensus protocol with a proof of its consistency mechanised in an interactive proof assistant.Our development includes a reference mechanisation of the block forest data structure, necessary for implementing provably correct per-node protocol logic. We also define a model of a network, implementing the protocol in the form of a replicated state-transition system. The protocol's executions are modeled via a small-step operational semantics for asynchronous message passing, in which packages can be rearranged or duplicated.In this work, we focus on the notion of global system safety, proving a form of eventual consistency. To do so, we provide a library of theorems about a pure functional implementation of block forests, define an inductive system invariant, and show that, in a quiescent system state, it implies a global agreement on the state of per-node transaction ledgers. Our development is parametric wrt. implementations of several security primitives, such as hash-functions, a notion of a proof object, a Validator Acceptance Function, and a Fork Choice Rule. We precisely characterise the assumptions, made about these components for proving the global system consensus, and discuss their adequacy. All results described in this paper are formalised in the Coq proof assistant.

show abstract

Section: Verification Of Distributed Consensusmentioning

confidence: 99%

Mechanising blockchain consensus

Pîrlea

Sergey

2018

Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs - CPP 2018

View full text Add to dashboard Cite

show abstract

“…Much work has been done on specifying and reasoning about distributed systems [41,27,16,19,20,16,18,30,67,29,68] (to only cite a few).…”

Section: Related Workmentioning

confidence: 99%

“…More recently, Wilcox et al developed Verdi [67], which is a framework, similar to ours, to develop and reason about distributed systems using Coq. As in our framework they do not have gaps between the code they verify and the code they run: they run OCaml code that they extract from Coq.…”

Section: Fvnmentioning

confidence: 99%

EventML: Specification, verification, and implementation of crash-tolerant state machine replication systems

Rahli

Guaspari²,

Bickford

et al. 2017

Science of Computer Programming

View full text Add to dashboard Cite

Distributed programs are known to be extremely difficult to implement, test, verify, and maintain. This is due in part to the large number of possible unforeseen interactions among components, and to the difficulty of precisely specifying what the programs should accomplish in a formal language that is intuitively clear to the programmers. We discuss here a methodology that has proven itself in building a state of the art implementation of Multi-Paxos and other distributed protocols used in a deployed database system. This article focuses on the logical foundations as well as the basic ideas of formal EventML programming, illustrated by implementing a fault-tolerant consensus protocol and showing how we prove its safety properties with the Nuprl proof assistant.

show abstract

“…FSCQ [11] builds a crash safe file system using an encoding of crash Hoare logic in Coq. With formal semantics in proof systems, there are more verified system developed such as Verdi [57], Verve [58], Bedrock [12] and Ironclad [26].…”

Section: Related Formal Semantics In Proof Systemsmentioning

confidence: 99%

HoTTSQL: proving query rewrites with univalent SQL semantics

et al. 2017

View full text Add to dashboard Cite

Every database system contains a query optimizer that performs query rewrites. Unfortunately, developing query optimizers remains a highly challenging task. Part of the challenges comes from the intricacies and rich features of query languages, which makes reasoning about rewrite rules difficult. In this paper, we propose a machine-checkable denotational semantics for SQL, the de facto language for relational database, for rigorously validating rewrite rules. Unlike previously proposed semantics that are either non-mechanized or only cover a small amount of SQL language features, our semantics covers all major features of SQL, including bags, correlated subqueries, aggregation, and indexes. Our mechanized semantics, called HoTT SQL, is based on K-Relations and homotopy type theory, where we denote relations as mathematical functions from tuples to univalent types. We have implemented HoTT SQL in Coq, which takes only fewer than 300 lines of code and have proved a wide range of SQL rewrite rules, including those from database research literature (e.g., magic set rewrites) and real-world query optimizers (e.g., subquery elimination). Several of these rewrite rules have never been previously proven correct. In addition, while query equivalence is generally undecidable, we have implemented an automated decision procedure using HoTT SQL for conjunctive queries: a well-studied decidable fragment of SQL that encompasses many real-world queries.

show abstract

Verdi: a framework for implementing and formally verifying distributed systems

Cited by 59 publications

References 24 publications

Mechanising blockchain consensus

Mechanising blockchain consensus

EventML: Specification, verification, and implementation of crash-tolerant state machine replication systems

HoTTSQL: proving query rewrites with univalent SQL semantics

Contact Info

Product

Resources

About