Moderately Complex Paxos Made Simple: High-Level Specification of Distributed Algorithm

This paper presents simpler specifications of more complex variants of the Paxos algorithm for distributed consensus, as a case study of high-level specification of distributed algorithms. The development of the specifications uses a method and language for expressing complex control flows and synchronization conditions precisely at a high level. We show that English and pseudocode descriptions of algorithms can be captured precisely at a high level, yielding clearer and simpler specifications than ever before. The resulting specifications have allowed us to easily discover a main liveness violation that was unknown in a previous specification. We also show that the resulting specifications can be executed directly and optimized cleanly, yielding drastic performance improvement. Finally, we show that the resulting specifications can be formally verified using a proof system, with proofs an order of magnitude smaller than prior proofs, and allowing us to detect and fix a subtle safety violation that was unknown in an early specification.