{"id":14966273,"url":"https://github.com/distributedcomponents/disel","last_synced_at":"2025-10-11T13:30:37.099Z","repository":{"id":70043661,"uuid":"74078643","full_name":"DistributedComponents/disel","owner":"DistributedComponents","description":"Distributed Separation Logic: a framework for compositional verification of distributed protocols and their implementations in Coq","archived":false,"fork":false,"pushed_at":"2024-07-26T21:51:47.000Z","size":1301,"stargazers_count":98,"open_issues_count":0,"forks_count":7,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-04-04T16:07:44.984Z","etag":null,"topics":["coq","coq-library","distributed-systems","mathcomp","proof","separation-logic","ssreflect","two-phase-commit"],"latest_commit_sha":null,"homepage":"","language":"Coq","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DistributedComponents.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-11-18T00:09:57.000Z","updated_at":"2025-03-16T20:33:59.000Z","dependencies_parsed_at":"2024-09-02T17:47:59.242Z","dependency_job_id":"d138cd7e-dd7f-4d4d-b892-39668d7dd9d0","html_url":"https://github.com/DistributedComponents/disel","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/DistributedComponents/disel","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DistributedComponents%2Fdisel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DistributedComponents%2Fdisel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DistributedComponents%2Fdisel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DistributedComponents%2Fdisel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DistributedComponents","download_url":"https://codeload.github.com/DistributedComponents/disel/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DistributedComponents%2Fdisel/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279007341,"owners_count":26084282,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["coq","coq-library","distributed-systems","mathcomp","proof","separation-logic","ssreflect","two-phase-commit"],"created_at":"2024-09-24T13:36:08.352Z","updated_at":"2025-10-11T13:30:36.794Z","avatar_url":"https://github.com/DistributedComponents.png","language":"Coq","readme":"\u003c!---\nThis file was generated from `meta.yml`, please do not edit manually.\nFollow the instructions on https://github.com/coq-community/templates to regenerate.\n---\u003e\n# Disel: Distributed Separation Logic\n\n[![Docker CI][docker-action-shield]][docker-action-link]\n\n[docker-action-shield]: https://github.com/DistributedComponents/disel/actions/workflows/docker-action.yml/badge.svg?branch=master\n[docker-action-link]: https://github.com/DistributedComponents/disel/actions/workflows/docker-action.yml\n\n\n\n\nDisel is a framework for implementation and compositional verification of\ndistributed systems and their clients in Coq. In Disel, users implement\ndistributed systems using a domain specific language shallowly embedded in Coq\nwhich provides both high-level programming constructs as well as low-level\ncommunication primitives. Components of composite systems are specified in Disel\nas protocols, which capture system-specific logic and disentangle system definitions\nfrom implementation details.\n\n## Meta\n\n- Author(s):\n  - Ilya Sergey (initial)\n  - James R. Wilcox (initial)\n- License: [BSD 2-Clause \"Simplified\" license](LICENSE)\n- Compatible Coq versions: 8.14 or later\n- Additional dependencies:\n  - [MathComp](https://math-comp.github.io) 1.13.0 to 1.19.0 (`ssreflect` suffices)\n  - [FCSL PCM](https://github.com/imdea-software/fcsl-pcm) 1.7.0 or later\n  - [Hoare Type Theory](https://github.com/imdea-software/htt) 1.2.0 or later\n- Coq namespace: `DiSeL`\n- Related publication(s):\n  - [Programming and Proving with Distributed Protocols](http://jamesrwilcox.com/disel.pdf) doi:[10.1145/3158116](https://doi.org/10.1145/3158116)\n\n## Building and installation instructions\n\nThe easiest way to install the latest released version of Disel: Distributed Separation Logic\nis via [OPAM](https://opam.ocaml.org/doc/Install.html):\n\n```shell\nopam repo add coq-released https://coq.inria.fr/opam/released\nopam install coq-disel\n```\n\nTo instead build and install manually, do:\n\n``` shell\ngit clone https://github.com/DistributedComponents/disel.git\ncd disel\nmake   # or make -j \u003cnumber-of-cores-on-your-machine\u003e \nmake install\n```\n\n\n## Project Structure\n\n- `theories/Core` -- Disel Coq implementation, metatheory and inference rules;\n- `theories/Examples` -- Case studies implemented in Disel using Coq\n\t- `Calculator` -- the calculator system;\n\t- `Greeter` -- a toy \"Hello World\"-like protocol, where\n         participants can only exchange greetings with each other;\n\t- `TwoPhaseCommit` -- Two Phase Commit protocol implementation;\n\t- `Query` -- querying protocol and its composition with Two Phase\n      Commit via hooks;\n- `shims` -- DiSeL runtime system in OCaml\n\n## VM Instructions\n\nPlease download\n[the virtual machine](http://homes.cs.washington.edu/~jrw12/popl18-disel-artifact.ova),\nimport it into VirtualBox, and boot the machine. This VM image has been tested with\nVirtualBox versions 5.1.24 and 5.1.28 with Oracle VM VirtualBox Extension Pack. Versions\n4.X are known not to work with this image.