research-article

Public Access

WormSpace: A Modular Foundation for Simple, Verifiable Distributed Systems

Authors:

Hernán Vanzetto,

Srihari Radhakrishnan,

Mahesh Balakrishnan,

Zhong ShaoAuthors Info & Claims

SoCC '19: Proceedings of the ACM Symposium on Cloud Computing

Pages 299 - 311

https://doi.org/10.1145/3357223.3362739

Published: 20 November 2019 Publication History

Abstract

We propose the Write-Once Register (WOR) as an abstraction for building and verifying distributed systems. A WOR exposes a simple, data-centric API: clients can capture, write, and read it. Applications can use a sequence or a set of WORs to obtain properties such as durability, concurrency control, and failure atomicity. By hiding the logic for distributed coordination underneath a data-centric API, the WOR abstraction enables easy, incremental, and extensible implementation and verification of applications built above it. We present the design, implementation, and verification of a system called WormSpace that provides developers with an address space of WORs, implementing each WOR via a Paxos instance. We describe three applications built over WormSpace: a flexible, efficient Multi-Paxos implementation; a shared log implementation with lower append latency than the state-of-the-art; and a fault-tolerant transaction coordinator that uses an optimal number of round-trips. We show that these applications are simple, easy to verify, and match the performance of unverified monolithic implementations. We use a modular layered verification approach to link the proofs for WormSpace, its applications, and a verified operating system to produce the first verified distributed system stack from the application to the operating system.

References

[1]

Rakesh Agrawal, Michael J Carey, and Larry W McVoy. 1987. The performance of alternative strategies for dealing with deadlocks in database management systems. IEEE Transactions on Software Engineering 12 (1987), 1348--1363.

Digital Library

[2]

Ramnatthan Alagappan, Vijay Chidambaram, Thanumalayan Sankaranarayana Pillai, Aws Albarghouthi, Andrea C. Arpac-Dusseau, and Remzi H. Arpaci-Dusseau. 2015. Beyond storage APIs: provable semantics for storage stacks. In USENIX Conference on Hot Topics in Operating Systems. 20--20.

[3]

Mahesh Balakrishnan, Dahlia Malkhi, Vijayan Prabhakaran, Ted Wobber, Michael Wei, and John D Davis. 2012. CORFU: a shared log design for flash clusters. In USENIX Symposium on Networked Systems Design and Implementation. 1--14.

[4]

Mahesh Balakrishnan, Dahlia Malkhi, Ted Wobber, Ming Wu, Vijayan Prabhakaran, Michael Wei, John D Davis, Sriram Rao, Tao Zou, and Aviad Zuck. 2013. Tango: distributed data structures over a shared log. In ACM Symposium on Operating Systems Principles. 325--340.

Digital Library

[5]

Philip A Bernstein, Colin W Reid, and Sudipto Das. 2011. Hyder - a transactional record manager for shared flash. In Biennial Conference on Innovative Data Systems Research. 9--12.

[6]

Kenneth P Birman. 1993. The process group approach to reliable distributed computing. Commun. ACM 36, 12 (1993), 37--53.

Digital Library

[7]

Romain Boichat, Partha Dutta, Svend Frølund, and Rachid Guerraoui. 2003. Deconstructing Paxos. SIGACT News 34, 1 (2003), 47--67.

Digital Library

[8]

Barry Bond, Chris Hawblitzel, Manos Kapritsos, K. Rustan M. Leino, Jacob R. Lorch, Bryan Parno, Ashay Rane, Srinath T. V. Setty, and Laure Thompson. 2017. Vale: verifying high-performance cryptographic assembly code. In USENIX Security Symposium. 917--934.

[9]

Mike Burrows. 2006. The Chubby lock service for loosely-coupled distributed systems. In USENIX Symposium on Operating Systems Design and Implementation. 335--350.

Digital Library

[10]

Miguel Castro and Barbara Liskov. 1999. Practical Byzantine fault tolerance. In USENIX Symposium on Operating Systems Design and Implementation. 173--186.

[11]

Haogang Chen, Daniel Ziegler, Tej Chajed, Adam Chlipala, M. Frans Kaashoek, and Nickolai Zeldovich. 2015. Using crash Hoare logic for certifying the FSCQ file system. In ACM Symposium on Operating Systems Principles. 18--37.

