Model Checking the Time to Reach AgreementThe timed automaton framework of Alur and Dill is a natural choice for the specification of partially synchronous distributed systems (systems which have only partial information about timing, e.g., only an upper bound on the message delay). The past has shown that verification of these systems by model checking usually is very difficult. The present paper demonstrates that an agreement algorithm of Attiya et al, which falls into a -- for model checkers -- particularly problematic subclass of partially synchronous distributed systems, can easily be modeled with the Uppaal model checker, and that it is possible to analyze some interesting and non-trivial instances with reasonable computational resources. Although existing techniques are used, this is an interesting case study in its own right that adds to the existing body of experience. Furthermore, the agreement algorithm has not been formally verified before to the author's knowledge.Keywords: Distributed systems, agreement algorithm, partially synchronous model, model checking, timed automata. Accepted for FORMATS'05, [bib], [pdf] © Springer-Verlag.
|