SMT and POR Beat Counter Abstraction: Parameterized Model Checking of Threshold-Based Distributed Algorithms

Automatic verification of threshold-based fault-tolerant distributed algorithms (FTDA) is challenging: they have multiple parameters that are restricted by arithmetic conditions, the number of processes and faults is parameterized, and the algorithm code is parameterized due to conditions counting the number of received messages. Recently, we introduced a technique that first applies data and counter abstraction and then runs bounded model checking (BMC). Given an FTDA, our technique computes an upper bound on the diameter of the system. This makes BMC complete: it always finds a counterexample, if there is an actual error. To verify state-of-the-art FTDAs, further improvement is needed. In this paper, we encode bounded executions over integer counters in SMT. We introduce a new form of offline partial order reduction that exploits acceleration and the structure of the FTDAs. This aggressively prunes the execution space to be explored by the solver. In this way, we verified safety of seven FTDAs that were out of reach before. Open image in new window

[1]  Achour Mostéfaoui,et al.  Evaluating the condition-based approach to solve consensus , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[2]  Sam Toueg,et al.  Unreliable failure detectors for reliable distributed systems , 1996, JACM.

[3]  Helmut Veith,et al.  Proving Ptolemy Right: The Environment Abstraction Framework for Model Checking Concurrent Systems , 2008, TACAS.

[4]  Leslie Lamport,et al.  Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers [Book Review] , 2002, Computer.

[5]  Doron A. Peled,et al.  All from One, One for All: on Model Checking Using Representatives , 1993, CAV.

[6]  Grzegorz Rozenberg Advances in Petri Nets 1990 , 1989, Lecture Notes in Computer Science.

[7]  Neeraj Suri,et al.  Efficient model checking of fault-tolerant distributed protocols , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN).

[8]  Robbert van Renesse,et al.  Bosco: One-Step Byzantine Asynchronous Consensus , 2008, DISC.

[9]  Kedar S. Namjoshi,et al.  Reasoning about rings , 1995, POPL '95.

[10]  Dan Dobre,et al.  One-step Consensus with Zero-Degradation , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[11]  Amir Pnueli,et al.  Liveness with (0, 1, infty)-Counter Abstraction , 2002, CAV.

[12]  Nancy A. Lynch,et al.  A Proof of Burns N-Process Mutual Exclusion Algorithm Using Abstraction , 1998, TACAS.

[13]  Rupak Majumdar,et al.  Parameterized Verification of Asynchronous Shared-Memory Systems , 2016, J. ACM.

[14]  A. Valmari,et al.  Stubborn Sets for Reduced State Space Generation, Proc. 11th Internat. Conf. on Application and Theory of Petri Nets , 1990 .

[15]  Rachid Guerraoui,et al.  Non-blocking atomic commit in asynchronous distributed systems with failure detectors , 2002, Distributed Computing.

[16]  Marco Roveri,et al.  The nuXmv Symbolic Model Checker , 2014, CAV.

[17]  Sam Toueg,et al.  Asynchronous consensus and broadcast protocols , 1985, JACM.

[18]  Michel Raynal A case study of agreement problems in distributed systems: non-blocking atomic commitment , 1997, Proceedings 1997 High-Assurance Engineering Workshop.

[19]  Amir Pnueli,et al.  Control and data abstraction: the cornerstones of practical formal verification , 2000, International Journal on Software Tools for Technology Transfer.

[20]  Helmut Veith,et al.  Parameterized model checking of fault-tolerant distributed algorithms by abstraction , 2013, 2013 Formal Methods in Computer-Aided Design.

[21]  Helmut Veith,et al.  Towards Modeling and Model Checking Fault-Tolerant Distributed Algorithms , 2013, SPIN.

[22]  Helmut Veith,et al.  On the completeness of bounded model checking for threshold-based distributed algorithms: Reachability , 2014, Inf. Comput..

[23]  Antti Valmari,et al.  Stubborn sets for reduced state space generation , 1991, Applications and Theory of Petri Nets.

[24]  Helmut Veith,et al.  Verification by Network Decomposition , 2004, CONCUR.

[25]  Daniel Kroening,et al.  Symbolic Counter Abstraction for Concurrent Software , 2009, CAV.

[26]  Boris D. Lubachevsky,et al.  An approach to automating the verification of compact parallel coordination programs. I , 2018, Acta Informatica.

[27]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[28]  Jérôme Leroux,et al.  FAST Extended Release , 2006, CAV.

[29]  Armin Biere Lingeling, Plingeling and Treengeling Entering the SAT Competition 2013 , 2013 .

[30]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[31]  Achour Mostéfaoui,et al.  Consensus in One Communication Step , 2001, PaCT.

[32]  Richard J. Lipton,et al.  Reduction: a method of proving properties of parallel programs , 1975, CACM.

[33]  Vineet Kahlon,et al.  Model checking guarded protocols , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[34]  Daniel Kroening,et al.  Efficient Computation of Recurrence Diameters , 2003, VMCAI.

[35]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[36]  Grégoire Sutre,et al.  On Flatness for 2-Dimensional Vector Addition Systems with States , 2004, CONCUR.

[37]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[38]  Joël Ouaknine,et al.  Completeness and Complexity of Bounded Model Checking , 2004, VMCAI.

[39]  Laure Petrucci,et al.  FAST: acceleration from theory to practice , 2008, International Journal on Software Tools for Technology Transfer.

[40]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[41]  Grégoire Sutre,et al.  Flat Counter Automata Almost Everywhere! , 2005, ATVA.

[42]  Amir Pnueli,et al.  Liveness with (0, 1, ∞)-counter abstraction , 2002 .

[43]  Daniel Kroening,et al.  Efficient Coverability Analysis by Proof Minimization , 2012, CONCUR.

[44]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[45]  Patrice Godefroid Using Partial Orders to Improve Automatic Verification Methods , 1990, CAV.

[46]  Sam Toueg,et al.  Simulating authenticated broadcasts to derive simple fault-tolerant algorithms , 1987, Distributed Computing.