Digital Library

[12]

James Cowling, Daniel Myers, Barbara Liskov, Rodrigo Rodrigues, and Liuba Shrira. 2006. HQ replication: a hybrid quorum protocol for Byzantine fault tolerance. In USENIX Symposium on Operating Systems Design and Implementation. 177--190.

[13]

Leonardo De Moura and Nikolaj Bjørner. 2008. Z3: an efficient SMT solver. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems. 337--340.

Digital Library

[14]

The Coq development team. 2018. The Coq proof assistant. http://coq.inria.fr.

[15]

Adam Dunkels. 2001. Design and implementation of the lwIP TCP/IP stack. Technical Report. Swedish Institute of Computer Science.

[16]

Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, and Bryan Parno. 2017. Komodo: using verification to disentangle secure-enclave hardware from software. In ACM Symposium on Operating Systems Principles. 287--305.

Digital Library

[17]

Pedro Fonseca, Kaiyuan Zhang, Xi Wang, and Arvind Krishnamurthy. 2017. An empirical study on the correctness of formally verified distributed systems. In European Conference on Computer Systems. 328--343.

Digital Library

[18]

Svend Frolund and Rachid Guerraoui. 2001. Implementing e-transactions with asynchronous replication. IEEE Transactions on Parallel and Distributed Systems 12, 2 (2001), 133--146.

Digital Library

[19]

Eli Gafni and Leslie Lamport. 2003. Disk Paxos. Distributed Computing 16, 1 (2003), 1--20.

Digital Library

[20]

Álvaro García-Pérez, Alexey Gotsman, Yuri Meshman, and Ilya Sergey. 2018. Paxos consensus, deconstructed and abstracted. In European Symposium on Programming. 912--939.

[21]

Jim Gray and Leslie Lamport. 2006. Consensus on transaction commit. ACM Transactions on Database Systems 31, 1 (2006), 133--160.

Digital Library

[22]

James N Gray. 1978. Notes on data base operating systems. In Operating Systems: An Advanced Course. Springer, 393--481.

Digital Library

[23]

Ronghui Gu, Jérémie Koenig, Tahina Ramananandro, Zhong Shao, Xiongnan (Newman) Wu, Shu-Chun Weng, Haozhong Zhang, and Yu Guo. 2015. Deep specifications and certified abstraction layers. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. 595--608.

Digital Library

[24]

Ronghui Gu, Zhong Shao, Hao Chen, Xiongnan Wu, Jieung Kim, Vilhelm Sjöberg, and David Costanzo. 2016. CertiKOS: an extensible architecture for building certified concurrent OS kernels. In USENIX Conference on Operating Systems Design and Implementation. 653--669.

[25]

Ronghui Gu, Zhong Shao, Jieung Kim, Xiongnan Wu, Jérémie Koenig, Vilhelm Sjöberg, Hao Chen, David Costanzo, and Tahina Ramananandro. 2018. Certified concurrent abstraction layers. In ACM SIGPLAN Conference on Programming Language Design and Implementation. 646--661.

Digital Library

[26]

Vassos Hadzilacos. 1990. On the relationship between the atomic commitment and consensus problems. In Fault-Tolerant Distributed Computing. Springer, 201--208.

[27]

Chris Hawblitzel, Jon Howell, Manos Kapritsos, Jacob R. Lorch, Bryan Parno, Michael L. Roberts, Srinath Setty, and Brian Zill. 2015. Iron Fleet: proving practical distributed systems correct. In ACM Symposium on Operating Systems Principles. 1--17.

Digital Library

[28]

Chris Hawblitzel, Jon Howell, Jacob R. Lorch, Arjun Narayan, Bryan Parno, Danfeng Zhang, and Brian Zill. 2014. Ironclad apps: end-to-end security via automated full-system verification. In USENIX Conference on Operating Systems Design and Implementation. 165--181.

[29]

Maurice Herlihy. 1991. Wait-free synchronization. ACM Transactions on Programming Languages and Systems 13, 1 (1991), 124--149.

