Abstract
Fault-tolerant (FT) distributed protocols (such as group membership, consensus, etc.) represent fundamental building blocks for many practical systems, e.g., the Google File System. Not only does one desire rigor in the protocol design but especially in its verification given the complexity and fallibility of manual proofs. The application of model checking (MC) for protocol verification is attractive with its full automation and rich property language. However, being an exhaustive exploration method, its scalable use is very much constrained by the overall number of different system states. We observe that, although FT distributed protocols usually display a very high degree of symmetry which stems from permuting different processes, MC efforts targeting their automated verification often disregard this symmetry. Therefore, we propose to leverage the framework of symmetry reduction and improve on existing applications of it by specifying so called role-based symmetries. Our secondary contribution is to define a high-level description language called FTDP to ease the symmetry aware specification of FT distributed protocols. FTDP supports synchronous as well as asynchronous protocols, a variety of fault types, and the specification of safety and liveness properties. Specifications written in FTDP can directly be analyzed by tools supporting symmetry reduction. We demonstrate the benefit of our approach using the example of well-known and complex distributed FT protocols, specifically Paxos and the Byzantine Generals.
Research supported in part by Microsoft Research, IBM Faculty Award and CASED.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Attiya, H., Bar-Noy, A., Dolev, D.: Sharing memory robustly in message-passing systems. J. ACM 42(1), 124–142 (1995)
Benzel, T., et al.: Design, deployment, and use of the deter testbed. In: DETER Community Workshop on Cyber Security Experimentation and Test (2007)
Bokor, P., Serafini, M., Suri, N., Veith, H.: Role-based symmetry reduction of fault-tolerant distributed protocols with language support. TR-TUD-DEEDS-04-04-2009 (2009), http://www.deeds.informatik.tu-darmstadt.de/peter/FTDP_SR.pdf
Bokor, P., Serafini, M., Suri, N., Veith, H.: Brief announcement: Practical symmetry reduction of fault-tolerant distributed protocols. DISC (to appear, 2009)
Bošnacki, D., Dams, D., Holenderski, L.: Symmetric SPIN. Journal on Softw. Tools for Techn. Transfer 4(1), 92–106 (2002)
Castro, M., Liskov, B.: Practical Byz. fault tolerance. In: Proc. OSDI, pp. 173–186 (1999)
Clarke, E., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (2000)
Clarke, E.M., Enders, R., Filkorn, T., Jha, S.: Exploiting symmetry in temporal logic model checking. Formal Methods Sys. Design 9(1-2), 77–104 (1996)
Dill, D.L., Drexler, A.J., Hu, A.J., Yang, C.H.: Protocol verification as a hardware design aid. In: Proc. ICCD: Int. Conf. on Computer Design on VLSI in Computer & Processors, pp. 522–525 (1992)
Ip, C.N., Dill, D.L.: Better verification through symmetry. Formal Methods Sys. Design 9(1-2), 41–75 (1996)
Lamport, L.: The part-time parliament. ACM Trans. Comp. Sys. 16(2), 133–169 (1998)
Lamport, L.: Paxos made simple. ACM SIGACT News 32(4), 18–25 (2001)
Lamport, L.: Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley Longman Publishing Co., Inc., Amsterdam (2002)
Lamport, L.: Checking a multithreaded algorithm with +CAL. In: Dolev, S. (ed.) DISC 2006. LNCS, vol. 4167, pp. 151–163. Springer, Heidelberg (2006)
Lamport, L., Shostak, R., Pease, M.: The Byzantine Generals Problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982)
Miller, A., Donaldson, A., Calder, M.: Symmetry in temporal logic model checking. ACM Comput. Surv. 38(3), 8 (2006)
Chockler, G., Guerraoui, R., Keidar, I., Vukolic, M.: Reliable distributed storage. Computer 42(4), 60–67 (2009)
Serafini, M., Suri, N., et al.: A tunable add-on diagnostic protocol for time-triggered systems. In: Proc. DSN, pp. 164–174 (2007)
Sistla, A.P., Godefroid, P.: Symmetry and reduced symmetry in model checking. ACM Trans. Program. Lang. Syst. 26(4), 702–734 (2004)
Sistla, A.P., et al.: SMC: A symmetry-based model checker for verification of safety and liveness properties. ACM Trans. Softw. Eng. Methodol. 9(2), 133–166 (2000)
Steiner, W., et al.: Model checking a fault-tolerant startup algorithm: from design exploration to exhaustive fault simulation. In: Proc. DSN, pp. 189–198 (2004)
Tsuchiya, T., Nagano, S., Paidi, R.B., Kikuno, T.: Symbolic Model Checking for Self-Stabilizing Algorithms. IEEE Trans. Parallel Distrib. Syst. 12(1), 81–95 (2001)
Tsuchiya, T., Schiper, A.: Model checking of consensus algorithms. In: Proc. SRDS, pp. 137–148 (2007)
Tsuchiya, T., Schiper, A.: Using BMC to verify consensus algorithms. In: Taubenfeld, G. (ed.) DISC 2008. LNCS, vol. 5218, pp. 466–480. Springer, Heidelberg (2008)
Zielinski, P.: Automatic verification and discovery of byzantine consensus protocols. In: Proc. DSN, pp. 72–81 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bokor, P., Serafini, M., Suri, N., Veith, H. (2009). Role-Based Symmetry Reduction of Fault-Tolerant Distributed Protocols with Language Support . In: Breitman, K., Cavalcanti, A. (eds) Formal Methods and Software Engineering. ICFEM 2009. Lecture Notes in Computer Science, vol 5885. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10373-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-10373-5_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10372-8
Online ISBN: 978-3-642-10373-5
eBook Packages: Computer ScienceComputer Science (R0)