![[article image]](https://cacm.acm.org/system/assets/0001/9188/032015_CACMpg67_How-Amazon-Web1.large.jpg?1476779462&1426857401 "How Amazon Web Services Uses Formal Methods, illustration")
Since 2011, engineers at Amazon Web Services (AWS) have used formal specification and model checking to help solve difficult design problems in critical systems. Here, we describe our motivation and experience, what has worked well in our problem domain, and what has not. When discussing personal experience we refer to the authors by their initials.
At AWS we strive to build services that are simple for customers to use. External simplicity is built on a hidden substrate of complex distributed systems. Such complex internals are required to achieve high availability while running on cost-efficient infrastructure and cope with relentless business growth. As an example of this growth, in 2006, AWS launched S3, its Simple Storage Service. In the following six years, S3 grew to store one trillion objects.3 Less than a year later it had grown to two trillion objects and was regularly handling 1.1 million requests per second.4
K. Babu
Very reassuring article on the use of formal methods. Can the authors point to 'simple' TLA+ examples to be useful as a pedagogical tool?