Verification and Synthesis of Symmetric Uni-Rings for Leads-To Properties

This paper investigates the verification and synthesis of parameterized protocols that satisfy leadsto properties $R \leadsto Q$ on symmetric unidirectional rings (a.k.a. uni-rings) of deterministic and constant-space processes under no fairness and interleaving semantics, where $R$ and $Q$ are global state predicates. First, we show that verifying $R \leadsto Q$ for parameterized protocols on symmetric uni-rings is undecidable, even for deterministic and constant-space processes, and conjunctive state predicates. Then, we show that surprisingly synthesizing symmetric uni-ring protocols that satisfy $R \leadsto Q$ is actually decidable. We identify necessary and sufficient conditions for the decidability of synthesis based on which we devise a sound and complete polynomial-time algorithm that takes the predicates $R$ and $Q$, and automatically generates a parameterized protocol that satisfies $R \leadsto Q$ for unbounded (but finite) ring sizes. Moreover, we present some decidability results for cases where leadsto is required from multiple distinct $R$ predicates to different $Q$ predicates. To demonstrate the practicality of our synthesis method, we synthesize some parameterized protocols, including agreement and parity protocols

ON THE APPLICATIONS OF INTERACTIVE THEOREM PROVING IN COMPUTATIONAL SCIENCES AND ENGINEERING

Interactive Theorem Proving (ITP) is one of the most rigorous methods used in formal verification of computing systems. While ITP provides a high level of confidence in the correctness of the system under verification, it suffers from a steep learning curve and the laborious nature of interaction with a theorem prover. As such, it is desirable to investigate whether ITP can be used in unexplored (but high-impact) domains where other verification methods fail to deliver. To this end, the focus of this dissertation is on two important domains, namely design of parameterized self-stabilizing systems, and mechanical verification of numerical approximations for Riemann integration. Self-stabilization is an important property of distributed systems that enables recovery from any system configuration/state. There are important applications for self-stabilization in network protocols, game theory, socioeconomic systems, multi-agent systems and robust data structures. Most existing techniques for the design of self-stabilization rely on a ‘manual design and after-the-fact verification’ method. In a paradigm shift, we present a novel hybrid method of ‘synthesize in small scale and generalize’ where we combine the power of a finite-state synthesizer with theorem proving. We have used our method for the design of network protocols that are self-stabilizing irrespective of the number of network nodes (i.e., parameterized protocols). The second domain of application of ITP that we are investigating concentrates on formal verification of the numerical propositions of Riemann integral in formal proofs. This is a high-impact problem as Riemann Integral is considered one of the most indispensable tools of modern calculus. That has significant applications in the development of mission-critical systems in many Engineering fields that require rigorous computations such as aeronautics, space mechanics, and electrodynamics. Our contribution to this problem is three fold: first, we formally specify and verify the fundamental Riemann Integral inclusion theorem in interval arithmetic; second, we propose a general method to verify numerical propositions on Riemann Integral for a large class of integrable functions; third, we develop a set of practical automatic proof strategies based on formally verified theorems. The contributions of Part II have become part of the ultra-reliable NASA PVS standard library

On the Limits and Practice of Automatically Designing Self-Stabilization

A protocol is said to be self-stabilizing when the distributed system executing it is guaranteed to recover from any fault that does not cause permanent damage. Designing such protocols is hard since they must recover from all possible states, therefore we investigate how feasible it is to synthesize them automatically. We show that synthesizing stabilization on a fixed topology is NP-complete in the number of system states. When a solution is found, we further show that verifying its correctness on a general topology (with any number of processes) is undecidable, even for very simple unidirectional rings. Despite these negative results, we develop an algorithm to synthesize a self-stabilizing protocol given its desired topology, legitimate states, and behavior. By analogy to shadow puppetry, where a puppeteer may design a complex puppet to cast a desired shadow, a protocol may need to be designed in a complex way that does not even resemble its specification. Our shadow/puppet synthesis algorithm addresses this concern and, using a complete backtracking search, has automatically designed 4 new self-stabilizing protocols with minimal process space requirements: 2-state maximal matching on bidirectional rings, 5-state token passing on unidirectional rings, 3-state token passing on bidirectional chains, and 4-state orientation on daisy chains

A lightweight method for automated design of convergence in network protocols

Design and verification of Self-Stabilizing (SS) network protocols are difficult tasks in part because of the convergence property that requires an SS protocol to recover to a set of legitimate states from any state in its state space. Once an SS protocol reaches a legitimate state, it remains in the set of legitimate states as long as there are no faults, called the closure property. Distribution issues exacerbate the design complexity of SS protocols as processes should collaborate and take local actions that result in global convergence. Most existing design techniques are manual, and mainly focus on protocols whose global state can be corrected if the local states of all processes are corrected, called the locally correctable protocols. After manual design, an SS protocol has to be verified for closure and convergence. Previous work observes that verifying SS protocols is a harder problem than designing them as developers have to ensure the correctness of closure and convergence functionalities and their noninterference. An algorithmic method for the design of convergence generates protocols that are correct by construction, thereby eliminating the need for verification. In order to facilitate the design of SS protocols, this article presents a lightweight method for algorithmic addition of convergence to finite-state nonstabilizing protocols, including nonlocally correctable protocols. The proposed method enables the reuse of design efforts in the development of different self-stabilizing protocols. Moreover, for the first time (to the best of our knowledge), this article presents an algorithmic method for the addition of convergence to symmetric protocols that consist of structurally similar processes. The proposed approach is supported by a software tool that automatically adds convergence to nonstabilizing protocols. We have used the proposed method/tool to automatically generate several self-stabilizing protocols with up to 40 processes (and 340 states) in a few minutes on a regular PC. Surprisingly, our tool has synthesized both protocols that are the same as their manually designed versions as well as alternative solutions for well-known problems in the literature (e.g., Dijkstra\u27s token ring, maximal matching, graph coloring, agreement and leader election in a ring). Moreover, the proposed method has helped us detect a design flaw in a manually designed self-stabilizing protocol. © 2012 ACM