8 research outputs found
Invariant Safety for Distributed Applications
We study a proof methodology for verifying the safety of data invariants of
highly-available distributed applications that replicate state. The proof is
(1) modular: one can reason about each individual operation separately, and (2)
sequential: one can reason about a distributed application as if it were
sequential. We automate the methodology and illustrate the use of the tool with
a representative example.Comment: Workshop on Principles and Practice of Consistency for Distributed
Data (PaPoC), Mar 2019, Dresden, Germany.
https://novasys.di.fct.unl.pt/conferences/papoc19
Invariant Safety for Distributed Applications
International audienceWe study a proof methodology for verifying the safety of data invariants of highly-available distributed applications that replicate state. The proof is (1) modular: one can reason about each individual operation separately, and (2) sequential: one can reason about a distributed application as if it were sequential. We automate the methodology and illustrate the use of the tool with a representative example
Proving the safety of highly-available distributed objects
International audienceTo provide high availability in distributed systems, object replicas allow concurrent updates. Although replicas eventually converge, they may diverge temporarily, for instance when the network fails. This makes it difficult for the developer to reason about the object's properties , and in particular, to prove invariants over its state. For the sub-class of state-based distributed systems, we propose a proof methodology for establishing that a given object maintains a given invariant, taking into account any concurrency control. Our approach allows reasoning about individual operations separately. We demonstrate that our rules are sound, and we illustrate their use with some representative examples. We automate the rule using Boogie, an SMT-based tool
Proving the safety of highly-available distributed objects (Extended version)
To provide high availability in distributed systems, object replicas allow concurrent updates. Although replicas eventually converge, they may diverge temporarily, for instance when the network fails. This makes it difficult for the developer to reason about the object's properties , and in particular, to prove invariants over its state. For the sub-class of state-based distributed systems, we propose a proof methodology for establishing that a given object maintains a given invariant, taking into account any concurrency control. Our approach allows reasoning about individual operations separately. We demonstrate that our rules are sound, and we illustrate their use with some representative examples. We automate the rule using Boogie, an SMT-based tool
Static Verification of Cloud Applications with Why3
Nowadays large-scale distributed applications rely on replication in order to improve
their services. Having data replicated in multiple datacenters increases availability, but
it might lead to concurrent updates that violate data integrity. A possible approach to
solve this issue is to use strong consistency in the application because this way there is
a total order of operations in every replica. However, that would make the application
abdicate of its availability. An alternative would be to use weak consistency to make the
application more available, but that could break data integrity. To resolve this issue many
of these applications use a combination of weak and strong consistency models, such that
synchronization is only introduced in the execution of operations that can break data
integrity.
To build applications that use multiple consistency models, developers have the difficult
task of finding the right balance between two conflicting goals: minimizing synchronization
while preserving data integrity. To achieve this balance developers have to
reason about the concurrent effects of each operation, which is a non-trivial task when it
comes to large and complex applications.
In this document we propose an approach consisting of a static analysis tool that
helps developers find a balance between strong and weak consistency in applications
that operate over weakly consistent databases. The verification process is based on a
recently defined proof rule that was proven to be sound. The proposed tool uses Why3
as an intermediate framework that communicates with external provers, to analyse the
correctness of the application specification.
Our contributions also include a predicate transformer and a library of verified data
types that can be used to resolve commutativity issues in applications. The predicate
transformer can be used to lighten the specification effort
Programming Languages and Systems
This open access book constitutes the proceedings of the 29th European Symposium on Programming, ESOP 2020, which was planned to take place in Dublin, Ireland, in April 2020, as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2020. The actual ETAPS 2020 meeting was postponed due to the Corona pandemic. The papers deal with fundamental issues in the specification, design, analysis, and implementation of programming languages and systems
Improving the "Correct Eventual Consistency" Tool
Preserving invariants while designing distributed applications under weak consistency models is difficult. The CEC (Correct Eventual Consistency Tool) is meant to aid the application designer in this task. It provides information about the errors during concurrent operations and suggestions on how and where to synchronize operations. This report presents two features of the tool: providing a counterexample for debugging and concurrency control suggestions