The Formal Verification of an Algorithm for Interactive Consistency under a Hybrid Fault Model

Modern veriication systems such as PVS are now reaching the stage of development where the formal veriication of critical algorithms is feasible with reasonable eeort. This paper describes one such veriication in the eld of fault tolerance. The distribution of single-source data to replicated computing channels (Interactive Consistency or Byzantine Agreement) is a central problem in this eld. The classic Oral Messages (OM) algorithm solves this problem under the assumption that all channels are either nonfaulty or arbitrarily (Byzantine) faulty. Thambidurai and Park have introduced a \hybrid" fault model that distinguishes additional fault modes, along with a modiied version of OM. They gave an informal proof that their algorithm withstands the same number of arbitrary faults, but more \nonmalicious" faults than OM. We detected a aw in this algorithm while undertaking its formal verii-cation using PVS. The discipline of mechanically-checked formal veriication helped us to develop a corrected version of the algorithm. Here we describe the formal speciication and veriication of this new algorithm. We argue that formal veriication systems such as PVS are now suuciently eeective that their application to critical fault-tolerance algorithms should be considered routine.