Reducing liveness to safety in first-order logic

Padon, Oded; Hoenicke, Jochen; Losa, Giuliano; Podelski, Andreas; Sagiv, Mooly; Shoham, Sharon

doi:10.1145/3158114

Cited by 34 publications

(46 citation statements)

References 67 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[18] features an interesting mostly-automated approach but also focuses on an invariant proof. More recent work by the same authors [19] addresses liveness properties (for other protocols) but still with manual interaction.…”

Section: Discussionmentioning

confidence: 99%

Analyzing the Fundamental Liveness Property of the Chord Protocol

Brunel

Chemouil

Tawa

2018

2018 Formal Methods in Computer Aided Design (FMCAD)

View full text Add to dashboard Cite

Chord is a protocol that provides a scalable distributed hash table over an underlying peer-to-peer network. Since it combines data structures, asynchronous communications, concurrency, and fault tolerance, it features rich structural and temporal properties that make it an interesting target for formal specification and verification. Previous work has mainly focused on automatic proofs of safety properties or manual proofs of the full correctness of the protocol (a liveness property). In this paper, we report on analyzing automatically the correctness of Chord with the Electrum language (developed in former work) on small instance of networks. In particular, we were able to find various corner cases in previous work and showed that the protocol was not correct as described there. We fixed all these issues and provided a version of protocol for which we were not able to find any counterexample using our method.

show abstract

Section: Discussionmentioning

confidence: 99%

Analyzing the Fundamental Liveness Property of the Chord Protocol

Brunel

Chemouil

Tawa

2018

2018 Formal Methods in Computer Aided Design (FMCAD)

View full text Add to dashboard Cite

show abstract

“…If n > 7t then Bosco ensures that even if there are some faulty processes, when all non-faulty processes start with the same initial value, they would reach a decision within a single network step (strongly one-step). To evaluate our approach, we verify the safety and liveness (using the liveness to safety reduction presented in [29]) of Bosco.…”

Section: Protocolsmentioning

confidence: 99%

Verification of Threshold-Based Distributed Algorithms by Decomposition to Decidable Logics

Berkovits

Lazić

Losa

et al. 2019

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

Verification of fault-tolerant distributed protocols is an immensely difficult task. Often, in these protocols, thresholds on set cardinalities are used both in the process code and in its correctness proof, e.g., a process can perform an action only if it has received an acknowledgment from at least half of its peers. Verification of threshold-based protocols is extremely challenging as it involves two kinds of reasoning: first-order reasoning about the unbounded state of the protocol, together with reasoning about sets and cardinalities. In this work, we develop a new methodology for decomposing the verification task of such protocols into two decidable logics: EPR and BAPA. Our key insight is that such protocols use thresholds in a restricted way as a means to obtain certain properties of "intersection" between sets. We define a language for expressing such properties, and present two translations: to EPR and BAPA. The EPR translation allows verifying the protocol while assuming these properties, and the BAPA translation allows verifying the correctness of the properties. We further develop an algorithm for automatically generating the properties needed for verifying a given protocol, facilitating fully automated deductive verification. Using this technique we have verified several challenging protocols, including Byzantine one-step consensus, hybrid reliable broadcast and fast Byzantine Paxos.

show abstract

“…Our work is also focused on a stabilization property for which we developed a specific proof method. Finally, proof automation for liveness of parameterized or even arbitrary infinite-state distributed systems is the subject of recent work such as Ivy [14] but, as far as we know, a fair amount of manual intervention is still needed.…”

Section: Related Workmentioning

confidence: 99%

Mechanically Verifying the Fundamental Liveness Property of the Chord Protocol

Bodeveix

Brunel

Chemouil

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Chord is a protocol providing a scalable distributed hash table over an underlying peer-to-peer network. It is very popular due to its simplicity, performance and claimed correctness. However, the original version of the Chord maintenance protocol, presented with an informal proof of correctness, was since then shown to be in fact incorrect. It is actually tricky to come up with a provably-correct version as the protocol combines data structures, asynchronous communication, concurrency, and fault tolerance. Additionally, the correctness property amounts to a form of stabilization, a particular kind of liveness property. Previous work only addressed automated proofs of safety; and pen-and-paper, or automated but much bounded, proofs of stabilization. In this article, we report on the first mechanized proof of the liveness property for Chord. Furthermore, our proof addresses the full parameterized version of the protocol, weakens previously-devised invariants and operating assumptions, and is essentially automated (requiring limited effort when manual assistance is needed).

show abstract

Reducing liveness to safety in first-order logic

Cited by 34 publications

References 67 publications

Analyzing the Fundamental Liveness Property of the Chord Protocol

Analyzing the Fundamental Liveness Property of the Chord Protocol

Verification of Threshold-Based Distributed Algorithms by Decomposition to Decidable Logics

Mechanically Verifying the Fundamental Liveness Property of the Chord Protocol

Contact Info

Product

Resources

About