52,043 research outputs found
Using Bounded Model Checking to Verify Consensus Algorithms
This paper presents an approach to automatic verification of asynchronous round-based consensus algorithms. We use model checking, a widely practiced verification method; but its application to asynchronous distributed algorithms is difficult because the state space of these algorithms is often infinite. The proposed approach addresses this difficulty by reducing the verification problem to small model checking problems that involve only single phases of algorithm execution. Because a phase consists of a finite number of rounds, bounded model checking, a technique using satisfiability solving, can be effectively used to solve these problems. The proposed approach allows us to model check some consensus algorithms up to around 10 processes
Leader Election in Anonymous Rings: Franklin Goes Probabilistic
We present a probabilistic leader election algorithm for anonymous, bidirectional, asynchronous rings. It is based on an algorithm from Franklin, augmented with random identity selection, hop counters to detect identity clashes, and round numbers modulo 2. As a result, the algorithm is finite-state, so that various model checking techniques can be employed to verify its correctness, that is, eventually a unique leader is elected with probability one. We also sketch a formal correctness proof of the algorithm for rings with arbitrary size
Model Checking Paxos in Spin
We present a formal model of a distributed consensus algorithm in the
executable specification language Promela extended with a new type of guards,
called counting guards, needed to implement transitions that depend on majority
voting. Our formalization exploits abstractions that follow from reduction
theorems applied to the specific case-study. We apply the model checker Spin to
automatically validate finite instances of the model and to extract
preconditions on the size of quorums used in the election phases of the
protocol.Comment: In Proceedings GandALF 2014, arXiv:1408.556
Survey of Distributed Decision
We survey the recent distributed computing literature on checking whether a
given distributed system configuration satisfies a given boolean predicate,
i.e., whether the configuration is legal or illegal w.r.t. that predicate. We
consider classical distributed computing environments, including mostly
synchronous fault-free network computing (LOCAL and CONGEST models), but also
asynchronous crash-prone shared-memory computing (WAIT-FREE model), and mobile
computing (FSYNC model)
Graph- versus Vector-Based Analysis of a Consensus Protocol
The Paxos distributed consensus algorithm is a challenging case-study for
standard, vector-based model checking techniques. Due to asynchronous
communication, exhaustive analysis may generate very large state spaces already
for small model instances. In this paper, we show the advantages of graph
transformation as an alternative modelling technique. We model Paxos in a rich
declarative transformation language, featuring (among other things) nested
quantifiers, and we validate our model using the GROOVE model checker, a
graph-based tool that exploits isomorphism as a natural way to prune the state
space via symmetry reductions. We compare the results with those obtained by
the standard model checker Spin on the basis of a vector-based encoding of the
algorithm.Comment: In Proceedings GRAPHITE 2014, arXiv:1407.767
An Automata-Theoretic Approach to the Verification of Distributed Algorithms
We introduce an automata-theoretic method for the verification of distributed
algorithms running on ring networks. In a distributed algorithm, an arbitrary
number of processes cooperate to achieve a common goal (e.g., elect a leader).
Processes have unique identifiers (pids) from an infinite, totally ordered
domain. An algorithm proceeds in synchronous rounds, each round allowing a
process to perform a bounded sequence of actions such as send or receive a pid,
store it in some register, and compare register contents wrt. the associated
total order. An algorithm is supposed to be correct independently of the number
of processes. To specify correctness properties, we introduce a logic that can
reason about processes and pids. Referring to leader election, it may say that,
at the end of an execution, each process stores the maximum pid in some
dedicated register. Since the verification of distributed algorithms is
undecidable, we propose an underapproximation technique, which bounds the
number of rounds. This is an appealing approach, as the number of rounds needed
by a distributed algorithm to conclude is often exponentially smaller than the
number of processes. We provide an automata-theoretic solution, reducing model
checking to emptiness for alternating two-way automata on words. Overall, we
show that round-bounded verification of distributed algorithms over rings is
PSPACE-complete.Comment: 26 pages, 6 figure
- …