nach oben

Erschienen in:

2021 | OriginalPaper | Buchkapitel

A Case Study on Parametric Verification of Failure Detectors

verfasst von : Thanh-Hai Tran, Igor Konnov, Josef Widder

Erschienen in: Formal Techniques for Distributed Objects, Components, and Systems

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Partial synchrony is a model of computation in many distributed algorithms and modern blockchains. Correctness of these algorithms requires the existence of bounds on message delays and on the relative speed of processes after reaching Global Stabilization Time (GST). This makes partially synchronous algorithms parametric in time bounds, which renders automated verification of partially synchronous algorithms challenging. In this paper, we present a case study on formal verification of both safety and liveness of a Chandra and Toueg failure detector that is based on partial synchrony. To this end, we specify the algorithm and the partial synchrony assumptions in three frameworks: \(\textsc {TLA}^+\), Ivy, and counter automata. Importantly, we tune our modeling to use the strength of each method: (1) We are using counters to encode message buffers with counter automata, (2) we are using first-order relations to encode message buffers in Ivy, and (3) we are using both approaches in \(\textsc {TLA}^+\). By running the tools for \(\textsc {TLA}^+\) (TLC and APALACHE) and counter automata (FAST), we demonstrate safety for fixed time bounds. This helped us to find the inductive invariants for fixed parameters, which we used as a starting point for the proofs with Ivy. By running Ivy, we prove safety for arbitrary time bounds. Moreover, we show how to verify liveness of the failure detector by reducing the verification problem to safety verification. Thus, both properties are verified by developing inductive invariants with Ivy. We conjecture that correctness of other partially synchronous algorithms may be proven by following the presented methodology.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Towards Multi-layered Temporal Models:

Nächstes Kapitel with Leftovers: A Mechanisation in Agda

Aguilera, M.K., Delporte-Gallet, C., Fauconnier, H., Toueg, S.: On implementing omega in systems with weak reliability and synchrony assumptions. Distrib. Comput. 21(4), 285–314 (2008)CrossRef

Aguilera, M.K., Delporte-Gallet, C., Fauconnier, H., Toueg, S.: Consensus with Byzantine failures and little system synchrony. In: International Conference on Dependable Systems and Networks (DSN), pp. 147–155. IEEE (2006)

Alur, R., Dill, D.L.: A theory of timed automata. Theor. Comput. Sci. 126(2), 183–235 (1994)MathSciNetCrossRef

André, É., Fribourg, L., Kühne, U., Soulat, R.: IMITATOR 2.5: a tool for analyzing robustness in scheduling problems. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 33–36. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32759-9_6CrossRef

Atif, M., Mousavi, M.R., Osaiweran, A.: Formal verification of unreliable failure detectors in partially synchronous systems. In: Proceedings of the 27th ACM Symposium on Applied Computing (SAC), pp. 478–485 (2012). https://doi.org/10.1145/2245276.2245369

Bardin, S., Leroux, J., Point, G.: FAST extended release. In: Ball, T., Jones, R. (eds.) CAV 2006. LNCS, vol. 4144, pp. 63–66. Springer, Heidelberg (2006). https://doi.org/10.1007/11817963_9CrossRef

Bloem, R., et al.: Decidability of Computing Theory. Morgan & Claypool Publishers (2015). https://doi.org/10.2200/S00658ED1V01Y201508DCT013

Bravo, M., Chockler, G., Gotsman, A.: Making Byzantine consensus live. In: DISC. Schloss Dagstuhl-Leibniz-Zentrum für Informatik (2020)

Buchman, E., Kwon, J., Milosevic, Z.: The latest gossip on BFT consensus. arXiv preprint arXiv:1807.04938 (2018)

10.

Bunte, O.: The mCRL2 toolset for analysing concurrent systems. In: Vojnar, T., Zhang, L. (eds.) TACAS 2019. LNCS, vol. 11428, pp. 21–39. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17465-1_2CrossRef

11.

Chandra, T.D., Toueg, S.: Unreliable failure detectors for reliable distributed systems. J. ACM 43(2), 225–267 (1996)MathSciNetCrossRef

12.

Chaudhuri, K., Doligez, D., Lamport, L., Merz, S.: The TLA\(^{+}\) proof system: building a heterogeneous verification platform. In: Cavalcanti, A., Deharbe, D., Gaudel, M.-C., Woodcock, J. (eds.) ICTAC 2010. LNCS, vol. 6255, p. 44. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14808-8_3CrossRef

13.

Cousineau, D., Doligez, D., Lamport, L., Merz, S., Ricketts, D., Vanzetto, H.: TLA\(^{+}\) proofs. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 147–154. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32759-9_14CrossRef

14.

Drăgoi, C., Widder, J., Zufferey, D.: Programming at the edge of synchrony. In: Proceedings of the ACM on Programming Languages 4 (OOPSLA), pp. 1–30 (2020)

15.

