Generating Distributed Programs from Event-B Models (original) (raw)

Formal Derivation of a Distributed Program in Event B

Lecture Notes in Computer Science, 2011

Achieving high dependability of distributed systems remains a major challenge due to complexity arising from concurrency and communication. There are a number of formal approaches to verification of properties of distributed algorithms. However, there is still a lack of methods that enable a transition from a verified formal model of communication to a program that faithfully implements it. In this paper we aim at bridging this gap by proposing a state-based formal approach to correct-by-construction development of distributed programs. In our approach we take a systems view, i.e., formally model not only application but also its environment -the middleware that supports it. We decompose such an integrated specification to obtain the distributed program that should be deployed on the targeted network infrastructure. To illustrate our approach, we present a development of a distributed leader election protocol.

Formal Specification and Verification of Distributed Systems

IEEE Transactions on Software Engineering, 1983

Computations of distributed systems are extremely difficult to specify and verify using traditional techniques because the systems are inherently concurrent, asynchronous, and nondeterministic. Furthermore, computing nodes in a distributed system may be highly independent of each other, and the entire system may lack an accurate global clock. In this paper, we develop an event-based model to specify formally the behavior (the external view) and the structure (the internal view) of distributed systems. Both control-related and data-related properties of distributed systems are specified using two fundamental relationships among events: the "precedes" relation, representing time order; and the "enables' relations, representing causality. No assumption about the existence of a global clock is made in the specifications. The specification technique has a rather wide range of applications. Examples from different classes of distributed systems, include communication systems, process control systems, and a distributed prime number generator [13], are used to demonstrate the power of the technique. The correctness of a design can be proved before implementation by checking the consistency between the behavior specification and the structure specification of a system. Both safety and liveness properties can be specified and verified. Furthermore, since the specification technique defines the orthogonal properties of a system separately, each of them can then be verified independently. Thus, the proof technique avoids the exponential state-explosion problem found in state-machine specification techniques.

Knowledge-Based Synthesis of Distributed Systems Using Event Structures

Logical Methods in Computer Science, 2011

Transforming Event B Models into Verified C# Implementations

EPiC Series in Computing

The refinement-based approach to developing software is based on thecorrect-by-construction paradigm were software systems are constructed via the step-by-step refinement of an initial high-level specification into a final concrete specification. Proof obligations, generated during this process are discharged to ensure the consistency between refinement levels and hence the system's overall correctness.Here, we are concerned with the refinement of specifications using the Event B modelling language and its associated toolset, the Rodin platform. In particular, we focus on the final steps of the process where the final concrete specification is transformed into an executable algorithm. The transformations involved are (a) the transformation from an Event B specification into a concrete recursive algorithm and (b) the transformation from the recursive algorithm into its equivalent iterative version. We prove both transformations correct and verify the correctness of the final code...

Formal framework for automated analysis and verification of distributed reactive applications

2017 First International Conference on Embedded & Distributed Systems (EDiS), 2017

As applications become more and more complex, concurrency and communication play increasingly important roles in the design process. In particular, highly distributed applications demand truly scalable communication architectures. There is a real need for reliability and constructivity in the design of such systems. The use of a bottom-up strategy, supported by abstraction and proofs, allows scalable modeling and verification of behavioral properties, and facilitates the derivation of robust systems. The purpose of our research is to produce scalable solutions facilitating the systematic design of complex, reactive, and distributed systems that are guaranteed correct by construction.

Derivation of concurrent programs by stepwise scheduling of Event-B models

Formal Aspects of Computing, 2014

Event-B is a refinement-based formal method that has been shown to be useful in developing concurrent and distributed programs. Large models can be decomposed into sub-models that can be refined semi-independently and executed in parallel. In this paper, we show how to introduce explicit control flow for the concurrent sub-models in the form of event schedules. We explore how schedules can be designed so that their application results in a correctness-preserving refinement step. For practical application, two patterns for schedule introduction are provided, together with their associated proof obligations. We demonstrate our method by applying it on the dining philosophers problem.

Knowledge-Based Sythesis of Distributed Systems Using Event Structures

2004

To produce a program guaranteed to satisfy a given specification one can synthesize it from a formal constructive proof that a computation satisfying that specification exists. This process is particularly effective if the specifications are written in a high-level language that makes it easy for designers to specify their goals. We consider a high-level specification language that results from adding knowledge to a fragment of Nuprl specifically tailored for specifying distributed protocols, called event theory. We then show how high-level knowledge-based programs can be synthesized from the knowledge-based specifications using a proof development system such as Nuprl. Methods of Halpern and Zuck [1992] then apply to convert these knowledge-based protocols to ordinary protocols. These methods can be expressed as heuristic transformation tactics in Nuprl. § Pgm¨Sem assigning to each program pr § Pgm a meaning in type Sem. A semantic property is a predicate X on meanings. We say that a program pr satisfies a semantic property X if X holds of the semantic meaning of pr. Formally, we write pr |= X as an abbreviation of X (S pr); thus, this fact can be expressed in Nuprl. A semantic property X is satisfiable if there is some program that satisfies it. Satisfiability can also be expressed in Nuprl: we take Sat(X) to be an abbrevation for © pr:Pgm.pr |= X. The key point for the purposes of this paper is that from a £ if, for each process © , process

Formal specification and analysis of distributed systems

1998

The paper deals with the problems that arise while developing software of such distributed systems as real-time, computer network protocols and distributed information-processing systems. In the introduction, some essential peculiarities typical of distributed systems (DS) and a general scheme for developing such systems are presented. The main idea of this paper is the use of a piece-linear aggregate mathematical method for formal speci®cation, simulation and validation of DS. The main advantage of this approach is that it integrates two tasks of diering nature, i.e. simulation and correctness analysis of speci®cation, on the basis of a single speci®cation. The method of a transformation of aggregate speci®cation to the ®rstorder predicates and its further use for the correctness analysis of the aggregate speci®cation using logic-based programming will also be presented. It will also be shown how to transform an informal description of system functioning to aggregate speci®cation using production rules. The presented methods are explained using illustrative examples.

Formal Verification of Distributed Algorithms

Lecture Notes in Computer Science, 2012

We exhibit a methodology to develop mechanically-checkable parameterized proofs of the correctness of fault-tolerant round-based distributed algorithms in an asynchronous message-passing setting. Motivated by a number of case studies, we sketch how to replace often-used informal and incomplete pseudo code by mostly syntax-free formal and complete definitions of a global-state transition system. Special emphasis is put on the required deepening of the level of proof detail to be able to check them within an interactive theorem proving environment.

Verification of Distributed Object-Based Systems

2003

Distributed systems for open environments, like the Internet, are becoming more frequent and important. However, it is difficult to assure that such systems have the required functional properties. In this paper we use a visual formal specification language, called Object-Based Graph Grammars (OBGG), to specify asynchronous distributed systems. After discussing the main concepts of OBGG, we propose an approach for the verification of OBGG specifications using model checking. This approach consists on the translation of OBGG specifications into PROMELA (PROcess/PROtocol MEta LAnguage), which is the input language of the SPIN model checker. The approach we use for verification allows one to write properties based on the OBGG specification instead of on the generated PROMELA model.

Generating Distributed Programs from Event-B Models (original) (raw)

Related papers