Building reliable, high-performance networks with the Nuprl proof development system

Proof systems for expressive type theories provide a foundation for the verification and synthesis of programs. But despite their successful application to numerous programming problems there remains an issue with scalability. Are proof environments capable of reasoning about large software systems? Can the support they offer be useful in practice? In this article we answer this question by showing how the NUPRL proof development system and its rich type theory have contributed to the design of reliable, high-performance networks by synthesizing optimized code for application configurations of the ENSEMBLE group communication toolkit. We present a type-theoretical semantics of OCAML, the implementation language of ENSEMBLE, and tools for automatically importing system code into the NUPRL system. We describe reasoning strategies for generating verifiably correct fast-path optimizations of application configurations that substantially reduce end-to-end latency in ENSEMBLE. We also discuss briefly how to use NUPRL for checking configurations against specifications and for the design of reliable adaptive network protocols.

[1]  Amy P. Felty,et al.  The Coq proof assistant user's guide : version 5.6 , 1990 .

[2]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[3]  Larry L. Peterson,et al.  Increasing network throughput by integrating protocol layers , 1993, TNET.

[4]  Christoph Kreitz Automated Fast-Track Reconfiguration of Group Communication Systems , 1999, TACAS.

[5]  Natarajan Shankar,et al.  PVS: Combining Specification, Proof Checking, and Model Checking , 1996, FMCAD.

[6]  Christoph Kreitz,et al.  JProver : Integrating Connection-Based Theorem Proving into Interactive Proof Assistants , 2001, IJCAR.

[7]  Lawrence C. Paulson,et al.  Isabelle: The Next 700 Theorem Provers , 2000, ArXiv.

[8]  David L. Dill,et al.  The Murphi Verification System , 1996, CAV.

[9]  David D. Clark,et al.  Architectural considerations for a new generation of protocols , 1990, SIGCOMM '90.

[10]  Patrick Lincoln,et al.  A formally verified algorithm for interactive consistency under a hybrid fault model , 1993, FTCS-23 The Twenty-Third International Symposium on Fault-Tolerant Computing.

[11]  Jean-Christophe Filliâtre Proof of Imperative Programs in Type Theory , 1998, TYPES.

[12]  Douglas R. Smith,et al.  Transformational approach to transportation scheduling , 1993, Proceedings of 8th Knowledge-Based Software Engineering Conference.

[13]  R. van Renesse,et al.  An experiment in formal design using meta-properties , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[14]  Per Martin-Löf,et al.  Intuitionistic type theory , 1984, Studies in proof theory.

[15]  Stephan Merz,et al.  Model Checking , 2000 .

[16]  Rance Cleaveland,et al.  Implementing mathematics with the Nuprl proof development system , 1986 .

[17]  Walid Dabbous,et al.  Generating efficient protocol code from an abstract specification , 1996, SIGCOMM '96.

[18]  Stefan Berghofer,et al.  A Constructive Proof of Higman's Lemma in Isabelle , 2003, TYPES.

[19]  Sérgio Vale Aguiar Campos,et al.  Symbolic Model Checking , 1993, CAV.

[20]  Panagiotis Manolios,et al.  Computer-aided reasoning : ACL2 case studies , 2000 .

[21]  Robbert van Renesse,et al.  Horus: a flexible group communication system , 1996, CACM.

[22]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[23]  Walid Dabbous,et al.  Generating efficient protocol code from an abstract specification , 1996, SIGCOMM 1996.

[24]  Dawson R. Engler,et al.  DPF: Fast, Flexible Message Demultiplexing Using Dynamic Code Generation , 1996, SIGCOMM.

[25]  Frank Pfenning,et al.  System Description: Twelf - A Meta-Logical Framework for Deductive Systems , 1999, CADE.

[26]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[27]  Lawrence C. Paulson,et al.  Inductive analysis of the Internet protocol TLS , 1999, TSEC.

[28]  Mark Garland Hayden,et al.  The Ensemble System , 1998 .

[29]  Bart Jacobs,et al.  A Type-Theoretic Memory Model for Verification of Sequential Java Programs , 1999, WADT.

[30]  Mark Bickford,et al.  Predicate Transformers for Infinite-State Automata in NuPRL Type Theory , 1999, IWFM.

[31]  Mark Bickford,et al.  Proving Hybrid Protocols Correct , 2001, TPHOLs.

[32]  Mark Bickford,et al.  Formally Verifying Hybrid Protocols with the Nuprl Logical Programming Environment , 2001 .

[33]  Thorsten Altenkirch,et al.  A user's guide to {ALF , 1994 .

[34]  Robert L. Constable,et al.  Formalizing reference types in nuprl , 1998 .

[35]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[36]  Henry Massalin,et al.  Synthesis: an efficient implementation of fundamental operating system services , 1992 .

[37]  Jean-Christophe Filliâtre,et al.  Verification of non-functional programs using interpretations in type theory , 2003, J. Funct. Program..

[38]  James R. Russell,et al.  A constructive proof of Higman's lemma , 1990, [1990] Proceedings. Fifth Annual IEEE Symposium on Logic in Computer Science.

[39]  R. Constable,et al.  Nuprl ’ s Class Theory and its Applications , 2000 .

[40]  Christoph Kreitz,et al.  A Proof Environment for the Development of Group Communication Systems , 1998, CADE.

