Formal Aspects of Computing

, Volume 19, Issue 3, pp 321–341 | Cite as

Verification of clock synchronization algorithms: experiments on a combination of deductive tools

Original Article

Abstract

We report on an experiment in combining the theorem prover Isabelle with automatic first-order arithmetic provers to increase automation on the verification of distributed protocols. As a case study for the experiment we verify several averaging clock synchronization algorithms. We present a formalization of Schneider’s generalized clock synchronization protocol [Sch87] in Isabelle/HOL. Then, we verify that the convergence functions used in two clock synchronization algorithms, namely, the Interactive Convergence Algorithm (ICA) of Lamport and Melliar-Smith [LMS85] and the Fault-tolerant Midpoint algorithm of Lundelius–Lynch [LL84], satisfy Schneider’s general conditions for correctness. The proofs are completely formalized in Isabelle/HOL. We identify parts of the proofs which are not fully automatically proven by Isabelle built-in tactics and show that these proofs can be handled by automatic first-order provers with support for arithmetics.

Keywords

Theorem proving Verification Clock synchronization Combination of deductive tools 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bar06.
    Barsotti D (2006) Instances of schneider’s generalized protocol of clock synchronization. In: Klein G, Nipkow T, Paulson L (eds) The archive of formal proofs. Formal proof development http://afp.sf.net/entries/ClockSynchInst.shtmlGoogle Scholar
  2. BFN+06.
    Bishop S, Fairbairn M, Norrish M, Sewell P, Smith M, Wansbrough K (2006) Engineering with logic: HOL specification and symbolic-evaluation testing for TCP implementations. In: POPL’06: conference record of the 33rd ACM SIGPLAN-SIGACT symposium on principles of programming languages. ACM Press, New York, pp 55–66Google Scholar
  3. BKKS05.
    Botaschanjan J, Kof L, Kühnel C, Spichkova M (2005) Towards verified automotive software. In: Proceedings of the 2nd international ICSE workshop on software. ACM Press, New YorkGoogle Scholar
  4. BPT06.
    Barsotti D, Nieto LP, Tiu A (2006) Verification of clock synchronization algorithms: experiments on a combination of deductive tools. Electr Notes Theor Comput Sci 145:63–78CrossRefGoogle Scholar
  5. CVC.
    CVC Lite. http://chicory.stanford.edu/CVC/Google Scholar
  6. DCB+03.
    Dennis LA, Collins G, Boulton R, Slind K, Robinson G, Gordon M, Melham T (2003) The PROSPER toolkit. In: Graf S, Schwartzbach M (eds) Proceedings of TACAS’03, number 1785 in LNCS, Springer, Heidelberg, pp 78–92Google Scholar
  7. dM04.
    de Moura L (2004) SAL: Tutorial. Computer science laboratory, SRI InternationalGoogle Scholar
  8. Fle04.
    Consortium F (2004) FlexRay Communications System Protocol Specification Version 2.0Google Scholar
  9. FMM+06.
    Fontaine P, Marion J-Y, Merz S, Nieto LP, Tiu A (2006) Expressiveness + automation + soundness: towards combining smt solvers and interactive proof assistants. In: Holger H, Jens P (eds) TACAS, lecture notes in computer science, Vol 3920. Springer, Heidelberg, pp 167–181Google Scholar
  10. Isa.
    Isabelle home page. http://isabelle.in.tum.de/Google Scholar
  11. KS06.
    Kühnel C, Spichkova M (2006) FlexRay und FTCom: Formale Spezifikation in FOCUS. Technical report I0601, Technische Universität MünchenGoogle Scholar
  12. LL84.
    Lundelius J, Lynch N (1984) A new fault-tolerant algorithm for clock synchronization. In: Proceedings of PODC ’84. ACM Press, New York, pp 75–88Google Scholar
  13. LMS85.
    Lamport L, Melliar-Smith PM (1985) Synchronizing clocks in the presence of faults. J ACM 32(1):52–78MATHCrossRefGoogle Scholar
  14. MBG06.
    McLaughlin S, Barrett C, Ge Y (2006) Cooperating theorem provers: A case study combining hol-light and cvc lite. Electr. Notes Theor. Comput. Sci. 144(2):43–51Google Scholar
  15. Min93.
    Miner PS (1993) Verification of fault-tolerant clock synchronization systems. NASA technical paper 3349, NASA Langley Research CenterGoogle Scholar
  16. MP04.
    Meng J, Paulson LC (2004) Experiments on supporting interactive proof using resolution. In: Basin DA, Rusinowitch M (eds) IJCAR, lecture notes in computer science, Vol 3097. Springer, Heidelberg, pp 372–384Google Scholar
  17. Nip02.
    Nipkow T (2002) Structured proofs in Isar/HOL. In: Geuvers H, Wiedijk F (eds) TYPES, lecture notes in computer science, Vol 2646. Springer, Heidelberg, pp 259–278Google Scholar
  18. RT05.
    Ranise S, Tinelli C (2005) The SMT-LIB standard : Version 1.1Google Scholar
  19. SBB+02.
    Siekmann JH, Benzmüller C, Brezhnev V, Cheikhrouhou L, Fiedler A, Franke A, Horacek H, Kohlhase M, Meier A, Melis E, Moschner M, Normann I, Pollet M, Sorge V, Ullrich C, Wirth C-P, Zimmer J (2002) Proof development with OMEGA. In: CADE, pp 144–149Google Scholar
  20. Sch87.
    Schneider FB (1987) Understanding protocols for Byzantine clock synchronization. Technical report TR 87–859, Cornell UniversityGoogle Scholar
  21. Sha92.
    Shankar N (1992) Mechanical verification of a generalized protocol for byzantine fault tolerant clock synchronization. In: Vytopil J (ed) Formal techniques in real-time and fault-tolerant systems, lecture notes in computer science, Vol 571. Springer, Nijmegen, pp 217–236Google Scholar
  22. SvH98.
    Schwier D, von Henke F (1998) Mechanical verification of clock synchronization algorithms. In: Ravn AP, Rischel H (eds) Formal techniques in real-time and fault-tolerant systems, number 1486 in LNCS. Springer, Heidelberg, pp 262–271Google Scholar
  23. Tav04.
    Tavernier B (2004) Calife: a generic graphical user interface for automata tools. Electr Notes Theor Comput Sci 110:169–172aCrossRefGoogle Scholar
  24. Tiu05.
    Tiu A (2005) A formalization of a generalized clock synchronization protocol in Isabelle/HOL. In: Klein G, Nipkow T, Paulson L (eds) The archive of formal proofs. http://afp.sf.net/entries/GenClock.shtml, Formal proof developmentGoogle Scholar
  25. Web06.
    Weber T (2006) Integrating a SAT solver with an LCF-style theorem prover. Electr Notes Theor Comput Sci 144(2):67–78CrossRefGoogle Scholar
  26. Yic.
    Yices home page. http://fm.csl.sri.com/yices/Google Scholar

Copyright information

© British Computer Society 2007

Authors and Affiliations

  1. 1.Universidad Nacional de Córdoba, Ciudad UniversitariaCórdobaArgentina
  2. 2.LORIAVandoeuvre-lès-NancyFrance
  3. 3.Research School of Information Sciences and EngineeringAustralian National University and National ICT AustraliaCanberraAustralia

Personalised recommendations