## A Lattice-Structured Proof Technique Applied to a Minimum Spanning Tree Algorithm (Extended Abstract) (1988)

### Cached

### Download Links

Venue: | Laboratory for Computer Science, Massachusetts Institute of Technology |

Citations: | 12 - 3 self |

### BibTeX

@INPROCEEDINGS{Welch88alattice-structured,

author = {Jennifer Lundelius Welch and Nancy Lynch},

title = {A Lattice-Structured Proof Technique Applied to a Minimum Spanning Tree Algorithm (Extended Abstract)},

booktitle = {Laboratory for Computer Science, Massachusetts Institute of Technology},

year = {1988},

pages = {28--43}

}

### OpenURL

### Abstract

Jennifer Lundelius Welch Leslie Lamport Digital Equipment Corporation, Systems Research Center Abstract: rithms are often hard to prove correct because they have no natural decomposition into separately provable parts. This paper presents a proof technique for the modular verification of such non-modular algorithms. It generalizes existing verification techniques based on a totally-ordered hierarchy of refinements to allow a partiallyordered hierarchy--that is; a lattice of different views of the algorithm. The technique is applied to the well-known distributed minimum spanning tree algorithm of Gallager, Humblet and Spira, which has until recently lacked a rigorous proof. 1.

### Citations

2121 | Statecharts : a visual formalism for complex systems - Harel - 1987 |

366 | Hierarchical correctness proofs for distributed algorithms
- Lynch, Tuttle
- 1987
(Show Context)
Citation Context ...proving that each correctly implements the next higher-level version. This approach has been extended to concurrent algorithms by Lamport [L]. Stark [S], Hare1 [HI, Kurshan [Ii], and Lynch and Tuttle =-=[LT]-=-, where a single action in a higherlevel representation can represent a sequence of lower-level actions. The higher-level versions usually provide a global view of the algorithm, with progress made in... |

341 |
A distributed algorithm for minimumweight spanning trees
- Gallager, Humblet, et al.
- 1983
(Show Context)
Citation Context ...niques for verifying liveness properties; only one of them makes use of the lattice structure. The technique is used to prove Gallager, Humblet and Spira’s distributed minimum spanning tree algorith=-=m [GHS]-=-. This algorithm has been of great interest for some time. There appears in [GHSJ an intuitive description of why the algo29 rithm should work, but no rigorous proof. There are several reasons for giv... |

310 |
An axiomatic proof technique for parallel programs
- Owicki, Gries
- 1976
(Show Context)
Citation Context ...mportance to correctness proofs of distributed algorithms. Techniques for verifying sequential algorithms have been extended to handle concurrent and distributed ones-for example, by Owicki and Gries =-=[OG]-=-, Manna and Pnueli [MP], Lamport and Schneider [LSc], and Alpern and Schneider [AS]. Practical algorithms are usually optimized for efficiency rather than simplicity, and proving them correct mav be f... |

221 |
Complexity of network synchronization
- Awerbuch
- 1985
(Show Context)
Citation Context ...ss of the original algorithm follows immediately from the correctness of the projections. This approach was used by Fekete, Lynch, and Shrira [FLS] to prove the correctness of Awerbuch’s synchronize=-=r [Al]-=-.sNot all algorithms are modular. In practical algorithms, modularity is often destroyed by optimizations. The correctness of a non-modular algorithm is not an immediate consequence of the correctness... |

193 |
Specifying concurrent program modules
- Lamport
- 1983
(Show Context)
Citation Context ...rarchy of increasingly detailed versions of the algorithm and proving that each correctly implements the next higher-level version. This approach has been extended to concurrent algorithms by Lamport =-=[L]-=-. Stark [S], Hare1 [HI, Kurshan [Ii], and Lynch and Tuttle [LT], where a single action in a higherlevel representation can represent a sequence of lower-level actions. The higher-level versions usuall... |

62 |
Protocol verification via projections
- Lam, Shankar
- 1984
(Show Context)
Citation Context ... be incommeasurable, neither one being a refinement of the other. Multiple higher-level versions of a communication protocol, each focusing on a different function, were considered by Lam and Shankar =-=[LSh]. Th-=-ey called each higher-level version a “projection”. If the original protocol is sufficiently modular, then it can be represented as the composition of the projections, and the correctness of the o... |

