Skip to main content
SpringerLink
Log in

Protocol Conformance with Choreographic PlusCal

  • Conference paper
  • First Online:
Theoretical Aspects of Software Engineering (TASE 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13931))

Included in the following conference series:

  • 310 Accesses

Abstract

Distributed protocols, an essential part of modern computing infrastructure, are well-known to be difficult to implement correctly. While lightweight formal methods such as TLA\(^{+}\) can be effectively used to verify abstract protocols, end-to-end validation of real-world protocol implementations remains challenging due to their complexity. To address this problem, we extend the TLA\(^{+}\) toolset along two fronts. We propose several extensions to PlusCal – an algorithm language which compiles to TLA\(^{+}\) – to allow writing distributed protocols as choreographies. This enables more structured and succinct specifications for role-based protocols. We also provide a methodology and toolchain for compiling TLA\(^{+}\) models into monitors, allowing them to be used to test existing systems for conformance. The result is a lightweight testing method that bridges specification and implementation. We demonstrate its benefits with case studies of both classic and recent protocols and show it to be readily applicable to existing systems with low runtime overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Of the 99 TLA\(^{+}\) models in the official examples repository, 61 could be called distributed protocols and only 15 of them use PlusCal.

  2. 2.

    https://github.com/dariusf/tlaplus/tree/cpcal.

  3. 3.

    Choreographic PlusCal ensures these by construction, but they can also be satisfied in handwritten TLA\(^{+}\) models, so this methodology applies to them equally.

References

  1. Alkayed, H., Cirstea, H., Merz, S.: An extension of PlusCal for modeling distributed algorithms. In: TLA+ Community Event 2020 (2020)

    Google Scholar 

  2. Athalye, A.: CoqIOA: a formalization of IO automata in the Coq proof assistant. Ph.D. thesis, Massachusetts Institute of Technology (2017)

    Google Scholar 

  3. Burlò, C.B., Francalanza, A., Scalas, A.: On the monitorability of session types, in theory and practice. In: 35th European Conference on Object-Oriented Programming (ECOOP 2021). Schloss Dagstuhl-Leibniz-Zentrum für Informatik (2021)

    Google Scholar 

  4. Biely, M., Delgado, P., Milosevic, Z., Schiper, A.: Distal: a framework for implementing fault-tolerant distributed algorithms. In: International Conference on Dependable Systems and Networks (DSN), pp. 1–8. IEEE (2013)

    Google Scholar 

  5. Bocchi, L., Chen, T.-C., Demangeon, R., Honda, K., Yoshida, N.: Monitoring networks through multiparty session types. In: Beyer, D., Boreale, M. (eds.) FMOODS/FORTE -2013. LNCS, vol. 7892, pp. 50–65. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38592-6_5

    Chapter  Google Scholar 

  6. Bornholt, J., et al.: Using lightweight formal methods to validate a key-value storage node in Amazon S3. In: Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles, pp. 836–850 (2021)

    Google Scholar 

  7. Costa, R.M.: Compiling distributed system specifications into implementations. Ph.D. thesis, University of British Columbia (2019)

    Google Scholar 

  8. Davis, A., Hirschhorn, M., Schvimer, J.: Extreme modelling in practice. arXiv preprint arXiv:2006.00915 (2020)

  9. Deniélou, P.-M., Yoshida, N.: Dynamic multirole session types. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 435–446 (2011)

    Google Scholar 

  10. Desai, A., Gupta, V., Jackson, E., Qadeer, S., Rajamani, S., Zufferey, D.: P: safe asynchronous event-driven programming. ACM SIGPLAN Notices 48(6), 321–332 (2013)

    Article  Google Scholar 

  11. Desai, A., Phanishayee, A., Qadeer, S., Seshia, S.A.: Compositional programming and testing of dynamic distributed systems. (OOPSLA) 2, 1–30 (2018)

    Google Scholar 

  12. Garland, S.J., Lynch, N.A., Vaziri, M.: IOA: A Language for Specifying, Programming, and Validating Distributed Systems. Unpublished Manuscript (1997)

    Google Scholar 

  13. Giallorenzo, S., Montesi, F., Peressotti, M.: Choreographies as objects. arXiv

    Google Scholar 

  14. Honda, K., Yoshida, N., Carbone, M.: Multiparty asynchronous session types. In: POPL, pp. 273–284 (2008)

    Google Scholar 

  15. Howard, Y., Gruner, S., Gravell, A., Ferreira, C., Augusto, J.C.: Model-based trace-checking. arXiv preprint arXiv:1111.2825 (2011)

  16. Hsieh, C., Mitra, S.: Dione: a protocol verification system built with Dafny for I/O automata. In: Ahrendt, W., Tapia Tarifa, S.L. (eds.) IFM 2019. LNCS, vol. 11918, pp. 227–245. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34968-4_13

    Chapter  Google Scholar 

  17. Killian, C.E., Anderson, J.W., Braud, R., Jhala, R., Vahdat, A.M.: Mace: language support for building distributed systems. ACM Sigplan Not. 179–188 (2007)

    Google Scholar 

  18. Kingsbury, K.: A framework for distributed systems verification, with fault injection (2022)

    Google Scholar 

  19. Kingsbury, K., Alvaro, P.: Elle: inferring isolation anomalies from experimental observations. arXiv preprint arXiv:2003.10554 (2020)

