https://github.com/stateright/stateright

A model checker for implementing distributed systems.
https://github.com/stateright/stateright

actor-model distributed-systems model-checker paxos

Last synced: 6 days ago
JSON representation

A model checker for implementing distributed systems.

• Host: GitHub
• URL: https://github.com/stateright/stateright
• Owner: stateright
• License: mit
• Created: 2018-03-03T20:05:53.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2024-10-07T02:01:51.000Z (3 months ago)
• Last Synced: 2024-12-30T04:55:56.677Z (14 days ago)
• Topics: actor-model, distributed-systems, model-checker, paxos
• Language: Rust
• Homepage: https://docs.rs/stateright
• Size: 2.77 MB
• Stars: 1,596
• Watchers: 23
• Forks: 58
• Open Issues: 12
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGES.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-list - stateright
• awesome-rust-formalized-reasoning - Stateright - model checker for implementing distributed systems. (Projects / Verification)

README

        
[![chat](https://img.shields.io/discord/781357978652901386)](https://discord.gg/JbxGSVP4A6)

[![crates.io](https://img.shields.io/crates/v/stateright.svg)](https://crates.io/crates/stateright)

[![docs.rs](https://docs.rs/stateright/badge.svg)](https://docs.rs/stateright)

[![LICENSE](https://img.shields.io/crates/l/stateright.svg)](https://github.com/stateright/stateright/blob/master/LICENSE)

Correctly implementing distributed algorithms such as the

[Paxos](https://en.wikipedia.org/wiki/Paxos_%28computer_science%29) and

[Raft](https://en.wikipedia.org/wiki/Raft_%28computer_science%29) consensus

protocols is notoriously difficult due to inherent nondetermism such as message

reordering by network devices. Stateright is a

[Rust](https://www.rust-lang.org/) actor library that aims to solve this

problem by providing an embedded [model

checker](https://en.wikipedia.org/wiki/Model_checking), a UI for exploring

system behavior ([demo](http://demo.stateright.rs:3000/)), and a lightweight

actor runtime. It also features a linearizability tester that can be run within

the model checker for more exhaustive test coverage than similar solutions such

as [Jepsen](https://jepsen.io/).

![Stateright Explorer screenshot](https://raw.githubusercontent.com/stateright/stateright/master/explorer.png)

## Getting Started

1. **Please see the book, "[Building Distributed Systems With

   Stateright](https://www.stateright.rs)."**

2. A [video

   introduction](https://youtube.com/playlist?list=PLUhyBsVvEJjaF1VpNhLRfIA4E7CFPirmz)

   is also available.

3. Stateright also has detailed [API docs](https://docs.rs/stateright/).

4. Consider also joining the [Stateright Discord

   server](https://discord.gg/JbxGSVP4A6) for Q&A or other feedback.

## Examples

Stateright includes a variety of

[examples](https://github.com/stateright/stateright/tree/master/examples), such

as a [Single Decree Paxos

cluster](https://github.com/stateright/stateright/blob/master/examples/paxos.rs)

and an [abstract two phase commit

model](https://github.com/stateright/stateright/blob/master/examples/2pc.rs).

Passing a `check` CLI argument causes each example to validate itself using

Stateright's model checker:

```sh

# Two phase commit with 3 resource managers.

cargo run --release --example 2pc check 3

# Paxos cluster with 3 clients.

cargo run --release --example paxos check 3

# Single-copy (unreplicated) register with 3 clients.

cargo run --release --example single-copy-register check 3

# Linearizable distributed register (ABD algorithm) with 2 clients

# assuming ordered channels between actors.

cargo run --release --example linearizable-register check 2 ordered

```

Passing an `explore` CLI argument causes each example to spin up the Stateright

Explorer web UI locally on port 3000, allowing you to browse system behaviors:

```sh

cargo run --release --example 2pc explore

cargo run --release --example paxos explore

cargo run --release --example single-copy-register explore

cargo run --release --example linearizable-register explore

```

Passing a `spawn` CLI argument to the examples leveraging the actor

functionality will cause each to spawn actors using the included runtime,

transmitting JSON messages over UDP:

```sh

cargo run --release --example paxos spawn

cargo run --release --example single-copy-register spawn

cargo run --release --example linearizable-register spawn

```

The `bench.sh` script runs all the examples with various settings for

benchmarking the performance impact of changes to the library.

```sh

./bench.sh

```

# Features

Stateright contains a general purpose model checker offering:

- Invariant checks via "always" properties.

- Nontriviality checks via "sometimes" properties.

- Liveness checks via "eventually" properties (experimental/incomplete).

- A web browser UI for interactively exploring state space.

- [Linearizability](https://en.wikipedia.org/wiki/Linearizability)

  and [sequential consistency](https://en.wikipedia.org/wiki/Sequential_consistency)

  testers.

- Support for symmetry reduction to reduce state spaces.

Stateright's actor system features include:

- An actor runtime that can execute actors outside the model checker in the

  "real world."

- A model for lossy/lossless duplicating/non-duplicating networks with the

  ability to capture actor message

  [history](https://lamport.azurewebsites.net/tla/auxiliary/auxiliary.html) to

  check an actor system against an expected consistency model.

- Pluggable network semantics for model checking, allowing you to choose

  between fewer assumptions (e.g. "lossy unordered duplicating") or more

  assumptions (speeding up model checking; e.g. "lossless ordered").

- An optional network adapter that provides a lossless non-duplicating ordered

  virtual channel for messages between a pair of actors.

In contrast with other actor libraries, Stateright enables you to [formally

verify](https://en.wikipedia.org/wiki/Formal_verification) the correctness of

your implementation, and in contrast with model checkers such as TLC for

[TLA+](https://lamport.azurewebsites.net/tla/tla.html), systems implemented

using Stateright can also be run on a real network without being reimplemented

in a different language.

## Contribution

Contributions are welcome! Please [fork the

library](https://github.com/stateright/stateright/fork), push changes to your

fork, and send a [pull

request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/).

All contributions are shared under an MIT license unless explicitly stated

otherwise in the pull request.

## License

Stateright is copyright 2018 Jonathan Nadal and other

[contributors](https://github.com/stateright/stateright/graphs/contributors).

It is made available under the MIT License.

To avoid the need for a Javascript package manager, the Stateright repository

includes code for the following Javascript dependency used by Stateright

Explorer:

- [KnockoutJS](https://knockoutjs.com/) is copyright 2010 Steven Sanderson, the

  Knockout.js team, and other contributors. It is made available under the MIT

  License.