Learning Provably Correct Distributed Protocols Without Human Knowledge

Provably correct distributed protocols, which are a critical component of modern distributed systems, are highly challenging to design and have often required decades of human effort. These protocols allow multiple agents to coordinate to come to a common agreement in an environment with uncertainty and failures. We formulate protocol design as a search problem over strategies in a game with imperfect information, and the desired correctness conditions are specified in Satisfiability Modulo Theories (SMT). However, standard methods for solving multi-agent games fail to learn correct protocols in this setting, even when the number of agents is small. We propose a learning framework, GGMS, which integrates a specialized variant of Monte Carlo Tree Search with a transformer-based action encoder, a global depth-first search to break out of local minima, and repeated feedback from a model checker. Protocols output by GGMS are verified correct via exhaustive model checking for all executions within the bounded setting. We further prove that, under mild assumptions, the search process is complete: if a correct protocol exists, GGMS will eventually find it. In experiments, we show that GGMS can learn correct protocols for larger settings than existing methods.

💡 Research Summary

The paper tackles the long‑standing challenge of designing provably correct distributed protocols without human expertise. By casting protocol synthesis as a search problem over strategies in an imperfect‑information game, the authors formalize correctness specifications in SMT and require that a candidate protocol be verified against all possible executions for a fixed number of processes. Standard multi‑agent game solvers, such as plain Monte‑Carlo Tree Search (MCTS), fail because they aim for high expected reward rather than absolute safety, and they suffer from a “superposition” problem where learned transitions from different correct protocols interfere with each other. To overcome these obstacles, the authors introduce Guided Global Monte‑Carlo Tree Search (GGMS). GGMS integrates three key components: (1) a specialized MCTS that uses a transformer‑based policy network to propose state‑machine transitions, while relying on exhaustive model‑checking as a hard oracle that supplies binary success/failure feedback; (2) a global depth‑first search that freezes ambiguous transitions and systematically backtracks when a frozen choice prevents a correct protocol, guaranteeing eventual convergence under mild assumptions; and (3) a guided sampling curriculum that starts with easy scenarios (few message losses, clear initial states) and gradually introduces harder cases, allowing the frozen decisions to propagate. The authors prove a completeness theorem: if a correct protocol exists for the bounded setting, GGMS will eventually discover it. Empirically, GGMS succeeds on settings that defeat prior methods, learning FloodSet‑like consensus protocols for up to four processes with three crash failures, and even synthesizing a novel synchronous atomic‑commit protocol for which no known solution existed. Comparisons with large language models (GPT‑4, Gemini) show that while LLMs can recall known protocols, they struggle to explore novel design spaces. Limitations include the focus on synchronous networks, crash‑only failures, identical state machines, and bounded process counts; scalability remains an issue as the state space grows combinatorially. Future work aims to extend the framework to asynchronous and Byzantine models, integrate inductive verification for unbounded process numbers, and combine GGMS with meta‑learning or LLM‑guided priors to further reduce search effort.