skip to main content
research-article
Open Access

TLC: temporal logic of distributed components

Published:03 August 2020Publication History
Skip Abstract Section

Abstract

Distributed systems are critical to reliable and scalable computing; however, they are complicated in nature and prone to bugs. To manage this complexity, network middleware has been traditionally built in layered stacks of components.We present a novel approach to compositional verification of distributed stacks to verify each component based on only the specification of lower components. We present TLC (Temporal Logic of Components), a novel temporal program logic that offers intuitive inference rules for verification of both safety and liveness properties of functional implementations of distributed components. To support compositional reasoning, we define a novel transformation on the assertion language that lowers the specification of a component to be used as a subcomponent. We prove the soundness of TLC and the lowering transformation with respect to a novel operational semantics for stacks of composed components in partially synchronous networks. We successfully apply TLC to compose and verify a stack of fundamental distributed components.

Skip Supplemental Material Section

Supplemental Material

Presentation at ICFP '20

References

  1. Rajeev Alur, Kousha Etessami, and Parthasarathy Madhusudan. 2004. A temporal logic of nested calls and returns. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems. Springer, 467-481.Google ScholarGoogle ScholarCross RefCross Ref
  2. Rajeev Alur and Thomas A Henzinger. 1999. Reactive modules. Formal methods in system design 15, 1 ( 1999 ), 7-48.Google ScholarGoogle Scholar
  3. Appendix. 2020. Submitted Supplement Document.Google ScholarGoogle Scholar
  4. Alexander Bakst, Klaus v. Gleissenthall, Rami Gokhan Kici, and Ranjit Jhala. 2017. Verifying Distributed Programs via Canonical Sequentialization. Proc. ACM Program. Lang. 1, OOPSLA, Article 110 (Oct. 2017 ), 27 pages. https: //doi.org/10.1145/3133934 Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Edoardo Biagioni, Robert Harper, and Peter Lee. 2001. A network protocol stack in Standard ML. Higher-Order and Symbolic Computation 14, 4 ( 2001 ), 309-356.Google ScholarGoogle Scholar
  6. M. Biely, P. Delgado, Z. Milosevic, and A. Schiper. 2013. Distal: A framework for implementing fault-tolerant distributed algorithms. In 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). 1-8. https://doi.org/10.1109/DSN. 2013.6575306 Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Romain Boichat, Partha Dutta, Svend Frolund, and Rachid Guerraoui. 2003. Deconstructing paxos. ACM Sigact News 34, 1 ( 2003 ), 47-67.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Sebastian Burckhardt, Manuel Fähndrich, Daan Leijen, and Benjamin P Wood. 2012. Cloud types for eventual consistency. In European Conference on Object-Oriented Programming. Springer, 283-307.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Christian Cachin, Rachid Guerraoui, and Lus Rodrigues. 2011. Introduction to Reliable and Secure Distributed Programming (2nd ed.). Springer Publishing Company, Incorporated.Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Henry Cejtin, Suresh Jagannathan, and Richard Kelsey. 1995. Higher-order Distributed Objects. ACM Trans. Program. Lang. Syst. 17, 5 (Sept. 1995 ), 704-739. https://doi.org/10.1145/213978.213986 Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Saksham Chand, Yanhong A. Liu, and Scott D. Stoller. 2016. Formal Verification of Multi-Paxos for Distributed Consensus. In FM 2016: Formal Methods, John Fitzgerald, Constance Heitmeyer, Stefania Gnesi, and Anna Philippou (Eds.). Springer International Publishing, Cham, 119-136.Google ScholarGoogle Scholar
  12. Arthur Charguéraud. 2012. The Locally Nameless Representation. Journal of Automated Reasoning 49, 3 ( 01 Oct 2012 ), 363-408. https://doi.org/10.1007/s10817-011-9225-2 Google ScholarGoogle ScholarCross RefCross Ref
  13. Bernadette Charron-Bost and André Schiper. 2009. The Heard-Of model: computing in distributed systems with benign faults. Distributed Computing 22, 1 ( 01 Apr 2009 ), 49-71. https://doi.org/10.1007/s00446-009-0084-6 Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Kaustuv Chaudhuri, Damien Doligez, Leslie Lamport, and Stephan Merz. 2010. The TLA + Proof System: Building a Heterogeneous Verification Platform. In Theoretical Aspects of Computing-ICTAC 2010, Ana Cavalcanti, David Deharbe, Marie-Claude Gaudel, and Jim Woodcock (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 44-44.Google ScholarGoogle ScholarCross RefCross Ref
  15. R. L. Constable, S. F. Allen, H. M. Bromley, W. R. Cleaveland, J. F. Cremer, R. W. Harper, D. J. Howe, T. B. Knoblock, N. P. Mendler, P. Panangaden, J. T. Sasaki, and S. F. Smith. 1986. Implementing Mathematics with the Nuprl Proof Development System. Prentice-Hall, Inc., Upper Saddle River, NJ, USA.Google ScholarGoogle Scholar
  16. Byron Cook, Eric Koskinen, and Moshe Vardi. 2011. Temporal property verification as a program analysis task. In International Conference on Computer Aided Verification. Springer, 333-348.Google ScholarGoogle ScholarCross RefCross Ref
  17. Ankush Das, Jan Hofmann, and Frank Pfenning. 2018. Parallel Complexity Analysis with Temporal Session Types. arXiv preprint arXiv: 1804. 06013 ( 2018 ).Google ScholarGoogle Scholar
  18. Cezara Dragoi, Thomas A Henzinger, and Damien Zuferey. 2016. PSYNC : A partially synchronous language for fault-tolerant distributed algorithms. Popl ( 2016 ), 1-16. https://doi.org/10.1145/nnnnnnn.nnnnnnn Google ScholarGoogle ScholarCross RefCross Ref
  19. Bruno Dutertre, Dejan Jovanovic, and Jorge A. Navas. 2018. Verification of Fault-Tolerant Protocols with Sally. In NFM (Lecture Notes in Computer Science), Vol. 10811. Springer, 113-120.Google ScholarGoogle Scholar
  20. Cynthia Dwork, Nancy Lynch, and Larry Stockmeyer. 1988. Consensus in the presence of partial synchrony. Journal of the ACM (JACM) 35, 2 ( 1988 ), 288-323.Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Michael J. Fischer, Nancy A. Lynch, and Michael S. Paterson. 1985. Impossibility of Distributed Consensus with One Faulty Process. J. ACM 32, 2 (April 1985 ), 374-382. https://doi.org/10.1145/3149.214121 Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Robert W. Floyd. 1967. Assigning Meanings to Programs. Proceedings of Symposium on Applied Mathematics 19 ( 1967 ), 19-32. http://laser.cs.umass.edu/courses/cs521-621.Spr06/papers/Floyd.pdfGoogle ScholarGoogle ScholarCross RefCross Ref
  23. Álvaro García-Pérez, Alexey Gotsman, Yuri Meshman, and Ilya Sergey. 2018. Paxos consensus, deconstructed and abstracted. In European Symposium on Programming. Springer, Cham, 912-939.Google ScholarGoogle ScholarCross RefCross Ref
  24. Ronghui Gu, Zhong Shao, Hao Chen, Xiongnan Wu, Jieung Kim, Vilhelm Sjöberg, and David Costanzo. 2016. CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI'16). USENIX Association, Berkeley, CA, USA, 653-669. http://dl.acm.org/citation.cfm?id= 3026877. 3026928Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Zhenyu Guo, Sean McDirmid, Mao Yang, Li Zhuang, Pu Zhang, Yingwei Luo, Tom Bergan, Peter Bodik, Madan Musuvathi, Zheng Zhang, and Lidong Zhou. 2013. Failure Recovery: When the Cure is Worse Than the Disease. In Proceedings of the 14th USENIX Conference on Hot Topics in Operating Systems (HotOS'13). USENIX Association, Berkeley, CA, USA, 8-8. http://dl.acm.org/citation.cfm?id= 2490483. 2490491Google ScholarGoogle Scholar
  26. Chris Hawblitzel, Jon Howell, Manos Kapritsos, Jacob R. Lorch, Bryan Parno, Michael L. Roberts, Srinath Setty, and Brian Zill. 2015. IronFleet: Proving Practical Distributed Systems Correct. In Proceedings of the 25th Symposium on Operating Systems Principles (SOSP '15). ACM, New York, NY, USA, 1-17. https://doi.org/10.1145/2815400.2815428 Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Jifeng He, C. A. R. Hoare, and Jef W. Sanders. 1986. Data Refinement Refined. In Proc. ESOP.Google ScholarGoogle Scholar
  28. C. A. R. Hoare. 1969. An Axiomatic Basis for Computer Programming. Commun. ACM 12, 10 (Oct. 1969 ), 576-580. https://doi.org/10.1145/363235.363259 Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Daniel Jackson. 2006. Software Abstractions: Logic, Language, and Analysis. The MIT Press.Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Alan Jefrey. 2012. LTL types FRP: linear-time temporal logic propositions as types, proofs as functional reactive programs. In Proceedings of the sixth workshop on Programming languages meets program verification. 49-60.Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Annu John, Igor Konnov, Ulrich Schmid, Helmut Veith, and Josef Widder. 2013. Parameterized model checking of faulttolerant distributed algorithms by abstraction. In Proc. FMCAD.Google ScholarGoogle Scholar
  32. Kazuhiko Kato, Atsushi Ohori, Takeo Murakami, and Takashi Masuda. 1993. Distributed C language based on a higher-order RPC technique. ( 1993 ).Google ScholarGoogle Scholar
  33. Bas Ketsman, Aws Albarghouthi, and Paraschos Koutris. 2019. Distribution policies for datalog. Theory of Computing Systems ( 2019 ), 1-34.Google ScholarGoogle Scholar
  34. Charles Edwin Killian, James W. Anderson, Ryan Braud, Ranjit Jhala, and Amin M. Vahdat. 2007. Mace: Language Support for Building Distributed Systems. In Proc. PLDI.Google ScholarGoogle Scholar
  35. Nicolas Koh, Yao Li, Yishuai Li, Li-yao Xia, Lennart Beringer, Wolf Honoré, William Mansky, Benjamin C Pierce, and Steve Zdancewic. 2019. From C to interaction trees: specifying, verifying, and testing a networked server. In Proceedings of the 8th ACM SIGPLAN International Conference on Certified Programs and Proofs. ACM, 234-248.Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Igor Konnov, Marijana Lazić, Helmut Veith, and Josef Widder. 2017. A Short Counterexample Property for Safety and Liveness Verification of Fault-tolerant Distributed Algorithms. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL 2017 ). ACM, New York, NY, USA, 719-734. https://doi.org/10.1145/3009837.3009860 Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Leslie Lamport. 1994. The Temporal Logic of Actions. ACM Trans. Program. Lang. Syst. 16, 3 (May 1994 ), 872-923. https://doi.org/10.1145/177492.177726 Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Leslie Lamport. 1998. The Part-time Parliament. ACM Trans. Comput. Syst. 16, 2 ( 1998 ).Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Leslie Lamport. 2000. Distributed Algorithms in TLA (Abstract). In Proceedings of the Nineteenth Annual ACM Symposium on Principles of Distributed Computing (PODC '00). ACM, New York, NY, USA, 3-. https://doi.org/10.1145/343477.343497 Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Leslie Lamport. 2002. Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA.Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Mohsen Lesani, Christian J. Bell, and Adam Chlipala. 2016. Chapar: Certified Causally Consistent Distributed Key-value Stores. In Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '16). ACM, New York, NY, USA, 357-370. https://doi.org/10.1145/2837614.2837622 Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Yanhong A. Liu, Scott D. Stoller, Bo Lin, and Michael Gorbovitski. 2012. From Clarity to Eficiency for Distributed Algorithms. In Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA '12). ACM, New York, NY, USA, 395-410. https://doi.org/10.1145/2384616.2384645 Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Nancy Lynch and Frits W. Vaandrager. 1995. Forward and Backward Simulations Part I: Untimed Systems. 121 ( 09 1995 ), 214-233.Google ScholarGoogle Scholar
  44. Nancy A. Lynch and Mark R. Tuttle. 1989. An introduction to input/output automata. CWI Quarterly 2 ( 1989 ).Google ScholarGoogle Scholar
  45. Zohar Manna and Amir Pnueli. 1992. The Temporal Logic of Reactive and Concurrent Systems. Springer-Verlag New York, Inc., New York, NY, USA.Google ScholarGoogle Scholar
  46. Ognjen Marić, Christoph Sprenger, and David Basin. 2017. Cutof Bounds for Consensus Algorithms. In Computer Aided Verification, Rupak Majumdar and Viktor Kunčak (Eds.). Springer International Publishing, Cham, 217-237.Google ScholarGoogle Scholar
  47. Samuel Merten, Alexander Bagnall, and Gordon Stewart. 2018. Verified Learning Without Regret. In 27th European Symposium on Programming, ESOP 2018. 561-588.Google ScholarGoogle Scholar
  48. Heather Miller, Philipp Haller, Normen Müller, and Jocelyn Boullier. 2016. Function Passing: A Model for Typed, Distributed Functional Programming. In Proceedings of the 2016 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward! 2016 ). ACM, New York, NY, USA, 82-97. https://doi.org/10.1145/ 2986012.2986014 Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Madanlal Musuvathi and Dawson R. Engler. 2004. Model Checking Large Network Protocol Implementations. In Proc. NSDI.Google ScholarGoogle Scholar
  50. Chris Newcombe, Tim Rath, Fan Zhang, Bogdan Munteanu, Marc Brooker, and Michael Deardeuf. 2015. How Amazon Web Services Uses Formal Methods. Commun. ACM 58, 4 (March 2015 ), 66-73. https://doi.org/10.1145/2699417 Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. TLC: temporal logic of distributed components

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!