Acta Informatica

, Volume 51, Issue 6, pp 347–418 | Cite as

Formal communication elimination and sequentialization equivalence proofs for distributed system models

  • Miquel Bertran
  • Francesc Babot
  • August Climent
Original Article


Equivalence reasoning with distributed system models, expressed directly as imperative programs with explicit parallelism, communication operations, storage variables and boolean conditions, remains virtually unexplored. Only reasoning with models expressed as process algebras has been amply dealt with in literature. However, these formalisms do not contemplate either storage variables or Boolean conditions as fundamental items, although these items become essential in most situations. This article develops the foundation of the until now non existent theory of equivalence reasoning with the aforementioned imperative notation and two novel equivalence proof techniques: communication elimination and sequentialization. The development is grounded on state systems and transition interleavings, as treated by Manna and Pnueli. Equivalence proofs safely transform a model via the application of a sequence of equivalence laws; aiming to obtain an equivalent model which is purely sequential, free from internal communication operations and parallelism, as a simplification of the initial model. After this, verification of the original model can be carried out, indirectly, in the simplified model, thus reducing complexity. Some of the presented novel notions are: (1) modular procedure for decomposition of both models and proofs, (2) interface behavior for statement semantics, (3) interface equivalence between behaviors, between statements and between procedures, (4) a set of communication elimination laws and (5) substitution rules of procedure references by their bodies or by references to equivalent procedures. An elimination proof construction algorithm is also presented; when it terminates, deadlock freedom of the original model can be decided. The main design lines of a computer aided equivalence reasoning tool are outlined as well. This is the foundation for a more widely applicable tool. As an illustration, the sequentialization proof of a simplified pipelined processor is overviewed. It is modeled as a distributed system with procedures and two levels of parallelism. The model obtained at the end of the equivalence proof is the sequential loop of a Von Neumann processor. This result establishes that the original model is deadlock-free, behaves as a processor and, as a consequence, the partition of processor functions among parallel processes is correct. The ratio of the upper bounds on the number of states of the final over the initial models, \(\frac{final}{initial}\), is \(\frac{1}{2^{672}}\).



The encouragement of Zohar Manna and Bernd Finkbeiner during many years has been crucial in the development of this work. The reviewers criticisms have much contributed to clarify and give more detail and perspective to the article. Their work is greatly appreciated. The authors acknowledge the effort of Lisa Kinnear and Marta Gil for their expert revision of the English text. The criticisms of Joan Navarro and Andreu Sancho are much appreciated.


