Abstract
Theorem proving and model checking are combined to fully formalize a correctness proof of a broadcasting protocol. The protocol is executed in a network of processors which constitutes a binary tree of arbitrary size. We use the theorem prover Coq and the model checker Spin to verify the broadcasting protocol.
Our goals in this work are twofold. The first one is to provide a strategy for carrying out formal, mechanical correctness proofs of distributed network algorithms. Even though logical specifications of programs implementing such algorithms are often defined precisely enough to allow a human verifier to prove the program's correctness, the definition of the network is often only informal or implicit. Our example illustrates how an underlying network can be formally defined by means of induction, and how to reason about network algorithms by structural induction. Our second goal is to integrate theorem proving and model checking to increase the class of algorithms for which mechanical verification is practical. Theorem provers are expressive and powerful, but require sophisticated insight and guidance by the user. Model checkers are fully automatic and effective for verifying finite state automata, but limited to finite spaces of a certain size. We provide a proof strategy which draws on the strengths of both techniques.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
Marc Bezem and Jan Friso Groote. A formal verification of the alternating bit protocol in the calculus of constructions. Technical Report Logic Group Reprint Series No. 88, Utrecht University, 1993.
M. C. Browne, E. M. Clarke, and O. Grumberg. Reasoning about networks with many identical processes. In Proceedings of the 5th Symposium on Principles of Distributed Computing, 1986.
K. M. Chandy and J. Misra. Parallel Program Design—A Foundation. Addison-Wesley, 1988.
Ching-Tsun Chou. Mechanical verification of distributed algorithms in higher-order logic. The Computer Journal, 1995. To appear.
E. M. Clarke, E. A. Emerson, and A. P. Sistla. Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Transactions on Programming Languages and Systems, 8(2):244–263, 1986.
Cristina Cornes, Judicaël Courant, Jean-Christophe Filliâtre, Gérard Huet, Pascal Manoury, Christine Paulin-Mohring, César Muñoz, Chetan Murthy, Catherine Parent, Amokrane Saïbi, and Benjamin Werner. The Coq Proof Assistant reference manual. Technical report, INRIA, 1995.
Amy Felty. Implementing tactics and tacticals in a higher-order logic programming language. Journal of Automated Reasoning, 11(1):43–81, August 1993.
R. T. Gallager, P. A. Humblet, and P. M. Spira. A distributed algorithm for minimum-weight spanning trees. ACM Transactions on Programming Languages and Systems, 5(1):66–77, 1983.
S. M. German and A. P. Sistla. Reasoning about systems with many processes. Journal of the Association for Computing Machinery, 39(3):675–735, 1992.
Patrice Godefroid. Using partial orders to improve automatic verification methods (extended abstract). In Proceedings of the 2nd International Workshop on Computer-Aided Verification, pages 176–185. Springer Verlag Lecture Notes in Computer Science 513, 1990.
M. J. C. Gordon and T. F. Melham. Introduction to HOL—A Theorem Proving Environment for Higher Order Logic. Cambridge University Press, 1993.
O. Grumberg, N. Francez, J. A. Makowsky, and W. P. de Roever. A proof rule for fair termination of guarded commands. Information and Control, 66(1/2):83–102, July/August 1985.
Robert Harper, Furio Honsell, and Gordon Plotkin. A framework for defining logics. Journal of the ACM, 40(1):143–184, January 1993.
L. Helmink, M. P. A. Sellink, and F. W. Vaandrager. Proof-checking a data link protocol. In Proceedings of the ESPRIT BRA Workshop on Types for Proofs and Programs, 1994.
Gerard J. Holzmann. Design and Validation of Computer Protocols. Prentice-Hall Software Series, 1991.
R. P. Kurshan. Analysis of discrete event coordination. In Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness (REX Workshop), pages 414–453. Springer Verlag Lecture Notes in Computer Science 430, 1989.
R. P. Kurshan and Leslie Lamport. Verification of a multiplier: 64 bits and beyond. In Proceedings of the 5th International Workshop on Computer-Aided Verification, pages 166–179. Springer Verlag Lecture Notes in Computer Science 697, 1993.
R. P. Kurshan and K. L. McMillan. A structural induction theorem for processes. Information and Computation, 117:1–11, 1995.
Z. Manna and A. Pnueli. The Temporal Logic of Reactive and Concurrent Systems. Springer Verlag, 1991.
K. L. McMillan. Using unfoldings to avoid the state explosion problem in the verification of asynchronous circuits. In Proceedings of the 4th International Workshop on Computer-Aided Verification, pages 164–177. Springer Verlag Lecture Notes in Computer Science 663, 1992.
K. L. McMillan. Symbolic Model Checking. Kluwer Academic Publishers, 1993.
Olaf Müller and Tobias Nipkow. Combining model checking and deduction for I/O-automata. In Proceedings of the First Workshop on Tools and Algorithms for the Construction and Analysis of Systems, pages 1–12. Technical Report NS-95-2,BRICS Notes Series, Aarhus, 1995.
Lawrence C. Paulson. The foundation of a generic theorem prover. Journal of Automated Reasoning, 5(3):363–397, 1989.
Doron Peled. Combining partial order reductions with on-the-fly model-checking. In Proceedings of the 6th International Workshop on Computer-Aided Verification. Springer Verlag Lecture Notes in Computer Science 801, 1994.
S. Rajan, N. Shankar, and M. K. Srivas. An integration of model-checking with automated proof checking. In Proceedings of the 7th International Workshop on Computer-Aided Verification. Springer Verlag Lecture Notes in Computer Science, 1995.
A. Segall. Distributed network protocols. IEEE Trans. on Inf. Theory, IT29(1), 1983.
Z. Shtadler and O. Grumberg. Network grammars, communication behavior, and automatic verification. In Proceedings of the Workshop on Automatic Verification Methods for Finite State Systems, pages 151–165. Springer Verlag Lecture Notes in Computer Science, 1989.
Antti Valmari. A stubborn attack on state explosion (abridged version). In Proceedings of the 2nd International Workshop on Computer-Aided Verification, pages 156–165. Springer Verlag Lecture Notes in Computer Science 513, 1990.
P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In Proceedings of the Workshop on Automatic Verification Methods for Finite State Systems, pages 68–80. Springer Verlag Lecture Notes in Computer Science, 1989.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bharadwaj, R., Felty, A., Stomp, F. (1995). Formalizing inductive proofs of network algorithms. In: Kanchanasut, K., Lévy, JJ. (eds) Algorithms, Concurrency and Knowledge. ACSC 1995. Lecture Notes in Computer Science, vol 1023. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-60688-2_54
Download citation
DOI: https://doi.org/10.1007/3-540-60688-2_54
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60688-8
Online ISBN: 978-3-540-49262-7
eBook Packages: Springer Book Archive