...
Our method uses formal proofs of high-level system requirements then synthesizes to synthesize code from the proofsproven specification. Within our method work on distributed systems we use the following concepts:
...
The main tool we use is EventML which is a programming and specification language. EventML, built by Vinvent Rahli, cooperates with the Nuprl interactive theorem prover at every stage of program development to help programmers ensure correctness, document the code, and support modifications and improvements. It generates an Inductive Logical Form that proves the specification and can also automatically synthesize code.
- Resources for EventML
- EventML documentation and downloads available at http://www.nuprl.org/software/
- EventML Tutorial
- Example of 2/3 consensus in EventML
Code diversity is created during the process. We can introduce variants at the EventML specification and code synthesis.
For more details about the example below see Mark's presentation at the May 2012 CRASH meeting.
Methodology
To create correct-by-construction code we:
- Write the specification in EventML
- Automatically generate and prove an Inductive Logical Form of the specification
- Synthesize code
- Diversify and deploy code
For more details about the example below see Mark's presentation at the May 2012 CRASH meeting.
Example with Consensus
In this example we will look at Paxos consensus, focusing on specifying the Scout protocol.
...
Using EventML's interface with Nuprl, we generate the ILF. If there are any issues with the proof we revise the specification and reiterate the process with the ILF.
Step 3 - Synthesize Consensus Code
...
ShadowDB is a replicated database we , created by Nicolas Schiper, on top of a synthesized consensus core. The primary defines the order in which transaction updates are applied. When crashes occur, consensus is used to reconfigure the set of replicas and agree on a prefix of executed transactions.
...