Correctly designing and implementing distributed algorithms such as the Paxos and Raft consensus protocols is notoriously difficult due to the presence of inherent nondeterminism, whereby nodes lack synchronized clocks and IP networks can reorder, drop, or redeliver messages. Stateright is an actor library for designing, implementing, and verifying the correctness of such distributed systems using the Rust programming language. It leverages a verification technique called model checking, a category of property based testing that involves enumerating every possible outcome of a nondeterministic system rather than randomly testing a subset of outcomes.
Stateright's model checking features include:
Stateright's actor system features include:
In contrast with other actor libraries, Stateright enables you to formally verify the correctness of both your design and implementation, which is particularly useful for distributed algorithms.
In contrast with other model checkers (like TLC for TLA+), systems implemented using Stateright can also be run on a real network without being reimplemented in a different language. Stateright also features a web browser UI that can be used to interactively explore how a system behaves, which is useful for both learning and debugging.
A typical workflow might involve:
```sh
cargo run --release --example paxos explore 2 1 localhost:3000
cargo run --release --example paxos check 4 2
cargo run --release --example paxos spawn
nc -u localhost 3000 {"Put":[1,"X"]} {"Get":2} ```
Stateright includes a variety of examples, such as an actor based Single Decree Paxos cluster and an abstract two phase commit model.
To model check, run:
```sh
cargo run --release --example 2pc check 3
cargo run --release --example paxos check 4 2
cargo run --release --example single-copy-register check 3 2
cargo run --release --example linearizable-register check 2 2 ```
To interactively explore a model's state space in a web browser UI, run:
sh
cargo run --release --example 2pc explore
cargo run --release --example paxos explore
cargo run --release --example single-copy-register explore
cargo run --release --example linearizable-register explore
Stateright also includes a simple runtime for executing an actor mapping messages to JSON over UDP:
sh
cargo run --release --example paxos spawn
cargo run --release --example single-copy-register spawn
cargo run --release --example linearizable-register spawn
Model checking is computationally expensive, so Stateright features a variety of optimizations to help minimize model checking time. To benchmark model checking performance, run with larger state spaces:
sh
cargo run --release --example 2pc check 9
cargo run --release --example paxos check 6 2
cargo run --release --example single-copy-register check 3 3
cargo run --release --example linearizable-register check 3 2
The repository includes a script that runs all the examples multiple times, which is particularly useful for validating that changes do not introduce performance regressions.
sh
./bench.sh
sh
git clone https://github.com/stateright/stateright.git
cd stateright
sh
rustup update || (curl https://sh.rustup.rs -sSf | sh)
sh
cargo test && cargo test --examples
sh
cargo doc --open
sh
$EDITOR src/ # src/lib.rs is a good place to start
Stateright is copyright 2018 Jonathan Nadal and other contributors. It is made available under the MIT License.
To avoid the need for a Javascript package manager, the Stateright repository includes code for the following Javascript dependencies used by Stateright Explorer: