Mechanical Verification of Clock Synchronization Algorithms

Clock synchronization algorithms play a crucial role in a variety of fault-tolerant distributed architectures. Although those algorithms are similar in their basic structure, the particular designs differ considerably, for instance in the way clock adjustments are computed. This paper develops a formal generic theory of clock synchronization algorithms which extracts the commonalities of specific algorithms and their correctness arguments; this generalizes previous work by Shankar and Miner by covering non-averaging adjustment functions, in addition to averaging algorithms. The generic theory is presented as a set of parameterized PVS theories, stating the general assumptions on parameters and demonstrating the verification of generic clock synchronization. The generic theory is then specialized to the class of algorithms using averaging functions, yielding a theory that corresponds to those of Shankar and Miner. As examples of the verification of concrete, published algorithms, the formal verification of an instance of an averaging algorithms (by Welch and Lynch [3]) and of a non-averaging algorithm (by Srikanth and Toueg [14]) is discussed.

[1]  Paul S. Miner Verification of fault-tolerant clock synchronization systems. M.S. Thesis - College of William and Mary, 1992 , 1993 .

[2]  Nancy A. Lynch,et al.  A new fault-tolerant algorithm for clock synchronization , 1984, PODC '84.

[3]  Andy J. Wellings,et al.  GUARDS: A Generic Upgradable Architecture for Real-Time Dependable Systems , 1997, IEEE Trans. Parallel Distributed Syst..

[4]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[5]  Natarajan Shankar,et al.  PVS: Combining Specification, Proof Checking, and Model Checking , 1996, FMCAD.

[6]  John Rushby,et al.  Expanded Version of a Paper from the Sixth Working Conference on Dependable Computing for Critical Applications, Systematic Formal Veriication for Fault-tolerant Time-triggered Algorithms , 1997 .

[7]  Natarajan Shankar,et al.  Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS , 1995, IEEE Trans. Software Eng..

[8]  Natarajan Shankar Mechanical Verification of a Schematic Byzantine Clock Synchronization Algorithm , 1991 .

[9]  Hermann Kopetz,et al.  TTP - A time-triggered protocol for fault-tolerant real-time systems , 1993, FTCS-23 The Twenty-Third International Symposium on Fault-Tolerant Computing.

[10]  Sam Toueg,et al.  Optimal clock synchronization , 1985, PODC '85.

[11]  Friedrich W. von Henke,et al.  Formal Verification of Algorithms for Critical Systems , 1993, IEEE Trans. Software Eng..

[12]  Bev Littlewood,et al.  Predictably Dependable Computing Systems , 2012, ESPRIT Basic Research Series.

[13]  Hermann Kopetz The Time-Triggered Approach to Real-Time System Design , 1995 .

[14]  Günter Grünsteidl,et al.  TTP - A Protocol for Fault-Tolerant Real-Time Systems , 1994, Computer.

[15]  N. Shankar,et al.  Pvs: Combining Speciication, Proof Checking, and Model Checking ? 1 Combining Theorem Proving and Typechecking , 1996 .

[16]  Fred B. Schneider,et al.  Understanding Protocols for Byzantine Clock Synchronization , 1987 .