Dwork, C., Lynch, N., Stockmeyer, L.: Consensus in the presence of partial synchrony. J. ACM 35(2), 288–323 (1988)MathSciNetCrossRef

16.

Emerson, E.A., Namjoshi, K.S.: Reasoning about rings. In: POPL, pp. 85–94 (1995)

17.

Galois, I.: Ivy proofs of tendermint. https://github.com/tendermint/spec/tree/master/ivy-proofs. Accessed December 2020

18.

Konnov, I., Kukovec, J., Tran, T.H.: TLA\(^{+}\) model checking made symbolic. In: Proceedings of the ACM on Programming Languages 3 (OOPSLA), pp. 1–30 (2019)

19.

Konnov, I., Lazić, M., Veith, H., Widder, J.: Para\(^2\): parameterized path reduction, acceleration, and SMT for reachability in threshold-guarded distributed algorithms. Formal Methods Syst. Design 51(2), 270–307 (2017)CrossRef

20.

Konnov, I., Lazić, M., Veith, H., Widder, J.: A short counterexample property for safety and liveness verification of fault-tolerant distributed algorithms. In: POPL, pp. 719–734 (2017)

21.

Kuppe, M.A., Lamport, L., Ricketts, D.: The TLA\(^{+}\) toolbox. arXiv preprint arXiv:1912.10633 (2019)

22.

Lamport, L.: Specifying Systems: The TLA\(^{+}\) Language and Tools for Hardware and Software Engineers. Addison-Wesley, Boston (2002)

23.

Lamport, L.: Using TLC to check inductive invariance (2018)

24.

Larrea, M., Arevalo, S., Fernndez, A.: Efficient algorithms to implement unreliable failure detectors in partially synchronous systems. In: Jayanti, P. (ed.) DISC 1999. LNCS, vol. 1693, pp. 34–49. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48169-9_3CrossRef

25.

Larsen, K.G., Pettersson, P., Yi, W.: UPPAAL in a nutshell. Int. J. Softw. Tools Technol. Transfer 1(1–2), 134–152 (1997)CrossRef

26.

Lime, D., Roux, O.H., Seidner, C., Traonouez, L.-M.: Romeo: a parametric model-checker for petri nets with stopwatches. In: Kowalewski, S., Philippou, A. (eds.) TACAS 2009. LNCS, vol. 5505, pp. 54–57. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00768-2_6CrossRef

27.

Lynch, N.A., Tuttle, M.R.: An Introduction to Input/Output Automata. Laboratory for Computer Science, Massachusetts Institute of Technology (1988)MATH

28.

McMillan, K.L.: Ivy. https://microsoft.github.io/ivy/. Accessed December 2020

29.

McMillan, K.L., Padon, O.: Ivy: a multi-modal verification tool for distributed algorithms. In: Lahiri, S.K., Wang, C. (eds.) CAV 2020. LNCS, vol. 12225, pp. 190–202. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-53291-8_12CrossRef

30.

Roscoe, A.W.: Understanding Concurrent Systems. Springer, Cham (2010)CrossRef

31.

Stoilkovska, I., Konnov, I., Widder, J., Zuleger, F.: Verifying safety of synchronous fault-tolerant algorithms by bounded model checking. In: Vojnar, T., Zhang, L. (eds.) TACAS 2019. LNCS, vol. 11428, pp. 357–374. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17465-1_20CrossRef

32.

Tran, T.H., Konnov, I., Widder, J.: FORTE2021-FD. https://github.com/banhday/forte2021-fd. Accessed April 2021

33.

Tran, T.H., Konnov, I., Widder, J.: Specifications of the Chandra and Toueg failure detector in TLA\(^{+}\), and Ivy. https://zenodo.org/record/4687714#.YHcBeBKxVH4. Accessed April 2021

34.

Tran, T.-H., Konnov, I., Widder, J.: Cutoffs for symmetric point-to-point distributed algorithms. In: Georgiou, C., Majumdar, R. (eds.) NETYS 2020. LNCS, vol. 12129, pp. 329–346. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-67087-0_21CrossRef

35.

Yin, M., Malkhi, D., Reiter, M.K., Gueta, G.G., Abraham, I.: Hotstuff: BFT consensus with linearity and responsiveness. In: PODC, pp. 347–356 (2019)

36.

Yu, Y., Manolios, P., Lamport, L.: Model checking TLA\(^+\) specifications. In: Pierre, L., Kropf, T. (eds.) CHARME 1999. LNCS, vol. 1703, pp. 54–66. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48153-2_6CrossRef

Titel: A Case Study on Parametric Verification of Failure Detectors
verfasst von: Thanh-Hai Tran
Igor Konnov
Josef Widder
Verlag: Springer International Publishing
Buch: Formal Techniques for Distributed Objects, Components, and Systems
Print ISBN: 978-3-030-78088-3

Electronic ISBN: 978-3-030-78089-0

Copyright-Jahr: 2021
DOI: https://doi.org/10.1007/978-3-030-78089-0_8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"