# Paxos Consensus, Deconstructed and Abstracted

@inproceedings{GarcaPrez2018PaxosCD, title={Paxos Consensus, Deconstructed and Abstracted}, author={{\'A}lvaro Garc{\'i}a-P{\'e}rez and Alexey Gotsman and Yuri Meshman and Ilya Sergey}, booktitle={ESOP}, year={2018} }

Lamport’s Paxos algorithm is a classic consensus protocol for state machine replication in environments that admit crash failures. Many versions of Paxos exploit the protocol’s intrinsic properties for the sake of gaining better run-time performance, thus widening the gap between the original description of the algorithm, which was proven correct, and its real-world implementations. In this work, we address the challenge of specifying and verifying complex Paxos-based systems by (a) devising…

## 21 Citations

### Moderately Complex Paxos Made Simple: High-Level Executable Specification of Distributed Algorithms

- Computer SciencePPDP
- 2019

The application of a high-level language and method in developing simpler specifications of more complex variants of the Paxos algorithm for distributed consensus and shows the basic concepts in Paxos that are fundamental in many distributed algorithms and show that they are captured concisely in the specifications.

### WormSpace: A Modular Foundation for Simple, Verifiable Distributed Systems

- Computer ScienceSoCC
- 2019

A modular layered verification approach is used to link the proofs for WormSpace, its applications, and a verified operating system to produce the first verified distributed system stack from the application to the operating system.

### Protocol combinators for modeling, testing, and execution of distributed systems

- Computer ScienceJournal of Functional Programming
- 2021

The main ideas behind the design of the DPC framework are described and its implementation in Haskell is presented, with an exploration of randomized testing for protocols and their implementations, and an additional case study demonstrating bounded model checking of protocols.

### Trillium: Unifying Refinement and Higher-Order Distributed Separation Logic

- Computer ScienceArXiv
- 2021

This work uses the notion of refinement to transfer fairness assumptions on program executions to model traces and then transfer liveness properties of fair model traces back to program executions, which enables it to proveLiveness properties such as strong eventual consistency of a concrete implementation of a Conflict-Free Replicated Data Type and fair termination of a concurrent program.

### Reductions and abstractions for formal verification of distributed round-based algorithms

- Computer ScienceSoftw. Qual. J.
- 2021

The paper proposes two reduction techniques, named partition symmetry reduction and message order reduction, that exploit symmetries in the state space to avoid expanding equivalent states and provides the means for reducing by orders of magnitude the number of states required to analyze common distributed algorithms.

### 2 Specifying and Implementing Systems via DPC

- Computer Science
- 2018

The contribution of DPC is a novel family of program-level primitives, which facilitates construction of larger distributed systems from smaller components, streamlining the usage of the most common asynchronous message-passing communication patterns, and providing machinery for testing and user-friendly dynamic verification of systems.

### 2 Specifying and Implementing Systems with DPC

- Computer Science
- 2018

The contribution of DPC is a novel family of program-level primitives, which facilitates construction of larger distributed systems from smaller components, streamlining the usage of the most common asynchronous message-passing communication patterns, and providing machinery for testing and user-friendly dynamic verification of systems.

### QuickSilver: modeling and parameterized verification for distributed agreement-based systems

- Computer ScienceProc. ACM Program. Lang.
- 2021

This work proposes a novel modeling and verification framework, QuickSilver, that is not only modular, but also fully automated, that facilitates modular, decidable, and scalable automated verification of distributed agreement protocols.

### Temporal Logic of Composable Distributed Components

- Computer ScienceArXiv
- 2020

A novel approach to compositional verification of distributed stacks to verify each component based on only the specification of lower components, using TLC (Temporal Logic of Components), a novel temporal program logic that offers intuitive inference rules for verification of both safety and liveness properties of functional implementations of distributed components.

### The future is ours: prophecy variables in separation logic

- Computer ScienceProc. ACM Program. Lang.
- 2020

This paper presents the first account of prophecy variables in a Hoare-style program logic that is flexible enough to verify logical atomicity (a relative of linearizability) for classic examples from the concurrency literature like RDCSS and the Herlihy-Wing queue.

## References

SHOWING 1-10 OF 39 REFERENCES

### Deconstructing paxos

- Computer ScienceSIGA
- 2003

A deconstruction of the Paxos algorithm is presented by factoring out its fundamental algorithmic principles within two abstractions: an eventual leader election and an eventual register abstractions that encapsulate the liveness property of Paxos whereas the register abstraction encapsulates its safety property.

### Formal Verification of Multi-Paxos for Distributed Consensus

- Computer ScienceFM
- 2016

This paper describes formal specification and verification of Lamport’s Multi-Paxos algorithm for distributed consensus in TLA+, and discusses the general strategies for proving properties about sets and tuples that helped the proof check succeed in significantly reduced time.

### Verdi: a framework for implementing and formally verifying distributed systems

- Computer SciencePLDI 2015
- 2015

Verdi, a framework for implementing and formally verifying distributed systems in Coq, formalizes various network semantics with different faults, and enables the developer to first verify their system under an idealized fault model then transfer the resulting correctness guarantees to a more realistic fault model without any additional proof burden.

### IronFleet: proving practical distributed systems correct

- Computer ScienceSOSP
- 2015

A methodology for building practical and provably correct distributed systems based on a unique blend of TLA-style state-machine refinement and Hoare-logic verification is described, which proves that each obeys a concise safety specification, as well as desirable liveness requirements.

### Planning for change in a formal verification of the raft consensus protocol

- Computer ScienceCPP
- 2016

This work presents the first formal verification of state machine safety for the Raft consensus protocol, a critical component of many distributed systems, with an end-to-end guarantee that the implementation provides linearizable state machine replication.

### Programming Language Abstractions for Modularly Verified Distributed Systems

- Computer ScienceSNAPL
- 2017

It is argued that the missing link between the two is a programming paradigm that would allow one to reason about both high-level distributed protocols and low-level implementation primitives in a single verification-friendly framework, to reap the benefits from both the vast body of research in distributed computing and the recent advances in program verification.

### Formal Specification, Verification, and Implementation of Fault-Tolerant Systems using EventML

- Computer ScienceElectron. Commun. Eur. Assoc. Softw. Sci. Technol.
- 2015

A methodology that has proven itself in building a state-of-the art implementation of Multi-Paxos and other distributed protocols used in a deployed database system is discussed.

### Modular fine-grained concurrency verification

- Computer Science
- 2008

A new logic, RGSep, is developed that allows for ownership-based reasoning and ownership transfer between threads, while maintaining the expressiveness of binary relations to describe inter-thread interference and describes a prototype safety checker, SmallfootRG, for fine-grained concurrent programs that is based on R GSep.

### Paxos made EPR: decidable reasoning about distributed protocols

- Computer ScienceProc. ACM Program. Lang.
- 2017

This work is the first to verify Paxos protocols using a decidable logic, and the first formal verification of Vertical Paxos, Fast Paxos and Stoppable Paxos.

### A program logic for concurrent objects under fair scheduling

- Computer SciencePOPL
- 2016

The rely-guarantee style logic unifies thread-modular reasoning about both starvation-freedom and deadlock-freedom in one framework and establishes progress-aware abstraction for concurrent objects, which can be applied when verifying safety and liveness of client code.