Modern Internet services store data in novel cloud databases, which partition and replicate the data across a large number of machines and a wide geographical span. To achieve high availability and scalability, cloud databases need to maximise the parallelism of data processing. Unfortunately, this leads them to weaken the guarantees they provide about data consistency to applications. The resulting programming models are very challenging to use correctly, and we currently do not have advanced methods and tools that would help programmers in this task. The goal of the project is to develop a synergy of novel reasoning methods, static analysis tools and database implementation techniques that maximally exploit parallelism inside cloud databases, while enabling application programmers to ensure correctness. We intend to achieve this by first developing methods for reasoning formally about how weakening the consistency guarantees provided by cloud databases affects application correctness and the parallelism allowed inside the databases. This will build on techniques from the areas of programming languages and software verification. The resulting theory will then serve as a basis for practical implementation techniques and tools that harness database parallelism, but only to the extent such that its side effects do not compromise application correctness. The proposed project is high-risk, because it aims not only to develop a rigorous theory of consistency in cloud databases, but also to apply it to practical systems design. The project is also high-gain, since it will push the envelope in availability, scalability and cost-effectiveness of cloud databases.

Arithmetic theories are logical theories about systems of numbers that found important applications in several areas of computer science. For instance, those theories have a fundamental role in Satisfiability Modulo Theory (SMT), abstract interpretation and symbolic execution, the three most prominent algorithmic techniques to type check or bug test programs against rich specification languages. In optimisation, Integer Linear Programming offers a general framework to model many scheduling, planning and network problems using linear integer arithmetic. In Theoretical Computer Science, several computational problems stemming from formal logic and automata theory require arithmetic theories procedures to be solved. Arithmetic theories are simple to describe, but their algorithms are based on profound mathematical theories. The goal of this proposal is to achieve a major advance in algorithms for decision and optimisation problems of existential arithmetic theories featuring the non-linear operators of exponentiation and divisibility. We choose to focus on these two operators for both theoretical and practical reasons. On the theory side, whereas multiplication often causes decidability issues (see e.g. the undecidability of Hilbert’s 10th problem), exponentiation and divisibility are much more algorithmically robust. On the practical side, these two non-linear operators have recently found several applications in the aforementioned areas of computer science. To achieve our goal, our methodology combines several areas of mathematics and theoretical computer science: automata theory, combinatorics, non-convex geometry, model theory and number theory. While the content of the proposal is foundational in nature, the long-term goal is for algorithms developed during the project to serve as a basis to expand the capabilities of SMT solvers, static analysers and optimization tools, making them able to handle very expressive languages of arithmetic.

Distributed ledgers (DLs), also called blockchains, have the potential of transforming the ways individuals and businesses interact. While today a trusted third party, such as a bank, is required to guarantee that transactions among these entities are performed correctly, with DLs it is possible to delegate this task to a distributed computer network that relies on cryptographic operations and sophisticated distributed consensus algorithms to ensure that transactions are recorded durably and in a tamper-free manner. As a result, DLs have the potential to reduce the cost of transactions and the associated latencies dramatically. However, the adoption of DLs outside of crypto-currency use-cases has been slow partially due to their low performance compared to traditional data management systems. This stems mostly from the constraints and design choices inherited from the first public blockchains, that targeted public, geo-distributed, operation. Today, however, most industry use-cases require permissioned access to the ledger and involve nodes that are geographically close to each other (e.g. in a shipping port). This prompts a redesign of DLs and allows for using various hardware acceleration features to increase their performance. In the ACCORD project, we aim to increase distributed ledger throughput by at least an order of magnitude, while lowering latencies by a similar factor. To achieve this, we focus on the core component of DL systems, namely, distributed consensus that is used to establish an absolute order of transactions. This ordering operation (service) is typically the main performance bottleneck in DLs. To fully exploit emerging network technologies and to overcome stagnating CPU performance, we will use hardware acceleration (i.e., FPGAs) to offload the steps required by the ordering service. The outcome of this project is a DL design with performance that allows it to be deployed in use-cases in which DLs are inadequate today (e.g., trading).

Refinement types are a type-based, static verification technique designed to be practical. They enrich the types of an existing programming language with logical predicates to specify program properties and automatically validate these specifications using SMT solvers. Refinement types are a promising verification technology that in the last decade has spread to mainstream languages (e.g., Haskell, C, Ruby, Scala, and the ML-family) to verify sophisticated properties of real world applications, e.g., safety of cryptographic protocols, memory and resource usage, and web security. The weakness of refinement types is that they do not meet the soundness standards set by theorem provers. A sound verification system accepts as safe only those programs that never violate their specifications. Refinement type checkers (e.g., Liquid Haskell, F*, and Stainless) approximately report five unsoundness bugs per year, as opposed to only one reported by the Coq theorem prover. This rarity of unsoundness bugs in Coq is unsurprising since Coq is designed to soundly machine check mathematical proofs. Coq's soundness design recipe though cannot be directly applied to refinement type checkers that aim to practically verify real world programs. The goal of CRETE is to design a sound and practical refinement type system. This is an ambitious goal that entails the development of a verification system that is as practical as refinement types and constructs machine-checked mathematical proofs. The system will be implemented on refinement type systems for mainstream languages (i.e., Haskell and Rust) and will be evaluated on real-world code, such as web applications and cryptographic protocols. CRETE is high-risk since it aims to develop a novel program logic in which SMT automation co-exists with real world programming. Yet, CRETE is high-gain since it proposes a low-cost, high-profit approach to formal verification that aims to be integrated in mainstream software development.