Results 1  10
of
15
Group Communication Specifications: A Comprehensive Study
 ACM Computing Surveys
, 1999
"... Vieworiented group communication is an important and widely used building block for many distributed applications. Much current research has been dedicated to specifying the semantics and services of vieworiented Group Communication Systems (GCSs). However, the guarantees of different GCSs are for ..."
Abstract

Cited by 365 (14 self)
 Add to MetaCart
Vieworiented group communication is an important and widely used building block for many distributed applications. Much current research has been dedicated to specifying the semantics and services of vieworiented Group Communication Systems (GCSs). However, the guarantees of different GCSs are formulated using varying terminologies and modeling techniques, and the specifications vary in their rigor. This makes it difficult to analyze and compare the different systems. This paper provides a comprehensive set of clear and rigorous specifications, which may be combined to represent the guarantees of most existing GCSs. In the light of these specifications, over thirty published GCS specifications are surveyed. Thus, the specifications serve as a unifying framework for the classification, analysis and comparison of group communication systems. The survey also discusses over a dozen different applications of group communication systems, shedding light on the usefulness of the p...
Forward and Backward Simulations  Part II: TimingBased Systems
 Information and Computation
, 1995
"... A general automaton model for timingbased systems is presented and is used as the context for developing a variety of simulation proof techniques for such systems. These techniques include (1) refinements, (2) forward and backward simulations, (3) hybrid forwardbackward and backwardforward sim ..."
Abstract

Cited by 85 (29 self)
 Add to MetaCart
A general automaton model for timingbased systems is presented and is used as the context for developing a variety of simulation proof techniques for such systems. These techniques include (1) refinements, (2) forward and backward simulations, (3) hybrid forwardbackward and backwardforward simulations, and (4) history and prophecy relations. Relationships between the different types of simulations, as well as soundness and completeness results, are stated and proved. These results are (with one exception) analogous to the results for untimed systems in Part I of this paper. In fact, many of the results for the timed case are obtained as consequences of the analogous results for the untimed case.
The IOA Language and Toolset: Support for Designing, Analyzing, and Building Distributed Systems
, 1998
"... This report describes a new language for distributed programming, the IOA language, together with a highlevel design and preliminary implementation for a suite of tools, the IOA toolset, to support the production of highquality distributed software. The language and tools are based on the I/O a ..."
Abstract

Cited by 31 (9 self)
 Add to MetaCart
This report describes a new language for distributed programming, the IOA language, together with a highlevel design and preliminary implementation for a suite of tools, the IOA toolset, to support the production of highquality distributed software. The language and tools are based on the I/O automaton model, which has been used to describe and verify distributed algorithms. The toolset supports a development process that begins with a highlevel specification, refines that specification via successively more detailed designs, and ends by automatically generating distributed programs. The toolset encourages system decomposition, which helps make distributed programs understandable and easy to modify. It also provides a variety of validation methods (theorem proving, model checking, and simulation), which can be used to ensure that the generated programs are correct, subject to assumptions about externallyprovided system services (e.g., communication services), and about the correctness of handcoded data type implementations.
Mechanical Verification of Timed Automata: A Case Study
 In Proc. 1996 IEEE RealTime Technology and Applications Symp. (RTAS'96). IEEE Computer
, 1996
"... This paper reports the results of a case study on the feasibility of developing and applying mechanical methods, based on the proof system PVS, to prove propositions about realtime systems specified in the LynchVaandrager timed automata model. In using automated provers to prove propositions about ..."
Abstract

Cited by 30 (9 self)
 Add to MetaCart
(Show Context)
This paper reports the results of a case study on the feasibility of developing and applying mechanical methods, based on the proof system PVS, to prove propositions about realtime systems specified in the LynchVaandrager timed automata model. In using automated provers to prove propositions about systems described by a specific mathematical model, both the proofs and the proof process can be simplified by exploiting the special properties of the mathematical model. Because both specifications and methods of reasoning about them tend to be repetitive, the use of a standard template for specifications, accompanied by standard shared theories and standard proof strategies or tactics, is often feasible. Presented are the PVS specification of three theories that underlie the timed automata model, a template for specifying timed automata models in PVS, and an example of its instantiation. Both hand proofs and the corresponding PVS proofs of two propositions are provided to illustrate h...
I/O Automata in Isabelle/HOL
 Types for Proofs and Programs, volume 996 of Lecture Notes in Computer Science
, 1995
"... . We have embedded the metatheory of I/O automata, a model for describing and reasoning about distributed systems, in Isabelle 's version of higher order logic. On top of that, we have specified and verified a recent network transmission protocol which achieves reliable communication using ..."
Abstract