  1. 1.
    Alur, R., Brayton, R., Henzinger, T., Qadeer, S., Rajamani, S.: Partial-order reduction in symbolic state-space exploration. Form. Methods Syst. Des. 18(2), 97–116 (2001)CrossRefzbMATHGoogle Scholar
  2. 2.
    Babot, F.: Contributions to formal communication elimination for system models with explicit parallelism. Ph.D. thesis, Enginyeria i Arquitectura La Salle, Universitat Ramon Llull, Barcelona, Spain, Barcelona (2009).
  3. 3.
    Babot, F., Bertran, M., Climent, A.: A static communication elimination algorithm for distributed system verification. In: Lau, K.K., Banach, R. (eds.) Formal Methods and Software Engineering. 7th International Conference on Formal Engineering Methods, ICFEM 2005, LNCS, vol. 3785, pp. 375–389. Springer, Manchester (2005)Google Scholar
  4. 4.
    Back, R.J.R.: Refinement calculus II: parallel and reactive programs. In: de Bakker, J., de Roever, W., Rozenberg, G. (eds.) Stepwise Refinement of Distributed Systems, LNCS, vol. 430, pp. 67–93. Springer, Berlin (1990)Google Scholar
  5. 5.
    Back, R.J.R., Kurki-Suonio, R.: Distributed co-operation with action systems. ACM Trans. Program. Lang. Syst. 10, 513–554 (1988)CrossRefzbMATHGoogle Scholar
  6. 6.
    Back, R.J.R., Sere, K.: Stepwise refinement of action systems. Struct. Program. 12, 17–30 (1991)Google Scholar
  7. 7.
    Back, R.J.R., von Wright, J.: Trace refinement of action systems. In: Jonsson, B., Parrow, J. (eds.) CONCUR’94: Concurrency Theory, 5th International Conference, Uppsala, Sweden, LNCS, vol. 836. Springer, Berlin (1994)Google Scholar
  8. 8.
    Back, R.J.R., von Wright, J.: Refinement Calculus: A Systematic Introduction. Springer, Berlin (1998)CrossRefzbMATHGoogle Scholar
  9. 9.
    Back, R.J.R., Xu, Q.: Refinement of fair action systems. Acta Inf. 35, 131–165 (1998)CrossRefzbMATHMathSciNetGoogle Scholar
  10. 10.
    Baier, C., Katoen, J.P.: Principles of Model Checking. MIT Press, Cambridge (2008)zbMATHGoogle Scholar
  11. 11.
    Bergstra, J.A., Klop, J.W.: Process algebra for synchronous communication. Inf. Control 60(1–3), 109–137 (1984)CrossRefzbMATHMathSciNetGoogle Scholar
  12. 12.
    Bergstra, J.A., Klop, J.W.: Algebra of communicating processes with abstraction. Theor. Comput. Sci. 37, 77–121 (1985)CrossRefzbMATHMathSciNetGoogle Scholar
  13. 13.
    Bertran, M., Babot, F., Climent, A.: Formal sequentialization of distributed systems via model rewriting. In: Lucio, P., Orejas, F. (eds.) Jornadas sobre Programación y Lenguajes, PROLE 2006, pp. 195–209. Sitges, Spain (2006)Google Scholar
  14. 14.
    Bertran, M., Babot, F., Climent, A., Nicolau, M.: Communication and parallelism introduction and elimination in imperative concurrent programs. In: Cousot, P. (ed.) Static Analysis. 8th International Symposium, SAS 2001, LNCS, vol. 2126, pp. 20–39. Springer, Paris (2001)Google Scholar
  15. 15.
    Bertran, M., Babot, F.X., Climent, A.: An input/output semantics for distributed program equivalence reasoning. In: Actas de las IV Jornadas sobre Programación y Lenguajes, pp. 55–68. Malaga, Spain (2004)Google Scholar
  16. 16.
    Bertran, M., Babot, F.X., Climent, A.: An input/output semantics for distributed program equivalence reasoning. Electron. Notes Theor. Comput. Sci. 137(1), 25–46 (2005)CrossRefGoogle Scholar
  17. 17.
    Bertran, M., Babot, F.X., Climent, A.: Formal sequentialization of distributed systems via model rewriting. Electron. Notes Theor. Comput. Sci. 188, 53–75 (2007)CrossRefGoogle Scholar
  18. 18.
