Advertisement

Parameterized Model Checking of Synchronous Distributed Algorithms by Abstraction

  • Benjamin Aminof
  • Sasha Rubin
  • Ilina Stoilkovska
  • Josef Widder
  • Florian Zuleger
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10747)

Abstract

Parameterized verification of fault-tolerant distributed algorithms has recently gained more and more attention. Most of the existing work considers asynchronous distributed systems (interleaving semantics). However, there exists a considerable distributed computing literature on synchronous fault-tolerant distributed algorithms: conceptually, all processes proceed in lock-step rounds, that is, synchronized steps of all (correct) processes bring the system into the next state.

We introduce an abstraction technique for synchronous fault-tolerant distributed algorithms that reduces parameterized verification of synchronous fault-tolerant distributed algorithms to finite-state model checking of an abstract system. Using the TLC model checker, we automatically verified several algorithms from the literature, some of which were not automatically verified before. Our benchmarks include fault-tolerant algorithms that solve atomic commitment, 2-set agreement, and consensus.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Aiswarya, C., Bollig, B., Gastin, P.: An automata-theoretic approach to the verification of distributed algorithms. In: 26th International Conference on Concurrency Theory, CONCUR 2015, Madrid, Spain, September 1.4, 2015, pp. 340–353 (2015)Google Scholar
  2. 2.
    Alberti, F., Ghilardi, S., Orsini, A., Pagani, E.: Counter abstractions in model checking of distributed broadcast algorithms: some case studies. In: Proceedings of the 31st Italian Conference on Computational Logic, Milano, Italy, June 20–22, 2016, pp. 102–117 (2016)Google Scholar
  3. 3.
    Aminof, B., Kotek, T., Rubin, S., Spegni, F., Veith, H.: Parameterized model checking of rendezvous systems. In: Baldan, P., Gorla, D. (eds.) CONCUR 2014. LNCS, vol. 8704, pp. 109–124. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44584-6_9 Google Scholar
  4. 4.
    Apt, K.R., Kozen, D.: Limits for Automatic Verification of Finite-State Concurrent Systems. Inf. Process. Lett. 22(6), 307–309 (1986)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Attiya, H., Welch, J.: Distributed Computing, 2nd edn. Wiley (2004)Google Scholar
  6. 6.
    Bloem, R., Jacobs, S., Khalimov, A., Konnov, I., Rubin, S., Veith, H., Widder, J.: Decidability of Parameterized Verification. Synthesis Lectures on Distributed Computing Theory. Morgan & Claypool Publishers (2015)Google Scholar
  7. 7.
    Browne, M.C., Clarke, E.M., Grumberg, O.: Reasoning about Networks with Many Identical Finite State Processes. Inf. Comput. 81(1), 13–31 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Burrows, M.: The chubby lock service for loosely-coupled distributed systems. In: 7th Symposium on Operating Systems Design and Implementation (OSDI 2006), Seattle, WA, USA, November 6–8, pp. 335–350 (2006)Google Scholar
  9. 9.
    Castañeda, A., Moses, Y., Raynal, M., Roy, M.: Early decision and stopping in synchronous consensus: a predicate-based guided tour. In: El Abbadi, A., Garbinato, B. (eds.) NETYS 2017. LNCS, vol. 10299, pp. 206–221. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-59647-1_16 CrossRefGoogle Scholar
  10. 10.
    Chaouch-Saad, M., Charron-Bost, B., Merz, S.: A reduction theorem for the verification of round-based distributed algorithms. In: Bournez, O., Potapov, I. (eds.) RP 2009. LNCS, vol. 5797, pp. 93–106. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-04420-5_10 CrossRefGoogle Scholar
  11. 11.
    Charron-Bost, B., Schiper, A.: Uniform Consensus is Harder than Consensus. J. Algorithms 51(1), 15–37 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Charron-Bost, B., Schiper, A.: The Heard-Of Model: Computing in Distributed Systems with Benign Faults. Distributed Computing 22(1), 49–71 (2009)CrossRefzbMATHGoogle Scholar
  13. 13.
    Chou, C.-T., Mannava, P.K., Park, S.: A simple method for parameterized verification of cache coherence protocols. In: Hu, A.J., Martin, A.K. (eds.) FMCAD 2004. LNCS, vol. 3312, pp. 382–398. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-30494-4_27 CrossRefGoogle Scholar
  14. 14.
    Clarke, E.M., Grumberg, O., Long, D.E.: Model Checking and Abstraction. ACM Trans. Program. Lang. Syst. 16(5), 1512–1542 (1994)CrossRefGoogle Scholar
  15. 15.
    Clarke, E., Talupur, M., Veith, H.: Environment abstraction for parameterized verification. In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, pp. 126–141. Springer, Heidelberg (2005).  https://doi.org/10.1007/11609773_9 CrossRefGoogle Scholar
  16. 16.
    Clarke, E.M., Talupur, M., Veith, H.: Proving ptolemy right: the environment abstraction framework for model checking concurrent systems. In: Proceedings of 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29–April 6, 2008, pp. 33–47 (2008)Google Scholar
  17. 17.
    Drăgoi, C., Henzinger, T.A., Veith, H., Widder, J., Zufferey, D.: A logic-based framework for verifying consensus algorithms. In: McMillan, K.L., Rival, X. (eds.) VMCAI 2014. LNCS, vol. 8318, pp. 161–181. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-54013-4_10 CrossRefGoogle Scholar
  18. 18.
    Dragoi, C., Henzinger, T.A., Zufferey, D.: PSync: a partially synchronous language for fault-tolerant distributed algorithms. In: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2016, St. Petersburg, FL, USA, January 20–22, 2016, pp. 400–415 (2016)Google Scholar
  19. 19.
    Emerson, E.A., Namjoshi, K.S.: Reasoning about rings. In: Conference Record of POPL 1995: 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Francisco, California, USA, January 23–25, 1995, pp. 85–94 (1995)Google Scholar
  20. 20.
    Emerson, E.A., Sistla, A.P.: Symmetry and Model Checking. Formal Methods in System Design 9(1/2), 105–131 (1996)CrossRefGoogle Scholar
  21. 21.
    Fischer, M.J., Lynch, N.A., Paterson, M.: Impossibility of distributed consensus with one faulty process. J. ACM 32(2), 374–382 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Fisman, D., Kupferman, O., Lustig, Y.: On verifying fault tolerance of distributed protocols. In: Proceedings of 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29–April 6, 2008, pp. 315–331 (2008)Google Scholar
  23. 23.
    Graf, S., Saidi, H.: Construction of abstract state graphs with PVS. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 72–83. Springer, Heidelberg (1997).  https://doi.org/10.1007/3-540-63166-6_10 CrossRefGoogle Scholar
  24. 24.
    John, A., Konnov, I., Schmid, U., Veith, H., Widder, J.: Parameterized model checking of fault-tolerant distributed algorithms by abstraction. In: Formal Methods in Computer-Aided Design, FMCAD 2013, Portland, OR, USA, October 20–23, 2013, pp. 201–209 (2013)Google Scholar
  25. 25.
    John, A., Konnov, I., Schmid, U., Veith, H., Widder, J.: Towards modeling and model checking fault-tolerant distributed algorithms. In: Bartocci, E., Ramakrishnan, C.R. (eds.) SPIN 2013. LNCS, vol. 7976, pp. 209–226. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-39176-7_14 CrossRefGoogle Scholar
  26. 26.
    Killian, C.E., Anderson, J.W., Braud, R., Jhala, R., Vahdat, A.: Mace: language support for building distributed systems. In: Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation, San Diego, California, USA, June 10–13, 2007, pp. 179–188 (2007)Google Scholar
  27. 27.
    Konnov, I., Lazić, M., Veith, H., Widder, J.: Para\(^2\): parameterized path reduction, acceleration, and SMT for reachability in threshold-guarded distributed algorithms. Formal Methods in System Design 51(2), 270–307 (2017)CrossRefGoogle Scholar
  28. 28.
    Konnov, I.V., Lazić, M., Veith, H., Widder, J.: A short counterexample property for safety and liveness verification of fault-tolerant distributed algorithms. In: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2017, Paris, France, January 18–20, 2017, pp. 719–734 (2017)Google Scholar
  29. 29.
    Konnov, I.V., Veith, H., Widder, J.: On the Completeness of Bounded Model Checking for Threshold-Based Distributed Algorithms: Reachability. Inf. Comput. 252, 95–109 (2017)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Kopetz, H., Grünsteidl, G.: TTP - A Protocol for Fault-Tolerant Real-Time Systems. IEEE Computer 27(1), 14–23 (1994)CrossRefGoogle Scholar
  31. 31.
    Kotla, R., Alvisi, L., Dahlin, M., Clement, A., Wong, E.L.: Zyzzyva: Speculative Byzantine Fault Tolerance. ACM Trans. Comput. Syst. 27(4), 7:1–7:39 (2009)CrossRefGoogle Scholar
  32. 32.
    Krstić, S.: Parametrized system verification with guard strengthening and parameter abstraction. In: AVIS, 2005 (2005)Google Scholar
  33. 33.
    Lamport, L.: Specifying Systems, The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley (2002)Google Scholar
  34. 34.
    Lamport, L., Shostak, R.E., Pease, M.C.: The Byzantine Generals Problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982)CrossRefzbMATHGoogle Scholar
  35. 35.
    Lesani, M., Bell, C.J., Chlipala, A.: Chapar: certified causally consistent distributed key-value stores. In: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2016, St. Petersburg, FL, USA, January 20–22, 2016, pp. 357–370 (2016)Google Scholar
