Article

Protocol Conformance with Choreographic PlusCal

Authors:

Andreea Costea,

Wei-Ngan ChinAuthors Info & Claims

Theoretical Aspects of Software Engineering: 17th International Symposium, TASE 2023, Bristol, UK, July 4–6, 2023, Proceedings

Pages 126 - 145

https://doi.org/10.1007/978-3-031-35257-7_8

Published: 04 July 2023 Publication History

Abstract

Distributed protocols, an essential part of modern computing infrastructure, are well-known to be difficult to implement correctly. While lightweight formal methods such as TLA

^{+}

can be effectively used to verify abstract protocols, end-to-end validation of real-world protocol implementations remains challenging due to their complexity. To address this problem, we extend the TLA

^{+}

toolset along two fronts. We propose several extensions to PlusCal – an algorithm language which compiles to TLA

^{+}

– to allow writing distributed protocols as choreographies. This enables more structured and succinct specifications for role-based protocols. We also provide a methodology and toolchain for compiling TLA

^{+}

models into monitors, allowing them to be used to test existing systems for conformance. The result is a lightweight testing method that bridges specification and implementation. We demonstrate its benefits with case studies of both classic and recent protocols and show it to be readily applicable to existing systems with low runtime overhead.

References

[1]

Alkayed, H., Cirstea, H., Merz, S.: An extension of PlusCal for modeling distributed algorithms. In: TLA+ Community Event 2020 (2020)

[2]

Athalye, A.: CoqIOA: a formalization of IO automata in the Coq proof assistant. Ph.D. thesis, Massachusetts Institute of Technology (2017)

[3]

Burlò, C.B., Francalanza, A., Scalas, A.: On the monitorability of session types, in theory and practice. In: 35th European Conference on Object-Oriented Programming (ECOOP 2021). Schloss Dagstuhl-Leibniz-Zentrum für Informatik (2021)

[4]

Biely, M., Delgado, P., Milosevic, Z., Schiper, A.: Distal: a framework for implementing fault-tolerant distributed algorithms. In: International Conference on Dependable Systems and Networks (DSN), pp. 1–8. IEEE (2013)

[5]

Bocchi L, Chen T-C, Demangeon R, Honda K, and Yoshida N Beyer D and Boreale M Monitoring networks through multiparty session types Formal Techniques for Distributed Systems 2013 Heidelberg Springer 50-65

[6]

Bornholt, J., et al.: Using lightweight formal methods to validate a key-value storage node in Amazon S3. In: Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles, pp. 836–850 (2021)

[7]

Costa, R.M.: Compiling distributed system specifications into implementations. Ph.D. thesis, University of British Columbia (2019)

[8]

Davis, A., Hirschhorn, M., Schvimer, J.: Extreme modelling in practice. arXiv preprint arXiv:2006.00915 (2020)

[9]

Deniélou, P.-M., Yoshida, N.: Dynamic multirole session types. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 435–446 (2011)

[10]

Desai A, Gupta V, Jackson E, Qadeer S, Rajamani S, and Zufferey D P: safe asynchronous event-driven programming ACM SIGPLAN Notices 2013 48 6 321-332

[11]

Desai, A., Phanishayee, A., Qadeer, S., Seshia, S.A.: Compositional programming and testing of dynamic distributed systems. (OOPSLA) 2, 1–30 (2018)

[12]

Garland, S.J., Lynch, N.A., Vaziri, M.: IOA: A Language for Specifying, Programming, and Validating Distributed Systems. Unpublished Manuscript (1997)

[13]

Giallorenzo, S., Montesi, F., Peressotti, M.: Choreographies as objects. arXiv

[14]

Honda, K., Yoshida, N., Carbone, M.: Multiparty asynchronous session types. In: POPL, pp. 273–284 (2008)

[15]

Howard, Y., Gruner, S., Gravell, A., Ferreira, C., Augusto, J.C.: Model-based trace-checking. arXiv preprint arXiv:1111.2825 (2011)

[16]

Hsieh C and Mitra S Ahrendt W and Tapia Tarifa SL Dione: a protocol verification system built with Dafny for I/O automata Integrated Formal Methods 2019 Cham Springer 227-245

[17]

Killian, C.E., Anderson, J.W., Braud, R., Jhala, R., Vahdat, A.M.: Mace: language support for building distributed systems. ACM Sigplan Not. 179–188 (2007)

[18]

Kingsbury, K.: A framework for distributed systems verification, with fault injection (2022)

[19]

Kingsbury, K., Alvaro, P.: Elle: inferring isolation anomalies from experimental observations. arXiv preprint arXiv:2003.10554 (2020)

[20]

Lamport L The temporal logic of actions ACM Trans. Program. Lang. Syst. (TOPLAS) 1994 16 3 872-923

[21]

Lamport, L.: Specifying Systems, vol. 388. Addison-Wesley, Boston (2002)

[22]

Lamport L Leucker M and Morgan C The PlusCal algorithm language Theoretical Aspects of Computing - ICTAC 2009 2009 Heidelberg Springer 36-60

[23]

