Formal Verification of Multi-Paxos for Distributed Consensus
نویسندگان
چکیده
This paper describes formal specification and verification of Lamport’s Multi-Paxos algorithm for distributed consensus. The specification is written in TLA+, Lamport’s Temporal Logic of Actions. The proof is written and checked using TLAPS, a proof system for TLA+. Building on Lamport, Merz, and Doligez’s specification and proof for Basic Paxos, we aim to facilitate the understanding of Multi-Paxos and its proof by minimizing the difference from those for Basic Paxos, and to demonstrate a general way of proving other variants of Paxos and other sophisticated distributed algorithms. We also discuss our general strategies for proving properties about sets and tuples that helped the proof check succeed in significantly reduced time.
منابع مشابه
Formal Specification, Verification, and Implementation of Fault-Tolerant Systems
Distributed programs are known to be extremely difficult to implement, test, verify, and maintain. This is due in part to the large number of possible unforeseen interactions among components, and to the difficulty of precisely specifying what the programs should accomplish in a formal language that is intuitively clear to the programmers. We discuss here a methodology that has proven itself in...
متن کاملProving the Correctness of Disk Paxos in Isabelle/HOL
Disk Paxos [GL00] is an algorithm for building arbitrary faulttolerant distributed systems. The specification of Disk Paxos has been proved correct informally and tested using the TLC model checker, but up to now, it has never been fully formally verified. In this work we have formally verified its correctness using the Isabelle theorem prover and the HOL logic system [NPW02], showing that Isab...
متن کاملPaxos Consensus, Deconstructed and Abstracted (Extended Version)
Lamport’s Paxos algorithm is a classic consensus protocol for state machine replication in environments that admit crash failures. Many versions of Paxos exploit the protocol’s intrinsic properties for the sake of gaining better run-time performance, thus widening the gap between the original description of the algorithm, which was proven correct, and its real-world implementations. In this wor...
متن کاملModerately Complex Paxos Made Simple: High-Level Specification of Distributed Algorithm
This paper presents simpler specifications of more complex variants of the Paxos algorithm for distributed consensus, as a case study of high-level specification of distributed algorithms. The development of the specifications uses a method and language for expressing complex control flows and synchronization conditions precisely at a high level. We show that English and pseudocode descriptions...
متن کاملByzantizing Paxos by Refinement
We derive a 3f +1 process Byzantine Paxos consensus algorithm by Byzantizing a variant of the ordinary Paxos algorithm—that is, by having 2f + 1 nonfaulty processes emulate the ordinary Paxos algorithm despite the presence of f malicious processes. We have written a formal, machine-checked proof that the Byzantized algorithm implements the ordinary Paxos consensus algorithm under a suitable ref...
متن کامل