Mechanical Verification of a Constructive Proof for FLP
The impossibility of distributed consensus with one faulty process is a result with important consequences for real world distributed systems e.g., commits in replicated databases. Since proofs are not immune to faults and even plausible proofs with a profound formalism can conclude wrong results, we validate the fundamental result named FLP after Fischer, Lynch and Paterson by using the interactive theorem prover Isabelle/HOL. We present a formalization of distributed systems and the aforementioned consensus problem. Our proof is based on Hagen Völzer’s paper A constructive proof for FLP. In addition to the enhanced confidence in the validity of Völzer’s proof, we contribute the missing gaps to show the correctness in Isabelle/HOL. We clarify the proof details and even prove fairness of the infinite execution that contradicts consensus. Our Isabelle formalization may serve as a starting point for similar proofs of properties of distributed systems.
KeywordsFormalization Isabelle/HOL Verification FLP Consensus Distributed systems
- 2.Bisping, B., Brodmann, P.D., Jungnickel, T., Rickmann, C., Seidler, H., Stüber, A., Wilhelm-Weidner, A., Peters, K., Nestmann, U.: A Constructive Proof for FLP. Archive of Formal Proofs (2016). http://isa-afp.org/entries/FLP.shtml. Formal proof development
- 4.Constable, R.L.: Effectively Nonblocking Consensus Procedures can Execute Forever - a Constructive Version of FLP. Tech. Rep. 11513, Cornell University (2011)Google Scholar
- 5.Constable, R.L., Allen, S.F., Bromley, H.M., Cleaveland, W.R., Cremer, J.F., Harper, R.W., Howe, D.J., Knoblock, T.B., Mendler, N.P., Panangaden, P., Sasaki, J.T., Smith, S.F.: Implementig Mathematics with the Nuprl Proof Development System. Prentice-Hall, Upper Saddle River (1986)Google Scholar
- 12.Ongaro, D., Ousterhout, J.: In Search of an Understandable Consensus Algorithm. In: Proceedings of USENIX, pp. 305–320 (2014)Google Scholar