Top

Software and Systems Modeling

Published in:

29-12-2015 | Regular Paper

Towards an integrated formal method for verification of liveness properties in distributed systems: with application to population protocols

Authors: Dominique Méry, Michael Poppleton

Published in: Software and Systems Modeling | Issue 4/2017

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

State-based formal methods [e.g. Event-B/RODIN (Abrial in Modeling in Event-B—system and software engineering. Cambridge University Press, Cambridge, 2010; Abrial et al. in Int J Softw Tools Technol Transf (STTT) 12(6):447–466, 2010)] for critical system development and verification are now well established, with track records including tool support and industrial applications. The focus of proof-based verification, in particular, is on safety properties. Liveness properties, which guarantee eventual, or converging computations of some requirements, are less well dealt with. Inductive reasoning about liveness is not explicitly supported. Liveness proofs are often complex and expensive, requiring high-skill levels on the part of the verification engineer. Fairness-based temporal logic approaches have been proposed to address this, e.g. TLA Lamport (ACM Trans Program Lang Syst 16(3):872–923, 1994) and that of Manna and Pnueli (Temporal verification of reactive systems—safety. Springer, New York, 1995). We contribute to this technology need by proposing a fairness-based method integrating temporal and first-order logic, proof and tools for modelling and verification of safety and liveness properties. The method is based on an integration of Event-B and TLA. Building on our previous work (Méry and Poppleton in Integrated formal methods, 10th international conference, IFM 2013, Turku, Finland, pp 208–222, 2013. doi:10.1007/978-3-642-38613-8_15), we present the method via three example population protocols Angluin et al. (Distrib Comput 18(4):235–253, 2006). These were proposed as a theoretical framework for computability reasoning about Wireless Sensor Network and Mobile Ad-Hoc Network algorithms. Our examples present typical liveness and convergence requirements. We prove convergence results for the examples by integrated modelling and proof with Event-B/RODIN and TLA. We exploit existing proof rules, define and apply three new proof rules; soundness proofs are also provided. During the process we observe certain repeating patterns in the proofs. These are easily identified and reused because of the explicit nature of the reasoning.

previous article FLAME: a formal framework for the automated analysis of software product lines validated by automated specification testing

next article Model checking multi-level and recursive nets

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Available only for authorised users

We do not consider the hybrid interface of this discrete model to the wireless radio environment.

Note that the more sophisticated modelling of the hybrid discrete/continuous controller/environment interface offered by the Hybrid Systems community is under active consideration by the Event-B community [9, 20‐22].

We will write \(\varPhi _c\) REF \(\varPhi _a\) to abbreviate this.

\(\textsf {iact}_0\) “anticipates” the interaction in the subsequent refinement \(\textsc {PPM}_1\) by allowing maximal nondeterministic change in \(l\) under the constraint of the invariant and the initial configuration cl. This provides a vehicle against which the behaviour of “anticipated” interaction event \(\textsf {iact}_1\) on \(l\) can simulate defined behaviour in \(\textsc {PPM}_0\). It removes the need for a duplicate variable for \(l\) in a data refinement.

Keyword convergent for \(\textsf {iact}_1\) generates an inductive PO requiring this variant to be reduced by the event.

For ease of reading, we gloss over the event artefact required to avoid redundant variables in data refinement, as per \(\textsf {iact}_0\) in Sect. 3.1.

Abadi, M., Lamport, L.: The existence of refinement mappings. Theor. Comput. Sci. 82(2), 253–284 (1991). doi:10.1016/0304-3975(91)90224-P MathSciNetCrossRefMATH

Abadi, M., Merz, S.: On TLA as a logic. In: Broy, M. (ed.) NATO ASI DPD, pp. 235–271 (1996)

Abrial, J.R.: The B-Book: Assigning Programs to Meanings. Cambridge University Press, Cambridge (1996)CrossRefMATH

Abrial, J.R.: Modeling in Event-B—System and Software Engineering. Cambridge University Press, Cambridge (2010)CrossRefMATH

Abrial, J.R.: Private communication (2013)

Abrial, J.R., Butler, M., Hallerstede, S., Hoang, T.S., Mehta, F., Voisin, L.: Rodin: an open toolset for modelling and reasoning in Event-B. Int. J. Softw. Tools Technol. Transf. (STTT) 12(6), 447–466 (2010)CrossRef

Abrial, J.R., Butler, M., Hallerstede, S., Voisin, L.: An open extensible tool environment for Event-B. In: Liu, Z., He, J. (eds.) Proceedings of ICFEM 2006, LNCS, vol. 4260. Macau (2006)

Abrial, J.R., Mussat, L.: Introducing dynamic constraints in B. In: Bert, D. (ed.) 2nd International B Conference, LNCS, vol. 1393, pp. 83–128. Springer, Montpellier (1998)

Abrial, J.R., Su, W., Zhu, H.: Formalizing hybrid systems with Event-B. In: ABZ, pp. 178–193 (2012)

10.

