Comparing verification systems: interactive consistency in ACL2

Achieving interactive consistency among processors in the presence of faults is an important problem in fault-tolerant computing, first cleanly formulated by Pease, Shostak and Lamport (1980) and solved in selected cases with their Oral Messages (OM) algorithm. Several mechanical verifications of this algorithm have been presented, including a particularly elegant formulation and proof by J. Rushby (1992) using EHDM and PVS. Rushby proposes interactive consistency as a benchmark problem for specification and verification systems. We present a formalization of the OM algorithm in the ACL2 logic and compare our formalization and proof to his. We draw some conclusions concerning the range of desirable features for verification systems and offer a cautionary note about relying on such benchmark problems when comparing systems.

[1]  Moore J. Strother Mechanically Verified Hardware Implementing an 8-Bit Parallel IO Byzantine Agreement Processor , 1992 .

[2]  Natarajan Shankar,et al.  Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS , 1995, IEEE Trans. Software Eng..

[3]  Robert S. Boyer,et al.  A computational logic handbook , 1979, Perspectives in computing.

[4]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[5]  J. S. Moore,et al.  ACL2: an industrial strength version of Nqthm , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.

[6]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[7]  J. Strother Moore,et al.  An Industrial Strength Theorem Prover for a Logic Based on Common Lisp , 1997, IEEE Trans. Software Eng..

[8]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[9]  William R. Bevier,et al.  The Proof of Correctness of a Fault-Tolerant Circuit Design , 1992 .

[10]  W. D. Young,et al.  Verifying the Interactive Convergence Clock Synchronization algorithm Using the Boyer-Moore Theorem Prover , 1992 .

[11]  Susan L. Gilfeather,et al.  Architecture of a complex arithmetic processor for communication signal processing , 1994, Optics & Photonics.

[12]  John Rushby,et al.  Formal methods and their role in digital systems validation for airborne systems , 1995 .

[13]  R W Butler,et al.  An Introduction to Requirements Capture Using PVS: Specification of a Simple Autopilot , 1996 .

[14]  William R. Bevier,et al.  Mathematical Modeling and Analysis of an External Memory Manager , 1997, FME.

[15]  Robert S. Boyer,et al.  The addition of bounded quantification and partial functions to a computational logic and its theorem prover , 1988 .

[16]  Kate Finney,et al.  Mathematical Notation in Formal Specification: Too Difficult for the Masses? , 1996, IEEE Trans. Software Eng..

[17]  J. S. MooreTechnical,et al.  Design Goals for Acl2 , 1994 .