Verification of Threshold-Based Distributed Algorithms by Decomposition to Decidable Logics

TL;DR

This paper introduces a novel decomposition methodology that breaks down the verification of threshold-based distributed algorithms into two decidable logics, enabling fully automated verification of complex fault-tolerant protocols.

Contribution

The work develops a new approach to verify threshold-based distributed protocols by translating the verification task into EPR and BAPA logics, with an automatic property generation algorithm.

Findings

Successfully verified Byzantine one-step consensus

Verified hybrid reliable broadcast protocols

Automated property generation facilitates full automation

Abstract

Verification of fault-tolerant distributed protocols is an immensely difficult task. Often, in these protocols, thresholds on set cardinalities are used both in the process code and in its correctness proof, e.g., a process can perform an action only if it has received an acknowledgment from at least half of its peers. Verification of threshold-based protocols is extremely challenging as it involves two kinds of reasoning: first-order reasoning about the unbounded state of the protocol, together with reasoning about sets and cardinalities. In this work, we develop a new methodology for decomposing the verification task of such protocols into two decidable logics: EPR and BAPA. Our key insight is that such protocols use thresholds in a restricted way as a means to obtain certain properties of "intersection" between sets. We define a language for expressing such properties, and present two translations: to EPR and BAPA. The EPR translation allows verifying the protocol while assuming these properties, and the BAPA translation allows verifying the correctness of the properties. We further develop an algorithm for automatically generating the properties needed for verifying a given protocol, facilitating fully automated deductive verification. Using this technique we have verified several challenging protocols, including Byzantine one-step consensus, hybrid reliable broadcast and fast Byzantine Paxos.