Proving Correctness of Transformation Functions in Real-Time Groupware

Colloque avec actes et comité de lecture. internationale.International audienceOperational transformation is an approach which allows to build real-time groupware tools. This approach requires correct transformation functions. Proving the correction of these transformation functions is very complex and error prone. In this paper, we show how a theorem prover can address this serious bottleneck. To validate our approach, we have verified the correctness of state-of-art transformation functions defined on Strings with surprising results. Counter-examples provided by the theorem prover have helped us to define new correct transformation functions for Strings

Towards Synchronizing Linear Collaborative Objects with Operation Transformation

A collaborative object represents a data type (such as a text document or a filesystem) designed to be shared by multiple geographi- cally separated users. Data replication is a technology to improve perfor- mance and availability of data in distributed systems. Indeed, each user has a local copy of the shared objects, upon which he may perform up- dates. Locally executed updates are then transmitted to the other users. This replication potentially leads, however, to divergent (i.e. different) copies. In this respect, Operational Transformation (OT) algorithms are applied for achieving convergence of all copies, i.e. all users view the same objects. Using these algorithms users can apply the same set of updates but possibly in different orders since the convergence should be ensured in all cases. However, achieving convergence with the OT approach is still a critical and challenging issue. In this paper, we address an open convergence problem when the shared data has a linear structure such as list, text, ordered XML tree, etc. We analyze the source of this problem and we propose a generic solution with its formal correctness

A Constraint-based Approach for Generating Transformation Patterns

Undoing operations is an indispensable feature for many collaborative applications, mainly collaborative editors. It provides the ability to restore a correct state of shared data after erroneous operations. In particular, selective undo allows to undo any operation and is based on rearranging operations in the history thanks to the Operational Transformation (OT) approach. OT is an optimistic replication technique allowing for updating the shared data concurrently while maintaining convergence. It is a challenging task how to meaningfully combine OT and undo approaches. Indeed, undoing operations that are received and executed out-of-order at different sites leads to divergence cases. Even though various undo solutions have been proposed over the recent years, they are either limited or erroneous. In this paper, we propose a constraint-based approach to address the undo problem. We use Constraint Satisfaction Problem (CSP) theory to devise correct and undoable transformation patterns (w.r.t OT and undo properties) which considerably simplifies the design of collaborative objects.Comment: In Proceedings FOCLASA 2015, arXiv:1512.0694

On Consistency of Operational Transformation Approach

The Operational Transformation (OT) approach, used in many collaborative editors, allows a group of users to concurrently update replicas of a shared object and exchange their updates in any order. The basic idea of this approach is to transform any received update operation before its execution on a replica of the object. This transformation aims to ensure the convergence of the different replicas of the object, even though the operations are executed in different orders. However, designing transformation functions for achieving convergence is a critical and challenging issue. Indeed, the transformation functions proposed in the literature are all revealed incorrect. In this paper, we investigate the existence of transformation functions for a shared string altered by insert and delete operations. From the theoretical point of view, two properties - named TP1 and TP2 - are necessary and sufficient to ensure convergence. Using controller synthesis technique, we show that there are some transformation functions which satisfy only TP1 for the basic signatures of insert and delete operations. As a matter of fact, it is impossible to meet both properties TP1 and TP2 with these simple signatures.Comment: In Proceedings Infinity 2012, arXiv:1302.310

Verifying Strong Eventual Consistency in Distributed Systems

Data replication is used in distributed systems to maintain up-to-date copies of shared data across multiple computers in a network. However, despite decades of research, algorithms for achieving consistency in replicated systems are still poorly understood. Indeed, many published algorithms have later been shown to be incorrect, even some that were accompanied by supposed mechanised proofs of correctness. In this work, we focus on the correctness of Conflict-free Replicated Data Types (CRDTs), a class of algorithm that provides strong eventual consistency guarantees for replicated data. We develop a modular and reusable framework in the Isabelle/HOL interactive proof assistant for verifying the correctness of CRDT algorithms. We avoid correctness issues that have dogged previous mechanised proofs in this area by including a network model in our formalisation, and proving that our theorems hold in all possible network behaviours. Our axiomatic network model is a standard abstraction that accurately reflects the behaviour of real-world computer networks. Moreover, we identify an abstract convergence theorem, a property of order relations, which provides a formal definition of strong eventual consistency. We then obtain the first machine-checked correctness theorems for three concrete CRDTs: the Replicated Growable Array, the Observed-Remove Set, and an Increment-Decrement Counter. We find that our framework is highly reusable, developing proofs of correctness for the latter two CRDTs in a few hours and with relatively little CRDT-specific code