Semi-formal Development of a Fault-Tolerant Leader Election Protocol in Erlang

  • Thomas Arts
  • Koen Claessen
  • Hans Svensson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3395)


We present a semi-formal analysis method for fault-tolerant distributed algorithms written in the distributed functional programming language Erlang. In this setting, standard model checking techniques are often too expensive or too limiting, whereas testing techniques often do not cover enough of the state space.

Our idea is to first run instances of the algorithm on generated stimuli, thereby creating traces of events and states. Then, using an abstraction function specified by the user, our tool generates from these traces an abstract state transition diagram of the system, which can be nicely visualized and thus greatly helps in debugging the system. Lastly, formal requirements of the system specified in temporal logic can be checked automatically to hold for the generated abstract state transition diagram. Because the state transition diagram is abstract, we know that the checked requirements hold for a lot more traces than just the traces we actually ran.

We have applied our method to a commonly used open-source fault-tolerant leader election algorithm, and discovered two serious bugs. We have also implemented a new algorithm that does not have these bugs.


Model Check Leader Election Concrete State State Transition Diagram Model Check Technique 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aguilera, M.K., Delporte-Gallet, C., Fauconnier, H.: Stable leader election. In: Welch, J.L. (ed.) DISC 2001. LNCS, vol. 2180, p. 108. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Armstrong, J., Williams, M., Wikstrom, C., Virding, R.: Concurrent Programming in Erlang, 2nd edn. Prentice-Hall, Englewood Cliffs (1996)zbMATHGoogle Scholar
  3. 3.
    Arts, T., Benac Earle, C., Derrick, J.: Development of a verified Erlang program for resource locking. Int. J. on Software Tools for Technology Transfer (2004) (to appear)Google Scholar
  4. 4.
    Arts, T., Benac Earle, C., Sánchez Penas, J.J.: Translating Erlang to mCRL. In: Fourth International Conference on Application of Concurrency to System Design, Hamilton (Ontario), Canada, June 2004. IEEE computer society, Los Alamitos (2004)Google Scholar
  5. 5.
    Arts, T., Fredlund, L.-Å.: Trace analysis of Erlang programs. In: Proceedings of the 2002 ACM SIGPLAN workshop on Erlang, pp. 16–23. ACM Press, New York (2002)CrossRefGoogle Scholar
  6. 6.
    Bjørner, N., Lerner, U., Manna, Z.: Deductive verification of parameterized fault-tolerant systems: A case study. In: Proceedings of the 2nd International Conference on Temporal Logic. Kluwer, Dordrecht (1997)Google Scholar
  7. 7.
    Blau, S., Rooth, J.: AXD 301 - A new generation ATM switching system. Ericsson Review 1, 10–17 (1998)Google Scholar
  8. 8.
    Brinksma, E.: A theory for the derivation of tests. Protocol Specification, Testing and Verification VIII, 63–74 (1988)Google Scholar
  9. 9.
    Brunekreef, J.J., Mauw, S., Katoen, J.-P., Koymans, R.: Design and analysis of dynamic leader election protocols in broadcast networks. Distributed Computing 9(4), 157–171 (1996)CrossRefGoogle Scholar
  10. 10.
    Clarke, E.M., Grumberg, O., Peled, D.A.: Model Checking. The MIT Press, Cambridge (2000)Google Scholar
  11. 11.
    Fredlund, L.-Å., Groote, J.F., Korver, H.: Formal verification of a leader elction protocol in process algebra. Theoretical Computer Science 177(2), 459–486 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Garavel, H., Mounier, L.: Specification and verification of various distributed leader election algorithms for unidirectional ring networks. Science of Computer Programming 29(1-2), 171–197 (1996)CrossRefGoogle Scholar
  13. 13.
    Havelund, K., Roşu, G.: An overview of the runtime verification tool Java PathExplorer. Formal Methods in System Design 24(2), 189–215 (2004)CrossRefzbMATHGoogle Scholar
  14. 14.
    Romijn, J.M.T.: A timed verification of the IEEE 1394 leader election protocol. Formal Methods in System Design 19(2), 165–194 (2001); special issue of FMICS 1999CrossRefzbMATHGoogle Scholar
  15. 15.
    Sen, K., Roşu, G., Agha, G.: Runtime safety analysis of multithreaded programs. In: Proceedings of the 9th European software engineering conference held jointly with 10th ACM SIGSOFT international symposium on Foundations of software engineering, pp. 337–346. ACM Press, New York (2003)Google Scholar
  16. 16.
    Singh, G.: Leader election in the presence of link failures. In: IEEE Transactions on Parallel and Distributed Systems, vol. 7. IEEE computer society, Los Alamitos (1996)Google Scholar
  17. 17.
    Stoller, S.D.: Leader election in distributed systems with crash failures. Technical Report 481, Computer Science Dept., Indiana University (May 1997) (Revised July 1997)Google Scholar
  18. 18.
    Svensson, H.: Various material related to the paper,
  19. 19.
    Tretmans, J.: A Formal Approach to Conformance Testing. PhD thesis, University of Twente, Enschede, The Netherlands (1992)Google Scholar
  20. 20.
    Tretmans, J., Belinfante, A.: Automatic testing with formal methods. In: EuroSTAR 1999: 7th European Int. Conference on Software Testing, Analysis & Review, EuroStar Conferences, Barcelona, Spain, Galway, Ireland, November 8-12 (1999)Google Scholar
  21. 21.
    Wiger, U.: Fault tolerant leader election,

Copyright information

© IFIP International Federation for Information Processing 2005

Authors and Affiliations

  • Thomas Arts
    • 1
  • Koen Claessen
    • 2
  • Hans Svensson
    • 2
  1. 1.IT University in GöteborgGöteborgSweden
  2. 2.Chalmers University of TechnologyGöteborgSweden

Personalised recommendations