## Deductive verification of distributed groupware systems (2004)

Venue: | In Algebraic Methodology and Software Technology, 10th International Conference, AMAST 2004, volume 3116 of Lecture Notes in Computer Science |

Citations: | 4 - 2 self |

### BibTeX

@INPROCEEDINGS{Imine04deductiveverification,

author = {Abdessamad Imine and Pascal Molli and Gérald Oster and Michaël Rusinowitch},

title = {Deductive verification of distributed groupware systems},

booktitle = {In Algebraic Methodology and Software Technology, 10th International Conference, AMAST 2004, volume 3116 of Lecture Notes in Computer Science},

year = {2004},

pages = {226--240},

publisher = {Springer}

}

### OpenURL

### Abstract

Abstract. Distributed groupware systems consist of a group of users manipulating a shared object (like a text document, a filesystem, etc). Operational Transformation (OT) algorithms are applied for achieving convergence in these systems. However, the design of such algorithms is a difficult and error-prone activity, since building the correct operations for maintaining good convergence properties of the local copies requires examining a large number of situations. In this paper, we present the modelling and deductive verification of OT algorithms with algebraic specifications. We show that many OT algorithms in the literature do not satisfy convergence properties unlike what was stated by their authors. 1

### Citations

857 | Modern Operating Systems
- Tanenbaum
- 2001
(Show Context)
Citation Context ...e applied in different orders at different replicas (or copies) of the object. This potentially leads to divergent (or different) replicas – an undesirable situation for distributed groupware systems =-=[16]-=-. Operational Transformation is an approach which has been proposed to overcome the divergence problem, especially for building real-time groupware [4, 15]. This approach consists of an algorithm whic... |

110 | A hidden agenda
- Goguen, Malcolm
- 2000
(Show Context)
Citation Context ...e proof process. The developers should use the theorem prover as a (push-button) probing tool to verify convergence conditions. Using Observational Semantics, we treat a replica object as a black box =-=[6]-=-. We specify interactions between a replica object and a user. Operations which observe the replica states are called attributes, and operations which change the states are called methods. We can only... |

95 | Achieving convergence, causality-preservation, and intention-preservation in real-time cooperative editing systems
- Sun, Jia, et al.
- 1998
(Show Context)
Citation Context ...ble situation for distributed groupware systems [16]. Operational Transformation is an approach which has been proposed to overcome the divergence problem, especially for building real-time groupware =-=[4, 15]-=-. This approach consists of an algorithm which transforms, i.e. to adjust parameters, the remote operation according to local concurrent ones in order to achieve convergence. It has been used in sever... |

83 | An Integrating, Transformation-Oriented Approach to Concurrency Control and Undo in Group Editors
- Ressel, Nitsche-Ruhland, et al.
- 1996
(Show Context)
Citation Context ...onsists of an algorithm which transforms, i.e. to adjust parameters, the remote operation according to local concurrent ones in order to achieve convergence. It has been used in several group editors =-=[4, 13, 15, 14, 18]-=-, and more recently it is employed in other distributed systems as the generic synchronizer S5 [11]. The advantages of this approach are: (i) it is independent of the replica state and depends only on... |

77 |
Term Rewriting Systems
- Terese
- 2003
(Show Context)
Citation Context ...ing and reasoning on OT algorithms. 3.1 Algebraic Preliminaries We assume that the reader is familiar with the basic concepts of algebraic specifications [19], term rewriting and equational reasoning =-=[17]-=-. Let S be a set (of sorts). An S-sorted set is a family of sets X = {Xs}s∈S indexed by S. A many-sorted signature Σ is a triplet (S, F, X) where S is a set (of sorts), F is a S∗ × S-sorted set (of fu... |

54 | Copies convergence in a distributed real-time collaborative environment
- Vidot
- 2000
(Show Context)
Citation Context ...onsists of an algorithm which transforms, i.e. to adjust parameters, the remote operation according to local concurrent ones in order to achieve convergence. It has been used in several group editors =-=[4, 13, 15, 14, 18]-=-, and more recently it is employed in other distributed systems as the generic synchronizer S5 [11]. The advantages of this approach are: (i) it is independent of the replica state and depends only on... |

46 | Circular Coinductive Rewriting
- Goguen, Lin, et al.
- 2000
(Show Context)
Citation Context ... = true ⇒ T (Del(p1, pr1), Ins(p2, c2, pr2)) = Del(p1 + 1, pr1); Fig. 3. Replica specification for text editor.sWe use an observational semantics which is based on weakening the satisfaction relation =-=[3, 1, 6, 5]-=-. Informally speaking, the replica objects which cannot be distinguished by experiments are considered as observationally equal. When using algebraic specifications, such experiments can be formally d... |

38 | Concurrent operations in a distributed and mobile collaborative environment - Suleiman, Cart, et al. - 1998 |

30 |
Algebraic specification. In: Handbook of Theoretical Computer Science, Volume B: Formal Models and Semantics, Chapter 13
- Wirsing
- 1990
(Show Context)
Citation Context ...e ingredients of our formalization for specifying and reasoning on OT algorithms. 3.1 Algebraic Preliminaries We assume that the reader is familiar with the basic concepts of algebraic specifications =-=[19]-=-, term rewriting and equational reasoning [17]. Let S be a set (of sorts). An S-sorted set is a family of sets X = {Xs}s∈S indexed by S. A many-sorted signature Σ is a triplet (S, F, X) where S is a s... |

3 |
Michaël Rusinowitch. Development of transformation functions assisted by a theorem prover
- Imine, Molli, et al.
- 2002
(Show Context)
Citation Context ...rithm. Moreover, using our theorem-proving approach we have obtained surprising results. Indeed, we have detected bugs in several distributed groupware systems designed by specialists from the domain =-=[7, 8]-=-. Related work. To our best knowledge, there is no other work on formal verification of OT algorithms. In [8], we represented the replica as an abstract data type, but the proof effort became costlier... |

1 |
Hala Skaf-Molli, and Abdessamad Imine, Using the Transformational Approach to Build a Safe and Generic Data Synchronizer
- Molli, Oster
- 2003
(Show Context)
Citation Context ...rrent ones in order to achieve convergence. It has been used in several group editors [4, 13, 15, 14, 18], and more recently it is employed in other distributed systems as the generic synchronizer S5 =-=[11]-=-. The advantages of this approach are: (i) it is independent of the replica state and depends only on concurrent operations; (ii) it enables an unconstrained concurrency, i.e. no global order on opera... |