Efficient Synthesis of Symbolic Distributed Protocols by Sketching (2405.07807v1)

Abstract: We present a novel and efficient method for synthesis of parameterized distributed protocols by sketching. Our method is both syntax-guided and counterexample-guided, and utilizes a fast equivalence reduction technique that enables efficient completion of protocol sketches, often significantly reducing the search space of candidate completions by several orders of magnitude. To our knowledge, our tool, Scythe, is the first synthesis tool for the widely used specification language TLA+. We evaluate Scythe on a diverse benchmark of distributed protocols, demonstrating the ability to synthesize a large scale distributed Raft-based dynamic reconfiguration protocol beyond the scale of what existing synthesis techniques can handle.

• The paper introduces a sketching-based methodology integrating Syntax-guided Synthesis (SyGuS) and Counterexample-guided Inductive Synthesis (CEGIS) for efficiently synthesizing symbolic distributed protocols.
• The approach represents protocols as incomplete sketches with holes and uses counterexamples from verification to prune the search space via grammar-based enumeration and equivalence reduction.
• The tool Scythe implements this methodology, demonstrating efficient synthesis of complex and parameterized distributed protocols specified in TLA+, outperforming existing techniques on benchmarks like Raft reconfiguration.

The paper "Efficient Synthesis of Symbolic Distributed Protocols by Sketching" introduces a novel methodology for synthesizing parameterized distributed protocols utilizing a sketching-based approach. This method integrates Syntax-guided Synthesis (SyGuS) with Counterexample-guided Inductive Synthesis (CEGIS) to efficiently synthesize distributed protocols using symbolic techniques and is implemented in the synthesis tool called Scythe, which is the first of its kind to target the widely used specification language TLA+ (Temporal Logic of Actions).

Key Contributions

1. Synthesis Methodology: The approach focuses on sketching, which involves creating an incomplete protocol with "holes" (gaps where specific logic is to be filled). The process turns the problem into one of completing the sketch in a manner that meets a given specification. This drastically reduces the search space for valid protocol instances, often by several orders of magnitude.
2. Counterexample-Guided Approach: The methodology employs a combination of syntax-guided and counterexample-guided techniques. An equivalence reduction technique is applied, which allows for fast generation and checking of candidate expressions, helping to effectively prune the search space of infeasible solutions.
3. Tool Implementation - Scythe: Scythe is presented as an overview tool that implements the proposed methodology for TLA+ specified protocols. It is capable of handling general distributed protocols that may consist of infinite-state or parameterized specifications.
4. Empirical Evaluation: Scythe is evaluated against a diverse set of benchmarks, including the synthesis of a Raft-based dynamic reconfiguration protocol, which exemplifies the ability to scale beyond current techniques. The tool demonstrated an ability to synthesize correct and innovative protocols efficiently, sometimes requiring less than an hour.

Detailed Approach

1. Sketch Representation: A sketch is represented as a set of parameters and state variables alongside an initial state and transition relations with embedded holes. Each hole corresponds to an incomplete part of the protocol that needs synthesis.
2. Syntax-Guided Synthesis: The method uses grammar-based enumerations to generate expressions that fill the holes in the sketch. It includes cache-based enumeration, which utilizes equivalence reductions via normal forms and short-circuiting to minimize redundancy and computational load.
3. Verifier and Pruner: The workflow uses TLC, a model checker for TLA+, as the verifier. Counterexamples from verification are used to generate logical constraints (pruning constraints) that prevent invalid completions in subsequent iterations of the synthesis loop.
4. Counterexample Generalization: Different types of pruning constraints are constructed based on safety, deadlock, and liveness violations. Safety pruning is proven to be optimal, whereas deadlock and liveness are sub-optimal but still effectively guide the pruning process.

Results and Implications

The experiments performed using the Scythe tool show substantial reduction in the number of generated candidate protocols and execution time, primarily due to the efficient pruning mechanism enabled by grammar enumeration and equivalence reduction. Scythe successfully synthesizes highly non-trivial protocols, including parameterized infinite-state definitions, thus offering a promising avenue for future research in automated synthesis of distributed systems.

Overall, the paper presents a significant advancement in the synthesis of distributed protocols by efficiently narrowing down the search space and integrating powerful checking techniques to ensure correctness and scalability.