research-article

Open access

Modularity for decidability of deductive verification with applications to distributed systems

Authors:

Kenneth L. McMillan,

James R. Wilcox,

Doug WoosAuthors Info & Claims

PLDI 2018: Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 662 - 677

https://doi.org/10.1145/3192366.3192414

Published: 11 June 2018 Publication History

Abstract

Proof automation can substantially increase productivity in formal verification of complex systems. However, unpredictablility of automated provers in handling quantified formulas presents a major hurdle to usability of these tools. We propose to solve this problem not by improving the provers, but by using a modular proof methodology that allows us to produce decidable verification conditions. Decidability greatly improves predictability of proof automation, resulting in a more practical verification approach. We apply this methodology to develop verified implementations of distributed protocols, demonstrating its effectiveness.

Supplementary Material

WEBM File (p662-taube.webm)

Download
119.92 MB

References

[1]

Francesco Alberti, Silvio Ghilardi, and Elena Pagani. 2016. Counting Constraints in Flat Array Fragments. In Automated Reasoning. Springer, Cham, 65-81.

Digital Library

[2]

Alexander Bakst, Klaus von Gleissenthall, Rami Gokhan Kici, and Ranjit Jhala. 2017. Verifying distributed programs via canonical sequentialization. PACMPL 1, OOPSLA (2017), 110:1-110:27.

Digital Library

[3]

Josh Berdine, Cristiano Calcagno, and Peter W. O'Hearn. 2004. A Decidable Fragment of Separation Logic. In FSTTCS 2004: Foundations of Software Technology and Theoretical Computer Science, 24th International Conference, Chennai, India, December 16-18, 2004, Proceedings. 97-109.

Digital Library

[4]

Yves Bertot and Pierre Casteran. 2004. Interactive Theorem Proving and Program Development - Coq'Art: The Calculus of Inductive Constructions. Springer.

Digital Library

[5]

Roderick Bloem, Swen Jacobs, Ayrat Khalimov, Igor Konnov, Sasha Rubin, Helmut Veith, and Josef Widder. 2015. Decidability of Parameterized Verification. Morgan & Claypool Publishers.

Digital Library

[6]

Aaron R. Bradley, Zohar Manna, and Henny B. Sipma. 2006. What's Decidable About Arrays?. In Verification, Model Checking, and Abstract Interpretation, 7th International Conference, VMCAI 2006, Charleston, SC, USA, January 8-10, 2006, Proceedings. 427-442.

Digital Library

[7]

Saksham Chand, Yanhong A. Liu, and Scott D. Stoller. 2016. Formal Verification of Multi-Paxos for Distributed Consensus. In FM 2016: Formal Methods: 21st International Symposium, Limassol, Cyprus, November 9-11, 2016, Proceedings 21. Springer, 119-136.

[8]

Kaustuv Chaudhuri, Damien Doligez, Leslie Lamport, and Stephan Merz. 2010. The TLA+Proof System: Building a Heterogeneous Verification Platform. In Proceedings of the 7th International Colloquium Conference on Theoretical Aspects of Computing (ICTAC'10). Springer-Verlag, 44-44.

Digital Library

[9]

Ernie Cohen, Markus Dahlweid, Mark A. Hillebrand, Dirk Leinenbach, Michal Moskal, Thomas Santen, Wolfram Schulte, and Stephan Tobies. 2009. VCC: A Practical System for Verifying Concurrent C. In Theorem Proving in Higher Order Logics, 22nd International Conference, TPHOLs 2009, Munich, Germany, August 17-20, 2009. Proceedings (Lecture Notes in Computer Science), Stefan Berghofer, Tobias Nipkow, Christian Urban, and Makarius Wenzel (Eds.), Vol. 5674. Springer, 23-42.

Digital Library

[10]

CoreOS 2014. etcd: A highly-available key value store for shared configuration and service discovery. https://github.com/coreos/etcd.

[11]

Leonardo de Moura and Nikolaj Bjørner. 2008. Z3: An Efficient SMT Solver. In Tools and Algorithms for the Construction and Analysis of Systems, 14th International Conference, TACAS 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008. Proceedings (Lecture Notes in Computer Science), Vol. 4963. Springer, 337-340.

[12]

Cezara Dragoi, Thomas A. Henzinger, Helmut Veith, Josef Widder, and Damien Zufferey. 2014. A Logic-Based Framework for Verifying Consensus Algorithms. In International Conference on Verification, Model Checking, and Abstract Interpretation. Springer, 161-181.

Digital Library

[13]

Cezara Dragoi, Thomas A. Henzinger, and Damien Zufferey. 2016. PSync: A Partially Synchronous Language for Fault-Tolerant Distributed Algorithms. ACM SIGPLAN Notices 51, 1 (2016), 400-415.

