Distributed systems are notorious for harboring subtle bugs. Verification can, in principle,
eliminate these bugs a priori, but verification has historically been difficult to apply at full …

Distributed systems are difficult to implement correctly because they must handle both
concurrency and failures: machines may crash at arbitrary points and networks may reorder …

We present the first formal verification of state machine safety for the Raft consensus
protocol, a critical component of many distributed systems. We connected our proof to …

Distributed consensus is fundamental to building fault-tolerant systems. It allows a collection
of machines to work as a coherent group that can survive the failures of some of its …

Fault-tolerant distributed algorithms play an important role in many critical/high-availability
applications. These algorithms are notoriously difficult to implement correctly, due to …

Today's distributed systems are increasingly complex, leading to subtle bugs that are difficult
to detect with standard testing methods. Formal verification can provably rule out such bugs …

Today's Internet services are often expected to stay available and render high
responsiveness even in the face of site crashes and network partitions. Theoretical results …

Distributed systems are notorious for harboring subtle bugs. Verification can, in principle,
eliminate these bugs, but it has historically been difficult to apply at full-program scale, much …

This paper describes formal specification and verification of Lamport's Multi-Paxos algorithm
for distributed consensus. The specification is written in TLA+, Lamport's Temporal Logic of …

Consensus algorithms are fundamental building blocks for fault-tolerant distributed systems
and their correctness is critical. However, there are currently no fully-automated methods for …