Deciding Serializability in Network Systems
Guy Amir, Mark Barbone, Nicolas Amat, Jules Jacobs
TL;DR
This work addresses the challenge of verifying serializability for unbounded concurrent systems by introducing the SER modeling language and a network-system abstraction that enables automatic verification. The authors develop an end-to-end decision procedure that either proves serializability with a certificate or exposes a counterexample trace by reducing the problem to Petri-net reachability and semilinear constraints, with practical optimizations to manage the inherent Ackermann-complete hardness. The Ser toolchain translates SER programs into NS, then into Petri nets, and uses a reachability engine to produce proofs or counterexamples; optimizations like bidirectional slicing and semilinear pruning dramatically improve scalability. Empirical evaluation on a rich benchmark suite— including stateful firewalls and BGP routing models—demonstrates the framework’s ability to handle non-trivial real-world-like programs, offering a first-end-to-end, certificate-generating verifier for unbounded serializability in networked systems.
Abstract
We present the SER modeling language for automatically verifying serializability of concurrent programs, i.e., whether every concurrent execution of the program is equivalent to some serial execution. SER programs are suitably restricted to make this problem decidable, while still allowing for an unbounded number of concurrent threads of execution, each potentially running for an unbounded number of steps. Building on prior theoretical results, we give the first automated end-to-end decision procedure that either proves serializability by producing a checkable certificate, or refutes it by producing a counterexample trace. We also present a network-system abstraction to which SER programs compile. Our decision procedure then reduces serializability in this setting to a Petri net reachability query. Furthermore, in order to scale, we curtail the search space via multiple optimizations, including Petri net slicing, semilinear-set compression, and Presburger-formula manipulation. We extensively evaluate our framework and show that, despite the theoretical hardness of the problem, it can successfully handle various models of real-world programs, including stateful firewalls, BGP routers, and more.