Digital Library

[14]

Bruno Dutertre, Dejan Jovanovic, and Jorge A. Navas. 2018. Verification of Fault-Tolerant Protocols with Sally. In NASA Formal Methods, Aaron Dutle, Cesar Munoz, and Anthony Narkawicz (Eds.). Springer International Publishing, Cham, 113-120.

[15]

Cormac Flanagan, K. Rustan M. Leino, Mark Lillibridge, Greg Nelson, James B. Saxe, and Raymie Stata. 2002. Extended Static Checking for Java. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation (PLDI '02). ACM, 234-245.

Digital Library

[16]

Alvaro Garcia-Perez, Alexey Gotsman, Yuri Meshman, and Ilya Sergey. 2018. Paxos Consensus, Deconstructed and Abstracted. In Programming Languages and Systems - 27th European Symposium on Programming, ESOP 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings.

[17]

Yeting Ge and Leonardo De Moura. 2009. Complete instantiation for quantified formulas in satisfiabiliby modulo theories. In International Conference on Computer Aided Verification. Springer, 306-320.

Digital Library

[18]

Chris Hawblitzel, Jon Howell, Manos Kapritsos, Jacob R. Lorch, Bryan Parno, Michael L. Roberts, Srinath T. V. Setty, and Brian Zill. 2015. IronFleet: proving practical distributed systems correct. In Proceedings of the 25th Symposium on Operating Systems Principles, SOSP. 1-17.

Digital Library

[19]

Jesper G. Henriksen, Jakob L. Jensen, Michael E. Jurgensen, Nils Klarlund, Robert Paige, Theis Rauhe, and Anders Sandholm. 1995. Mona: Monadic Second-Order Logic in Practice. In Tools and Algorithms for Construction and Analysis of Systems, First International Workshop, TACAS. 89-110.

Digital Library

[20]

C. A. R. Hoare. 1972. Proof of correctness of data representations. 1, 4 (1972), 271-281.

Digital Library

[21]

Daniel Jackson. 2006. Software Abstractions: Logic, Language, and Analysis. The MIT Press.

Digital Library

[22]

Gerwin Klein, June Andronick, Kevin Elphinstone, Gernot Heiser, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2010. seL4: formal verification of an operating-system kernel. Commun. ACM 53, 6 (2010), 107-115.

Digital Library

[23]

Igor Konnov, Marijana Lazic, Helmut Veith, and Josef Widder. 2017. A Short Counterexample Property for Safety and Liveness Verification of Fault-Tolerant Distributed Algorithms. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL 2017). ACM, 719-734.

Digital Library

[24]

Igor Konnov, Helmut Veith, and Josef Widder. 2015. SMT and POR Beat Counter Abstraction: Parameterized Model Checking of Threshold-Based Distributed Algorithms. In Computer Aided Verification. Springer, Cham, 85-102.

[25]

Igor V. Konnov, Helmut Veith, and Josef Widder. 2015. What You Always Wanted to Know About Model Checking of Fault-Tolerant Distributed Algorithms. In Perspectives of System Informatics - 10th International Andrei Ershov Informatics Conference, PSI 2015, in Memory of Helmut Veith, Kazan and Innopolis, Russia, August 24-27, 2015, Revised Selected Papers (Lecture Notes in Computer Science), Manuel Mazzara and Andrei Voronkov (Eds.), Vol. 9609. Springer, 6-21.

[26]

Leslie Lamport. 1998. The Part-Time Parliament. ACM Trans. Comput. Syst. 16, 2 (1998), 133-169.

Digital Library

[27]

Leslie Lamport. 2002. Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA.

Digital Library

[28]

K Rustan M Leino. 2010. Dafny: An automatic program verifier for functional correctness. In Logic for Programming, Artificial Intelligence, and Reasoning. Springer, 348-370.

Digital Library

[29]

Xavier Leroy. 2009. Formal verification of a realistic compiler. Commun. ACM 52, 7 (2009), 107-115.

Digital Library

[30]

Harry R. Lewis. 1980. Complexity results for classes of quantificational formulas. J. Comput. System Sci. 21, 3 (1980), 317-353.

[31]

R. J. Lipton. 1975. Reduction: A method of proving properties of parallel programs. Commun. ACM 18, 12 (1975), 717-721.

Digital Library

[32]

Yanhong A. Liu, Scott D. Stoller, and Bo Lin. 2017. From Clarity to Efficiency for Distributed Algorithms. ACM Transactions on Programming Languages and Systems 39, 3 (July 2017).

