Implementing mathematics with the Nuprl proof development system
Implementing mathematics with the Nuprl proof development system
Consensus in the presence of partial synchrony
Journal of the ACM (JACM)
Linearizability: a correctness condition for concurrent objects
ACM Transactions on Programming Languages and Systems (TOPLAS)
Impossibility of distributed consensus with one faulty process
Journal of the ACM (JACM)
Interactive Theorem Proving and Program Development
Interactive Theorem Proving and Program Development
Formal certification of a compiler back-end or: programming a compiler with a proof assistant
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Paxos made live: an engineering perspective
Proceedings of the twenty-sixth annual ACM symposium on Principles of distributed computing
Extraction in Coq: An Overview
CiE '08 Proceedings of the 4th conference on Computability in Europe: Logic and Theory of Algorithms
Using Bounded Model Checking to Verify Consensus Algorithms
DISC '08 Proceedings of the 22nd international symposium on Distributed Computing
Component Specification Using Event Classes
CBSE '09 Proceedings of the 12th International Symposium on Component-Based Software Engineering
Formal derivation of concurrent garbage collectors
MPC'10 Proceedings of the 10th international conference on Mathematics of program construction
Formal program optimization in nuprl using computational equivalence and partial types
ITP'13 Proceedings of the 4th international conference on Interactive Theorem Proving
Hi-index | 0.00 |
This paper describes ShadowDB, a replicated version of the BerkeleyDB database. ShadowDB is a primary-backup based replication protocol where failure handling, the critical part of the protocol, is taken care of by a synthesized consensus service that is correct by construction. The service has been proven correct semiautomatically by the Nuprl proof assistant. We describe the design and process to prove the consensus protocol correct and present the database replication protocol. The performance of ShadowDB is good in the normal case and recovering from a failure only takes seconds. Our approach offers simplified means to diversify the code in a way that preserves correctness.