Towards Modeling and Model Checking Fault-Tolerant Distributed Algorithms

John, Annu; Konnov, Igor; Schmid, Ulrich; Veith, Helmut; Widder, Josef

doi:10.1007/978-3-642-39176-7_14

Cited by 33 publications

(32 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…All of our benchmark algorithms were originally published in pseudocode, and we model them in a parametric extension of Promela, which was discussed in [27,34].…”

Section: Methodsmentioning

confidence: 99%

“…Waiting for majorities, or more generally waiting for quorums, is a key pattern of many faulttolerant algorithms, e.g., consensus, replicated state machine, and atomic commit. In [34] we introduced an efficient encoding of these algorithms, which we used in [33] for abstractionbased parameterized model checking of safety and liveness of several case study algorithms, which are parameterized in the number of processes n and the fraction of faults t, e.g., n > 3t. In [41] we were able to verify reachability properties of more involved algorithms by applying bounded model checking.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Para $$^2$$ 2 : parameterized path reduction, acceleration, and SMT for reachability in threshold-guarded distributed algorithms

Konnov

Lazić

Veith

et al. 2017

Form Methods Syst Des

Self Cite

View full text Add to dashboard Cite

Automatic verification of threshold-based fault-tolerant distributed algorithms (FTDA) is challenging: FTDAs have multiple parameters that are restricted by arithmetic conditions, the number of processes and faults is parameterized, and the algorithm code is parameterized due to conditions counting the number of received messages. Recently, we introduced a technique that first applies data and counter abstraction and then runs bounded model checking (BMC). Given an FTDA, our technique computes an upper bound on the diameter of the system. This makes BMC complete for reachability properties: it always finds a counterexample, if there is an actual error. To verify state-of-the-art FTDAs, further improvement is needed. In contrast to encoding bounded executions of a counter system over an abstract finite domain in SAT, in this paper, we encode bounded executions over integer counters in SMT. In addition, we introduce a new form of reduction that exploits acceleration and the structure of the FTDAs. This aggressively prunes the execution space to be explored by the solver. In this way, we verified safety of seven FTDAs that were out of reach before.

show abstract

“…All of our benchmark algorithms were originally published in pseudocode, and we model them in a parametric extension of Promela, which was discussed in [27,34].…”

Section: Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Para $$^2$$ 2 : parameterized path reduction, acceleration, and SMT for reachability in threshold-guarded distributed algorithms

Konnov

Lazić

Veith

et al. 2017

Form Methods Syst Des

Self Cite

View full text Add to dashboard Cite

show abstract

“…On the other hand, for a long time, it has been observed that counter systems [14,15,17] can be sufficient to specify many problems (like cache coherence or broadcast protocols) in the distributed algorithms area. Recently, counter abstractions have been effectively used also in the verification of fault-tolerant distributed protocols [3,[25][26][27]. It should be noticed that, unlike what happens in the old framework of [14,15,17], these new applications are often (although not always) based on abstractions that can only simulate the original algorithms and such simulation may sometimes be the result of an a priori reasoning on the characteristics of the algorithm, embedded into the model.…”

Section: Introductionmentioning

confidence: 99%

Counter Simulations via Higher Order Quantifier Elimination: a preliminary report

Ghilardi

Pagani

2017

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

Quite often, verification tasks for distributed systems are accomplished via counter abstractions. Such abstractions can sometimes be justified via simulations and bisimulations. In this work, we supply logical foundations to this practice, by a specifically designed technique for second order quantifier elimination. Our method, once applied to specifications of verification problems for parameterized distributed systems, produces integer variables systems that are ready to be model-checked by current SMT-based tools. We demonstrate the feasibility of the approach with a prototype implementation and first experiments. * The first authar was supported by the INdAM's GNSAGA group. System Specifications in Higher Order LogicThe behavior of a computer system can be modeled through a transition system, which is a tuple T = (W,W 0 , R, AP,V ) such that (i) W is the set of possible configurations, (ii) W 0 ⊆ W is the set of initial configurations, (iii) AP is a set of 'atomic propositions', (iv) V : W −→ AP is a function labeling each state with the set of propositions 'true in it', (v) R ⊆ W ×W is the transition relation: w 1 Rw 2 describes how the system can 'evolve in one step'.

show abstract

“…The latter makes it imperative to handle multiple parameters such as n, t, and the number f of faulty processes in a run of the algorithm, as well as resilience conditions such as n > 3t ∧ f ≤ t. In the context of fault-tolerant distributed algorithms, model checking was hence limited to verifying small system instances. For instance, the authors of [18,17,11,9] fixed the number n of processes a priori to some small value, say, n = 4 to 10, and used model checking for ruling out errors in these particular system instances. Although it is tempting to verify a "large enough" model and assume that this implies the algorithm's correctness in the general case, this is not necessarily true.…”

mentioning

confidence: 99%

“…However, for our abstraction method, a new variant of control flow automata (CFA) [5] is more natural, and the ways to express nondeterminism in our CFA variant are particularly suitable to model the influence of faults and uncertain message delays. In [8], we describe in detail how fault-tolerant message passing algorithms are specified using CFAs. As the CFA formalism is rather low-level compared to the way distributed algorithms are typically stated in the literature, interfaces to higher-level languages are subject to future work.…”

mentioning

confidence: 99%

Brief announcement

John

Konnov

Schmid

et al. 2013

Proceedings of the 2013 ACM Symposium on Principles of Distributed Computing

Self Cite

View full text Add to dashboard Cite

We introduce an automated method for parameterized verification of fault-tolerant distributed algorithms. It rests on a novel parametric interval abstraction (PIA) technique, which works for systems with multiple parameters, for instance, where n and t are parameters describing the system size and the bound on the number of faulty processes, respectively. The PIA technique allows to map typical thresholdrange intervals like [1, t + 1) and [t + 1, n − t) to values from a finite abstract domain. Applying PIA to both the local states of the processes and the global system state, the parameterized verification problem can be reduced to finite-state model checking. We demonstrate the practical feasibility of our method by verifying several variants of the well-known consistent broadcasting algorithm by Srikanth and Toueg for different fault models. To the best of our knowledge, this is the first successful automated parameterized verification of a Byzantine fault-tolerant distributed algorithm for message-passing systems.

show abstract

Towards Modeling and Model Checking Fault-Tolerant Distributed Algorithms

Cited by 33 publications

References 37 publications

Para $$^2$$ 2 : parameterized path reduction, acceleration, and SMT for reachability in threshold-guarded distributed algorithms

Para $$^2$$ 2 : parameterized path reduction, acceleration, and SMT for reachability in threshold-guarded distributed algorithms

Counter Simulations via Higher Order Quantifier Elimination: a preliminary report

Brief announcement

Contact Info

Product

Resources

About