Author_Institution :
Comput.. Logic Inc., Austin, TX, USA
Abstract :
Achieving interactive consistency among processors in the presence of faults is an important problem in fault tolerant computing, first cleanly formulated by L. Lamport, R. Pease, and M. Shostak (1980; 1982) and solved in selected cases with their Oral Messages (OM) algorithm. Several machine supported verifications of this algorithm have been presented, including a particularly elegant formulation and proof by John Rushby using EHDM and PVS (S. Owre et al., 1992, 1995; J. Rushby, 1992). Rushby proposes interactive consistency as a benchmark problem for specification and verification systems. We present a formalization of the OM algorithm in the ACL2 logic and compare our formalization and proof to his. We draw some conclusions concerning the range of desirable features for verification systems. In particular, while higher order functions, strong typing, lambda abstraction, and full quantification have some value they come with a cost; moreover, many uses of such features can be easily translated into simpler logical constructs, which facilitate more automated proof discovery. We offer a cautionary note about comparing systems with respect to a small set of problems in a limited domain
Keywords :
formal logic; formal specification; program verification; software fault tolerance; theorem proving; ACL2; ACL2 logic; EHDM; OM algorithm; Oral Messages algorithm; PVS; automated proof discovery; benchmark problem; fault tolerant computing; full quantification; higher order functions; interactive consistency; lambda abstraction; logical constructs; machine supported verifications; specification systems; strong typing; verification systems; Algorithm design and analysis; Automatic logic units; Cost function; Fault tolerance; Fault tolerant systems; Specification languages;
