Correctness proof of a database replication protocol under the perspective of the I/O automaton model

Correctness of recent database replication protocols has been justified in a rather informal way focusing only in safety properties and without using any rigorous formalism. Since a database replication protocol must ensure some degree of replica consistency and that transactions follow a given isolation level, previous proofs only focused in these two issues. This paper proposes a formalization using the I/O automaton model, identifying several components in the distributed system that are involved in the replication support (replication protocol, group communication system, database replicas) and specifying clearly their actions in the global replicated system architecture. Then, a general certification-based replication protocol guaranteeing the snapshot isolation level is proven correct. To this end, different safety and liveness properties are identified, checked and proved. Our work shows that some details of the replication protocols that were ignored in previous correctness justifications are indeed needed in order to guarantee our proposed correctness criteria.