Formal Verification of Consensus Algorithms Tolerating Malicious Faults
Consensus is the paradigmatic problem in fault-tolerant distributed computing: it requires network nodes that communicate by message passing to agree on common value even in the presence of (benign or malicious) faults. Several algorithms for solving Consensus exist, but few of them have been rigorously verified, much less so formally. The Heard-Of model proposes a simple, unifying framework for defining distributed algorithms in the presence of communication faults. Algorithms proceed in communication-closed rounds, and assumptions on the faults tolerated by the algorithm are stated abstractly in the form of communication predicates. Extending previous work on the case of benign faults, our approach relies on the fact that properties such as Consensus can be verified over a coarse-grained, round-based representation of executions. We have encoded the Heard-Of model in the interactive proof assistant Isabelle/HOL and have used this encoding to formally verify three Consensus algorithms based on synchronous and asynchronous assumptions. Our proofs give some new insights into the correctness of the algorithms, in particular with respect to transient faults.
KeywordsModel Check Consensus Problem Transient Fault Consensus Algorithm Communication Predicate
Unable to display preview. Download preview PDF.
- 1.Bar-noy, A., Dolev, D., Dwork, C., Strong, H.R.: Shifting gears: Changing algorithms on the fly to expedite Byzantine agreement. In: Information and Computation, pp. 42–51 (1987)Google Scholar
- 2.Biely, M., Widder, J., Charron-Bost, B., Gaillard, A., Hutle, M., Schiper, A.: Tolerating corrupted communication. In: Proc. 26th Annual ACM Symposium on Principles of Distributed Computing, PODC 2007, pp. 244–253. ACM, New York (2007)Google Scholar
- 4.Charron-Bost, B., Merz, S.: Formal verification of a Consensus algorithm in the Heard-Of model. Int. J. Software and Informatics 3(2-3), 273–303 (2009)Google Scholar
- 5.Charron-Bost, B., Schiper, A.: The Heard-Of model: Computing in distributed systems with benign failures. In: Distributed Computing (2009)Google Scholar
- 7.Elrad, T., Francez, N.: Decomposition of distributed programs into communication-closed layers. Science Comp. Prog. 2(3) (April 1982)Google Scholar
- 11.Jaskelioff, M., Merz, S.: Proving the correctness of Disk Paxos. Archive of Formal Proofs (2005), http://afp.sourceforge.net/entries/DiskPaxos.shtml
- 12.Lamport, L.: What good is temporal logic? In: Mason, R.E.A. (ed.) Information Processing 1983: Proceedings of the IFIP 9th World Congress, Paris. IFIP, pp. 657–668. North-Holland, Amsterdam (September 1983)Google Scholar
- 13.Lamport, L.: Byzantining Paxos by refinement. Technical report, Microsoft Research (December 2010)Google Scholar
- 18.Schmid, U., Weiss, B., Rushby, J.M.: Formally verified byzantine agreement in presence of link faults. In: 22nd Intl. Conf. Distributed Computing Systems (ICDCS 2002), Vienna, Austria, pp. 608–616. IEEE Comp. Society, Los Alamitos (2002)Google Scholar
- 19.Tsuchiya, T., Schiper, A.: Model checking of consensus algorithms. In: 26th IEEE Symp. Reliable Distributed Systems (SRDS 2007), Beijing, China, pp. 137–148. IEEE Comp. Society, Los Alamitos (2007)Google Scholar