Exploiting Symmetry of Distributed FT Protocols To Ease Model Checking∗

نویسندگان

  • Péter Bokor
  • András Pataricza
  • Marco Serafini
  • Neeraj Suri
چکیده

Model checking is a formal verification technique used to prove that a system satisfies its specification. The system is described by a state transition system (called Kripke structure) and the specification of the system is defined via properties written in temporal logic. The model checking problem consists of exploring every possible state of the Kripke structure and checking if the properties hold along all explorations [1]. If the number of reachable states exceeds a certain limit, the model checking problem becomes infeasible and is usually referred to as state space explosion. If the system model and its temporal properties are specificable, the model checking (i.e., state exploration) problem can be automated. Distributed fault-tolerant (FT) distributed protocols comprise an arena with subtle protocol operations and fault semantics, where informal reasoning often leads to errors. Hence computer-aided correctness techniques are desired [3]. The model checking of such protocols often yields state space explosion, mainly due to the modeling of faults. In order to prove that the specification cannot be compromised in any case, all possible fault effects must be considered. Every fault effect possibly initiates a new branch of exploration, thus the size of the overall state space is very much affected by faults. Restrictive fault models yield a more compact state space, however, optimistic fault assumptions are often not realistic. If malicious faults are also assumed (e.g., [3]) the size of the state space can be exponential in the number of system components. Abstraction is a general approach used to address the complexity of model checking. The main idea is to identify “unnecessary” information which can be omitted in the system model. The primary challenge of abstraction is to accurately relate the original problem (non-abstract model) to the abstracted problem (abstract model). The abstraction process is sound if verifying the correctness of the abstract model implies the correctness of the non-abstract one. Usu-

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Brief Announcement: Efficient Model Checking of Fault-Tolerant Distributed Protocols Using Symmetry Reduction

Motivation Fault-tolerant (FT) distributed protocols represent fundamental building blocks behind many practical systems. A rigorous design of these protocols is desired given the complexity of manual proofs. The application of model checking (MC) [2] for protocol verification is attractive with its full automation and rich property language. However, being an exhaustive exploration method, its...

متن کامل

Role-Based Symmetry Reduction of Fault-Tolerant Distributed Protocols with Language Support

Fault-tolerant (FT) distributed protocols (such as group membership, consensus, etc.) represent fundamental building blocks for many practical systems, e.g., the Google File System. Not only does one desire rigor in the protocol design but especially in its verification given the complexity and fallibility of manual proofs. The application of model checking (MC) for protocol verification is att...

متن کامل

Efficient Model Checking of Fault-tolerant Distributed Protocols Using Symmetry Reduction

Fault-tolerant (FT) distributed protocols (such as group membership, consensus, etc.) represent fundamental building blocks behind many practical systems, e.g., the Google File System. Not only does one desire rigor in the protocol design but especially in its verification given the complexity and fallibility of manual proofs. The application of model checking (MC) for protocol verification is ...

متن کامل

A short introduction to two approaches in formal verification of security protocols: model checking and theorem proving

In this paper, we shortly review two formal approaches in verification of security protocols; model checking and theorem proving. Model checking is based on studying the behavior of protocols via generating all different behaviors of a protocol and checking whether the desired goals are satisfied in all instances or not. We investigate Scyther operational semantics as n example of this...

متن کامل

Automatic Completion of Distributed Protocols with Symmetry

A distributed protocol is typically modeled as a set of communicating processes, where each process is described as an extended state machine along with fairness assumptions. Correctness is specified using safety and liveness requirements. Designing correct distributed protocols is a challenging task. Aimed at simplifying this task, we allow the designer to leave some of the guards and updates ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2007