Mysteries of DropBox: Property-Based Testing of a Distributed Synchronization Service

  title={Mysteries of DropBox: Property-Based Testing of a Distributed Synchronization Service},
  author={John Hughes and Benjamin C. Pierce and Thomas Arts and Ulf Norell},
  journal={2016 IEEE International Conference on Software Testing, Verification and Validation (ICST)},
  • John Hughes, B. Pierce, U. Norell
  • Published 11 April 2016
  • Computer Science
  • 2016 IEEE International Conference on Software Testing, Verification and Validation (ICST)
File synchronization services such as Dropbox are used by hundreds ofmillions of people to replicate vital data. Yet rigorous models of theirbehavior are lacking. We present the first formal -- and testable -- model ofthe core behavior of a modern file synchronizer, and we use it to discoversurprising behavior in two widely deployed synchronizers. Our model isbased on a technique for testing nondeterministic systems that avoidsrequiring that the system's internal choices be made visible to the… 
From C to interaction trees: specifying, verifying, and testing a networked server
The main theorem connects a specification of acceptable server behaviors, written in a straightforward “one client at a time” style, with the CompCert semantics of the C program.
Model-based testing of networked applications
The effectiveness of this framework is demonstrated by using it to specify and test a fragment of the HTTP/1.1 protocol, showing that the automatically derived tester can capture RFC violations in buggy server implementations, including the latest versions of Apache and Nginx.
A Highly-Available Move Operation for Replicated Trees
A CRDT algorithm that handles arbitrary concurrent modifications on trees, while ensuring that the tree structure remains valid (in particular, no cycles are introduced), and guaranteeing that all replicas converge towards the same consistent state is presented.
Compositional programming and testing of dynamic distributed systems
ModP is presented, a programming system that implements the proposed module system to enable compositional reasoning (assume-guarantee) of distributed systems and helps amplify the coverage during testing and scale it to real-world distributed systems.
Model‐based testing of Apache ZooKeeper: Fundamental API usage and watchers
This paper extends work on model‐based testing for Apache ZooKeeper, to handle watchers (triggers) and improve scalability and handle watcher notifications in a distributed asynchronous shared storage.
Property-based Testing of Quantum Programs in Q#
The design and implementation of what is to the authors' knowledge the first property-based framework for quantum programs, and various aspects of the design concerning property-specification, test-case generation, and test result analysis are reviewed.
Modular and Safe Event-Driven Programming
ModP, a modular programming framework for compositional programming and testing of event-driven asynchronous systems, and approximate synchrony, a sound and tunable abstraction for verification of almost-synchronous systems are presented.
Branching processes for QuickCheck generators
This paper adapt results from an area of mathematics known as branching processes, and shows how they help to analytically predict (at compile-time) the expected number of generated constructors, even in the presence of mutually recursive or composite ADTs.
Temporal Property-Based Testing of a Timed C Compiler using Time-Flow Graph Semantics
This paper formalizes the temporal core semantics of Timed C and uses this formalization to specify the properties that are tested by the new property-based testing tool, and proposes a new method for temporal property- based testing.
Statistical Model Checking of Response Times for Different System Deployments
This work applies statistical model checking with a learned timed model and evaluates the results on the real system with hypothesis testing to check the established hypotheses of a reference system on various system deployments (configurations), like different hardware or network settings.


Automated Testing of Distributed Systems
A technique to test servers that interact with clients using the Sun RPC protocol by generating random sequences of RPC calls and checking that the invariants holds over the traces.
An algebraic approach to file synchronization
An algebra for reasoning about operations on filesystems is presented and it is shown that it is sound and complete with respect to a simple model and enables a file-synchronization algorithm that can be combined with several different conflict-resolution policies.
What's in Unison? A Formal Specification and Reference Implementation of a File Synchronizer
A detailed specification of a particular file synchronizer called Unison is presented, an idealized reference implementation of the specification is sketched, and the relation between the idealized implementation and the actual code base is discussed.
Symbolic Model-Checking of Optimistic Replication Algorithms
This paper addresses the verification of OT algorithms with a symbolic model-checking technique and shows how to use the difference bound matrices to explore symbolically infinite state-spaces of such systems and provides symbolic counterexamples for the convergence property.
What is a file synchronizer?
The synchronization task is divided into two conceptually distinct phasm update detection and Reconciliation, to offer a simple, concrete, and precise frame work for describing the behavior of file synchronizers.
SibylFS: formal specification and oracle-based testing for POSIX and real-world file systems
A mathematically rigorous model of file system behaviour, SibylFS, is given that specifies the range of allowed behaviours of a file system for any sequence of the system calls within its scope, and that can be used as a test oracle to decide whether an observed trace is allowed by the model, both for validating the model and for testing file systems against it.
Testing a database for race conditions with QuickCheck: none
In 2009, Claessen et al. presented a way of testing for race conditions in Erlang programs, using QuickCheck to generate parallel tests, a randomizing scheduler to provoke races, and a sequential
Finding race conditions in Erlang with QuickCheck and PULSE
Three tools are presented that in combination can be used to test and debug concurrent programs in unit testing with a much better possibility of detecting race conditions in concurrent, distributed Erlang applications.
Concurrency control in groupware systems
An algorithm for concurrency control in real-time groupware systems is presented and its advantages are its simplicity of use and its responsiveness: users can operate directly on the data without obtaining locks.
Software Testing with QuickCheck
This paper presents a tutorial, with extensive exercises, in the use of Quviq QuickCheck--a property-based testing tool for Erlang, which enables developers to formulate formal specifications of