Digital Library

[33]

P. Madhusudan, Gennaro Parlato, and Xiaokang Qiu. 2011. Decidable logics combining heap structures and data. In Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2011, Austin, TX, USA, January 26-28, 2011. 611-622.

Digital Library

[34]

Ognjen Maric, Christoph Sprenger, and David A. Basin. 2017. Cutoff Bounds for Consensus Algorithms. In Computer Aided Verification - 29th International Conference, CAV 2017, Heidelberg, Germany, July 24- 28, 2017, Proceedings, Part II (Lecture Notes in Computer Science), Rupak Majumdar and Viktor Kuncak (Eds.), Vol. 10427. Springer, 217-237.

[35]

Kenneth L. McMillan. 2016. Modular specification and verification of a cache-coherent interface. In 2016 Formal Methods in Computer-Aided Design, FMCAD 2016, Mountain View, CA, USA, October 3-6, 2016, Ruzica Piskac and Muralidhar Talupur (Eds.). IEEE, 109-116.

Digital Library

[36]

Chris Newcombe, Tim Rath, Fan Zhang, Bogdan Munteanu, Marc Brooker, and Michael Deardeuff. 2015. How Amazon web services uses formal methods. Commun. ACM 58, 4 (2015), 66-73.

Digital Library

[37]

Tobias Nipkow, Lawrence C. Paulson, and Markus Wenzel. 2002. Isabelle/ HOL: A Proof Assistant for Higher-Order Logic. Vol. 2283. Springer Science & Business Media.

[38]

Diego Ongaro and John K. Ousterhout. 2014. In Search of an Understandable Consensus Algorithm. In 2014 USENIX Annual Technical Conference, USENIX ATC '14, Philadelphia, PA, USA, June 19-20, 2014. 305-319. https://www.usenix.org/conference/atc14/technical-sessions/presentation/ongaro

Digital Library

[39]

Oded Padon, Giuliano Losa, Mooly Sagiv, and Sharon Shoham. 2017. Paxos Made EPR: Decidable Reasoning About Distributed Protocols. Proc. ACM Program. Lang. 1, OOPSLA, Article 108 (Oct. 2017), 31 pages.

Digital Library

[40]

Oded Padon, Kenneth L. McMillan, Aurojit Panda, Mooly Sagiv, and Sharon Shoham. 2016. Ivy: safety verification by interactive generalization. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016, Santa Barbara, CA, USA, June 13-17, 2016. 614-630.

Digital Library

[41]

F. Ramsey. 1930. On a problem in formal logic. In Proc. London Math. Soc.

[42]

Fred B. Schneider. 1990. Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial. ACM Computing Surveys (CSUR) 22, 4 (1990), 299-319.

Digital Library

[43]

Ilya Sergey, James R. Wilcox, and Zachary Tatlock. 2018. Programming and proving with distributed protocols. PACMPL 2, POPL (2018), 28:1-28:30.

Digital Library

[44]

Klaus v. Gleissenthall, Nikolaj Bjurner, and Andrey Rybalchenko. 2016. Cardinalities and Universal Quantifiers for Verifying Parameterized Systems. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '16). ACM, 599-613.

Digital Library

[45]

James R. Wilcox, Doug Woos, Pavel Panchekha, Zachary Tatlock, Xi Wang, Michael D. Ernst, and Thomas E. Anderson. 2015. Verdi: a framework for implementing and formally verifying distributed systems. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, Portland, OR, USA, June 15-17, 2015. 357-368.

Digital Library

[46]

Doug Woos, James R. Wilcox, Steve Anton, Zachary Tatlock, Michael D. Ernst, and Thomas E. Anderson. 2016. Planning for change in a formal verification of the raft consensus protocol. In Proceedings of the 5th ACM SIGPLAN Conference on Certified Programs and Proofs, Saint Petersburg, FL, USA, January 20-22, 2016, Jeremy Avigad and Adam Chlipala (Eds.). ACM, 154-165.

Digital Library

Cited By

Li YZhan BPang J(2024)Mechanizing the CMP Abstraction for Parameterized VerificationProceedings of the ACM on Programming Languages10.1145/36498588:OOPSLA1(1324-1350)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649858
Honoré WQiu LKim YShin JKim JShao Z(2024)AdoB: Bridging Benign and Byzantine Consensus with Atomic Distributed ObjectsProceedings of the ACM on Programming Languages10.1145/36498268:OOPSLA1(419-448)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649826
Elad NPadon OShoham S(2024)An Infinite Needle in a Finite Haystack: Finding Infinite Counter-Models in Deductive VerificationProceedings of the ACM on Programming Languages10.1145/36328758:POPL(970-1000)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632875
Show More Cited By

Index Terms

Modularity for decidability of deductive verification with applications to distributed systems
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification

Recommendations

Paxos made EPR: decidable reasoning about distributed protocols

Distributed protocols such as Paxos play an important role in many computer systems. Therefore, a bug in a distributed protocol may have tremendous effects. Accordingly, a lot of effort has been invested in verifying such protocols. However, checking ...
Verdi: a framework for implementing and formally verifying distributed systems
PLDI '15: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation

Distributed systems are difficult to implement correctly because they must handle both concurrency and failures: machines may crash at arbitrary points and networks may reorder, drop, or duplicate packets. Further, their behavior is often too complex ...
Modularity for decidability of deductive verification with applications to distributed systems
PLDI '18

Proof automation can substantially increase productivity in formal verification of complex systems. However, unpredictablility of automated provers in handling quantified formulas presents a major hurdle to usability of these tools. We propose to solve ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

PLDI 2018: Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation

June 2018

825 pages

ISBN:9781450356985

DOI:10.1145/3192366

General Chair:
Jeffrey S. Foster
University of Maryland at College Park, USA
,
Program Chair:
Dan Grossman
University of Washington, USA

ACM SIGPLAN Notices Volume 53, Issue 4
PLDI '18
April 2018
834 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/3296979
Editor:
Matthew Fluet
Rodchester Institude of Technology
Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 June 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

Horizon 2020
National Science Foundation
Blavatnik Family Foundation
United States-Israel Binational Science Foundation
European Research Council
Pazi

Conference

PLDI '18

Sponsor:

SIGPLAN

PLDI '18: ACM SIGPLAN Conference on Programming Language Design and Implementation

June 18 - 22, 2018

PA, Philadelphia, USA

Acceptance Rates

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

38
Total Citations
View Citations
1,291
Total Downloads

Downloads (Last 12 months)189
Downloads (Last 6 weeks)35

Reflects downloads up to 12 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Li YZhan BPang J(2024)Mechanizing the CMP Abstraction for Parameterized VerificationProceedings of the ACM on Programming Languages10.1145/36498588:OOPSLA1(1324-1350)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649858
Honoré WQiu LKim YShin JKim JShao Z(2024)AdoB: Bridging Benign and Byzantine Consensus with Atomic Distributed ObjectsProceedings of the ACM on Programming Languages10.1145/36498268:OOPSLA1(419-448)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649826
Elad NPadon OShoham S(2024)An Infinite Needle in a Finite Haystack: Finding Infinite Counter-Models in Deductive VerificationProceedings of the ACM on Programming Languages10.1145/36328758:POPL(970-1000)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632875
Frenkel EChajed TPadon OShoham S(2024)Efficient Implementation of an Abstract Domain of Quantified First-Order FormulasComputer Aided Verification10.1007/978-3-031-65630-9_5(86-108)Online publication date: 25-Jul-2024
https://doi.org/10.1007/978-3-031-65630-9_5
Wilcox JFeldman YPadon OShoham S(2024)mypyvy: A Research Platform for Verification of Transition Systems in First-Order LogicComputer Aided Verification10.1007/978-3-031-65630-9_4(71-85)Online publication date: 25-Jul-2024
https://doi.org/10.1007/978-3-031-65630-9_4
McMillan K(2024)Toward Liveness Proofs at ScaleComputer Aided Verification10.1007/978-3-031-65627-9_13(255-276)Online publication date: 26-Jul-2024
https://doi.org/10.1007/978-3-031-65627-9_13
Wang WNiu JReiter MZhang Y(2024)Formally Verifying a Rollback-Prevention Protocol for TEEsFormal Techniques for Distributed Objects, Components, and Systems10.1007/978-3-031-62645-6_9(155-173)Online publication date: 13-Jun-2024
https://doi.org/10.1007/978-3-031-62645-6_9
Tamir OTaube MMcMillan KShoham SHowell JGueta GSagiv M(2023)Counterexample Driven Quantifier Instantiations with Applications to Distributed ProtocolsProceedings of the ACM on Programming Languages10.1145/36228647:OOPSLA2(1878-1904)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622864
Wagner CJaber NSamanta R(2023)Enabling Bounded Verification of Doubly-Unbounded Distributed Agreement-Based Systems via Bounded RegionsProceedings of the ACM on Programming Languages10.1145/35860337:OOPSLA1(172-200)Online publication date: 6-Apr-2023
https://dl.acm.org/doi/10.1145/3586033
Meng RPîrlea GRoychoudhury ASergey IMeng WJensen CCremers CKirda E(2023)Greybox Fuzzing of Distributed SystemsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623097(1615-1629)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623097
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents