Model Checking Paxos in Spin

Giorgio Delzanno (DIBRIS; University of Genova); Michele Tatarek; (DIBRIS; University of Genova); Riccardo Traverso (FBK; Trento)

arXiv:1408.5962·cs.LO·August 27, 2014·GandALF

Model Checking Paxos in Spin

Giorgio Delzanno (DIBRIS, University of Genova), Michele Tatarek, (DIBRIS, University of Genova), Riccardo Traverso (FBK, Trento)

PDF

TL;DR

This paper models the Paxos consensus algorithm in Promela with counting guards, enabling automated verification of quorum conditions using the Spin model checker.

Contribution

It introduces counting guards in Promela for modeling majority voting, and applies Spin to validate and analyze Paxos protocol instances.

Findings

01

Validated finite Paxos models with Spin

02

Extracted quorum size preconditions

03

Demonstrated formal verification of distributed consensus

Abstract

We present a formal model of a distributed consensus algorithm in the executable specification language Promela extended with a new type of guards, called counting guards, needed to implement transitions that depend on majority voting. Our formalization exploits abstractions that follow from reduction theorems applied to the specific case-study. We apply the model checker Spin to automatically validate finite instances of the model and to extract preconditions on the size of quorums used in the election phases of the protocol.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.