Role-Based Symmetry Reduction of Fault-Tolerant Distributed Protocols with Language Support

  • Péter Bokor
  • Marco Serafini
  • Neeraj Suri
  • Helmut Veith
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5885)


Fault-tolerant (FT) distributed protocols (such as group membership, consensus, etc.) represent fundamental building blocks for many practical systems, e.g., the Google File System. Not only does one desire rigor in the protocol design but especially in its verification given the complexity and fallibility of manual proofs. The application of model checking (MC) for protocol verification is attractive with its full automation and rich property language. However, being an exhaustive exploration method, its scalable use is very much constrained by the overall number of different system states. We observe that, although FT distributed protocols usually display a very high degree of symmetry which stems from permuting different processes, MC efforts targeting their automated verification often disregard this symmetry. Therefore, we propose to leverage the framework of symmetry reduction and improve on existing applications of it by specifying so called role-based symmetries. Our secondary contribution is to define a high-level description language called FTDP to ease the symmetry aware specification of FT distributed protocols. FTDP supports synchronous as well as asynchronous protocols, a variety of fault types, and the specification of safety and liveness properties. Specifications written in FTDP can directly be analyzed by tools supporting symmetry reduction. We demonstrate the benefit of our approach using the example of well-known and complex distributed FT protocols, specifically Paxos and the Byzantine Generals.


Model Check Symmetric State Symmetry Reduction Liveness Property Computation Tree Logic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Attiya, H., Bar-Noy, A., Dolev, D.: Sharing memory robustly in message-passing systems. J. ACM 42(1), 124–142 (1995)zbMATHCrossRefGoogle Scholar
  2. 2.
    Benzel, T., et al.: Design, deployment, and use of the deter testbed. In: DETER Community Workshop on Cyber Security Experimentation and Test (2007)Google Scholar
  3. 3.
    Bokor, P., Serafini, M., Suri, N., Veith, H.: Role-based symmetry reduction of fault-tolerant distributed protocols with language support. TR-TUD-DEEDS-04-04-2009 (2009),
  4. 4.
    Bokor, P., Serafini, M., Suri, N., Veith, H.: Brief announcement: Practical symmetry reduction of fault-tolerant distributed protocols. DISC (to appear, 2009)Google Scholar
  5. 5.
    Bošnacki, D., Dams, D., Holenderski, L.: Symmetric SPIN. Journal on Softw. Tools for Techn. Transfer 4(1), 92–106 (2002)CrossRefGoogle Scholar
  6. 6.
    Castro, M., Liskov, B.: Practical Byz. fault tolerance. In: Proc. OSDI, pp. 173–186 (1999)Google Scholar
  7. 7.
    Clarke, E., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (2000)Google Scholar
  8. 8.
    Clarke, E.M., Enders, R., Filkorn, T., Jha, S.: Exploiting symmetry in temporal logic model checking. Formal Methods Sys. Design 9(1-2), 77–104 (1996)CrossRefGoogle Scholar
  9. 9.
    Dill, D.L., Drexler, A.J., Hu, A.J., Yang, C.H.: Protocol verification as a hardware design aid. In: Proc. ICCD: Int. Conf. on Computer Design on VLSI in Computer & Processors, pp. 522–525 (1992)Google Scholar
  10. 10.
    Ip, C.N., Dill, D.L.: Better verification through symmetry. Formal Methods Sys. Design 9(1-2), 41–75 (1996)CrossRefGoogle Scholar
  11. 11.
    Lamport, L.: The part-time parliament. ACM Trans. Comp. Sys. 16(2), 133–169 (1998)CrossRefGoogle Scholar
  12. 12.
    Lamport, L.: Paxos made simple. ACM SIGACT News 32(4), 18–25 (2001)Google Scholar
  13. 13.
    Lamport, L.: Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley Longman Publishing Co., Inc., Amsterdam (2002)Google Scholar
  14. 14.
    Lamport, L.: Checking a multithreaded algorithm with +CAL. In: Dolev, S. (ed.) DISC 2006. LNCS, vol. 4167, pp. 151–163. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Lamport, L., Shostak, R., Pease, M.: The Byzantine Generals Problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982)zbMATHCrossRefGoogle Scholar
  16. 16.
    Miller, A., Donaldson, A., Calder, M.: Symmetry in temporal logic model checking. ACM Comput. Surv. 38(3), 8 (2006)CrossRefGoogle Scholar
  17. 17.
    Chockler, G., Guerraoui, R., Keidar, I., Vukolic, M.: Reliable distributed storage. Computer 42(4), 60–67 (2009)CrossRefGoogle Scholar
  18. 18.
    Serafini, M., Suri, N., et al.: A tunable add-on diagnostic protocol for time-triggered systems. In: Proc. DSN, pp. 164–174 (2007)Google Scholar
  19. 19.
    Sistla, A.P., Godefroid, P.: Symmetry and reduced symmetry in model checking. ACM Trans. Program. Lang. Syst. 26(4), 702–734 (2004)CrossRefGoogle Scholar
  20. 20.
    Sistla, A.P., et al.: SMC: A symmetry-based model checker for verification of safety and liveness properties. ACM Trans. Softw. Eng. Methodol. 9(2), 133–166 (2000)CrossRefGoogle Scholar
  21. 21.
    Steiner, W., et al.: Model checking a fault-tolerant startup algorithm: from design exploration to exhaustive fault simulation. In: Proc. DSN, pp. 189–198 (2004)Google Scholar
  22. 22.
    Tsuchiya, T., Nagano, S., Paidi, R.B., Kikuno, T.: Symbolic Model Checking for Self-Stabilizing Algorithms. IEEE Trans. Parallel Distrib. Syst. 12(1), 81–95 (2001)CrossRefGoogle Scholar
  23. 23.
    Tsuchiya, T., Schiper, A.: Model checking of consensus algorithms. In: Proc. SRDS, pp. 137–148 (2007)Google Scholar
  24. 24.
    Tsuchiya, T., Schiper, A.: Using BMC to verify consensus algorithms. In: Taubenfeld, G. (ed.) DISC 2008. LNCS, vol. 5218, pp. 466–480. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  25. 25.
    Zielinski, P.: Automatic verification and discovery of byzantine consensus protocols. In: Proc. DSN, pp. 72–81 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Péter Bokor
    • 1
  • Marco Serafini
    • 1
  • Neeraj Suri
    • 1
  • Helmut Veith
    • 1
  1. 1.Technische Universität DarmstadtGermany

Personalised recommendations