  36. 36.
    Lincoln, P., Rushby, J.M.: A formally verified algorithm for interactive consistency under a hybrid fault model. In: Digest of Papers: FTCS-23, The Twenty-Third Annual International Symposium on Fault-Tolerant Computing, Toulouse, France, June 22–24, 1993, pp. 402–411 (1993)Google Scholar
  37. 37.
    Lynch, N.A.: Distributed Algorithms. Morgan Kaufmann (1996)Google Scholar
  38. 38.
    Marić, O., Sprenger, C., Basin, D.: Cutoff bounds for consensus algorithms. In: Majumdar, R., Kunčak, V. (eds.) CAV 2017. LNCS, vol. 10427, pp. 217–237. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63390-9_12 CrossRefGoogle Scholar
  39. 39.
    McMillan, K.L.: Verification of infinite state systems by compositional model checking. In: Pierre, L., Kropf, T. (eds.) CHARME 1999. LNCS, vol. 1703, pp. 219–237. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48153-2_17 CrossRefGoogle Scholar
  40. 40.
    McMillan, K.L.: Parameterized verification of the flash cache coherence protocol by compositional model checking. In: Margaria, T., Melham, T. (eds.) CHARME 2001. LNCS, vol. 2144, pp. 179–195. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44798-9_17 CrossRefGoogle Scholar
  41. 41.
    Medeiros, A.: ZooKeeper’s atomic broadcast protocol: Theory and practice. Technical report (2012)Google Scholar
  42. 42.
    Moraru, I., Andersen, D.G., Kaminsky, M.: There is more consensus in egalitarian parliaments. In: ACM SIGOPS 24th Symposium on Operating Systems Principles, SOSP 2013, Farmington, PA, USA, November 3–6, 2013, pp. 358–372 (2013)Google Scholar
  43. 43.
    O’Leary, J.W., Talupur, M., Tuttle, M.R.: Protocol verification using flows: an industrial experience. In: Proceedings of 9th International Conference on Formal Methods in Computer-Aided Design, FMCAD 2009, Austin, Texas, USA, November 15–18, 2009, pp. 172–179 (2009)Google Scholar
  44. 44.
    Pease, M.C., Shostak, R.E., Lamport, L.: Reaching Agreement in the Presence of Faults. J. ACM 27(2), 228–234 (1980)MathSciNetCrossRefzbMATHGoogle Scholar
  45. 45.
    Peluso, S., Turcu, A., Palmieri, R., Losa, G., Ravindran, B.: Making fast consensus generally faster. In: 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016, Toulouse, France, June 28 –July 1, 2016, pp. 156–167 (2016)Google Scholar
  46. 46.
    Pnueli, A., Xu, J., Zuck, L.D.: Liveness with (0, 1, infty)-counter abstraction. In: Proceedings of 14th International Conference on Computer Aided Verification, CAV 2002, Copenhagen, Denmark, July 27–31, 2002, pp. 107–122 (2002)Google Scholar
  47. 47.
    Raynal, M.: Fault-tolerant Agreement in Synchronous Message-passing Systems. Synthesis Lectures on Distributed Computing Theory. Morgan & Claypool Publishers (2010)Google Scholar
  48. 48.
    Steiner, W., Rushby, J.M., Sorea, M., Pfeifer, H.: Model checking a fault-tolerant startup algorithm: from design exploration to exhaustive fault simulation. In: Proceedings of 2004 International Conference on Dependable Systems and Networks (DSN 2004), Florence, Italy, 28 June - 1 July 2004, pp. 189–198 (2004)Google Scholar
  49. 49.
    Suzuki, I.: Proving Properties of a Ring of Finite-State Machines. Inf. Process. Lett. 28(4), 213–214 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  50. 50.
  51. 51.
    Tsuchiya, T., Schiper, A.: Verification of consensus algorithms using satisfiability solving. Distributed Computing 23(5–6), 341–358 (2011)CrossRefzbMATHGoogle Scholar
  52. 52.
    von Gleissenthall, K., Bjørner, N., Rybalchenko, A.: Cardinalities and universal quantifiers for verifying parameterized systems. In: Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016, Santa Barbara, CA, USA, June 13–17, 2016, pp. 599–613 (2016)Google Scholar
  53. 53.
    Widder, J., Gridling, G., Weiss, B., Blanquart, J.-P.: Synchronous consensus with Mortal Byzantines. In: Proceedings of The 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007, Edinburgh, UK, June 25–28, 2007, pp. 102–112 (2007)Google Scholar
  54. 54.
    Woos, D., Wilcox, J.R., Anton, S., Tatlock, Z., Ernst, M.D., Anderson, T.E.: Planning for change in a formal verification of the RAFT consensus protocol. In: Proceedings of the 5th ACM SIGPLAN Conference on Certified Programs and Proofs, Saint Petersburg, FL, USA, January 20–22, 2016, pp. 154–165 (2016)Google Scholar
  55. 55.

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Benjamin Aminof
    • 1
  • Sasha Rubin
    • 2
  • Ilina Stoilkovska
    • 1
  • Josef Widder
    • 1
  • Florian Zuleger
    • 1
  1. 1.TU WienViennaAustria
  2. 2.Università degli Studi di Napoli Federico IINaplesItaly

Personalised recommendations