Emile: The EventML Explorer

The protocols needed to coordinate the activities of distributed components, such as consensus algorithms, are notoriously difficult to design, implement, and verify. Abstraction is the only way to gain intellectual control over this complex problem; so ATC-NY and Cornell University have developed Event Logic, a high-level model for describing and reasoning about distributed systems, and EventML, a high-level functional language for implementing distributed protocols by "programming with events." Properties of EventML protocols can be formally verified by interactive theorem proving in the Nuprl environment. To integrate these conceptual tools with standard processes of system development, and to make the labor intensive task of verifying protocol properties more efficient, ATC-NY is developing Emile. Emile is a software tool that provides: a semantic interface to EventML that translates assertions about properties of EventML programs into logical forms to which powerful fully automated analysis tools can be applied, along with a "logical manager" that can direct analyses involving the interaction of these tools. We will demonstrate Emile by using it to verify the key properties of EventML source code for standard consensus algorithms, such as Paxos.