
Elle: Inferring Isolation Anomalies from Experimental Observations - blopeur
https://arxiv.org/abs/2003.10554
======
aphyr
Oh! I didn't expect this to show up here! Happy to answer questions, if folks
have any.

While this is on frontpage, I'd like to ask: if anyone has experience with
machine proofs, I'd appreciate your help in completing a formal proof of
Elle's correctness. I've been teaching myself Isabelle/HOL in an attempt to
formalize the proof sketch, and I _have_ encoded most of the formalism and
properties I care about, but actually proving lemmata has been... frustrating.
Like, I burned hours one one lemma because it hinged on showing \forall x ::
Nat, x \in N.

[https://github.com/jepsen-
io/elle/tree/master/proof](https://github.com/jepsen-
io/elle/tree/master/proof)

If you'd like to work on this, my email is aphyr@jepsen.io!

------
blopeur
Github code : [https://github.com/jepsen-io/elle](https://github.com/jepsen-
io/elle)

------
mjb
This is really cool work, very exciting to see if published in paper form (I
saw your talk about some of this last year)!

I had a question about your completeness argument (in 4.3.1), you say "we
typically observe enough of a history to detect the presence of non-cycle
anomalies". I think I understood why that is after reading the rest of the
paper, but I didn't understand the worst case. Is it possible, for example,
for a database to intentionally construct incorrect histories that Elle
doesn't detect?

I don't have any real "evil database" threat model in mind, just trying to
test my understanding.

~~~
mjb
As a very minor issue, reference [4] is cited as "P. A. Bernstein, P. A.
Bernstein, and N. Goodman". That seems like an excessive amount of Philip
Bernstein.

~~~
aphyr
Ah, yes, thank you!

