Mechanical Verification of a Constructive Proof for FLP

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9807)


The impossibility of distributed consensus with one faulty process is a result with important consequences for real world distributed systems e.g., commits in replicated databases. Since proofs are not immune to faults and even plausible proofs with a profound formalism can conclude wrong results, we validate the fundamental result named FLP after Fischer, Lynch and Paterson by using the interactive theorem prover Isabelle/HOL. We present a formalization of distributed systems and the aforementioned consensus problem. Our proof is based on Hagen Völzer’s paper A constructive proof for FLP. In addition to the enhanced confidence in the validity of Völzer’s proof, we contribute the missing gaps to show the correctness in Isabelle/HOL. We clarify the proof details and even prove fairness of the infinite execution that contradicts consensus. Our Isabelle formalization may serve as a starting point for similar proofs of properties of distributed systems.


Formalization Isabelle/HOL Verification FLP Consensus Distributed systems 


  1. 1.
    Bertot, Y., Castéran, P.: Interactive Theorem Proving and Program Development: Coq’Art: The Calculus of Inductive Constructions. Texts in Theoretical Computer Science An EATCS Series. Springer, Heidelberg (2013)zbMATHGoogle Scholar
  2. 2.
    Bisping, B., Brodmann, P.D., Jungnickel, T., Rickmann, C., Seidler, H., Stüber, A., Wilhelm-Weidner, A., Peters, K., Nestmann, U.: A Constructive Proof for FLP. Archive of Formal Proofs (2016). Formal proof development
  3. 3.
    Buckley, G.N., Silberschatz, A.: An effective implementation for the generalized input-output construct of CSP. ACM Trans. Program. Lang. Syst. (TOPLAS) 5(2), 223–235 (1983)CrossRefzbMATHGoogle Scholar
  4. 4.
    Constable, R.L.: Effectively Nonblocking Consensus Procedures can Execute Forever - a Constructive Version of FLP. Tech. Rep. 11513, Cornell University (2011)Google Scholar
  5. 5.
    Constable, R.L., Allen, S.F., Bromley, H.M., Cleaveland, W.R., Cremer, J.F., Harper, R.W., Howe, D.J., Knoblock, T.B., Mendler, N.P., Panangaden, P., Sasaki, J.T., Smith, S.F.: Implementig Mathematics with the Nuprl Proof Development System. Prentice-Hall, Upper Saddle River (1986)Google Scholar
  6. 6.
    Fischer, M.J., Lynch, N.A., Paterson, M.S.: Impossibility of distributed consensus with one faulty process. J. ACM (JACM) 32(2), 374–382 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Kammüller, F., Wenzel, M., Paulson, L.C.: Locales - a sectioning concept for Isabelle. In: Bertot, Y., Dowek, G., Hirschowitz, A., Paulin, C., Théry, L. (eds.) TPHOLs 1999. LNCS, vol. 1690, pp. 149–165. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  8. 8.
    Küfner, P., Nestmann, U., Rickmann, C.: Formal verification of distributed algorithms. In: Baeten, J.C.M., Ball, T., de Boer, F.S. (eds.) TCS 2012. LNCS, vol. 7604, pp. 209–224. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Kumar, D., Silberschatz, A.: A counter-example to an algorithm for the generalized input-output construct of CSP. Inform. Proc. Lett. 61(6), 287 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Lamport, L.: The part-time parliament. ACM Trans. Comput. Syst. (TOCS) 16(2), 133–169 (1998)CrossRefGoogle Scholar
  11. 11.
    Nipkow, T., Paulson, L.C., Wenzel, M. (eds.): Isabelle/HOL: A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  12. 12.
    Ongaro, D., Ousterhout, J.: In Search of an Understandable Consensus Algorithm. In: Proceedings of USENIX, pp. 305–320 (2014)Google Scholar
  13. 13.
    Völzer, H.: A constructive proof for FLP. Inform. Proc. Lett. 92(2), 83–87 (2004)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Technische Universität BerlinBerlinGermany

Personalised recommendations