\n\nIf prompted for login information, both the username and password are\n\"popl\" (without quotes).\n\nFor your convenience, all necessary software, including Coq 8.6 and\nssreflect have been installed, and a checkout of Disel is present in\n`~/disel`. Additionally, emacs and Proof General are installed so that\nyou can browse the sources.\n\nWe recommend checking the proofs using the provided Makefile and\nrunning the two extracted applications. Additionally, you might be interested\nto compare the definitions and theorems from some parts of the paper to their\nformalizations in Coq.\n\nChecking the proofs can be accomplished by opening a terminal and running\n\n    cd ~/disel\n    make clean; make -j 4\n\nYou may see lots of warnings about notations and \"nothing to inject\";\nthese are expected.  Success is indicated by the build terminating\nwithout printing \"error\".\n\nExtracting and running the example applications is described below.\n\n### Code corresponding to the paper\n\nThe following describes how the paper corresponds to the code:\n\n* The Calculator (Section 2)\n    - The directory `Examples/Calculator` contains the relevant files.\n    - The protocol is defined in `CalculatorProtocol.v`,\n      including the state space, coherence predicate, and four transitions\n      described in Figure 2. Note that the coherence predicate is stronger than\n      the one given in the paper: it incorporates Inv_1 from Section 2.3. This is\n      discussed further below.\n    - The program that implements blocking receive of server requests from\n      Section 2.2 is defined in `CalculatorServerLib.v`,\n      as `blocking_receive_req`.\n    - The simple server from Section 2.3, as well as the batching and memoizing\n      servers from Figure 3 are implemented in\n      `SimpleCalculatorServers.v`. They are all implemented in\n      terms of the higher-order `server_loop` function. The invariant Inv1 from\n      Section 2.3 is incorporated into the protocol itself, as part of the coherence\n      predicate.\n    - The simple client from Section 2.4 is implemented in\n      `CalculatorClientLib.v`. The invariant Inv2 is proved as\n      a separate inductive invariant using the WithInv rule in\n      `CalculatorInvariant.v`. It is used to prove the clients\n      satisfy their specifications.\n    - The delegating server is in `DelegatingCalculatorServer.v`.\n      It again uses the invariant Inv2.\n    - A runnable example using extraction to OCaml is given in\n      `SimpleCalculatorApp.v`. It consists of one client and two\n      servers, one of which delegates to the other. Instructions for how to run\n      the example are given below under \"Extracting and Running Disel Programs\".\n* The Logic and its Soundness (Section 3)\n    - The definitions from Figure 6 in Section 3.1 are given in `Core/State.v`\n      `Core/Protocols.v`, and `Core/Worlds.v`.\n    - The primitives of Disel language is defined in `Core/Actions.v`\n      (defines send/receive wrappers as in Definitions 3.2 and 3.3).\n\t- `Core/Process.v`, `Core/Always.v` and `Core/HoareTriples.v`\n      define traces, modal predicates (`always` is the formalization\n      of post-safety from Definition 3.6). Definition 3.7 from the\n      paper corresponds to `has_spec` from `Core/HoareTriples.v`. The\n      Theorem 3.8 follows from the soundness of the shallow embedding\n      into Coq: any well-typed program has a specification ascribed to it.\n    - Inference rules are represented by lemmas named `*_rule` in\n      `Core/InferenceRules.v`. For example, `bind_rule` is an\n      implementation of `Bind` from Figure 8.\n* Two-Phase Commit and Querying (Section 4)\n    - The relevant directory is `Examples/TwoPhaseCommit`.\n    - The protocol as described in Section 4.1 is implemented in `TwoPhaseProtocol.v`.\n    - The implementations of the coordinator (described in 4.2) and the participant\n      are in `TwoPhaseCoordinator.v` and `TwoPhaseParticipant.v`.\n    - The strengthened invariant from 4.3 is stated in `TwoPhaseInductiveInv.v` and\n      proved to be preserved by all transitions in `TwoPhaseInductiveProof.v`.\n    - A runnable example is in `SimpleTPCApp.v`. Instructions for how to run it\n      are given below under \"Extracting and Running Disel Programs\".\n    - The querying protocol from Section 4.4 is implemented in the directory\n      `Examples/Querying`.\n\n### Exploring further\n\nWe encourage you to explore Disel further by extending one of the\nexamples or trying your own. For example, you could build an application\nthat uses the calculator to evaluate arithmetic expressions and prove\nits correctness. As a more involved example, you could define a new\nprotocol for leader election in a ring and prove that at most one node\nbecomes leader. To get started, we recommend following the Calculator example\nand modifying it as necessary.\n\n### Extracting and Running Disel Programs\n\nAs described in Section 5.1, Disel programs can be extracted to OCaml and run.\nYou can build the two examples as follows.\n\n- From `~/disel`, run `make CalculatorMain.d.byte` to build the calculator\n  application. The extracted code will be placed in `extraction/calculator`.\n  (Note that all the proofs will be checked as well.) Then run\n  `~/disel/scripts/calculator.sh` to execute the system in three processes\n  locally. The system will make several requests to a delegating\n  calculator to add up some numbers. (See the definition of `client_input` in\n  `Examples/Calculator/SimpleCalculatorApp.v`.) A log of messages from the\n  client perspective is printed to the console. Logs of the servers are\n  available in the files `server1.log` (the delegating server) and\n  `server3.log` (the server that actually computes).\n\n  Each log contains a debugging info about the state of each node and the\n  messages it sends and receives. For example, the first message sent by the\n  client is logged as\n\n```\nsending msg in protocol 1 with tag = 0, contents = [1; 2] to 1\n```\n\n  Tag 0 indicates a request in the Calculator protocol. Contents `1; 2`\n  indicate the arguments to the function being calculated (in this case,\n  addition). The message is sent to node 1, which is the delegating server.\n\n  The client then receives a response logged as\n\n```\ngot msg in protocol 1 with tag = 1, contents = [3; 1; 2] from 1\n```\n\n  Tag 1 indicates a response. The contents mean that the answer to\n  `1 + 2` is `3`.\n\n  Several more rounds of messages are exchanged. The final line summarizes\n  the entire execution.\n\n```\nclient got result list [([1; 2], 3); ([3; 4], 7); ([5; 6], 11); ([7; 8], 15); ([9; 10], 19)]\n```\n\n- Run `make TPCMain.d.byte` from the root folder to build the\n  Two-Phase Commit application. Then run `./scripts/tpc.sh` to\n  execute the system in four processes on the local machine.\n  The system will achieve consensus on several values. (See\n  the definition of `data_seq` in `Examples/TwoPhaseCommit/SimpleTPCApp.v`.)\n  Each participant votes on whether to commit the value or abort it.\n  (See the definitions of `choice_seq1`, `choice_seq2`, and `choice_seq3`.)\n  A log of messages from the coordinator's point of view is printed to the\n  console. Participant logs are available in `participant1.log`,\n  `participant2.log`, and `participant3.log`.\n\n  The protocol executes a sequence of four rounds, since there are four\n  elements in `data_seq`. Each round consists of two phases. The first messages\n  sent by the coordinator are prepare messages which request votes about\n  the first data item. They are logged as\n\n```\nsending msg in protocol 0 with tag = 0, contents = [0; 1; 2] to 1\nsending msg in protocol 0 with tag = 0, contents = [0; 1; 2] to 2\nsending msg in protocol 0 with tag = 0, contents = [0; 1; 2] to 3\n```\n\n  Tag 0 indicates a prepare message. The contents indicate the index of the\n  current request (0, since this is the first data item) and the actual data\n  to commit (in this case, `[1; 2]`, as specified in `data_seq`). A separate\n  prepare message is sent to each participant.\n\n  The participants respond with votes, which are logged as follows\n\n```\ngot msg in protocol 0 with tag = 1, contents = [0] from 1\ngot msg in protocol 0 with tag = 1, contents = [0] from 3\ngot msg in protocol 0 with tag = 1, contents = [0] from 2\n```\n\n  Tag 1 indicates a Yes vote. The messages are ordered nondeterministically\n  based on the operating system's and network's scheduling decisions.\n\n  Since all participants voted yes, the coordinator proceeds to commit the\n  data by sending Commit messages (tag 3) to all participants.\n\n```\nsending msg in protocol 0 with tag = 3, contents = [0] to 1\nsending msg in protocol 0 with tag = 3, contents = [0] to 2\nsending msg in protocol 0 with tag = 3, contents = [0] to 3\n```\n\n  Participants acknowledge the commit with AckCommit messages (tag 5)\n\n```\ngot msg in protocol 0 with tag = 5, contents = [0] from 3\ngot msg in protocol 0 with tag = 5, contents = [0] from 1\ngot msg in protocol 0 with tag = 5, contents = [0] from 2\n```\n\n  This completes the first round. The remaining three rounds execute\n  similarly, based on the decisions from the choice sequences. When any\n  participant votes no (tag 2), the coordinator instead aborts the\n  transaction by sending Abort messages (tag 4). In that case, participants\n  respond with AckAbort messages (tag 6). Once all four rounds are over,\n  all nodes exit.\n\n### Proof Size Statistics\n\nSection 5.2 and Table 1 describe the size of our development. Those\nwere obtained by using the `coqwc` tool on manually dissected files,\naccording to our vision of what should count as a program, spec, or a proof.\nThese numbers might slightly differ from reported in the paper due to\nthe evolution of the project since the submission.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdistributedcomponents%2Fdisel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdistributedcomponents%2Fdisel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdistributedcomponents%2Fdisel/lists"}