Abstract
Counter abstraction is a powerful tool for parameterized model checking, if the number of local states of the concurrent processes is relatively small. In recent work, we introduced parametric interval counter abstraction that allowed us to verify the safety and liveness of threshold-based fault-tolerant distributed algorithms (FTDA). Due to state space explosion, applying this technique to distributed algorithms with hundreds of local states is challenging for state-of-the-art model checkers. In this paper, we demonstrate that reachability properties of FTDAs can be verified by bounded model checking. To ensure completeness, we need an upper bound on the distance between states. We show that the diameters of accelerated counter systems of FTDAs, and of their counter abstractions, have a quadratic upper bound in the number of local transitions. Our experiments show that the resulting bounds are sufficiently small to use bounded model checking for parameterized verification of reachability properties of several FTDAs, some of which have not been automatically verified before.
Highlights
A system that consists of concurrent anonymous processes can be modeled as a counter system: Instead of recording which process is in which local state, we record for each local state, how many processes are in this state
We consider a specific class of counter systems, namely those that are defined by threshold automata
That accelerated counter systems defined by threshold automata have a diameter whose bound is independent of the bound on the counters, but depends only on characteristics of the threshold automaton. This bound can be used for parameterized model checking of fault-tolerant distributed algorithms (FTDA), as we confirm by experimental evaluation
Summary
A system that consists of concurrent anonymous (identical) processes can be modeled as a counter system: Instead of recording which process is in which local state, we record for each local state, how many processes are in this state. That accelerated counter systems defined by threshold automata have a diameter whose bound is independent of the bound on the counters, but depends only on characteristics of the threshold automaton This bound can be used for parameterized model checking of FTDAs, as we confirm by experimental evaluation. A threshold automaton consists of rules that define the conditions and effects of changes to the local state of a process of a distributed algorithm. (iii) Segmentation, that is, we partition a run into segments, inside of which we can reorder the transitions; cf (ii) In combination, these three ideas enable us to prove the main theorem: The diameter of a counter system is at most quadratic in the number of rules; more precisely, it is bounded by the product of the number of rules and the number of distinct threshold conditions. If one can show that within this bound every state is reachable from an initial state, bounded model checking is a complete method for verifying reachability
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