Alpern, B., Schneider, F.B.: Defining liveness. Inf. Process. Lett. 21(4), 181–185 (1985)MathSciNetCrossRefMATH

11.

Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Distrib. Comput. 2(3), 117–126 (1987)CrossRefMATH

12.

Angluin, D., Aspnes, J., Diamadi, Z., Fischer, M.J., Peralta, R.: Computation in networks of passively mobile finite-state sensors. Distrib. Comput. 18(4), 235–253 (2006)CrossRefMATH

13.

Angluin, D., Aspnes, J., Eisenstat, D., Ruppert, E.: The computational power of population protocols. Distrib. Comput. 20(4), 279–304 (2007)CrossRefMATH

14.

Angluin, D., Aspnes, J., Fischer, M.J., Jiang, H.: Self-stabilizing population protocols. TAAS 3(4),103–117 (2008)

15.

Apt, K.R., Olderog, E.R.: Proof rules and transformations dealing with fairness. Sci. Comput. Program. 3(1), 65–100 (1983)MathSciNetCrossRefMATH

16.

Araki, K., Galloway, A., Taguchi, K. (eds.): Integrated Formal Methods, Proceedings of the 1st International Conference on Integrated Formal Methods, IFM 99, New York, UK, 28–29 June 1999. Springer (1999)

17.

Aspnes, J., Ruppert, E.: An introduction to population protocols. Bull. EATCS 93, 98–117 (2007)MathSciNetMATH

18.

Back, R.J., Kurki-Suonio, R.: Distributed cooperation with action systems. ACM Trans. Program. Lang. Syst. 10(4), 513–554 (1988)CrossRefMATH

19.

Back, R.J., Kurki-Suonio, R.: Decentralization of process nets with centralized control. Distrib. Comput. 3(2), 73–87 (1989)CrossRef

20.

Banach, R.: Pliant modalities in hybrid Event-B. In: iu, Z., Woodcock, J., Zhu, H. (eds.) Theories of Programming and Formal Methods, Lecture Notes in Computer Science, vol. 8051, pp. 37–53. Springer (2013)

21.

Banach, R., Butler, M.: Cruise control in hybrid Event-B. In: Liu, Z., Woodcock, J., Zhu, H. (eds.) ICTAC, Lecture Notes in Computer Science, vol. 8049, pp. 76–93. Springer (2013)

22.

Banach, R., Zhu, H., Su, W., Wu, X.: Continuous behaviour in Event-B: A sketch. In: ABZ, pp. 349–352 (2012)

23.

Beauquier, J., Blanchard, P., Burman, J.: Self-stabilizing leader election in population protocols over arbitrary communication graphs. In: Baldoni, R., Nisse, N., van Steen, M. (eds.) Principles of Distributed Systems—17th International Conference, OPODIS 2013, Nice, France, December 16–18, 2013. Proceedings, Lecture Notes in Computer Science, vol. 8304, pp. 38–52. Springer (2013)

24.

Bjorner, D.: Software Engineering 1 Abstraction and Modelling. Springer, Texts in Theoretical Computer Science. An EATCS Series (2006). ISBN 978-3-540-21149-5

25.

Bjorner, D.: Software Engineering 2 Specification of Systems and Languages. Springer, Texts in Theoretical Computer Science. An EATCS Series (2006). ISBN 978-3-540-21150-1

26.

Bjorner, D.: Software Engineering 3 Domains, Requirements, and Software Design. Springer, Texts in Theoretical Computer Science. An EATCS Series (2006). ISBN 978-3-540-21151-8

27.

Bjørner, D., Henson, M.C. (eds.): Logics of Specification Languages. EATCS Textbook in Computer Science. Springer, New York (2007)

28.

Butler, M.: Decomposition structures for Event-B. In: Leuschel, M., Wehrheim, H. (eds.) Integrated Formal Methods, 7th International Conference, IFM 2009, Düsseldorf, Germany, February 16–19, 2009. Proceedings, Lecture Notes in Computer Science, vol. 5423, pp. 20–38. Springer (2009)

29.

Butler, M.: Towards a cookbook for modelling and refinement of control problems. ECS, University of Southampton, Technical Report (2009)

30.