[41]  Mark Bickford,et al.  Protocol switching: exploiting meta-properties , 2001, Proceedings 21st International Conference on Distributed Computing Systems Workshops.

[42]  Robbert van Renesse,et al.  Reliable Distributed Computing with the Isis Toolkit , 1994 .

[43]  J. Hickey The MetaPRL Logical Programming Environment , 2000 .

[44]  Nancy A. Lynch,et al.  Specifications and Proofs for Ensemble Layers , 1999, TACAS.

[45]  Christoph Kreitz,et al.  Building reliable, high-performance communication systems from components , 2000, OPSR.

[46]  Damien Doligez,et al.  The Objective Caml system release 2.04 , 2002 .

[47]  Edoardo Biagioni A Structured TCP in Standard ML , 1994, SIGCOMM.

[48]  Douglas R. Smith,et al.  Planware-domain-specific synthesis of high-performance schedulers , 1998, Proceedings 13th IEEE International Conference on Automated Software Engineering (Cat. No.98EX239).

[49]  Christoph Kreitz,et al.  The Nuprl Open Logical Environment , 2000, CADE.

[50]  Carl A. Gunter,et al.  The machine-assisted proof of programming language properties , 1996 .

[51]  Paul B. Jackson Exploring Abstract Algebra in Constructive Type Theory , 1994, CADE.

[52]  Douglas R. Smith,et al.  KIDS - A Knowledge-Based Software Development System , 1991 .

[53]  Calton Pu,et al.  Optimistic incremental specialization: streamlining a commercial operating system , 1995, SOSP.

[54]  Bart Jacobs,et al.  A Logic for the Java Modeling Language JML , 2001, FASE.

[55]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[56]  Rance Cleaveland,et al.  The Concurrency Factory - Practical Tools for Specification, Stimulation, Verification, and Implementation of Concurrent Systems , 1994, Specification of Parallel Algorithms.

[57]  David Clark,et al.  Architectural considerations for a new generation of protocols , 1990, SIGCOMM 1990.

[58]  John M. Rushby,et al.  Systematic Formal Verification for Fault-Tolerant Time-Triggered Algorithms , 1999, IEEE Trans. Software Eng..

[59]  K. Rustan M. Leino,et al.  Extended Static Checking: A Ten-Year Perspective , 2001, Informatics.

[60]  Bernd Finkbeiner,et al.  Deductive Verification of Modular Systems , 1997, COMPOS.

[61]  Jason Hickey,et al.  Formal Objects in Type Theory Using Very Dependent Types , 1996 .

[62]  Robbert van Renesse,et al.  Building Adaptive Systems Using Ensemble , 1998, Softw. Pract. Exp..

[63]  John Rushby A formally verified algorithm for clock synchronization under a hybrid fault model , 1994, PODC '94.

[64]  Douglas J. Howe Importing Mathematics from HOL into Nuprl , 1996, TPHOLs.

[65]  Frank Pfenning,et al.  TPS: A theorem-proving system for classical type theory , 1996, Journal of Automated Reasoning.

[66]  Patrick Lincoln,et al.  A Formally Verified Algorithm for Interactive Consistency Under a Hybrid Fault Model , 1993, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[67]  M. Gordon,et al.  Introduction to HOL: a theorem proving environment for higher order logic , 1993 .

[68]  Xavier Leroy The objective caml system release 3 , 2001 .

[69]  Jason Hickey,et al.  Fast Tactic-Based Theorem Proving , 2000, TPHOLs.

[70]  R. Pollack The Theory of LEGO A Proof Checker for the Extended Calculus of Constructions , 1994 .

[71]  Alexei Kopylov,et al.  Dependent intersection: a new way of defining records in type theory , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[72]  Bart Jacobs,et al.  The LOOP Compiler for Java and JML , 2001, TACAS.

[73]  Fred B. Schneider,et al.  A Language-Based Approach to Security , 2001, Informatics.

[74]  Miriam Leeser,et al.  Verifying a Logic Synthesis Tool in Nuprl: A Case Study in Software Verification , 1992, CAV.

[75]  Christoph Kreitz Formal Reasoning about Communication Systems I: Embedding ML into Type Theory. , 1997 .

[76]  Henny B. Sipma,et al.  Deductive Model Checking , 1996, Formal Methods Syst. Des..

[77]  Douglas R. Smith,et al.  Synthesis of efficient constraint-satisfaction programs , 2001, The Knowledge Engineering Review.

[78]  Douglas J. Howe The Computational Behaviour of Girard's Paradox , 1987, LICS.

[79]  Zohar Manna,et al.  Temporal Verification of Reactive Systems , 1995, Springer New York.

[80]  W. Vogels,et al.  The Horus and Ensemble projects: accomplishments and limitations , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[81]  Robert L. Constable,et al.  Chapter X - Types in Logic, Mathematics and Programming , 1998 .

[82]  Douglas R. Smith,et al.  Synthesis of schedulers for planned shutdowns of power plants , 1996, Proceedings of the 11th Knowledge-Based Software Engineering Conference.

[83]  Todd A. Proebsting,et al.  Filter fusion , 1996, POPL '96.

[84]  Richard Jüllig,et al.  Specware: Formal Support for Composing Software , 1995, MPC.