Guaranteeing Convergence of Distributed Systems: From Specification to Implementation via Refinement

This paper describes a methodology for developing and verifying a class of distributed systems using stepwise refinement and a theorem prover. The process of refinement leads to algorithms in which individual steps can be implemented atomically in a straightforward way. These algorithms are then transformed from the notation of the theorem prover to a target programming language, such as Java and Erlang. The methodology allows the system state space to be continuous. The key temporal properties that are preserved by the above refinement and transformation processes are convergence and termination. The proof techniques used are extensions of control theoretic results to temporal logic of continuous time and state spaces. We present a library of theorems and proofs to reduce the work required to develop and verify programs in this class. The applicability of the method is demonstarted by modeling and performing step-wise refinement of a collection of standard algorithms for sensor networks and multi-vehicle systems.