Abstract
Distributed protocols, an essential part of modern computing infrastructure, are well-known to be difficult to implement correctly. While lightweight formal methods such as TLA\(^{+}\) can be effectively used to verify abstract protocols, end-to-end validation of real-world protocol implementations remains challenging due to their complexity. To address this problem, we extend the TLA\(^{+}\) toolset along two fronts. We propose several extensions to PlusCal – an algorithm language which compiles to TLA\(^{+}\) – to allow writing distributed protocols as choreographies. This enables more structured and succinct specifications for role-based protocols. We also provide a methodology and toolchain for compiling TLA\(^{+}\) models into monitors, allowing them to be used to test existing systems for conformance. The result is a lightweight testing method that bridges specification and implementation. We demonstrate its benefits with case studies of both classic and recent protocols and show it to be readily applicable to existing systems with low runtime overhead.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Of the 99 TLA\(^{+}\) models in the official examples repository, 61 could be called distributed protocols and only 15 of them use PlusCal.
- 2.
- 3.
Choreographic PlusCal ensures these by construction, but they can also be satisfied in handwritten TLA\(^{+}\) models, so this methodology applies to them equally.
References
Alkayed, H., Cirstea, H., Merz, S.: An extension of PlusCal for modeling distributed algorithms. In: TLA+ Community Event 2020 (2020)
Athalye, A.: CoqIOA: a formalization of IO automata in the Coq proof assistant. Ph.D. thesis, Massachusetts Institute of Technology (2017)
Burlò, C.B., Francalanza, A., Scalas, A.: On the monitorability of session types, in theory and practice. In: 35th European Conference on Object-Oriented Programming (ECOOP 2021). Schloss Dagstuhl-Leibniz-Zentrum für Informatik (2021)
Biely, M., Delgado, P., Milosevic, Z., Schiper, A.: Distal: a framework for implementing fault-tolerant distributed algorithms. In: International Conference on Dependable Systems and Networks (DSN), pp. 1–8. IEEE (2013)
Bocchi, L., Chen, T.-C., Demangeon, R., Honda, K., Yoshida, N.: Monitoring networks through multiparty session types. In: Beyer, D., Boreale, M. (eds.) FMOODS/FORTE -2013. LNCS, vol. 7892, pp. 50–65. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38592-6_5
Bornholt, J., et al.: Using lightweight formal methods to validate a key-value storage node in Amazon S3. In: Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles, pp. 836–850 (2021)
Costa, R.M.: Compiling distributed system specifications into implementations. Ph.D. thesis, University of British Columbia (2019)
Davis, A., Hirschhorn, M., Schvimer, J.: Extreme modelling in practice. arXiv preprint arXiv:2006.00915 (2020)
Deniélou, P.-M., Yoshida, N.: Dynamic multirole session types. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 435–446 (2011)
Desai, A., Gupta, V., Jackson, E., Qadeer, S., Rajamani, S., Zufferey, D.: P: safe asynchronous event-driven programming. ACM SIGPLAN Notices 48(6), 321–332 (2013)
Desai, A., Phanishayee, A., Qadeer, S., Seshia, S.A.: Compositional programming and testing of dynamic distributed systems. (OOPSLA) 2, 1–30 (2018)
Garland, S.J., Lynch, N.A., Vaziri, M.: IOA: A Language for Specifying, Programming, and Validating Distributed Systems. Unpublished Manuscript (1997)
Giallorenzo, S., Montesi, F., Peressotti, M.: Choreographies as objects. arXiv
Honda, K., Yoshida, N., Carbone, M.: Multiparty asynchronous session types. In: POPL, pp. 273–284 (2008)
Howard, Y., Gruner, S., Gravell, A., Ferreira, C., Augusto, J.C.: Model-based trace-checking. arXiv preprint arXiv:1111.2825 (2011)
Hsieh, C., Mitra, S.: Dione: a protocol verification system built with Dafny for I/O automata. In: Ahrendt, W., Tapia Tarifa, S.L. (eds.) IFM 2019. LNCS, vol. 11918, pp. 227–245. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34968-4_13
Killian, C.E., Anderson, J.W., Braud, R., Jhala, R., Vahdat, A.M.: Mace: language support for building distributed systems. ACM Sigplan Not. 179–188 (2007)