52 | Impartiality, justice and fairness: The ethics of concurrent termination - Lehmann, Pnueli, et al. - 1981 |

44 | Reducibilityin analysis of coordination - Kurshan - 1987 |

42 |
Decomposition of distributed programs into communication-closed layers
- Elrad, Francez
- 1982
(Show Context)
Citation Context ...n the program and the proof. Two other proofs of this algorithm have recently been developed. Stomp and de Roever [SdR] used the notion of communication-closed layers, introduced by Elrad and Francez =-=[EF]-=-. Chou and Gafni [CG] prove the correctness of a simpler, more sequential version of the algorithm and then prove that every execution of the original algorithm is equivalent to an execution of the mo... |

42 |
Verification of concurrent programs: A temporal proof system
- Manna, Pnueli
- 1983
(Show Context)
Citation Context ...s proofs of distributed algorithms. Techniques for verifying sequential algorithms have been extended to handle concurrent and distributed ones-for example, by Owicki and Gries [OG], Manna and Pnueli =-=[MP]-=-, Lamport and Schneider [LSc], and Alpern and Schneider [AS]. Practical algorithms are usually optimized for efficiency rather than simplicity, and proving them correct mav be feasible onlv if the nro... |

24 | Improvements in the time complexity of two message-optimal election algorithms - Gafni - 1985 |

15 | Distributed BFS algorithms - Awerbuch, Gallager - 1985 |

15 | Proving boolean combinations of deterministic properties
- Alpern, Schneider
- 1987
(Show Context)
Citation Context ... sequential algorithms have been extended to handle concurrent and distributed ones-for example, by Owicki and Gries [OG], Manna and Pnueli [MP], Lamport and Schneider [LSc], and Alpern and Schneider =-=[AS]-=-. Practical algorithms are usually optimized for efficiency rather than simplicity, and proving them correct mav be feasible onlv if the nroofs can be The work of Lynch and Welch was supported in part... |

13 | Foundations of a theory of specification for distributed systems
- STARK
- 1984
(Show Context)
Citation Context ...ncreasingly detailed versions of the algorithm and proving that each correctly implements the next higher-level version. This approach has been extended to concurrent algorithms by Lamport [L]. Stark =-=[S]-=-, Hare1 [HI, Kurshan [Ii], and Lynch and Tuttle [LT], where a single action in a higherlevel representation can represent a sequence of lower-level actions. The higher-level versions usually provide a... |

10 | An Almost Linear Time and O(n log n + e) Messages Distributed Algorithm for Minimum‐Weight Spanning Trees - Chin, Ting - 1985 |

2 | T o p its in Distributed Computing: The Impact of Partial Synchrony, and Modular Decomposition of Algorithms - Welch - 1988 |

1 |
A Modular Proof of Correctness for a Network Syn
- Felete, Lynch, et al.
- 1987
(Show Context)
Citation Context ...d as the composition of the projections, and the correctness of the original algorithm follows immediately from the correctness of the projections. This approach was used by Fekete, Lynch, and Shrira =-=[FLS] t-=-o prove the correctness of Awerbuch’s synchronizer [Al].sNot all algorithms are modular. In practical algorithms, modularity is often destroyed by optimizations. The correctness of a non-modular alg... |

1 | Introduction to the Theory of Nested Transactions,” to appear in Theoretical Computer Science. (Also available as technical report MIT/LCS/TR367 - Lynch, Merritt - 1986 |

1 |
The ‘Hoare Logic’ and All That
- Lamport, Schneider
- 1984
(Show Context)
Citation Context ...rithms. Techniques for verifying sequential algorithms have been extended to handle concurrent and distributed ones-for example, by Owicki and Gries [OG], Manna and Pnueli [MP], Lamport and Schneider =-=[LSc]-=-, and Alpern and Schneider [AS]. Practical algorithms are usually optimized for efficiency rather than simplicity, and proving them correct mav be feasible onlv if the nroofs can be The work of Lynch ... |