Automatically Verifying Replication-aware Linearizability

TL;DR

This paper introduces an automated method for verifying replication-aware linearizability in mergeable replicated data types, enhancing correctness guarantees for distributed systems with complex data structures.

Contribution

It presents a novel algebraic verification technique and a bottom-up linearization method applicable to MRDTs and CRDTs, including complex and novel data types.

Findings

Successfully verified complex MRDT and CRDT implementations

Developed algebraic properties beyond standard commutativity, associativity, and idempotence

Applied approach to a novel JSON MRDT

Abstract

Data replication is crucial for enabling fault tolerance and uniform low latency in modern decentralized applications. Replicated Data Types (RDTs) have emerged as a principled approach for developing replicated implementations of basic data structures such as counter, flag, set, map, etc. While the correctness of RDTs is generally specified using the notion of strong eventual consistency--which guarantees that replicas that have received the same set of updates would converge to the same state--a more expressive specification which relates the converged state to updates received at a replica would be more beneficial to RDT users. Replication-aware linearizability is one such specification, which requires all replicas to always be in a state which can be obtained by linearizing the updates received at the replica. In this work, we develop a novel fully automated technique for verifying replication-aware linearizability for Mergeable Replicated Data Types (MRDTs). We identify novel algebraic properties for MRDT operations and the merge function which are sufficient for proving an implementation to be linearizable and which go beyond the standard notions of commutativity, associativity, and idempotence. We also develop a novel inductive technique called bottom-up linearization to automatically verify the required algebraic properties. Our technique can be used to verify both MRDTs and state-based CRDTs. We have successfully applied our approach to a number of complex MRDT and CRDT implementations including a novel JSON MRDT.