Skip to main content
SpringerLink
Log in

Using simulated execution in verifying distributed algorithms

  • Special section on verification, model checking, and abstract interpretation
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

This paper presents a methodology for using simulated execution to assist a theorem prover in verifying safety properties of distributed systems. Execution-based techniques such as testing can increase confidence in an implementation, provide intuition about behavior, and detect simple errors quickly. They cannot by themselves demonstrate correctness. However, they can aid theorem provers by suggesting necessary lemmas and providing tactics to structure proofs. This paper describes the use of these techniques in a machine-checked proof of correctness of the Paxos algorithm for distributed consensus .

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Alur R, Henzinger TA, Mang FYC, Qadeer S, Rajamani SK, Tasiran S (1998) Mocha: Exploiting modularity in model checking. In: Proceedings of the 10th international conference on computer-aided verification, Vancouver, BC, Canada, 28 June–2 July 1998. Lecture notes in computer science, vol 1427. Springer, Berlin Heidelberg New York, pp 521–525

  2. Bogdanov A (2000) Formal verification of simulations between I/O automata. Master of engineering thesis, Massachusetts Institute of Technology, Cambridge, MA

  3. De Prisco R, Lampson B, Lynch N (2000) Fundamental study: revisiting the Paxos algorithm. Theor Comput Sci 243:35–91

    Article  Google Scholar 

  4. Ernst MD, Cockrell J, Griswold WG, Notkin D (1999) Dynamically discovering likely program invariants to support program evolution. IEEE Trans Softw Eng 27(2):1–25. A previous version appeared in: Proceedings of the 21st international conference on software engineering (ICSE ’99), Los Angeles, 19–21 May 1999, pp 213–224

    Google Scholar 

  5. Ernst MD, Czeisler A, Griswold WG, Notkin D (2000) Quickly detecting relevant program invariants. In: Proceedings of the 22nd international conference on software engineering (ICSE 2000), Limerick, Ireland, 7–9 June 2000, pp 449–458

  6. Garland S, Guttag J (1991) A guide to LP, the Larch Prover. Technical report, DEC Systems Research Center, Palo Alto, CA, December 31. Updated version available at: http://nms.lcs.mit.edu/Larch/LP

  7. Garland SJ, Lynch NA (1998) The IOA language and toolset: support for designing, analyzing, and building distributed systems. Technical Report MIT/LCS/TR-762, Laboratory for Computer Science, Massachusetts Institute of Technology, Cambridge, MA, August 1998. http://theory.lcs.mit.edu/tds/papers/Lynch/IOA-TR-762.ps

  8. Gordon MJC (1989) HOL: a proof generating system for higher order logic. In: Birtwistle G, Subrahmanyam PA (eds) Current trends in hardware verification and automated theorem proving. Springer, Berlin Heidelberg New York, pp 73–128

  9. Gurevich Y, Schulte W, Veanes M (2001) Toward industrial strength abstract state machines. Technical Report MSR-TR-2001-98, Microsoft Research, 2001. Software available at: http://www.research.microsoft.com/foundations/asml/

  10. Guttag JV, Horning JJ, Garland SJ, Jones KD, Modet A, Wing JM (1993) Larch: languages and tools for formal specification. In: Texts and monographs in computer science. Springer, Berlin Heidelberg New York

  11. Kırlı D, Chefter A, Dean L, Garland SJ, Lynch NA, Ne Win T, Ramirez-Robredo A (2002a) The IOA simulator. Technical Report MIT-LCS-TR-843, MIT Laboratory for Computer Science, Cambridge, MA, July 2002

  12. Kırlı D, Chefter A, Dean L, Garland SJ, Lynch NA, Ne Win T, Ramirez-Robredo A (2002b) Simulating nondeterministic systems at multiple levels of abstraction. In: Proceedings of Tools Day 2002, Brno, Czech Republic, August 2002, pp 44–59. Also available as Masaryk University Technical Report FI MU-RS-2002-05

  13. Lamport L (1998) The part-time parliament. ACM Trans Comput Sys 16(2):133–169

    Article  Google Scholar 

  14. Lamport L, Yu Y (2001) TLC – The TLA+ model checker. Compaq Systems Research Center, Palo Alto, CA, 2001. http://research.microsoft.com/users/lamport/tla/tlc.html

  15. Lynch N (1996) Distributed algorithms. Morgan Kaufmann, San Mateo, CA

  16. Lynch NA, Tuttle MR (1989) An introduction to Input/Output automata. CWI-Q 2(3):219–246

  17. Lynch N, Vaandrager F (1995) Forward and backward simulations: Part I. Untimed systems. Inf Comput 121(2):214–233

    Article  MathSciNet  Google Scholar 

  18. McMillan KL (1998) The SMV language. Cadence Berkeley Labs, 2001 Addison Street, Berkeley, CA. http://www.cis.ksu.edu/santos/smv-doc/

  19. Nimmer JW, Ernst MD (2002a) Automatic generation of program specifications. In: Proceedings of the 2002 international symposium on software testing and analysis (ISSTA), Rome, Italy, 22–24 July 2002, pp 232–242

  20. Nimmer JW, Ernst MD (2002b) Invariant inference for static checking: An empirical evaluation. In: Proceedings of the ACM SIGSOFT 10th international symposium on the foundations of software engineering (FSE 2002), Charleston, SC, 20–22 November 2002, pp 11–20

  21. Paulson LC (1993) The Isabelle reference manual. Technical Report 283, Cambridge University, Computer Laboratory, Cambridge, UK

  22. Pnueli A, Ruah S, Zuck L (2001) Automatic deductive verification with invisible invariants. In: Proceedings of the conference on tools and algorithms for the analysis and construction of systems (TACAS), Genoa, Italy, 2–6 April 2001. Lecture notes in computer science, vol 2031. Springer, Berlin Heidelberg New York, pp 82–97

  23. Rintanen J (2000) An iterative algorithm for synthesizing invariants. In: Proceedings of the 17th national conference on artificial intelligence and the 12th conference on innovative applications of artificial intelligence, Austin, TX, 30 July–3 August 2000, pp 806–811

Download references

Author information

Authors and Affiliations

  1. MIT CSAIL, the Stata Center, 77 Massachusetts Avenue, Cambridge, MA, 02139, USA

    Toh Ne Win, Michael D. Ernst, Stephen J. Garland, Dilsun Kırlı & Nancy A. Lynch

Authors
  1. Toh Ne Win
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael D. Ernst
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stephen J. Garland
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dilsun Kırlı
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Nancy A. Lynch
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Toh Ne Win.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Win, T., Ernst, M., Garland, S. et al. Using simulated execution in verifying distributed algorithms. Int J Softw Tools Technol Transfer 6, 67–76 (2004). https://doi.org/10.1007/s10009-003-0126-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-003-0126-5

Keywords

Search

Navigation