Cai, S., Izumi, T., Wada, K.: How to prove impossibility under global fairness: on space complexity of self-stabilizing leader election on a population protocol model. Theory Comput. Syst. 50(3), 433–445 (2012)MathSciNetCrossRefMATH

31.

Cansell, D., Méry, D., Merz, S.: Predicate diagrams for the verification of reactive systems. In: Grieskamp, W., Santen, T., Stoddart, B. (eds.) IFM, Lecture Notes in Computer Science, vol. 1945, pp. 380–397. Springer (2000)

32.

Chandy, K., Misra, J.: Parallel Program Design: A Foundation. Addison-Wesley, Reading (1988)MATH

33.

Chatzigiannakis, I., Michail, O., Spirakis, P.: Experimental verification and performance study of extremely large sized population protocols. In: Technical Report FRONTS-TR-2009-3 (2009). http://fronts.cti.gr/aigaion/?page=publication&kind=single&ID=61

34.

Cousineau, D., Doligez, D., Lamport, L., Merz, S., Ricketts, D., Vanzetto, H.: TLA + proofs. In: Giannakopoulou, D., Méry, D. (eds.) FM, Lecture Notes in Computer Science, vol. 7436, pp. 147–154. Springer (2012)

35.

Dijkstra, R.M.: Computation calculus bridging a formalization gap. Sci. Comput. Program. 37(1–3), 3–36 (2000)MathSciNetCrossRefMATH

36.

Fathabadi, A.S., Butler, M., Rezazadeh, A.: A systematic approach to atomicity decomposition in event-b. In: Eleftherakis, G., Hinchey, M., Holcombe, M. (eds.) Software Engineering and Formal Methods—10th International Conference, SEFM 2012, Thessaloniki, Greece, October 1–5, 2012. Proceedings, Lecture Notes in Computer Science, vol. 7504, pp. 78–93. Springer (2012). doi:10.1007/978-3-642-33826-7

37.

Fischer, M.J., Jiang, H.: Self-stabilizing leader election in networks of finite-state anonymous agents. In: Shvartsman, A.A. (ed.) Principles of Distributed Systems, 10th International Conference, OPODIS 2006, Bordeaux, France, December 12–15, 2006, Proceedings, Lecture Notes in Computer Science, vol. 4305, pp. 395–409. Springer (2006)

38.

Francez, N.: Fairness. Springer, New York (1986)CrossRefMATH

39.

Gibson, J.P., Méry, D.: A unifying model for specification and design. In: Proceedings of the Workshop on Proof Theory of Concurrent Object-Oriented Programming (1996)

40.

Gibson, P., Méry, D.: Fair objects. In: In OT98 COTSR, pp. 245–254 (1997)

41.

Groslambert, J.: Verification of LTL on B event systems. In: Julliand, J., Kouchnarenko, O. (eds.) B 2007: Formal Specification and Development in B, 7th International Conference of B Users, Besançon, France, January 17–19, 2007, Proceedings, Lecture Notes in Computer Science, vol. 4355, pp. 109–124. Springer (2007)

42.

Hallerstede, S.: On the purpose of Event-B proof obligations. In: E. Börger, M.J. Butler, J.P. Bowen, P. Boca (eds.) Abstract State Machines, B and Z, First International Conference, ABZ 2008, London, UK, September 16–18, 2008. Proceedings, Lecture Notes in Computer Science, vol. 5238, pp. 125–138. Springer (2008)

43.

Hoang, T.S., Abrial, J.R.: Reasoning about liveness properties in Event-B. In: Qin, S., Qiu, Z. (eds.) ICFEM, Lecture Notes in Computer Science, vol. 6991, pp. 456–471. Springer (2011)

44.

Hoare, C.: Communicating Sequential Processes. Prentice-Hall International, Upper Saddle River (1985)MATH

45.

Hudon, S., Hoang, T.S.: Systems design guided by progress concerns. In: IFM, pp. 16–30 (2013)

46.

Jackson, M.: System Development. Prentice-Hall, Englewood Cliffs (1983)MATH

47.

Järvinen, H.M., Kurki-Suonio, R.: Disco specification language: marriage of actions and objects. In: ICDCS, pp. 142–151. IEEE Computer Society (1991)

48.

Jones, C.B.: Specification and design of (parallel) programs. In: IFIP Congress, pp. 321–332 (1983)

49.

Kansal, A., Hsu, J., Zahedi, S., Srivastava, M.B.: Power management in energy harvesting sensor networks. ACM Trans. Embed. Comput. Syst. (2007). doi:10.1145/1274858.1274870

50.

Lamport, L.: A simple approach to specifying concurrent systems. Commun. ACM 32(1), 32–45 (1989)MathSciNetCrossRef

51.

Lamport, L.: The temporal logic of actions. ACM Trans. Program. Lang. Syst. 16(3), 872–923 (1994)CrossRef

52.

Lamport, L.: Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley, Boston (2002)

53.

Lamport, L., Matthews, J., Tuttle, M.R., Yu, Y.: Specifying and verifying systems with TLA+. In: Muller, G., Jul, E. (eds.) ACM SIGOPS European Workshop, pp. 45–48. ACM (2002)

54.

Manna, Z., Pnueli, A.: Temporal Verification of Reactive Systems—Safety. Springer, New York (1995)CrossRefMATH

55.

Méry, D.: A proof system to derive eventually properties under justice hypothesis. In: Gruska, J., Rovan, v, Wiedermann, J. (eds.) Mathematical Foundations of Computer Science 1986, Bratislava, Czechoslovakia, August 25–29, 1996, Proceedings, Lecture Notes in Computer Science, vol. 233, pp. 536–544. Springer (1986). doi:10.1007/BFb0016280

56.

Méry, D.: Requirements for a temporal B : Assigning Temporal Meaning to Abstract Machines ... and to Abstract Systems. In: Galloway, A., Taguchi, K. (eds.) IFM’99 Integrated Formal Methods 1999, Workshop on Computing Science, New York (1999)

57.

Méry, D.: Refinement-based guidelines for algorithmic systems. Int. J. Softw. Inf. 3(2–3), 197–239 (2009)

58.

Méry, D., Poppleton, M.: Formal modelling and verification of population protocols. In: Integrated Formal Methods, 10th International Conference, IFM 2013, Turku, Finland, June 10–14, 2013. Proceedings, pp. 208–222 (2013). doi:10.1007/978-3-642-38613-8_15

59.

Olderog, E.R., Apt, K.R.: Fairness in parallel programs: the transformational approach. ACM Trans. Program. Lang. Syst. 10(3), 420–455 (1988)CrossRef

60.

Owicki, S.S., Lamport, L.: Proving liveness properties of concurrent programs. ACM Trans. Program. Lang. Syst. 4(3), 455–495 (1982)CrossRefMATH

61.

Park, D.: A predicate transformer for weak fair iteration. In: Proceedings of 6th IBM Symposium on Mathematical Foundations in Computer Science, pp. 257–275. IBM, Hakone (1981)

62.

Picco, G.: Software engineering and wireless sensor networks: happy marriage or consensual divorce. In: FoSER 2010 (2010)

63.

Rajagopalan, R., Varshney, P.K.: Data-aggregation techniques in sensor networks: a survey. IEEE Commun. Surv. Tutor. 8(1–4), 48–63 (2006)CrossRef

64.

Schneider, S.A., Treharne, H., Wehrheim, H., Williams, D.M.: Managing LTL properties in event-b refinement. In: Albert, E., Sekerinski, E. (eds.) Integrated Formal Methods—11th International Conference, IFM 2014, Bertinoro, Italy, September 9–11, 2014, Proceedings, Lecture Notes in Computer Science, vol. 8739, pp. 221–237. Springer (2014). doi:10.1007/978-3-319-10181-1

65.

Spirakis, P.: Population protocols and related models. In: Theoretical Aspects of Distributed Computing in Sensor Networks Monographs in Theoretical Computer Science. An EATCS Series 2011, pp. 109–159. Springer (2011)

66.

Stavvides, A., Srivastava, M., Girod, L., Estrin, D.: Wireless Sensor Networks. Springer, New York (2004)

67.

Yick, J., Mukherjee, B., Ghosal, D.: Wireless sensor network survey. Comput. Netw. 52(12), 2292–2330 (2008). doi:10.1016/j.comnet.2008.04.002 CrossRef

Title: Towards an integrated formal method for verification of liveness properties in distributed systems: with application to population protocols
Authors: Dominique Méry
Michael Poppleton
Publication date: 29-12-2015
Publisher: Springer Berlin Heidelberg
Published in: Software and Systems Modeling / Issue 4/2017
Print ISSN: 1619-1366
Electronic ISSN: 1619-1374
DOI: https://doi.org/10.1007/s10270-015-0504-y

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Other articles of this Issue 4/2017

Generating process model collections

From software extensions to product lines of dataflow programs

Model checking multi-level and recursive nets

An approach based on the domain perspective to develop WSAN applications

On the formal interpretation and behavioural consistency checking of SysML blocks

A model framework-based domain-specific composable modeling method for combat system effectiveness simulation

Premium Partner