Certification of Distributed Self-Stabilizing Algorithms Using Coq Master Internship

Scientific Context. Modern distributed systems can be large-scale (e.g., Internet), dynamic (e.g., Peerto-Peer systems), and / or resource constrained (e.g., WSNs — Wireless Sensor Networks). Those characteristics increase the number of faults which may hit the system. For instance, in WSNs, processes are subject to crash failures because of their limited battery. Moreover, their communications use radio channels which are subject to intermittent loss of messages. Now, due to their large-scale and the adversarial environment where they may be deployed, intervention to repair them cannot be always envisioned. In this context, fault-tolerance, i.e., the ability of a distributed algorithm to endure the faults by itself, is mandatory. Self-stabilization is a versatile lightweight technique to withstand transient faults in a distributed system. After transient faults hit and place the system into some arbitrary global state, a self-stabilizing algorithm returns, in finite time, to a correct behavior without external intervention. Self-stabilization makes no hypotheses on the nature or extent of transient faults that could hit the system, and recovers from the effects of those faults in a unified manner. Today’s researches on self-stabilizing algorithms focus on more and more complex problems and adversarial environments. This makes the proof that an algorithm actually achieves self-stabilization even more complex and subtle to establish. Now, those proofs are usually performed by hand, using informal reasoning. Such methods are clearly pushed to their limits and this justifies the use of a proof assistant. Proof assistants are environments in which a user can express programs, state theorems, and develop proofs interactively, those ones being mechanically checked (i.e., machine-checked). In particular, the Coq proof assistant [4], which is targeted by this project, has been successfully used for various tasks such as mathematical developments as involved as the 4-colors or Feit-Thompson theorems, formalization of programming language semantics leading to the certification of a C compiler, certified numerical libraries, and verification of cryptographic protocols. However, despite the clear benefits of formalized proofs in the area of self-stabilization, this topic remains almost unexplored until now. Courtieu [1] provides a general setting for reasoning on self-stabilization in Coq. A formal correctness proof of Dijkstra’s seminal self-stabilizing algorithm has already been conducted with the PVS proof assistant [3]. This experiment ended with an elegant proof but the case of Dijkstra’s two rules algorithm for token circulation on a ring is too simple to draw a general conclusion.