Brief Announcement: Incremental Component-Based Modeling, Verification, and Performance Evaluation of Distributed Reset

Design and implementation of distributed algorithms often involve many subtleties due to their complex structure, nondeterminism, and low atomicity as well as occurrence of unanticipated physical events such as faults. Thus, constructing correct distributed systems has always been a challenge and often subject to serious errors. This is essentially due to the fact that we currently lack disciplined methods for the rigorous design and correct implementation of distributed systems, mainly for two reasons: (1) formal methods are not easy to use by designers and developers; and (2) there is a wide gap between modeling formalisms and automated verification tools on one side, and practical development and deployment tools on the other side. In this paper, we apply a methodology which consistently integrates modeling, verification, and performance evaluation techniques, based on the BIP (Behavior, Interaction, Priority) component framework developed at Verimag [2,3]. BIP is based on a semantic model encompassing composition of heterogeneous components. Partial state semantics of BIP allows generating from a high-level component-based model in BIP an observationally equivalent distributed implementation [2]. BIP uses two families of composition operators for expressing coordination between components: interactions and priorities. Interactions may involve multiple components (unlike traditional point-to-point formalisms) and are expressed by combining two protocols: rendezvous and broadcast. We note that addition of interactions among components adds no extra behaviors. We illustrate our methodology using the self-stabilizing distributed reset algorithm due to Arora and Gouda [1]. The algorithm consists of two layers: (1) the tree layer, where adjacent processes communicate in order to construct and maintain a rooted spanning tree throughout the alive processes, and (2) the wave layer, which achieves a global reset through a diffusing computation. We demonstrate how BIP allows independent modeling, verification, and analysis of the tree layer and wave layer and ultimately their safe composition in order to construct a correct model of distributed reset. This composition involves in addition to interactions, scheduling constraints expressed as dynamic priorities among interactions.