simexecution-sttt2004 - Software Tools for Technology...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) Using Simulated Execution in Verifying Distributed Algorithms Toh Ne Win, Michael D. Ernst, Stephen J. Garland, Dilsun Kırlı, and Nancy A. Lynch MIT Computer Science and Artificial Intelligence Laboratory { tohn , mernst , garland , dilsun , lynch } The date of receipt and acceptance will be inserted by the editor Abstract This paper presents a methodology for using simulated exe- cution to assist a theorem proverin verifyingsafety properties of distributed systems. Execution-based techniques such as testing can increase confidencein an implementation,provide intuition about behavior, and detect simple errors quickly. They cannot by themselves demonstrate correctness. How- ever, they can aid theorem provers by suggesting necessary lemmas and providing tactics to structure proofs. This paper describes the use of these techniques in a machine-checked proof of correctness of the Paxos algorithm for distributed consensus. 1 Introduction Theorem provers are powerful tools for ensuring that pur- ported proofs are correct, that is, that proofs adhere to the rules of logic. The main hindrance to using theorem provers has been the amount of human input they require. General- purpose theorem provers for sufficiently powerful logics have acted less as automated verification tools than as interactive proof systems or proof assistants. Humans must providethem with two primarytypes of input: lemmas and tactics. Lemmas providefacts about the programsbeing verified, which are of- ten necessary for correctness proofs. Tactics guide the prover in making choices during a proof, such as which lemmas to apply or whether to reason by cases or by induction. The focus of previous work on making provers easier to use has been on analyzing syntactic structures in axioms and conjectures in order to generate potentially useful lemmas and tactics. When these lemmas and tactics do not suffice, humans must provide additional input based on their under- standing of the semantic content of the axioms and conjec- tures. Often this understanding is faulty or incomplete. The focus on the work described here is on making it easier to use theorem provers for verifying distributed algorithms by re- ducing the need for this kind of human input. To this end, we use a dynamic analysis of the results of executing a program, in addition to a static analysis of the program’s text and of its test suite, to increase human insight, to discover semantic content in the program’s behavior, and to generate potentially useful lemmas and tactics for correctness proofs. This is a new use for execution, which has been a tradi- tional part of algorithm and system development,but does not yet play a direct part in formal verification. Because execu- tion requires little human effort, it has traditionally served as a powerful prelude to formal verification, a task that requires much greater human effort. When used for testing, executionmuch greater human effort....
View Full Document

Page1 / 10

simexecution-sttt2004 - Software Tools for Technology...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online