Digital Library

[30]

Patrick Hunt, Mahadev Konar, Flavio Paiva Junqueira, and Benjamin Reed. 2010. ZooKeeper: wait-free coordination for internet-scale systems. In USENIX Annual Technical Conference, Vol. 8. 9.

Digital Library

[31]

Flavio P. Junqueira, Benjamin C. Reed, and Marco Serafini. 2011. Zab: high-performance broadcast for primary-backup systems. In IEEE/IFIP International Conference on Dependable Systems Networks. 245--256.

Digital Library

[32]

Jieung Kim, Vilhelm SjÃűberg, Ronghui Gu, and Zhong Shao. 2017. Safety and liveness of MCS lockâĂŤlayer by layer. In Asian Symposium on Programming Languages and Systems. 273--297.

[33]

Leslie Lamport. 1998. The part-time parliament. ACM Transactions on Computer Systems 16, 2 (1998), 133--169.

Digital Library

[34]

Leslie Lamport. 2001. Paxos made simple. SIGACT News 32, 4 (Dec. 2001), 51--58.

[35]

Leslie Lamport, Dahlia Malkhi, and Lidong Zhou. 2009. Vertical Paxos and primary-backup replication. In ACM Symposium on Principles of Distributed Computing. 312--313.

Digital Library

[36]

K. Rustan M. Leino. 2010. Dafny: an automatic program verifier for functional correctness. In International Conference on Logic for Programming, Artificial Intelligence, and Reasoning. 348--370.

[37]

Harry C Li, Allen Clement, Amitanand S Aiyer, and Lorenzo Alvisi. 2007. The Paxos register. In IEEE International Symposium on Reliable Distributed Systems. IEEE, 114--126.

[38]

Hongjin Liang, Xinyu Feng, and Ming Fu. 2012. A rely-guarantee-based simulation for verifying concurrent program transformations. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. 455--468.

Digital Library

[39]

Xiaoming Liu, Christoph Kreitz, Robbert Van Renesse, Jason Hickey, Mark Hay-den, Kenneth Birman, and Robert Constable. 1999. Building reliable, highperformance communication systems from components. In ACM Symposium on Operating Systems Principles. 80--92.

[40]

Joshua Lockerman, Jose M Faleiro, Juno Kim, Soham Sankaran, Daniel J Abadi, James Aspnes, Siddhartha Sen, and Mahesh Balakrishnan. 2018. The FuzzyLog: a partially ordered shared log. In USENIX Symposium on Operating Systems Design and Implementation. 357--372.

[41]

Haohui Mai, Edgar Pek, Hui Xue, Samuel Talmadge King, and Parthasarathy Madhusudan. 2013. Verifying security invariants in ExpressOS. In International Conference on Architectural Support for Programming Languages and Operating Systems. 293--304.

Digital Library

[42]

Dahlia Malkhi, Mahesh Balakrishnan, John D Davis, Vijayan Prabhakaran, and Ted Wobber. 2012. From Paxos to CORFU: a flash-speed shared log. ACM SIGOPS Operating Systems Review 46, 1 (2012), 47--51.

Digital Library

[43]

Iulian Moraru, David G. Andersen, and Michael Kaminsky. 2013. There is more consensus in Egalitarian parliaments. In ACM Symposium on Operating Systems Principles. 358--372.

Digital Library

[44]

Shuai Mu, Lamont Nelson, Wyatt Lloyd, and Jinyang Li. 2016. Consolidating concurrency control and consensus for commits under conflicts. In USENIX Conference on Operating Systems Design and Implementation. 517--532.

[45]

Luke Nelson, Helgi Sigurbjarnarson, Kaiyuan Zhang, Dylan Johnson, James Bornholt, Emina Torlak, and Xi Wang. 2017. Hyperkernel: push-button verification of an OS kernel. In ACM Symposium on Operating Systems Principles. 252--269.

Digital Library

[46]

Diego Ongaro and John K Ousterhout. 2014. In search of an understandable consensus algorithm. In USENIX Annual Technical Conference. 305--319.

