SRI Logo
About Us|R and D Divisions|Careers|Newsroom|Contact Us|SRI Home
  SRI Logo

Formal Verification of an Interactive Consistency Algorithm for the Draper FTP Architecture Under a Hybrid Fault Model
 by Dr. Patrick Lincoln & Dr. John Rushby.

From Compass '94 (Proceedings of the Ninth Annual Conference on Computer Assurance).
IEEE Washington Section, Gaithersburg, MD.
June, 1994.
Pages 107–120.


Fault-tolerant systems for critical applications should tolerate as many kinds of faults and as large a number of faults as possible, while using as little hardware as feasible. And they should be provided with strong assurances for their correctness.

Byzantine fault-tolerant architectures are attractive because they tolerate any kind fault, but they are rather expensive: at least 3m+1 processors are required to withstand m arbitrary faults. Two recent developments mitigate some of the costs: algorithms that operate under a hybrid fault model tolerate more faults for a given number of processors than classical Byzantine fault-tolerant algorithms, and asymmetric architectures tolerate a given number of faults with less hardware than conventional architectures. In this paper we combine these two developments and present an algorithm for achieving interactive consistency (the problem of distributing sensor samples consistently in the presence of faults) under a hybrid fault model on an asymmetric architecture.

The extended fault model and asymmetric architecture complicate the arguments for the correctness and the number of faults tolerated by the algorithm. To increase assurance, we have formally verified these properties and checked the proofs mechanically using the PVS verification system. We argue that mechanically-supported formal methods allow for effective reuse of intellectual resources, such as specifications and proofs, and that exercises such as this can now be performed very economically.

BibTEX Entry
    AUTHOR = {Patrick Lincoln and John Rushby},
    TITLE = {Formal Verification of an Interactive Consistency Algorithm for the Draper {FTP} Architecture Under a Hybrid Fault Model},
    BOOKTITLE = {Compass '94 (Proceedings of the Ninth Annual Conference on Computer Assurance)},
    YEAR = {1994},
    PAGES = {107--120},
    ADDRESS = {Gaithersburg, {MD}},
    MONTH = {jun},
    ORGANIZATION = {{IEEE} Washington Section},
    URL = {}


About Us  |  R&D Divisions  |  Careers  |  Newsroom  |  Contact Us
© 2024 SRI International 333 Ravenswood Avenue, Menlo Park, CA 94025-3493
SRI International is an independent, nonprofit corporation. Privacy policy