A Logic-Based Framework for Verifying Consensus Algorithms

  • Cezara Drăgoi
  • Thomas A. Henzinger
  • Helmut Veith
  • Josef Widder
  • Damien Zufferey
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8318)


Fault-tolerant distributed algorithms play an important role in ensuring the reliability of many software applications. In this paper we consider distributed algorithms whose computations are organized in rounds. To verify the correctness of such algorithms, we reason about (i) properties (such as invariants) of the state, (ii) the transitions controlled by the algorithm, and (iii) the communication graph. We introduce a logic that addresses these points, and contains set comprehensions with cardinality constraints, function symbols to describe the local states of each process, and a limited form of quantifier alternation to express the verification conditions. We show its use in automating the verification of consensus algorithms. In particular, we give a semi-decision procedure for the unsatisfiability problem of the logic and identify a decidable fragment. We successfully applied our framework to verify the correctness of a variety of consensus algorithms tolerant to both benign faults (message loss, process crashes) and value faults (message corruption).


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abdulla, P.A., Cerans, K., Jonsson, B., Tsay, Y.K.: General decidability theorems for infinite-state systems (1996)Google Scholar
  2. 2.
    Apt, K., Kozen, D.: Limits for automatic verification of finite-state concurrent systems. Inf. Process. Lett. 15, 307–309 (1986)CrossRefMathSciNetGoogle Scholar
  3. 3.
    Ben-Or, M.: Another advantage of free choice (extended abstract): Completely asynchronous agreement protocols. In: PODC, pp. 27–30. ACM (1983)Google Scholar
  4. 4.
    Biely, M., Charron-Bost, B., Gaillard, A., Hutle, M., Schiper, A., Widder, J.: Tolerating corrupted communication. In: PODC, pp. 244–253 (2007)Google Scholar
  5. 5.
    Bouajjani, A., Drăgoi, C., Enea, C., Sighireanu, M.: A logic-based framework for reasoning about composite data structures. In: Bravetti, M., Zavattaro, G. (eds.) CONCUR 2009. LNCS, vol. 5710, pp. 178–195. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Bradley, A.R., Manna, Z., Sipma, H.B.: What’s decidable about arrays? In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, pp. 427–442. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Brasileiro, F., Greve, F.G.P., Mostéfaoui, A., Raynal, M.: Consensus in one communication step. In: Malyshkin, V.E. (ed.) PaCT 2001. LNCS, vol. 2127, pp. 42–50. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Burrows, M.: The chubby lock service for loosely-coupled distributed systems. In: OSDI. USENIX Association, Berkeley (2006)Google Scholar
  9. 9.
    Charron-Bost, B., Merz, S.: Formal verification of a consensus algorithm in the heard-of model. Int. J. Software and Informatics 3(2-3), 273–303 (2009)Google Scholar
  10. 10.
    Charron-Bost, B., Schiper, A.: The heard-of model: computing in distributed systems with benign faults. Distributed Computing 22(1), 49–71 (2009)CrossRefzbMATHGoogle Scholar
  11. 11.
    Fischer, M.J., Lynch, N.A., Paterson, M.S.: Impossibility of distributed consensus with one faulty process. J. ACM 32(2), 374–382 (1985)CrossRefzbMATHMathSciNetGoogle Scholar
  12. 12.
    Függer, M., Schmid, U.: Reconciling fault-tolerant distributed computing and systems-on-chip. Dist. Comp. 24(6), 323–355 (2012)CrossRefzbMATHGoogle Scholar
  13. 13.
    German, S.M., Sistla, A.P.: Reasoning about systems with many processes. Journal of the ACM 39, 675–735 (1992)CrossRefzbMATHMathSciNetGoogle Scholar
  14. 14.
    Hunt, P., Konar, M., Junqueira, F.P., Reed, B.: Zookeeper: wait-free coordination for internet-scale systems. In: USENIXATC. USENIX Association (2010)Google Scholar
  15. 15.
    John, A., Konnov, I., Schmid, U., Veith, H., Widder, J.: Parameterized model checking of fault-tolerant distributed algorithms by abstraction. In: FMCAD, pp. 201–209 (2013)Google Scholar
  16. 16.
    Kuncak, V., Nguyen, H.H., Rinard, M.: An algorithm for deciding BAPA: Boolean algebra with presburger arithmetic. In: Nieuwenhuis, R. (ed.) CADE 2005. LNCS (LNAI), vol. 3632, pp. 260–277. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Lamport, L.: The part-time parliament. ACM Trans. Comput. Syst. (1998)Google Scholar
  18. 18.
    Lamport, L.: Distributed algorithms in TLA (abstract). In: PODC (2000)Google Scholar
  19. 19.
    Lynch, N.: Distributed Algorithms. Morgan Kaufman (1996)Google Scholar
  20. 20.
    Madhusudan, P., Parlato, G., Qiu, X.: Decidable logics combining heap structures and data. In: POPL, pp. 611–622. ACM (2011)Google Scholar
  21. 21.
    de Moura, L., Bjørner, N.: Z3: An efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. 22.
    Santoro, N., Widmayer, P.: Time is not a healer. In: Cori, R., Monien, B. (eds.) STACS 1989. LNCS, vol. 349, pp. 304–313. Springer, Heidelberg (1989)CrossRefGoogle Scholar
  23. 23.
    Suzuki, I.: Proving properties of a ring of finite-state machines. Inf. Process. Lett. 28(4), 213–214 (1988)CrossRefzbMATHGoogle Scholar
  24. 24.
    Yessenov, K., Piskac, R., Kuncak, V.: Collections, cardinalities, and relations. In: Barthe, G., Hermenegildo, M. (eds.) VMCAI 2010. LNCS, vol. 5944, pp. 380–395. Springer, Heidelberg (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Cezara Drăgoi
    • 1
  • Thomas A. Henzinger
    • 1
  • Helmut Veith
    • 2
  • Josef Widder
    • 2
  • Damien Zufferey
    • 3
  1. 1.IST AustriaAustria
  2. 2.TU WienAustria

Personalised recommendations