Digital Library

[47]

Oded Padon, Giuliano Losa, Mooly Sagiv, and Sharon Shoham. 2017. Paxos made EPR: decidable reasoning about distributed protocols. Proceedings of the ACM on Programming Languages 1, OOPSLA (Oct. 2017), 108:1--108:31.

Digital Library

[48]

S. A. Plotkin. 1989. Sticky bits and universality of consensus. In ACM Symposium on Principles of Distributed Computing. 159--175.

Digital Library

[49]

Fred B Schneider. 1990. Implementing fault-tolerant services using the state machine approach: a tutorial. Comput. Surveys 22, 4 (1990), 299--319.

Digital Library

[50]

Ilya Sergey, James R. Wilcox, and Zachary Tatlock. 2018. Programming and proving with distributed protocols. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. 28:1--28:30.

Digital Library

[51]

Helgi Sigurbjarnarson, James Bornholt, Emina Torlak, and Xi Wang. 2016. Pushbutton verification of file systems via crash refinement. In USENIX Conference on Operating Systems Design and Implementation. 1--16.

[52]

Andrew S. Tanenbaum and Maarten van Steen. 2006. Distributed systems: principles and paradigms (2nd edition). Prentice-Hall, Inc.

[53]

Marcelo Taube, Giuliano Losa, Kenneth L. McMillan, Oded Padon, Mooly Sagiv, Sharon Shoham, James R. Wilcox, and Doug Woos. 2018. Modularity for decidability: implementing and semi-automatically verifying distributed systems. In ACM SIGPLAN Conference on Programming Language Design and Implementation. 662--677.

[54]

Jeff Terrace and Michael J Freedman. 2009. Object storage on CRAQ: high-throughput chain replication for read-mostly workloads. In USENIX Annual Technical Conference. 11--11.

[55]

Robbert Van Renesse and Deniz Altinbuken. 2015. Paxos made moderately complex. Comput. Surveys 47, 3 (2015), 42.

[56]

Robbert Van Renesse, Kenneth P Birman, and Silvano Maffeis. 1996. Horus: a flexible group communication system. Commun. ACM 39, 4 (1996), 76--83.

Digital Library

[57]

Robbert Van Renesse and Fred B Schneider. 2004. Chain replication for supporting high throughput and availability. In USENIX Conference on Operating Systems Design and Implementation. 91--104.

[58]

VMware Research. 2018. CorfuDB. https://www.github.com/CorfuDB/CorfuDB.

[59]

James R. Wilcox, Doug Woos, Pavel Panchekha, Zachary Tatlock, Xi Wang, Michael D. Ernst, and Thomas Anderson. 2015. Verdi: a framework for implementing and formally verifying distributed systems. In ACM SIGPLAN Conference on Programming Language Design and Implementation. 357--368.

Digital Library

[60]

Doug Woos, James R. Wilcox, Steve Anton, Zachary Tatlock, Michael D. Ernst, and Thomas Anderson. 2016. Planning for change in a formal verification of the Raft consensus protocol. In ACM SIGPLAN Conference on Certified Programs and Proofs. 154--165.

Digital Library

[61]

Irene Zhang, Naveen Kr. Sharma, Adriana Szekeres, Arvind Krishnamurthy, and Dan R. K. Ports. 2015. Building consistent transactions with inconsistent replication. In ACM Symposium on Operating Systems Principles. 263--278.

Cited By

Lai ZCui FFan HLo EZhou WLi F(2024)Occam's Razor for Distributed ProtocolsProceedings of the 2024 ACM Symposium on Cloud Computing10.1145/3698038.3698514(618-636)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3698038.3698514
Kim JGu RShao Z(2024) SimplMMJournal of Systems Architecture: the EUROMICRO Journal10.1016/j.sysarc.2023.103049147:COnline publication date: 17-Apr-2024
https://dl.acm.org/doi/10.1016/j.sysarc.2023.103049
Kim JKoenig JChen HGu RShao Z(2024) ThreadAbsJournal of Systems Architecture: the EUROMICRO Journal10.1016/j.sysarc.2023.103046147:COnline publication date: 17-Apr-2024
https://dl.acm.org/doi/10.1016/j.sysarc.2023.103046
Show More Cited By

