We apply the Infinite-State Model Checking to formally specify and validate protocol skeletons for distributed systems with asynchronous communication and synchronous access to local data structures. More precisely, we validate the Redis Pub/Sub key-value Server. Redis is based on a publish-subscribe architecture used in Cloud Storage and Internet of Things ecosystems. For the considered protocol, we present a formal specification that combines ideas coming from round-based and shared-memory specification languages. The resulting model is validated via the SMT-based Infinite-state Model Checker Cubicle. In this setting we use unbounded arrays to model (1) arbitrary collections of publishers and subscribers, (2) unbounded shared memory used as a communication media between processes. Our model is validated using the symbolic backward reachability algorithm implemented in the tool. The peculiarity of the algorithm is that, upon termination, the resulting correctness proof is guaranteed to hold for every number of process instances.
Parameterized verification of publish/subcribe protocols via Infinite-State Model Checking
Delzanno G.
2018-01-01
Abstract
We apply the Infinite-State Model Checking to formally specify and validate protocol skeletons for distributed systems with asynchronous communication and synchronous access to local data structures. More precisely, we validate the Redis Pub/Sub key-value Server. Redis is based on a publish-subscribe architecture used in Cloud Storage and Internet of Things ecosystems. For the considered protocol, we present a formal specification that combines ideas coming from round-based and shared-memory specification languages. The resulting model is validated via the SMT-based Infinite-state Model Checker Cubicle. In this setting we use unbounded arrays to model (1) arbitrary collections of publishers and subscribers, (2) unbounded shared memory used as a communication media between processes. Our model is validated using the symbolic backward reachability algorithm implemented in the tool. The peculiarity of the algorithm is that, upon termination, the resulting correctness proof is guaranteed to hold for every number of process instances.File | Dimensione | Formato | |
---|---|---|---|
cilc18.pdf
accesso aperto
Tipologia:
Documento in Post-print
Dimensione
520.2 kB
Formato
Adobe PDF
|
520.2 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.