On a Verification Framework for Certifying Distributed Algorithms: Distributed Checking and Consistency

Abstract: A major problem in software engineering is assuring the correctness of a distributed system. A certifying distributed algorithm (CDA) computes for its input-output pair (i, o) an additional witness w -a formal argument for the correctness of (i, o). Each CDA features a witness predicate such that if the witness predicate holds for a triple (i, o, w), the input-output pair (i, o) is correct. An accompanying checker algorithm decides the witness predicate. Consequently, a user of a CDA does not have to trust the… Show more

“…Certifying sequential algorithms are established [5] but there is little work on certifying distributed algorithms [10,8,7,9]. CDAs can be classified as a distributed and choreographed monitoring approach since the checker is a distributed algorithm, and as a synchronous monitoring approach since the system waits for the checker to accept [2].…”

“…The sub-checker of component v decides all local predicates over (i v , o v , w v ). Using a spanning tree, the sub-checkers aggregate the evaluated local predicates upwards and combine them by logical conjunction or disjunction depending on whether the according predicate is universally or existentially distributable; the root decides the witness predicate by combining the evaluated distributable predicates [9]. Hence, if the distributed checker accepts, the distributed input-output pair (i, o) is correct.…”

“…The user of a CDA does not have to trust the actual algorithm but the checker which is simpler for a well-chosen witness. Using the framework proposed in [8,9] an implemented checker can be verified.…”

Case Study on Certifying Distributed Algorithms: Reducing Intrusiveness

“…Certifying sequential algorithms are established [5] but there is little work on certifying distributed algorithms [10,8,7,9]. CDAs can be classified as a distributed and choreographed monitoring approach since the checker is a distributed algorithm, and as a synchronous monitoring approach since the system waits for the checker to accept [2].…”

“…The sub-checker of component v decides all local predicates over (i v , o v , w v ). Using a spanning tree, the sub-checkers aggregate the evaluated local predicates upwards and combine them by logical conjunction or disjunction depending on whether the according predicate is universally or existentially distributable; the root decides the witness predicate by combining the evaluated distributable predicates [9]. Hence, if the distributed checker accepts, the distributed input-output pair (i, o) is correct.…”

“…The user of a CDA does not have to trust the actual algorithm but the checker which is simpler for a well-chosen witness. Using the framework proposed in [8,9] an implemented checker can be verified.…”

Case Study on Certifying Distributed Algorithms: Reducing Intrusiveness

On Certifying Distributed Algorithms: Problem of Local Correctness

Towards runtime verification of collaborative embedded systems