Advertisement

Formal Verification of Consensus Algorithms Tolerating Malicious Faults

  • Bernadette Charron-Bost
  • Henri Debrat
  • Stephan Merz
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6976)

Abstract

Consensus is the paradigmatic problem in fault-tolerant distributed computing: it requires network nodes that communicate by message passing to agree on common value even in the presence of (benign or malicious) faults. Several algorithms for solving Consensus exist, but few of them have been rigorously verified, much less so formally. The Heard-Of model proposes a simple, unifying framework for defining distributed algorithms in the presence of communication faults. Algorithms proceed in communication-closed rounds, and assumptions on the faults tolerated by the algorithm are stated abstractly in the form of communication predicates. Extending previous work on the case of benign faults, our approach relies on the fact that properties such as Consensus can be verified over a coarse-grained, round-based representation of executions. We have encoded the Heard-Of model in the interactive proof assistant Isabelle/HOL and have used this encoding to formally verify three Consensus algorithms based on synchronous and asynchronous assumptions. Our proofs give some new insights into the correctness of the algorithms, in particular with respect to transient faults.

Keywords

Model Check Consensus Problem Transient Fault Consensus Algorithm Communication Predicate 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bar-noy, A., Dolev, D., Dwork, C., Strong, H.R.: Shifting gears: Changing algorithms on the fly to expedite Byzantine agreement. In: Information and Computation, pp. 42–51 (1987)Google Scholar
  2. 2.
    Biely, M., Widder, J., Charron-Bost, B., Gaillard, A., Hutle, M., Schiper, A.: Tolerating corrupted communication. In: Proc. 26th Annual ACM Symposium on Principles of Distributed Computing, PODC 2007, pp. 244–253. ACM, New York (2007)Google Scholar
  3. 3.
    Chaouch-Saad, M., Charron-Bost, B., Merz, S.: A reduction theorem for the verification of round-based distributed algorithms. In: Bournez, O., Potapov, I. (eds.) RP 2009. LNCS, vol. 5797, pp. 93–106. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Charron-Bost, B., Merz, S.: Formal verification of a Consensus algorithm in the Heard-Of model. Int. J. Software and Informatics 3(2-3), 273–303 (2009)Google Scholar
  5. 5.
    Charron-Bost, B., Schiper, A.: The Heard-Of model: Computing in distributed systems with benign failures. In: Distributed Computing (2009)Google Scholar
  6. 6.
    Dwork, C., Lynch, N.A., Stockmeyer, L.: Consensus in the presence of partial synchrony. J. ACM 35(2), 288–323 (1988)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Elrad, T., Francez, N.: Decomposition of distributed programs into communication-closed layers. Science Comp. Prog. 2(3) (April 1982)Google Scholar
  8. 8.
    Fischer, M.J., Lynch, N.A., Paterson, M.S.: Impossibility of distributed consensus with one faulty process. J. ACM 32(2), 374–382 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Georgiou, C., Lynch, N.A., Mavrommatis, P., Tauber, J.A.: Automated implementation of complex distributed algorithms specified in the IOA language. Intl. J. Software Tools for Technology Transfer 11(2), 153–171 (2009)CrossRefGoogle Scholar
  10. 10.
    Hesselink, W.H.: The verified incremental design of a distributed spanning tree algorithm: Extended abstract. Formal Asp. Comput. 11(1), 45–55 (1999)CrossRefzbMATHGoogle Scholar
  11. 11.
    Jaskelioff, M., Merz, S.: Proving the correctness of Disk Paxos. Archive of Formal Proofs (2005), http://afp.sourceforge.net/entries/DiskPaxos.shtml
  12. 12.
    Lamport, L.: What good is temporal logic? In: Mason, R.E.A. (ed.) Information Processing 1983: Proceedings of the IFIP 9th World Congress, Paris. IFIP, pp. 657–668. North-Holland, Amsterdam (September 1983)Google Scholar
  13. 13.
    Lamport, L.: Byzantining Paxos by refinement. Technical report, Microsoft Research (December 2010)Google Scholar
  14. 14.
    Lamport, L., Merz, S.: Specifying and verifying fault-tolerant systems. In: Langmaack, H., de Roever, W.-P., Vytopil, J. (eds.) FTRTFT 1994 and ProCoS 1994. LNCS, vol. 863, pp. 41–76. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  15. 15.
    Lynch, N.A.: Distributed Algorithms. Morgan Kaufmann Publishers Inc., San Francisco (1996)zbMATHGoogle Scholar
  16. 16.
    Nipkow, T., Paulson, L., Wenzel, M.: Isabelle/HOL. A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  17. 17.
    Peled, D., Wilke, T.: Stutter-invariant temporal properties are expressible without the next-time operator. Inf. Proc. Letters 63(5), 243–246 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Schmid, U., Weiss, B., Rushby, J.M.: Formally verified byzantine agreement in presence of link faults. In: 22nd Intl. Conf. Distributed Computing Systems (ICDCS 2002), Vienna, Austria, pp. 608–616. IEEE Comp. Society, Los Alamitos (2002)Google Scholar
  19. 19.
    Tsuchiya, T., Schiper, A.: Model checking of consensus algorithms. In: 26th IEEE Symp. Reliable Distributed Systems (SRDS 2007), Beijing, China, pp. 137–148. IEEE Comp. Society, Los Alamitos (2007)Google Scholar
  20. 20.
    Tsuchiya, T., Schiper, A.: Using bounded model checking to verify consensus algorithms. In: Taubenfeld, G. (ed.) DISC 2008. LNCS, vol. 5218, pp. 466–480. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Bernadette Charron-Bost
    • 1
  • Henri Debrat
    • 2
  • Stephan Merz
    • 2
  1. 1.CNRS & LIXPalaiseauFrance
  2. 2.INRIA Nancy & LORIANancyFrance

Personalised recommendations