Model Checking Distributed Protocols in Must

Constantin Enea; Dimitra Giannakopoulou; Michalis Kokologiannakis; Rupak Majumdar

doi:10.1145/3689778

Model Checking Distributed Protocols in Must

Constantin Enea
, Dimitra Giannakopoulou
, Michalis Kokologiannakis
, Rupak Majumdar

Research output: Contribution to journal › Article › peer-review

Abstract

We describe the design and implementation of Must, a framework for modeling and automatically verifying distributed systems. Must provides a concurrency API that supports multiple communication models, on top of a mainstream programming language, such as Rust. Given a program using this API, Must verifies it by means of a novel, optimal dynamic partial order reduction algorithm that maintains completeness and optimality for all communication models supported by the API. We use Must to design and verify models of distributed systems in an industrial context. We demonstrate the usability of Must’s API by modeling high-level system idioms (e.g., timeouts, leader election, versioning) as abstractions over the core API, and demonstrate Must’s scalability by verifying systems employed in production (e.g., replicated logs, distributed transaction management protocols), the verification of which lies beyond the capacity of previous model checkers.

Original language	English
Article number	338
Journal	Proceedings of the ACM on Programming Languages
Volume	8
Issue number	OOPSLA2
DOIs	https://doi.org/10.1145/3689778
Publication status	Published - 8 Oct 2024
Externally published	Yes

Keywords

Distributed Systems
Model Checking

Access to Document

10.1145/3689778

Cite this

@article{819c9360e87a435d8a8305a39401ca4e,

title = "Model Checking Distributed Protocols in Must",

abstract = "We describe the design and implementation of Must, a framework for modeling and automatically verifying distributed systems. Must provides a concurrency API that supports multiple communication models, on top of a mainstream programming language, such as Rust. Given a program using this API, Must verifies it by means of a novel, optimal dynamic partial order reduction algorithm that maintains completeness and optimality for all communication models supported by the API. We use Must to design and verify models of distributed systems in an industrial context. We demonstrate the usability of Must{\textquoteright}s API by modeling high-level system idioms (e.g., timeouts, leader election, versioning) as abstractions over the core API, and demonstrate Must{\textquoteright}s scalability by verifying systems employed in production (e.g., replicated logs, distributed transaction management protocols), the verification of which lies beyond the capacity of previous model checkers.",

keywords = "Distributed Systems, Model Checking",

author = "Constantin Enea and Dimitra Giannakopoulou and Michalis Kokologiannakis and Rupak Majumdar",

note = "Publisher Copyright: {\textcopyright} 2024 owner/author(s)",

year = "2024",

month = oct,

day = "8",

doi = "10.1145/3689778",

language = "English",

volume = "8",

journal = "Proceedings of the ACM on Programming Languages",

issn = "2475-1421",

number = "OOPSLA2",

}

TY - JOUR

T1 - Model Checking Distributed Protocols in Must

AU - Enea, Constantin

AU - Giannakopoulou, Dimitra

AU - Kokologiannakis, Michalis

AU - Majumdar, Rupak

PY - 2024/10/8

Y1 - 2024/10/8

N2 - We describe the design and implementation of Must, a framework for modeling and automatically verifying distributed systems. Must provides a concurrency API that supports multiple communication models, on top of a mainstream programming language, such as Rust. Given a program using this API, Must verifies it by means of a novel, optimal dynamic partial order reduction algorithm that maintains completeness and optimality for all communication models supported by the API. We use Must to design and verify models of distributed systems in an industrial context. We demonstrate the usability of Must’s API by modeling high-level system idioms (e.g., timeouts, leader election, versioning) as abstractions over the core API, and demonstrate Must’s scalability by verifying systems employed in production (e.g., replicated logs, distributed transaction management protocols), the verification of which lies beyond the capacity of previous model checkers.

AB - We describe the design and implementation of Must, a framework for modeling and automatically verifying distributed systems. Must provides a concurrency API that supports multiple communication models, on top of a mainstream programming language, such as Rust. Given a program using this API, Must verifies it by means of a novel, optimal dynamic partial order reduction algorithm that maintains completeness and optimality for all communication models supported by the API. We use Must to design and verify models of distributed systems in an industrial context. We demonstrate the usability of Must’s API by modeling high-level system idioms (e.g., timeouts, leader election, versioning) as abstractions over the core API, and demonstrate Must’s scalability by verifying systems employed in production (e.g., replicated logs, distributed transaction management protocols), the verification of which lies beyond the capacity of previous model checkers.

KW - Distributed Systems

KW - Model Checking

U2 - 10.1145/3689778

DO - 10.1145/3689778

M3 - Article

AN - SCOPUS:85207641001

SN - 2475-1421

VL - 8

JO - Proceedings of the ACM on Programming Languages

JF - Proceedings of the ACM on Programming Languages

IS - OOPSLA2

M1 - 338

ER -

Model Checking Distributed Protocols in Must

Abstract

Keywords

Access to Document

Fingerprint

Cite this