    Burch, J.R., Dill, D.L.: Automatic verification of pipelined microprocessor control. In: Dill, D.L. (ed.) Computer-Aided Verification, CAV ’94, LNCS, vol. 818, pp. 68–80. Springer, Berlin (1994)CrossRefGoogle Scholar
  19. 19.
    Chauhan, P., Goyal, D., Hasteer, G., Mathur, A., Sharma, N.: Non-cycle-accurate sequential equivalence checking. In: Proceedings of the 46th Annual Design Automation Conference. DAC ’09, pp. 460–465. ACM, New York, NY (2009)Google Scholar
  20. 20.
    Clarke, E., Grumberg, O., Peled, D.: Model Checking. The MIT Press, Cambridge (1999)Google Scholar
  21. 21.
    Clarke, E.M., Grumberg, O., Long, D.: Model checking and abstraction. ACM Trans. Program. Lang. Syst. 16(5), 1512–1542 (1994)CrossRefGoogle Scholar
  22. 22.
    Culler, D.E., Singh, J.P.: Parallel Computer Architecture: A Hardware/Software Approach. Morgan Kaufmann Publishers Inc, USA (1999)Google Scholar
  23. 23.
    Department of Defense: Reference Manual for the Ada Programming Language. ANSI/MIL-STD-1815A (1983)Google Scholar
  24. 24.
    de Roever, W.P., Engelhardt, K.: Data Refinement: Model-Oriented Proof Methods and their Comparison. Cambridge University Press, Cambridge (1998)CrossRefzbMATHGoogle Scholar
  25. 25.
    de Roever, W.P., de Boer, F., Hanneman, U., Lakhnech, Y., Poel, M., Zwiers, J.: Concurrency Verification: Introduction to Compositonal and Noncompositional Methods. Cambridge University Press, Cambridge (2001)Google Scholar
  26. 26.
    Elrad, T., Francez, N.: Decomposition of distributed programs into communication closed layers. Sci. Comput. Program. 2, 155–173 (1982)CrossRefzbMATHGoogle Scholar
  27. 27.
    Hennessy, J.L., Patterson, D.A.: Computer Architecture: A Quantitative Approach, 4th edn. Morgan Kaufmann, Los Altos (2007)Google Scholar
  28. 28.
    Hoare, C.: Proofs of correctness of data representation. Acta Inf. 1(4), 271–281 (1972)CrossRefzbMATHGoogle Scholar
  29. 29.
    Hoare, C.: Communicating Sequential Processes. Prentice-Hall, Englewood Cliffs, NJ (1985)zbMATHGoogle Scholar
  30. 30.
    Hoare, C., Sanders, J.: Prespecification in data refinement. Inf. Process. Lett. 25, 71–76 (1987)CrossRefzbMATHMathSciNetGoogle Scholar
  31. 31.
    Holtzmann, G.: Design and Validation of Computer Protocols. Prentice Hall, Englewood Cliffs, NJ (1991)Google Scholar
  32. 32.
    INMOS-Limited: Occam Programming Manual. Prentice Hall (1985)Google Scholar
  33. 33.
    INMOS-Limited: Occam 2 Reference Manual. Prentice Hall (1988)Google Scholar
  34. 34.
    Jones, G.: Programming in Occam. Prentice Hall, Englewood Cliffs, NJ (1987)zbMATHGoogle Scholar
  35. 35.
    Kapoor, H.K.: Formal modeling and verification of an asynchronous DLX pipeline. In: Fourth IEEE International Conference on Software Engineering and Formal Methods, SEFM’06. IEEE (2006)Google Scholar
  36. 36.
    Kurshan, R., Levin, V., Minea, M., Peled, D., Yenigun, H.: Static partial order reduction. In: Steffen, B. (ed.) Proceedings of TACAS’98, LNCS, vol. 1384, pp. 335–357. Springer, Noordwijkerhout (1998)Google Scholar
  37. 37.
    Manna, Z., Pnueli, A.: The Temporal Logic of Reactive and Concurrent Systems. Specification. Springer, Berlin (1991)zbMATHGoogle Scholar
  38. 38.
    Manna, Z., Pnueli, A.: Temporal Verification of Reactive Systems. Safety. Springer, Berlin (1995)CrossRefGoogle Scholar
  39. 39.
    Mathur, A., Fujita, M., Clarke, E., Urard, P.: Functional equivalence verification tools in high-level synthesis flows. IEEE Des. Test Comput. 26, 88–95 (2009)CrossRefGoogle Scholar
  40. 40.
    McMillan, K., Dill, D.: Symbolic Model Checking: An Approach to the State Explosion Problem. Kluwer Academic, Dordrecht (1993)CrossRefGoogle Scholar