Cited by 23 (2 self)
 Add to MetaCart
. We have embedded the metatheory of I/O automata, a model for describing and reasoning about distributed systems, in Isabelle 's version of higher order logic. On top of that, we have specified and verified a recent network transmission protocol which achieves reliable communication using singlebitheader packets over a medium which may reorder packets arbitrarily. 1 Introduction This paper describes a formalization of Input/Output automata (IOA), a particular model for concurrent and distributed discrete event systems due to Lynch and Tuttle [9], inside Isabelle/HOL, a theorem prover for higherorder logic [12]. The motivation for our work is twofold:  The verification of distributed systems is a challenging application for formal methods because in that area informal arguments are notoriously unreliable.  This area is doubly challenging for interactive general purpose theorem provers because modelchecking [4] already provides a successful automatic approach to the ver...
Partitionable Virtual Synchrony Using Extended Virtual Synchrony
, 2001
"... Vieworiented group communication systems (GCSs) are powerful tools for building distributed applications. Over the past fifteen years, group communication researchers developed a multitude of group communication semantics and implementations. Today, researchers commonly design their group communica ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
Vieworiented group communication systems (GCSs) are powerful tools for building distributed applications. Over the past fifteen years, group communication researchers developed a multitude of group communication semantics and implementations. Today, researchers commonly design their group communication algorithms on top of simple existing services such as a network membership service or a reliable FIFO multicast framework. A natural extension of this idea is to implement one set of group communication semantics using another. This approach is not usually utilized due to the expensive overhead of running one set of group communication algorithms on top of another.
Traces of I/OAutomata in Isabelle/HOLCF
 TAPSOFT'97: THEORY AND PRACTICE OF SOFTWARE DEVELOPMENT, VOLUME 1214 OF LNCS
, 1997
"... This paper presents a formalization of finite and infinite sequences in domain theory carried out in the theorem prover Isabelle. The results ..."
Abstract

Cited by 14 (5 self)
 Add to MetaCart
This paper presents a formalization of finite and infinite sequences in domain theory carried out in the theorem prover Isabelle. The results
Formal Verification of TCP and T/TCP
, 1997
"... In this thesis we present a formal abstract specification for TCP/IP transport level protocols and formally verify that TCP satisfies this specification. We first verify a formal model of TCP where we assume it has unbounded counters. With bounded counters, TCP requires several timing mechanisms to ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
In this thesis we present a formal abstract specification for TCP/IP transport level protocols and formally verify that TCP satisfies this specification. We first verify a formal model of TCP where we assume it has unbounded counters. With bounded counters, TCP requires several timing mechanisms to function correctly. We also model TCP with these timing mechanisms and verify that it also satisfies our specification. We also present a formal description of an experimental protocol called T/TCP which is designed to provide the same service as TCP, but with optimizations to make it efficient for transactions. Even with unbounded counters this protocol does not provide the same service as TCP as it may deliver the same message twice. Even though the service provide by T/TCP is not exactly the same as TCP, its behavior may be acceptable for some applications. Therefore, we define a weaker specification that captures this behavior of T/TCP while maintaining the other correctness properties of our initial specification. We then verify that T/TCP satisfies this weaker specification. Our
ComputerAssisted Verification of an Algorithm for Concurrent Timestamps
 Formal Description Techniques IX: Theory, Applications, and Tools (FORTE/PSTV'96: Joint International Conference on Formal Description Techniques for Distributed Systems and Communication Protocols, and Protocol Specification, Testing, and Verification
, 1996
"... A formal representation and machinechecked proof are given for the Bounded Concurrent Timestamp (BCTS) algorithm of Dolev and Shavit. The proof uses invariant assertions and a forward simulation mapping to a corresponding Unbounded Concurrent Timestamp (UCTS) algorithm, following a strategy develop ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
A formal representation and machinechecked proof are given for the Bounded Concurrent Timestamp (BCTS) algorithm of Dolev and Shavit. The proof uses invariant assertions and a forward simulation mapping to a corresponding Unbounded Concurrent Timestamp (UCTS) algorithm, following a strategy developed by Gawlick, Lynch, and Shavit. The proof was produced interactively, using the Larch Prover. Keywords Verification, validation and testing; tools and tool support; Larch; input/output automata; concurrent timestamps 1 INTRODUCTION In this paper, we describe a computerassisted verification, using the Larch Prover (Garland and Guttag, 1991), of one of the most complicated algorithms in the distributed systems theory literature: the Bounded Concurrent Timestamp (BCTS) algorithm of Dolev and Shavit (1989). This algorithm runs in the singlewriter, multireader, read/write shared memory model. The verified algorithm is a slight simplification, due to Gawlick, Lynch, and Shavit (1992), of t...
Verifiable Code Generation from Abstract I/O Automata Models for Distributed Computing
, 2001
"... I/O Automata Models for Distributed Computing Submitted by: Joshua A. Tauber NE43369 (Signature of author) Cambridge, MA 02139 Date of submission: March 21, 2001 Expected Date of Completion: May 2002 Laboratory where thesis will be done: Laboratory for Computer Science Brief Statement of th ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
I/O Automata Models for Distributed Computing Submitted by: Joshua A. Tauber NE43369 (Signature of author) Cambridge, MA 02139 Date of submission: March 21, 2001 Expected Date of Completion: May 2002 Laboratory where thesis will be done: Laboratory for Computer Science Brief Statement of the Problem: Reasoning about and building distributed systems is notoriously dicult. I/O automata provide a simple mathematical basis for formally modeling and understanding distributed systems. Using a rich set of proof techniques, I/O automata have been used to verify a wide variety of distributed systems and algorithms and to express and prove several impossibility results. IOA is a formal language for describing I/O automata that has been introduced to promote I/O automatabased techniques and to support an integrated software development environment for distributed systems. This environment, the IOA toolset, will support algorithm design, development, testing, and formal veri cation using automated tools. The toolset connects I/O automata together with both lightweight (syntax checkers, simulators, model checkers) and heavyweight (theorem provers) tools.