Index Terms

WormSpace: A Modular Foundation for Simple, Verifiable Distributed Systems
1. Computer systems organization
  1. Architectures
    1. Distributed architectures
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification
  2. Software organization and properties
    1. Software system structures
      1. Distributed systems organizing principles

Recommendations

Efficient Verification of Sequential and Concurrent C Programs

There has been considerable progress in the domain of software verification over the last few years. This advancement has been driven, to a large extent, by the emergence of powerful yet automated abstraction techniques such as predicate abstraction. ...
Formal verification of ASMs using MDGs

We present a framework for the formal verification of abstract state machine (ASM) designs using the multiway decision graphs (MDG) tool. ASM is a state based language for describing transition systems. MDG provides symbolic representation of transition ...
Transition predicate abstraction and fair termination
POPL '05: Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Predicate abstraction is the basis of many program verification tools. Until now, the only known way to overcome the inherent limitation of predicate abstraction to safety properties was to manually annotate the finite-state abstraction of a program. We ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SoCC '19: Proceedings of the ACM Symposium on Cloud Computing

November 2019

503 pages

ISBN:9781450369732

DOI:10.1145/3357223

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 November 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

National Science Foundation

Conference

SoCC '19

Sponsor:

SoCC '19: ACM Symposium on Cloud Computing

November 20 - 23, 2019

CA, Santa Cruz, USA

Acceptance Rates

SoCC '19 Paper Acceptance Rate 39 of 157 submissions, 25%;

Overall Acceptance Rate 169 of 722 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
928
Total Downloads

Downloads (Last 12 months)260
Downloads (Last 6 weeks)28

Reflects downloads up to 02 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Lai ZCui FFan HLo EZhou WLi F(2024)Occam's Razor for Distributed ProtocolsProceedings of the 2024 ACM Symposium on Cloud Computing10.1145/3698038.3698514(618-636)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3698038.3698514
Kim JGu RShao Z(2024) SimplMMJournal of Systems Architecture: the EUROMICRO Journal10.1016/j.sysarc.2023.103049147:COnline publication date: 17-Apr-2024
https://dl.acm.org/doi/10.1016/j.sysarc.2023.103049
Kim JKoenig JChen HGu RShao Z(2024) ThreadAbsJournal of Systems Architecture: the EUROMICRO Journal10.1016/j.sysarc.2023.103046147:COnline publication date: 17-Apr-2024
https://dl.acm.org/doi/10.1016/j.sysarc.2023.103046
Yang KYu JWei XYou FHuang HHuo X(2023)Survey of the Formal Verification of Operating Systems in Power Monitoring SystemProceedings of the 2023 5th International Conference on Pattern Recognition and Intelligent Systems10.1145/3609703.3609714(65-70)Online publication date: 28-Jul-2023
https://dl.acm.org/doi/10.1145/3609703.3609714
Qian ZZhong SSun GXing XJin Y(2023)A Formal Approach to Design and Security Verification of Operating Systems for Intelligent Transportation Systems Based on Object ModelIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2022.322438524:12(15459-15467)Online publication date: Dec-2023
https://doi.org/10.1109/TITS.2022.3224385
Honoré WShin JKim JShao ZJhala RDillig I(2022)Adore: atomic distributed objects with certified reconfigurationProceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3519939.3523444(379-394)Online publication date: 9-Jun-2022
https://dl.acm.org/doi/10.1145/3519939.3523444
Honoré WKim JShin JShao Z(2021)Much ADO about failures: a fault-aware model for compositional verification of strongly consistent distributed systemsProceedings of the ACM on Programming Languages10.1145/34854745:OOPSLA(1-31)Online publication date: 15-Oct-2021
https://dl.acm.org/doi/10.1145/3485474
Qian ZLiu WYao Y(2021)Verification of Operating Systems for Internet of Things in Smart Cities From the Assembly Perspective Using Isabelle/HOLIEEE Access10.1109/ACCESS.2020.30474119(2854-2863)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2020.3047411
Qian ZJin YSun GXing XXia K(2021)Formal design and verification of system task in intelligent transportation systems based on micro-kernel architectureJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-021-03454-9Online publication date: 29-Aug-2021
https://doi.org/10.1007/s12652-021-03454-9

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten