A formally verified algorithm for clock synchronization under a hybrid fault model (1994) [16 citations — 8 self]
Popular Tags
No tags have been applied to this document.
BibTeX | Add To MetaCart
@INPROCEEDINGS{Rushby94aformally,author = {John Rushby},
title = {A formally verified algorithm for clock synchronization under a hybrid fault model},
booktitle = {In Thirteenth ACM Symposium on Principles of Distributed Computing},
year = {1994},
pages = {304--313}
}
Years of Citing Articles
Abstract:
A small modification to the interactive convergence clock synchronization algorithm allows it to tolerate a larger number of simple faults than the standard algorithm, without reducing its ability to tolerate arbitrary or "Byzantine " faults. Because the extended caseanalysis required by the new fault model complicates the already intricate argument for correctness of the algorithm, it has been subjected to mechanically-checked formal verification. The fault model examined is similar to the "hybrid" one previously used for the problem of distributed consensus: in addition to arbitrary faults, we also admit symmetric (i.e., consistent) and manifest (i.e., detectable) faults. With n processors, the modified algorithm can withstand a arbitrary, s symmetric, and m manifest faults simultaneously, provided n? 3a + 2s + m. A further extension to the fault model includes link faults with bound n? 3a + 2s + m + l where l is the maximum, over all pairs of processors, of the number of processors that have faulty links to one or other of the pair. The mechanically-checked formal verification of the modified algorithm was achieved by extending one for the classical Interactive Convergence algorithm, and was accomplished relatively easily. A mechanicallychecked formal specification and verification is a reusable intellectual resource whose initial cost is amply repaid by the support it provides for inexpensive and reliable investigation of modified assumptions and algorithms such as those reported here.