  20. Lamport, L.: The temporal logic of actions. ACM Trans. Program. Lang. Syst. (TOPLAS) 16(3), 872–923 (1994)

    Article  Google Scholar 

  21. Lamport, L.: Specifying Systems, vol. 388. Addison-Wesley, Boston (2002)

    Google Scholar 

  22. Lamport, L.: The PlusCal algorithm language. In: Leucker, M., Morgan, C. (eds.) ICTAC 2009. LNCS, vol. 5684, pp. 36–60. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03466-4_2

    Chapter  Google Scholar 

  23. Lampson, B., Sturgis, H.E.: Crash recovery in a distributed data storage system (1979)

    Google Scholar 

  24. Liu, Y.A., Stoller, S.D., Lin, B., Gorbovitski, M.: From clarity to efficiency for distributed algorithms. Number OOPSLA, pp. 395–410 (2012)

    Google Scholar 

  25. Lynch, N.A., Tuttle, M.R.: Hierarchical correctness proofs for distributed algorithms. In: Proceedings of the Sixth Annual ACM Symposium on Principles of Distributed Computing, pp. 137–151 (1987)

    Google Scholar 

  26. Madhavapeddy, A.: Combining static model checking with dynamic enforcement using the Statecall policy language. In: Breitman, K., Cavalcanti, A. (eds.) ICFEM 2009. LNCS, vol. 5885, pp. 446–465. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10373-5_23

    Chapter  Google Scholar 

  27. Newcombe, C., Rath, T., Zhang, F., Munteanu, B., Brooker, M., Deardeuff, M.: How amazon web services uses formal methods. Commun. ACM 66–73 (2015)

    Google Scholar 

  28. Neykova, R., Bocchi, L., Yoshida, N.: Timed runtime monitoring for multiparty conversations. Formal Aspects Comput. 29(5), 877–910 (2017). https://doi.org/10.1007/s00165-017-0420-8

    Article  MathSciNet  MATH  Google Scholar 

  29. Neykova, R., Yoshida, N.: Multiparty session actors. In: Kühn, E., Pugliese, R. (eds.) COORDINATION 2014. LNCS, vol. 8459, pp. 131–146. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43376-8_9

    Chapter  Google Scholar 

  30. Neykova, R., Yoshida, N.: Let it recover: multiparty protocol-induced recovery. In: Proceedings of the 26th International Conference on Compiler Construction, pp. 98–108 (2017)

    Google Scholar 

  31. Ongaro, D.: TLA+ specification for the raft consensus algorithm (2022)

    Google Scholar 

  32. Ongaro, D., Ousterhout, J.: In search of an understandable consensus algorithm. In: USENIX, pp. 305–319 (2014)

    Google Scholar 

  33. Padon, O., McMillan, K.L., Panda, A., Sagiv, M., Shoham, S.: Ivy: safety verification by interactive generalization. In: PLDI, pp. 614–630 (2016)

    Google Scholar 

  34. Pressler, R.: Verifying software traces against a formal specification with TLA+ and TLC (2018)

    Google Scholar 

  35. Raynal, M.: A case study of agreement problems in distributed systems: non-blocking atomic commitment. In: HASE, pp. 209–214 (1997)

    Google Scholar 

  36. Sergey, I., Wilcox, J.R., Tatlock, Z.: Programming and proving with distributed protocols. 2(POPL), 1–30 (2017)

    Google Scholar 

  37. Tervoort, T., Prasetya, I.: Modeling and testing implementations of protocols with complex messages. arXiv preprint arXiv:1804.03927 (2018)

  38. TLAplus. A collection of TLA+ specifications of varying complexities (2022)

    Google Scholar 

  39. Wilcox, J.R., et al.: Verdi: a framework for implementing and formally verifying distributed systems. In: PLDI, pp. 357–368 (2015)

    Google Scholar 

  40. Yang, J., et al.: MODIST: transparent model checking of unmodified distributed systems (2009)

    Google Scholar 

  41. Yoshida, N., Hu, R., Neykova, R., Ng, N.: The Scribble protocol language. In: International Symposium on Trustworthy Global Computing, pp. 22–41 (2013)

    Google Scholar 

  42. Zhang, B.: PGo: corresponding a high-level formal specification with its implementation. In: SOSP SRC, p. 3 (2016)

    Google Scholar 

Download references

Acknowledgments

We would like to thank Ilya Sergey for the insights that led to this work, George Pîrlea for contributing to an early implementation of it, and Markus Kuppe, Leslie Lamport, and the anonymous reviewers for their thoughtful suggestions and comments.

Author information

Authors and Affiliations

  1. National University of Singapore, Singapore, Singapore

    Darius Foo, Andreea Costea & Wei-Ngan Chin

Authors
  1. Darius Foo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andreea Costea
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wei-Ngan Chin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Darius Foo , Andreea Costea or Wei-Ngan Chin .

Editor information

Editors and Affiliations

  1. University of Bristol, Bristol, UK

    Cristina David

  2. Peking University, Beijing, China

    Meng Sun

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Foo, D., Costea, A., Chin, WN. (2023). Protocol Conformance with Choreographic PlusCal. In: David, C., Sun, M. (eds) Theoretical Aspects of Software Engineering. TASE 2023. Lecture Notes in Computer Science, vol 13931. Springer, Cham. https://doi.org/10.1007/978-3-031-35257-7_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-35257-7_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-35256-0

  • Online ISBN: 978-3-031-35257-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation