Abstract
This paper describes a methodology for developing and verifying a class of distributed systems in which the state space may be discrete or continuous. Our focus is on systems where changes are local in that a small number of components change state while the remainder of the system is unchanged. A proof methodology is developed that ensures global properties, such as invariants and convergence, by guaranteeing local properties within subsystems. This methodology is used to prove the correctness of concrete examples. We present a PVS library of theorems and proofs that can be used to reduce the work required to develop and verify programs in this class. A transformation of these libraries to Java is also outlined.
Similar content being viewed by others
References
Abrial JR (1996) The B-book: assigning programs to meanings. Cambridge University Press, New York
Amir Y, Dolev D, Kramer S, Malki D (1992) Membership algorithms for multicast communication groups. In: Proceedings of the 6th international workshop on distributed algorithms (WDAG ’92). Lecture notes in computer science, vol 647. Springer, Berlin, pp 292–312
Archer M, Heitmeyer C, Sims S (1998) TAME: a PVS interface to simplify proofs for automata models. In: Proceedings of the 1st international workshop on user interfaces for theorem provers (UITP ’98), July 1998
Archer M (2000) TAME: using PVS strategies for special-purpose theorem proving. Ann Math Artif Intell 29(4): 139–181
Attiya H, Welch J (2004) Distributed computing: fundamentals, simulations and advanced topics. Wiley, New York
Burdy L, Cheon Y, Cok DR, Ernst MD, Kiniry JR, Leavens GT, Leino KRM, Poll E (2005) An overview of JML tools and applications. Int J Softw Tools Technol Transf 7(3): 212–232
Blondel VD, Hendrickx JM, Olshevsky A, Tsitsiklis JN (2005) Convergence in multiagent coordination consensus and flocking. In: Proceedings of the joint 44th IEEE conference on decision and control and european control conference (CDC-ECC ’05). IEEE Computer Society, Washington, DC, pp 2996–3000
Bulwahn L, Krauss A, Nipkow T (2007) Finding lexicographic orders for termination proofs in isabelle/hol. In: Proceedings of the 20th international conference on theorem proving in higher order logics (TPHOLs ’07). Lecture notes in computer science, vol 4732. Springer, Berlin, pp 38–53
Blech JO, Poetzsch-Heffter A (2007) A certifying code generation phase. Electron Notes Theor Comput Sci 190(4): 65–82
Back RJR, Sere K (1996) Superposition refinement of reactive systems. Formal Aspects Comput 8(3): 324–346
Chazan D, Miranker W (1969) Chaotic relaxation. Linear Algebra Appl 2(2): 199–222
Chandy KM, Misra J (1988) Parallel program design: a foundation. Addison-Wesley Longman Publishing Co., Inc., Boston
Chandy KM, Mitra S, Pilotto C (2008) Convergence verification: from shared memory to partially synchronous systems. In: Proceedings of 5th international conference on formal modeling and analysis of timed systems (FORMATS ’08). Lecture notes in computer science, vol 5215. Springer, Berlin, pp 217–231
Chatterjee S, Seneta E (1977) Towards consensus: some convergence theorems on repeated averaging. J Appl Probab 14(1): 89–97
Denney E, Fischer B (2006) Extending source code generators for evidence-based software certification. In: Proceedings of the 2nd international symposium on leveraging applications of formal methods, verification and validation (ISoLA ’06). IEEE Computer Society, Washington, DC, pp 138–145
Dijkstra EW (1968) A constructive approach to the problem of program correctness. BIT 8: 174–186
Dijkstra EW (1976) Executional abstraction, chapter 0. Prentice-Hall, New Jersey
de Jong E, van de Pol J, Hooman J (2000) Refinement in requirements specification and analysis: a case study. In: Proceedings of the 7th IEEE international conference and workshop on the engineering of computer based systems (ECBS ’00). IEEE Computer Society, Washington, DC, pp 290–298
Floyd R (1967) Assigning meanings to programs. In: Symposium on applied mathematics. mathematical aspects of computer science. American Mathematical Society, Providence, pp 19–32
Gabay D, Moulin H (1980) On the uniqueness and stability of nash equilibria in non-cooperative games. In: Applied stochastic control of econometrics and management science. North-Holland, Amsterdam, pp 271–293
Go B, Mitra S, Pilotto C, White J (2009) Infospheres project. http://www.infospheres.caltech.edu/facj
Gottliebsen H (2000) Transcendental functions and continuity checking in pvs. In: Proceedings of the 13th international conference on theorem proving in higher order logics (TPHOLs ’00), Lecture notes in computer science, vol 1869. Springer, Berlin, pp 197–214
Harrison J (1998) Theorem proving with the real numbers. Springer, Berlin
Huang Q, Julien C, Roman GC (2004) Relying on safe distance to achieve strong partitionable group membership in ad hoc networks. IEEE Trans Mobile Comput 3(2): 192–205
Horowitz B (2003) Giotto: a time-triggered language for embedded programming. PhD thesis, University of California, Berkeley
Jackson PB (2000) Total-correctness refinement for sequential reactive systems. In: Proceedings of the 13th international conference on theorem proving in higher order logics (TPHOLs ’00). Lecture notes in computer science, vol 1869. Springer, Berlin, pp 320–337
Jadbabaie A, Lin J, Morse AS (2003) Coordination of groups of mobile autonomous agents using nearest neighbor rules. IEEE Trans Autom Control 48(6): 988–1001
Jain A, Shyamasundar RK (2004) Failure detection and membership management in grid environments. In: Proceedings of the 5th IEEE/ACM international workshop on grid computing (GRID ‘04). IEEE Computer Society, Washington, DC, pp 44–52
Kennedy KE (2008) Caps: concurrent automatic programming system. PhD thesis, Clemson University, Clemson, SC, USA
Khazan RI (2004) Group membership: a novel approach and the first single-round algorithm. In: Proceedings of the 23rd annual ACM symposium on principles of distributed computing (PODC ’04). ACM, New York, pp 347–356
Kaynar DK, Lynch NA, Segala R, Vaandrager F (2006) The theory of timed I/O automata (Synthesis lectures in computer science). Morgan & Claypool Publishers, Oxford
Lester D, NASA langley PVS library for topological spaces. http://shemesh.larc.nasa.gov/fm/ftp/larc/PVS-library/topology-details.html
Liberzon D (2003) Switching in systems and control. Systems and control: foundations and applications. Birkhauser, Boston
Lim H, Kaynar D, Lynch NA, Mitra S (2005) Translating timed I/O automata specifications for theorem proving in PVS. In: Proceedings of the 3rd international conference on formal modelling and analysis of timed systems (FORMATS ’05). Lecture notes in computer science, vol 3829. Springer, Berlin,
Lam S, Shankar AU (1991) A composition theorem for layered systems. In: Proceedings of the IFIP WG6.1 international symposium on protocol specification, testing and verification XI. North-Holland, Amsterdam, pp 93–108
Lynch NA, Tuttle MR (1987) Hierarchical correctness proofs for distributed algorithms. In: Proceedings of the 6th annual ACM symposium on principles of distributed computing (PODC ’87). ACM, New York, pp 137–151
Lynch NA, Tuttle MR (1989) An introduction to input/output automata. CWI-Quarterly 2(3): 219–246
Luenberger DG (1979) Introduction to dynamic systems: theory, models, and applications. Wiley, New York
Lyapunov AM (1966) Stability of motion. Academic Press, New York
Lynch NA (1996) Distributed algorithms. Morgan Kaufmann, San Francisco
Mitra S, Archer M (2005) PVS strategies for proving abstraction properties of automata. Electron Notes Theor Comput Sci 125(2): 45–65
Maharaj S, Bicarregui J (1997) On the verification of vdm specification and refinement with pvs. In: Proceedings of the 12th international conference on automated software engineering (ASE ’97). IEEE Computer Society, Washington, DC, p 280
Mitra S, Chandy KM (2008) A formalized theory for verifying stability and convergence of automata in PVS. In: Proceedings of the 21st international conference on theorem proving in higher order logics (TPHOLs ’08). Lecture notes in computer science, vol 5170. Springer, Berlin, pp 230–245
Mitra S (2007) A Verification Framework for Hybrid Systems. PhD thesis, Massachusetts Institute of Technology, Cambridge, MA, USA, 2007
Morris JM (1987) A theoretical basis for stepwise refinement and the programming calculus. Sci Comput Program 9(3): 287–306
Owre S, Rushby JM, Shankar N (1992) PVS: a prototype verification system. In: Kapur D (ed) Proceedings of 11th international conference on automated deduction (CADE ’92). Lecture notes in artificial intelligence, vol 607. Springer, Saratoga, pp 748–752
Olfati-Saber R (2007) Distributed kalman filtering for sensor networks. In: Proceedings of the 46th IEEE conference on decision (CDC ’07). IEEE Computer Society, Washington, DC, pp 5492–5498
Olfati-Saber R, Fax JA, Murray RM (2007) Consensus and cooperation in networked multi-agent systems. Proc IEEE 95(1): 215–233
Pnueli A (1977) The temporal logic of programs. In: 18th Annual Symposium on foundations of computer science, pp 46–57
Reiter MK (1996) A secure group membership protocol. IEEE Trans Softw Eng 22(1): 31–42
Rohwedder E, Pfenning F (1996) Mode and termination checking for higher-order logic programs. In: Proceedings of the 6th European symposium on programming languages and systems (ESOP ’96). Lecture notes in computer science, vol 1058. Springer, Berlin, pp 296–310
Sacha K (2008) Model-based implementation of real-time systems. In: Proceedings of the 27th international conference on computer safety, reliability, and security (SAFECOMP ’08). Lecture notes in computer science, vol 5219. Springer, Berlin, pp 332–345
Spichkova M (2007) Specification and seamless verification of embedded real-time systems: FOCUS on Isabelle. PhD thesis, Technische Universität München
Spichkova M (2008) Refinement-based verification of interactive real-time systems. Electron Notes Theor Comput Sci 214: 131–157
Tauber JA (2005) Verifiable compilation of I/O automata without global synchronization. PhD thesis, Massachusetts Institute of Technology, Cambridge, MA, USA
Tsitsiklis JN (1987) On the stability of asynchronous iterative processes. Theory Comput Syst 20(1): 137–153
Umeno S, Lynch NA (2007) Safety verification of an aircraft landing protocol: a refinement approach. In: Proceedings of the 10th international conference on hybrid systems: computation and control (HSCC ’07). Lecture notes in computer science, vol 4416. Springer, Berlin, pp 557–572
Wirth N (1971) Program development by stepwise refinement. Commun ACM 14(4): 221–227
Author information
Authors and Affiliations
Corresponding author
Additional information
T. Margaria, D. Kröning, and J. Woodcock
This paper is dedicated to Brian Go, 1988–2009.
Rights and permissions
About this article
Cite this article
Chandy, K.M., Go, B., Mitra, S. et al. Verification of distributed systems with local–global predicates. Form Asp Comp 23, 649–679 (2011). https://doi.org/10.1007/s00165-010-0150-7
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-010-0150-7