Using Induction to Prove Properties of Distributed Programs

Proofs of distributed programs are often informal due to the difficulty of developing formal proofs. Properties of distributed programs are often stated using Lamport's causally-precedes relation and its complement, not-causally-precedes. Properties that involve the causally-precedes relation are fairly straight forward to prove using induction. However, properties that involve not-causally-precedes are quite difficult to prove. Such properties are common since predicates on the global state of a system implicitly use the not-causally-precedes relation. This paper presents a method of induction on the not-causally-precedes relation and demonstrates the technique by formally proving a variant of the well known algorithm for maintaining a vector clock. 1 Introduction In this paper we present a method to prove properties of asynchronous distributed programs. Our method is based upon the causally-precedes relation as defined by Lamport [7]. We show how properties using the causally-preced..