Survey on Parameterized Verification with Threshold Automata and the Byzantine Model Checker

TL;DR

This survey reviews automated verification techniques for threshold-guarded fault-tolerant distributed algorithms, implemented in the Byzantine Model Checker, emphasizing their scalability to large systems with many processes and parameters.

Contribution

It provides an overview of verification methods for threshold-guarded algorithms and discusses their implementation in the Byzantine Model Checker for large-scale distributed systems.

Findings

Verification techniques support systems with hundreds or thousands of processes.

Threshold-guarded algorithms are correct under various fault conditions.

The Byzantine Model Checker enables scalable parameterized verification.

Abstract

Threshold guards are a basic primitive of many fault-tolerant algorithms that solve classical problems in distributed computing, such as reliable broadcast, two-phase commit, and consensus. Moreover, threshold guards can be found in recent blockchain algorithms such as, e.g., Tendermint consensus. In this article, we give an overview of techniques for automated verification of threshold-guarded fault-tolerant distributed algorithms, implemented in the Byzantine Model Checker (ByMC). These threshold-guarded algorithms have the following features: (1) up to $t$ of processes may crash or behave Byzantine; (2) the correct processes count messages and make progress when they receive sufficiently many messages, e.g., at least $t+1$; (3) the number $n$ of processes in the system is a parameter, as well as the number $t$ of faults; and (4) the parameters are restricted by a resilience condition, e.g., $n > 3t$. Traditionally, these algorithms were implemented in distributed systems with up to ten participating processes. Nowadays, they are implemented in distributed systems that involve hundreds or thousands of processes. To make sure that these algorithms are still correct for that scale, it is imperative to verify them for all possible values of the parameters.