9,353 research outputs found
Using Bounded Model Checking to Verify Consensus Algorithms
This paper presents an approach to automatic verification of asynchronous round-based consensus algorithms. We use model checking, a widely practiced verification method; but its application to asynchronous distributed algorithms is difficult because the state space of these algorithms is often infinite. The proposed approach addresses this difficulty by reducing the verification problem to small model checking problems that involve only single phases of algorithm execution. Because a phase consists of a finite number of rounds, bounded model checking, a technique using satisfiability solving, can be effectively used to solve these problems. The proposed approach allows us to model check some consensus algorithms up to around 10 processes
Synthesis of a simple self-stabilizing system
With the increasing importance of distributed systems as a computing
paradigm, a systematic approach to their design is needed. Although the area of
formal verification has made enormous advances towards this goal, the resulting
functionalities are limited to detecting problems in a particular design. By
means of a classical example, we illustrate a simple template-based approach to
computer-aided design of distributed systems based on leveraging the well-known
technique of bounded model checking to the synthesis setting.Comment: In Proceedings SYNT 2014, arXiv:1407.493
A Short Counterexample Property for Safety and Liveness Verification of Fault-tolerant Distributed Algorithms
Distributed algorithms have many mission-critical applications ranging from
embedded systems and replicated databases to cloud computing. Due to
asynchronous communication, process faults, or network failures, these
algorithms are difficult to design and verify. Many algorithms achieve fault
tolerance by using threshold guards that, for instance, ensure that a process
waits until it has received an acknowledgment from a majority of its peers.
Consequently, domain-specific languages for fault-tolerant distributed systems
offer language support for threshold guards.
We introduce an automated method for model checking of safety and liveness of
threshold-guarded distributed algorithms in systems where the number of
processes and the fraction of faulty processes are parameters. Our method is
based on a short counterexample property: if a distributed algorithm violates a
temporal specification (in a fragment of LTL), then there is a counterexample
whose length is bounded and independent of the parameters. We prove this
property by (i) characterizing executions depending on the structure of the
temporal formula, and (ii) using commutativity of transitions to accelerate and
shorten executions. We extended the ByMC toolset (Byzantine Model Checker) with
our technique, and verified liveness and safety of 10 prominent fault-tolerant
distributed algorithms, most of which were out of reach for existing
techniques.Comment: 16 pages, 11 pages appendi
Synchronous Counting and Computational Algorithm Design
Consider a complete communication network on nodes, each of which is a
state machine. In synchronous 2-counting, the nodes receive a common clock
pulse and they have to agree on which pulses are "odd" and which are "even". We
require that the solution is self-stabilising (reaching the correct operation
from any initial state) and it tolerates Byzantine failures (nodes that
send arbitrary misinformation). Prior algorithms are expensive to implement in
hardware: they require a source of random bits or a large number of states.
This work consists of two parts. In the first part, we use computational
techniques (often known as synthesis) to construct very compact deterministic
algorithms for the first non-trivial case of . While no algorithm exists
for , we show that as few as 3 states per node are sufficient for all
values . Moreover, the problem cannot be solved with only 2 states per
node for , but there is a 2-state solution for all values .
In the second part, we develop and compare two different approaches for
synthesising synchronous counting algorithms. Both approaches are based on
casting the synthesis problem as a propositional satisfiability (SAT) problem
and employing modern SAT-solvers. The difference lies in how to solve the SAT
problem: either in a direct fashion, or incrementally within a counter-example
guided abstraction refinement loop. Empirical results suggest that the former
technique is more efficient if we want to synthesise time-optimal algorithms,
while the latter technique discovers non-optimal algorithms more quickly.Comment: 35 pages, extended and revised versio
A tool for model-checking Markov chains
Markov chains are widely used in the context of the performance and reliability modeling of various systems. Model checking of such chains with respect to a given (branching) temporal logic formula has been proposed for both discrete [34, 10] and continuous time settings [7, 12]. In this paper, we describe a prototype model checker for discrete and continuous-time Markov chains, the Erlangen-Twente Markov Chain Checker EÎMC2, where properties are expressed in appropriate extensions of CTL. We illustrate the general benefits of this approach and discuss the structure of the tool. Furthermore, we report on successful applications of the tool to some examples, highlighting lessons learned during the development and application of EÎMC2
An Alloy Verification Model for Consensus-Based Auction Protocols
Max Consensus-based Auction (MCA) protocols are an elegant approach to
establish conflict-free distributed allocations in a wide range of network
utility maximization problems. A set of agents independently bid on a set of
items, and exchange their bids with their first hop-neighbors for a distributed
(max-consensus) winner determination. The use of MCA protocols was proposed,
, to solve the task allocation problem for a fleet of unmanned aerial
vehicles, in smart grids, or in distributed virtual network management
applications. Misconfigured or malicious agents participating in a MCA, or an
incorrect instantiation of policies can lead to oscillations of the protocol,
causing, , Service Level Agreement (SLA) violations.
In this paper, we propose a formal, machine-readable, Max-Consensus Auction
model, encoded in the Alloy lightweight modeling language. The model consists
of a network of agents applying the MCA mechanisms, instantiated with
potentially different policies, and a set of predicates to analyze its
convergence properties. We were able to verify that MCA is not resilient
against rebidding attacks, and that the protocol fails (to achieve a
conflict-free resource allocation) for some specific combinations of policies.
Our model can be used to verify, with a "push-button" analysis, the convergence
of the MCA mechanism to a conflict-free allocation of a wide range of policy
instantiations
- …