Local-first software manages and processes private data locally while still enabling collaboration between multiple parties connected via partially unreliable networks. Such software typically involves interactions with users and the execution environment (the outside world). The unpredictability of such interactions paired with their decentralized nature make reasoning about the correctness of local-first software a challenging endeavor. Yet, existing solutions to develop local-first software do not provide support for automated safety guarantees and instead expect developers to reason about concurrent interactions in an environment with unreliable network conditions. We propose LoRe, a programming model and compiler that automatically verifies developer-supplied safety properties for local-first applications. LoRe combines the declarative data flow of reactive programming with static analysis and verification techniques to precisely determine concurrent interactions that violate safety invariants and to selectively employ strong consistency through coordination where required. We propose a formalized proof principle and demonstrate how to automate the process in a prototype implementation that outputs verified executable code. Our evaluation shows that LoRe simplifies the development of safe local-first software when compared to state-of-the-art approaches and that verification times are acceptable.

翻译：本地优先软件在本地管理和处理私有数据，同时仍能通过部分不可靠网络连接的多方之间实现协作。此类软件通常涉及与用户及执行环境（外部世界）的交互。这种交互的不可预测性及其去中心化特性，使得对本地优先软件的正确性进行推理充满挑战。然而，现有开发本地优先软件的解决方案无法提供自动化安全保障，而是期望开发者在网络条件不可靠的环境中对并发交互进行推理。我们提出LoRe——一种编程模型和编译器，能够自动验证开发者提供的本地优先应用程序安全属性。LoRe将响应式编程的声明式数据流与静态分析和验证技术相结合，以精确判定违反安全不变量的并发交互，并在需要时通过协调选择性地采用强一致性。我们提出了一种形式化证明原理，并演示了如何在原型实现中自动化该过程，从而生成可验证的可执行代码。评估表明，与现有最先进方法相比，LoRe简化了安全本地优先软件的开发，且验证时间可接受。