  41. 41.
    McMillan, K.L.: Verification of an implementation of tomasulo’s algorithm by compositional model checking. In: CAV ’98: Proceedings of the 10th International Conference on Computer Aided Verification, pp. 110–121. Springer, London (1998)Google Scholar
  42. 42.
    McMillan, K.L.: Verification of infinite state systems by compositional model checking. In: Working Conference on Correct Hardware Design and Verification Methods. Proceedings of the 10th IFIP WG 10.5, CHARME ’99. Springer, London (1999)Google Scholar
  43. 43.
    Merz, S.: Model checking: A tutorial overview. In: Cassez, F. (ed.) Modeling and Verification of Parallel Processes, LNCS, vol. 2067, pp. 3–38. Springer, Berlin (2001)CrossRefGoogle Scholar
  44. 44.
    Milner, R.: A Calculus of Communicating Systems. Springer, Berlin (1980)CrossRefzbMATHGoogle Scholar
  45. 45.
    Milner, R.: Communication and Concurrency. Prentice-Hall, Englewood Cliffs, NJ (1989)zbMATHGoogle Scholar
  46. 46.
    Muller-Olm, M., Schmit, D., Steffen, B.: Model Checking: A Tutorial Introduction. In: Cortesi, G.A. (ed.) Static Analysis, Proceedings of 6th International Symposium on SAS’99, LNCS, vol. 1694, pp. 330–354. Springer, Venice (1999)Google Scholar
  47. 47.
    Owre, S., Rushby, J., Shankar, N., von Henke, F.: Formal verification for fault-tolerant architectures: prolegomena to the design of PVS. IEEE Trans. Softw. Eng. 21(2), 107–125 (1995)
  48. 48.
    Owre, S., Shankar, N., Rushby, J.M., Stringer-Calvert, D.: PVS Version 2.4, System Guide, PVS Language Reference, 2001. IEEE Trans. Softw. Eng. (2001)
  49. 49.
    Pixley, C.: A computational theory and implementation of sequential hardware equivalence. In: Clarke, E.M., Kurshan, R.P. (eds.) DIMACS Workshop on Computer Aided Verification, pp. 293–320. Providence, RI (1990)Google Scholar
  50. 50.
    Pixley, C.: A theory and implementation of sequential hardware equivalence. IEEE Trans. Comput. Aid. Des. Integr. Circuits Syst. 11(12), 1469–1478 (1992)CrossRefGoogle Scholar
  51. 51.
    Roscoe, A.: The Theory and Practice of Concurrency. Prentice-Hall, Englewood Cliffs, NJ (1998)Google Scholar
  52. 52.
    Roscoe, A., Hoare, C.: The laws of OCCAM programming. Theor. Comput. Sci. 60, 177–229 (1988)CrossRefzbMATHMathSciNetGoogle Scholar
  53. 53.
    Srinivasan, S.K., Sarker, K., Katti, R.S.: Token-aware completion functions for elastic processor verification. J. Electr. Comput. Eng., Res. Lett. Electr. (2009)Google Scholar
  54. 54.
    Taft, S.T., Duff, R.A., Brukardt, R.L., Ploedereder, E., Leroy, P.: Ada 2005 Reference Manual. Language and Standard Libraries. LNCS. Springer, Berlin/Heidelberg (2006). International Standard ISO/IEC 8652/1995 (E) with Tech. Corrigendum 1 and Amendment 1Google Scholar
  55. 55.
    Velev, M.N., Bryant, R.E.: Superscalar processor verification using efficient reductions of the logic of equality with uninterpreted functions to propositional logic. In: Pierre, L., Kropf, T. (eds.) Correct Hardware Design and Verification Methods, CHARME ’99, LNCS, vol. 1703, pp. 37–53. Springer, Berlin (1999)CrossRefGoogle Scholar
  56. 56.
    Yorav, K., Grumberg, O.: Static analysis for state-space reductions. Form. Methods Syst. Des. 25, 67–96 (2004)CrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Miquel Bertran
    • 1
  • Francesc Babot
    • 1
  • August Climent
    • 1
  1. 1.Grup de Recerca en Sistemes Distribuïts i Telemàtica.La Salle - Universitat Ramon LlullBarcelonaSpain

Personalised recommendations