Abstract
We present the first specification and verification of an implementation of a causally-consistent distributed database that supports modular verification of full functional correctness properties of clients and servers. We specify and reason about the causally-consistent distributed database in Aneris, a higher-order distributed separation logic for an ML-like programming language with network primitives for programming distributed systems. We demonstrate that our specifications are useful, by proving the correctness of small, but tricky, synthetic examples involving causal dependency and by verifying a session manager library implemented on top of the distributed database. We use Aneris's facilities for modular specification and verification to obtain a highly modular development, where each component is verified in isolation, relying only on the specifications (not the implementations) of other components. We have used the Coq formalization of the Aneris logic to formalize all the results presented in the paper in the Coq proof assistant.
- Tatsuya Abe and Toshiyuki Maeda. 2016. Observation-Based Concurrent Program Logic for Relaxed Memory Consistency Models. In Programming Languages and Systems-14th Asian Symposium, APLAS 2016, Hanoi, Vietnam, November 21-23, 2016, Proceedings. 63-84. https://doi.org/10.1007/978-3-319-47958-3_4 Google Scholar
Cross Ref
- Atul Adya, Barbara Liskov, and Patrick E. O'Neil. 2000. Generalized Isolation Level Definitions. In Proceedings of the 16th International Conference on Data Engineering, San Diego, California, USA, February 28-March 3, 2000. 67-78. https://doi.org/10.1109/ICDE. 2000.839388 Google Scholar
Cross Ref
- Mustaque Ahamad, Gil Neiger, James E. Burns, Prince Kohli, and Phillip W. Hutto. 1995. Causal Memory: Definitions, Implementation, and Programming. Distributed Comput. 9, 1 ( 1995 ), 37-49. https://doi.org/10.1007/BF01784241 Google Scholar
Digital Library
- Jade Alglave, Luc Maranget, Susmit Sarkar, and Peter Sewell. 2010. Fences in Weak Memory Models. In Computer Aided Verification, 22nd International Conference, CAV 2010, Edinburgh, UK, July 15-19, 2010. Proceedings. 258-272. https: //doi.org/10.1007/978-3-642-14295-6_25 Google Scholar
Digital Library
- Alasdair Armstrong, Thomas Bauereiss, Brian Campbell, Alastair Reid, Kathryn E. Gray, Robert M. Norton, Prashanth Mundkur, Mark Wassell, Jon French, Christopher Pulte, Shaked Flur, Ian Stark, Neel Krishnaswami, and Peter Sewell. 2019. ISA semantics for ARMv8-a, RISC-v, and CHERI-MIPS. Proc. ACM Program. Lang. 3, POPL ( 2019 ), 71 : 1-71 : 31. https://doi.org/10.1145/3290384 Google Scholar
Digital Library
- Peter Bailis, Ali Ghodsi, Joseph M. Hellerstein, and Ion Stoica. 2013. Bolt-on causal consistency. In Proceedings of the ACM SIGMOD International Conference on Management of Data, SIGMOD 2013, New York, NY, USA, June 22-27, 2013. 761-772. https://doi.org/10.1145/2463676.2465279 Google Scholar
Digital Library
- Lars Birkedal and Aleš Bizjak. 2017. Lecture Notes on Iris: Higher-Order Concurrent Separation Log. ( 2017 ). http://irisproject.org/tutorial-pdfs/iris-lecture-notes.pdfGoogle Scholar
- Hans-Juergen Boehm and Sarita V. Adve. 2012. You don't know jack about shared variables or memory models. Commun. ACM 55, 2 ( 2012 ), 48-54. https://doi.org/10.1145/2076450.2076465 Google Scholar
Digital Library
- Richard Bornat, Jade Alglave, and Matthew J. Parkinson. 2015. New Lace and Arsenic: adventures in weak memory with a program logic. CoRR abs/1512.01416 ( 2015 ). arXiv: 1512.01416 http://arxiv.org/abs/1512.01416Google Scholar
- Ahmed Bouajjani, Constantin Enea, Rachid Guerraoui, and Jad Hamza. 2017. On verifying causal consistency. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2017, Paris, France, January 18-20, 2017. 626-638. http://dl.acm.org/citation.cfm?id= 3009888Google Scholar
Digital Library
- Jerzy Brzezinski, Cezary Sobaniec, and Dariusz Wawrzyniak. 2004. From Session Causality to Causal Consistency. In PDP. IEEE Computer Society, 152-158.Google Scholar
- Sebastian Burckhardt, Daan Leijen, Manuel Fähndrich, and Mooly Sagiv. 2012. Eventually Consistent Transactions. In Programming Languages and Systems-21st European Symposium on Programming, ESOP 2012, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012, Tallinn, Estonia, March 24-April 1, 2012. Proceedings. 67-86. https://doi.org/10.1007/978-3-642-28869-2_4 Google Scholar
Digital Library
- Andrea Cerone, Giovanni Bernardi, and Alexey Gotsman. 2015. A Framework for Transactional Consistency Models with Atomic Visibility. In 26th International Conference on Concurrency Theory, CONCUR 2015, Madrid, Spain, September 1.4, 2015. 58-71. https://doi.org/10.4230/LIPIcs.CONCUR. 2015.58 Google Scholar
- Andrea Cerone, Alexey Gotsman, and Hongseok Yang. 2017. Algebraic Laws for Weak Consistency. In 28th International Conference on Concurrency Theory, CONCUR 2017, September 5-8, 2017, Berlin, Germany (LIPIcs), Roland Meyer and Uwe Nestmann (Eds.), Vol. 85. Schloss Dagstuhl-Leibniz-Zentrum für Informatik, 26 : 1-26 : 18. https://doi.org/10.4230/LIPIcs. CONCUR. 2017.26 Google Scholar
Cross Ref
- Fay Chang, Jefrey Dean, Sanjay Ghemawat, Wilson C. Hsieh, Deborah A. Wallach, Michael Burrows, Tushar Chandra, Andrew Fikes, and Robert E. Gruber. 2008. Bigtable: A Distributed Storage System for Structured Data. ACM Trans. Comput. Syst. 26, 2 ( 2008 ), 4 : 1-4 : 26. https://doi.org/10.1145/1365815.1365816 Google Scholar
Digital Library
- Kristina Chodorow and Michael Dirolf. 2010. MongoDB-The Definitive Guide: Powerful and Scalable Data Storage. O'Reilly.Google Scholar
- Brian F. Cooper, Raghu Ramakrishnan, Utkarsh Srivastava, Adam Silberstein, Philip Bohannon, Hans-Arno Jacobsen, Nick Puz, Daniel Weaver, and Ramana Yerneni. 2008. PNUTS: Yahoo!'s hosted data serving platform. Proc. VLDB Endow. 1, 2 ( 2008 ), 1277-1288. https://doi.org/10.14778/1454159.1454167 Google Scholar
Digital Library
- Karl Crary and Michael J. Sullivan. 2015. A Calculus for Relaxed Memory. In Proceedings of the 42nd Annual ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, POPL 2015, Mumbai, India, January 15-17, 2015. 623-636. https://doi.org/10.1145/2676726.2676984 Google Scholar
Digital Library
- Natacha Crooks, Youer Pu, Lorenzo Alvisi, and Allen Clement. 2017. Seeing is Believing: A Client-Centric Specification of Database Isolation. In Proceedings of the ACM Symposium on Principles of Distributed Computing, PODC 2017, Washington, DC, USA, July 25-27, 2017. 73-82. https://doi.org/10.1145/3087801.3087802 Google Scholar
Digital Library
- Thomas Dinsdale-Young, Pedro da Rocha Pinto, and Philippa Gardner. 2018. A perspective on specifying and verifying concurrent modules. J. Log. Algebraic Methods Program. 98 ( 2018 ), 1-25. https://doi.org/10.1016/j.jlamp. 2018. 03.003 Google Scholar
Cross Ref
- Thomas Dinsdale-Young, Mike Dodds, Philippa Gardner, Matthew J. Parkinson, and Viktor Vafeiadis. 2010. Concurrent Abstract Predicates. In ECOOP 2010-Object-Oriented Programming, 24th European Conference, Maribor, Slovenia, June 21-25, 2010. Proceedings. 504-528. https://doi.org/10.1007/978-3-642-14107-2_24 Google Scholar
Cross Ref
- Marko Doko and Viktor Vafeiadis. 2016. A Program Logic for C11 Memory Fences. In Verification, Model Checking, and Abstract Interpretation-17th International Conference, VMCAI 2016, St. Petersburg, FL, USA, January 17-19, 2016. Proceedings. 413-430. https://doi.org/10.1007/978-3-662-49122-5_20 Google Scholar
Digital Library
- Seth Gilbert and Nancy A. Lynch. 2002. Brewer's conjecture and the feasibility of consistent, available, partition-tolerant web services. SIGACT News 33, 2 ( 2002 ), 51-59. https://doi.org/10.1145/564585.564601 Google Scholar
Digital Library
- Léon Gondelman, Simon Oddershede Gregersen, Abel Nieto, Amin Timany, and Lars Birkedal. 2020. Distributed Causal Memory: Modular Specification and Verification in Higher-Order Distributed Separation Logic-Technical Appendix. https://iris-project.org/pdfs/2021-popl-ccddb-appendix.pdfGoogle Scholar
- Alexey Gotsman, Hongseok Yang, Carla Ferreira, Mahsa Najafzadeh, and Marc Shapiro. 2016. 'Cause I'm strong enough: reasoning about consistency choices in distributed systems. In Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2016, St. Petersburg, FL, USA, January 20-22, 2016, Rastislav Bodík and Rupak Majumdar (Eds.). ACM, 371-384. https://doi.org/10.1145/2837614.2837625 Google Scholar
Digital Library
- Zhenyu Guo, Sean McDirmid, Mao Yang, Li Zhuang, Pu Zhang, Yingwei Luo, Tom Bergan, Madan Musuvathi, Zheng Zhang, and Lidong Zhou. 2013. Failure Recovery: When the Cure Is Worse Than the Disease. In 14th Workshop on Hot Topics in Operating Systems, HotOS XIV, Santa Ana Pueblo, New Mexico, USA, May 13-15, 2013. https://www.usenix.org/conference/ hotos13/session/guoGoogle Scholar
Digital Library
- Chris Hawblitzel, Jon Howell, Manos Kapritsos, Jacob R. Lorch, Bryan Parno, Michael L. Roberts, Srinath T. V. Setty, and Brian Zill. 2015. IronFleet: proving practical distributed systems correct. In Proceedings of the 25th Symposium on Operating Systems Principles, SOSP 2015, Monterey, CA, USA, October 4-7, 2015. 1-17. https://doi.org/10.1145/2815400.2815428 Google Scholar
Digital Library
- Gerard J. Holzmann. 1997. The Model Checker SPIN. IEEE Trans. Software Eng. 23, 5 ( 1997 ), 279-295. https://doi.org/10. 1109/32.588521 Google Scholar
Digital Library
- Ralf Jung, Robbert Krebbers, Lars Birkedal, and Derek Dreyer. 2016. Higher-order ghost state. In Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming, ICFP 2016, Nara, Japan, September 18-22, 2016. 256-269. https://doi.org/10.1145/2951913.2951943 Google Scholar
Digital Library
- Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Ales Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. J. Funct. Program. 28 ( 2018 ), e20. https://doi.org/10.1017/S0956796818000151 Google Scholar
Cross Ref
- Ralf Jung, David Swasey, Filip Sieczkowski, Kasper Svendsen, Aaron Turon, Lars Birkedal, and Derek Dreyer. 2015. Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2015, Mumbai, India, January 15-17, 2015. 637-650. https://doi.org/10.1145/2676726.2676980 Google Scholar
Digital Library
- Jan-Oliver Kaiser, Hoang-Hai Dang, Derek Dreyer, Ori Lahav, and Viktor Vafeiadis. 2017. Strong Logic for Weak Memory: Reasoning About Release-Acquire Consistency in Iris. In 31st European Conference on Object-Oriented Programming, ECOOP 2017, June 19-23, 2017, Barcelona, Spain. 17 : 1-17 : 29. https://doi.org/10.4230/LIPIcs.ECOOP. 2017.17 Google Scholar
Cross Ref
- Gowtham Kaki, Kartik Nagar, Mahsa Najafzadeh, and Suresh Jagannathan. 2018. Alone together: compositional reasoning and inference for weak isolation. Proc. ACM Program. Lang. 2, POPL ( 2018 ), 27 : 1-27 : 34. https://doi.org/10.1145/3158115 Google Scholar
Digital Library
- Charles Edwin Killian, James W. Anderson, Ryan Braud, Ranjit Jhala, and Amin Vahdat. 2007. Mace: language support for building distributed systems. In Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation, San Diego, California, USA, June 10-13, 2007. 179-188. https://doi.org/10.1145/1250734.1250755 Google Scholar
Digital Library
- Robbert Krebbers, Jacques-Henri Jourdan, Ralf Jung, Joseph Tassarotti, Jan-Oliver Kaiser, Amin Timany, Arthur Charguéraud, and Derek Dreyer. 2018. MoSeL: a general, extensible modal framework for interactive proofs in separation logic. PACMPL 2, ICFP ( 2018 ), 77 : 1-77 : 30. https://doi.org/10.1145/3236772 Google Scholar
Digital Library
- Robbert Krebbers, Amin Timany, and Lars Birkedal. 2017. Interactive proofs in higher-order concurrent separation logic. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2017, Paris, France, January 18-20, 2017. 205-217. http://dl.acm.org/citation.cfm?id= 3009855Google Scholar
Digital Library
- Morten Krogh-Jespersen, Amin Timany, Marit Edna Ohlenbusch, Simon Oddershede Gregersen, and Lars Birkedal. 2020. Aneris: A Mechanised Logic for Modular Reasoning about Distributed Systems. In Programming Languages and Systems-29th European Symposium on Programming, ESOP 2020, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2020, Dublin, Ireland, April 25-30, 2020, Proceedings. 336-365. https://doi.org/10.1007/978-3-030-44914-8_13 Google Scholar
Digital Library
- Ori Lahav. 2019. Verification under causally consistent shared memory. ACM SIGLOG News 6, 2 ( 2019 ), 43-56. https: //doi.org/10.1145/3326938.3326942 Google Scholar
Digital Library
- Ori Lahav and Udi Boker. 2020. Decidable verification under a causally consistent shared memory. In Proceedings of the 41st ACM SIGPLAN International Conference on Programming Language Design and Implementation, PLDI 2020, London, UK, June 15-20, 2020. 211-226. https://doi.org/10.1145/3385412.3385966 Google Scholar
Digital Library
- Leslie Lamport. 1992. Hybrid Systems in TLA+. In Hybrid Systems. 77-102. https://doi.org/10.1007/3-540-57318-6_25 Google Scholar
Cross Ref
- K. Rustan M. Leino. 2010. Dafny: An Automatic Program Verifier for Functional Correctness. In Logic for Programming, Artificial Intelligence, and Reasoning-16th International Conference, LPAR-16, Dakar, Senegal, April 25-May 1, 2010, Revised Selected Papers. 348-370. https://doi.org/10.1007/978-3-642-17511-4_20 Google Scholar
Cross Ref
- Mohsen Lesani, Christian J. Bell, and Adam Chlipala. 2016. Chapar: certified causally consistent distributed key-value stores. In Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2016, St. Petersburg, FL, USA, January 20-22, 2016. 357-370. https://doi.org/10.1145/2837614.2837622 Google Scholar
Digital Library
- Wyatt Lloyd, Michael J. Freedman, Michael Kaminsky, and David G. Andersen. 2011. Don't settle for eventual: scalable causal consistency for wide-area storage with COPS. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles 2011, SOSP 2011, Cascais, Portugal, October 23-26, 2011. 401-416. https://doi.org/10.1145/2043556.2043593 Google Scholar
Digital Library
- Sela Mador-Haim, Luc Maranget, Susmit Sarkar, Kayvan Memarian, Jade Alglave, Scott Owens, Rajeev Alur, Milo M. K. Martin, Peter Sewell, and Derek Williams. 2012. An Axiomatic Memory Model for POWER Multiprocessors. In Computer Aided Verification-24th International Conference, CAV 2012, Berkeley, CA, USA, July 7-13, 2012 Proceedings. 495-512. https://doi.org/10.1007/978-3-642-31424-7_36 Google Scholar
Digital Library
- Amir Pnueli. 1977. The Temporal Logic of Programs. In 18th Annual Symposium on Foundations of Computer Science, Providence, Rhode Island, USA, 31 October-1 November 1977. 46-57. https://doi.org/10.1109/SFCS. 1977.32 Google Scholar
Digital Library
- Sven Schewe and Lijun Zhang (Eds.). 2018. 29th International Conference on Concurrency Theory, CONCUR 2018, September 4-7, 2018, Beijing, China. LIPIcs, Vol. 118. Schloss Dagstuhl-Leibniz-Zentrum für Informatik. http://www.dagstuhl.de/ dagpub/978-3-95977-087-3Google Scholar
- Ilya Sergey, James R. Wilcox, and Zachary Tatlock. 2018. Programming and proving with distributed protocols. Proc. ACM Program. Lang. 2, POPL ( 2018 ), 28 : 1-28 : 30. https://doi.org/10.1145/3158116 Google Scholar
Digital Library
- Jaroslav Sevcík, Viktor Vafeiadis, Francesco Zappa Nardelli, Suresh Jagannathan, and Peter Sewell. 2011. Relaxed-memory concurrency and verified compilation. In Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2011, Austin, TX, USA, January 26-28, 2011. 43-54. https://doi.org/10.1145/1926385.1926393 Google Scholar
Digital Library
- Swaminathan Sivasubramanian. 2012. Amazon dynamoDB: a seamlessly scalable non-relational database service. In Proceedings of the ACM SIGMOD International Conference on Management of Data, SIGMOD 2012, Scottsdale, AZ, USA, May 20-24, 2012. 729-730. https://doi.org/10.1145/2213836.2213945 Google Scholar
Digital Library
- Kasper Svendsen, Lars Birkedal, and Matthew J. Parkinson. 2013. Modular Reasoning about Separation of Concurrent Data Structures. In Programming Languages and Systems-22nd European Symposium on Programming, ESOP 2013, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2013, Rome, Italy, March 16-24, 2013. Proceedings (Lecture Notes in Computer Science), Matthias Felleisen and Philippa Gardner (Eds.), Vol. 7792. Springer, 169-188. https://doi.org/10.1007/978-3-642-37036-6_11 Google Scholar
Digital Library
- Andrew S. Tanenbaum and Maarten van Steen. 2007. Distributed systems-principles and paradigms, 2nd Edition. Pearson Education.Google Scholar
Digital Library
- Douglas B. Terry, Alan J. Demers, Karin Petersen, Mike Spreitzer, Marvin Theimer, and Brent B. Welch. 1994. Session Guarantees for Weakly Consistent Replicated Data. In Proceedings of the Third International Conference on Parallel and Distributed Information Systems (PDIS 94), Austin, Texas, USA, September 28-30, 1994. 140-149. https://doi.org/10.1109/ PDIS. 1994.331722 Google Scholar
Cross Ref
- Aaron Turon, Viktor Vafeiadis, and Derek Dreyer. 2014. GPS: navigating weak memory with ghosts, protocols, and separation. In Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications, OOPSLA 2014, part of SPLASH 2014, Portland, OR, USA, October 20-24, 2014. 691-707. https://doi.org/10. 1145/2660193.2660243 Google Scholar
Digital Library
- Misha Tyulenev, Andy Schwerin, Asya Kamsky, Randolph Tan, Alyson Cabral, and Jack Mulrow. 2019. Implementation of Cluster-wide Logical Clock and Causal Consistency in MongoDB. In Proceedings of the 2019 International Conference on Management of Data, SIGMOD Conference 2019, Amsterdam, The Netherlands, June 30-July 5, 2019. 636-650. https: //doi.org/10.1145/3299869.3314049 Google Scholar
Digital Library
- Viktor Vafeiadis and Chinmay Narayan. 2013. Relaxed separation logic: a program logic for C11 concurrency. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications, OOPSLA 2013, part of SPLASH 2013, Indianapolis, IN, USA, October 26-31, 2013. 867-884. https://doi.org/10.1145/2509136. 2509532 Google Scholar
Digital Library
- James R. Wilcox, Doug Woos, Pavel Panchekha, Zachary Tatlock, Xi Wang, Michael D. Ernst, and Thomas E. Anderson. 2015. Verdi: a framework for implementing and formally verifying distributed systems. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, Portland, OR, USA, June 15-17, 2015. 357-368. https://doi.org/10.1145/2737924.2737958 Google Scholar
Digital Library
- Shale Xiong, Andrea Cerone, Azalea Raad, and Philippa Gardner. 2019. Data Consistency in Transactional Storage Systems: a Centralised Approach. CoRR abs/ 1901.10615 ( 2019 ). arXiv: 1901.10615 http://arxiv.org/abs/ 1901.10615Google Scholar
Index Terms
Distributed causal memory: modular specification and verification in higher-order distributed separation logic
Recommendations
Aneris: A Mechanised Logic for Modular Reasoning about Distributed Systems
Programming Languages and SystemsAbstractBuilding network-connected programs and distributed systems is a powerful way to provide scalability and availability in a digital, always-connected era. However, with great power comes great complexity. Reasoning about distributed systems is well-...
Higher-Order Separation Logic in Isabelle/HOLCF
We formalize higher-order separation logic for a first-order imperative language with procedures and local variables in Isabelle/HOLCF. The assertion language is modeled in such a way that one may use any theory defined in Isabelle/HOLCF to construct ...
Interactive proofs in higher-order concurrent separation logic
POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming LanguagesWhen using a proof assistant to reason in an embedded logic -- like separation logic -- one cannot benefit from the proof contexts and basic tactics of the proof assistant. This results in proofs that are at a too low level of abstraction because they ...






Comments