Kingsbury, K.: A framework for distributed systems verification, with fault injection (2022)
Kingsbury, K., Alvaro, P.: Elle: inferring isolation anomalies from experimental observations. arXiv preprint arXiv:2003.10554 (2020)
Lamport, L.: The temporal logic of actions. ACM Trans. Program. Lang. Syst. (TOPLAS) 16(3), 872–923 (1994)
Lamport, L.: Specifying Systems, vol. 388. Addison-Wesley, Boston (2002)
Lamport, L.: The PlusCal algorithm language. In: Leucker, M., Morgan, C. (eds.) ICTAC 2009. LNCS, vol. 5684, pp. 36–60. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03466-4_2
Lampson, B., Sturgis, H.E.: Crash recovery in a distributed data storage system (1979)
Liu, Y.A., Stoller, S.D., Lin, B., Gorbovitski, M.: From clarity to efficiency for distributed algorithms. Number OOPSLA, pp. 395–410 (2012)
Lynch, N.A., Tuttle, M.R.: Hierarchical correctness proofs for distributed algorithms. In: Proceedings of the Sixth Annual ACM Symposium on Principles of Distributed Computing, pp. 137–151 (1987)
Madhavapeddy, A.: Combining static model checking with dynamic enforcement using the Statecall policy language. In: Breitman, K., Cavalcanti, A. (eds.) ICFEM 2009. LNCS, vol. 5885, pp. 446–465. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10373-5_23
Newcombe, C., Rath, T., Zhang, F., Munteanu, B., Brooker, M., Deardeuff, M.: How amazon web services uses formal methods. Commun. ACM 66–73 (2015)
Neykova, R., Bocchi, L., Yoshida, N.: Timed runtime monitoring for multiparty conversations. Formal Aspects Comput. 29(5), 877–910 (2017). https://doi.org/10.1007/s00165-017-0420-8
Neykova, R., Yoshida, N.: Multiparty session actors. In: Kühn, E., Pugliese, R. (eds.) COORDINATION 2014. LNCS, vol. 8459, pp. 131–146. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43376-8_9
Neykova, R., Yoshida, N.: Let it recover: multiparty protocol-induced recovery. In: Proceedings of the 26th International Conference on Compiler Construction, pp. 98–108 (2017)
Ongaro, D.: TLA+ specification for the raft consensus algorithm (2022)
Ongaro, D., Ousterhout, J.: In search of an understandable consensus algorithm. In: USENIX, pp. 305–319 (2014)
Padon, O., McMillan, K.L., Panda, A., Sagiv, M., Shoham, S.: Ivy: safety verification by interactive generalization. In: PLDI, pp. 614–630 (2016)
Pressler, R.: Verifying software traces against a formal specification with TLA+ and TLC (2018)
Raynal, M.: A case study of agreement problems in distributed systems: non-blocking atomic commitment. In: HASE, pp. 209–214 (1997)
Sergey, I., Wilcox, J.R., Tatlock, Z.: Programming and proving with distributed protocols. 2(POPL), 1–30 (2017)
Tervoort, T., Prasetya, I.: Modeling and testing implementations of protocols with complex messages. arXiv preprint arXiv:1804.03927 (2018)
TLAplus. A collection of TLA+ specifications of varying complexities (2022)
Wilcox, J.R., et al.: Verdi: a framework for implementing and formally verifying distributed systems. In: PLDI, pp. 357–368 (2015)
Yang, J., et al.: MODIST: transparent model checking of unmodified distributed systems (2009)
Yoshida, N., Hu, R., Neykova, R., Ng, N.: The Scribble protocol language. In: International Symposium on Trustworthy Global Computing, pp. 22–41 (2013)
Zhang, B.: PGo: corresponding a high-level formal specification with its implementation. In: SOSP SRC, p. 3 (2016)
Acknowledgments
We would like to thank Ilya Sergey for the insights that led to this work, George Pîrlea for contributing to an early implementation of it, and Markus Kuppe, Leslie Lamport, and the anonymous reviewers for their thoughtful suggestions and comments.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Foo, D., Costea, A., Chin, WN. (2023). Protocol Conformance with Choreographic PlusCal. In: David, C., Sun, M. (eds) Theoretical Aspects of Software Engineering. TASE 2023. Lecture Notes in Computer Science, vol 13931. Springer, Cham. https://doi.org/10.1007/978-3-031-35257-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-35257-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35256-0
Online ISBN: 978-3-031-35257-7
eBook Packages: Computer ScienceComputer Science (R0)