Lampson, B., Sturgis, H.E.: Crash recovery in a distributed data storage system (1979)

[24]

Liu, Y.A., Stoller, S.D., Lin, B., Gorbovitski, M.: From clarity to efficiency for distributed algorithms. Number OOPSLA, pp. 395–410 (2012)

[25]

Lynch, N.A., Tuttle, M.R.: Hierarchical correctness proofs for distributed algorithms. In: Proceedings of the Sixth Annual ACM Symposium on Principles of Distributed Computing, pp. 137–151 (1987)

[26]

Madhavapeddy A Breitman K and Cavalcanti A Combining static model checking with dynamic enforcement using the Statecall policy language Formal Methods and Software Engineering 2009 Heidelberg Springer 446-465

[27]

Newcombe, C., Rath, T., Zhang, F., Munteanu, B., Brooker, M., Deardeuff, M.: How amazon web services uses formal methods. Commun. ACM 66–73 (2015)

[28]

Neykova R, Bocchi L, and Yoshida N Timed runtime monitoring for multiparty conversations Formal Aspects Comput. 2017 29 5 877-910

[29]

Neykova R and Yoshida N Kühn E and Pugliese R Multiparty session actors Coordination Models and Languages 2014 Heidelberg Springer 131-146

[30]

Neykova, R., Yoshida, N.: Let it recover: multiparty protocol-induced recovery. In: Proceedings of the 26th International Conference on Compiler Construction, pp. 98–108 (2017)

[31]

Ongaro, D.: TLA+ specification for the raft consensus algorithm (2022)

[32]

Ongaro, D., Ousterhout, J.: In search of an understandable consensus algorithm. In: USENIX, pp. 305–319 (2014)

[33]

Padon, O., McMillan, K.L., Panda, A., Sagiv, M., Shoham, S.: Ivy: safety verification by interactive generalization. In: PLDI, pp. 614–630 (2016)

[34]

Pressler, R.: Verifying software traces against a formal specification with TLA+ and TLC (2018)

[35]

Raynal, M.: A case study of agreement problems in distributed systems: non-blocking atomic commitment. In: HASE, pp. 209–214 (1997)

[36]

Sergey, I., Wilcox, J.R., Tatlock, Z.: Programming and proving with distributed protocols. 2(POPL), 1–30 (2017)

[37]

Tervoort, T., Prasetya, I.: Modeling and testing implementations of protocols with complex messages. arXiv preprint arXiv:1804.03927 (2018)

[38]

TLAplus. A collection of TLA+ specifications of varying complexities (2022)

[39]

Wilcox, J.R., et al.: Verdi: a framework for implementing and formally verifying distributed systems. In: PLDI, pp. 357–368 (2015)

[40]

Yang, J., et al.: MODIST: transparent model checking of unmodified distributed systems (2009)

[41]

Yoshida, N., Hu, R., Neykova, R., Ng, N.: The Scribble protocol language. In: International Symposium on Trustworthy Global Computing, pp. 22–41 (2013)

[42]

Zhang, B.: PGo: corresponding a high-level formal specification with its implementation. In: SOSP SRC, p. 3 (2016)

Cited By

Cirstea HKuppe MLoillier BMerz S(2024)Validating Traces of Distributed Programs Against TLA+ SpecificationsSoftware Engineering and Formal Methods10.1007/978-3-031-77382-2_8(126-143)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1007/978-3-031-77382-2_8

Recommendations

The PlusCal Algorithm Language
ICTAC '09: Proceedings of the 6th International Colloquium on Theoretical Aspects of Computing

Algorithms are different from programs and should not be described with programming languages. The only simple alternative to programming languages has been pseudo-code. PlusCal is an algorithm language that can be used right now to replace pseudo-code, ...
Extending PlusCal for Modeling Distributed Algorithms
iFM 2023
Abstract
PlusCal is a language for describing algorithms at a high level of abstraction. The PlusCal translator generates a TLA⁺ specification that can be verified using the TLA⁺ model checkers or proof assistant. We describe Distributed PlusCal, an ...
Formal specification-based conformance testing

The paper discusses the use of formal specifications for conformance testing of OSI protocols and divides the discussion in two parts: test design and tester design. A draft standard formal specification of the Class 4 transport protocol in Estelle is ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Theoretical Aspects of Software Engineering: 17th International Symposium, TASE 2023, Bristol, UK, July 4–6, 2023, Proceedings

Jul 2023

374 pages

ISBN:978-3-031-35256-0

DOI:10.1007/978-3-031-35257-7

Editors:
Cristina David
University of Bristol, Bristol, UK
,
Meng Sun
Peking University, Beijing, China

© The Author(s), under exclusive license to Springer Nature Switzerland AG 2023.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 04 July 2023

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Cirstea HKuppe MLoillier BMerz S(2024)Validating Traces of Distributed Programs Against TLA+ SpecificationsSoftware Engineering and Formal Methods10.1007/978-3-031-77382-2_8(126-143)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1007/978-3-031-77382-2_8

View Options

View options

Media

Figures

Other

Tables

View Table of Contents