Relational programs

The objective of this research is to produce useful, low-cost methods for developing correct concurrent programs from formal specifications. In particular, we address the design and verification of the synchronization and communication portions of such programs. Often, this portion can be implemented using a fixed, finite amount of synchronization related data, i.e., it is "finite-state." Nevertheless, even when each program component contains only one bit of synchronization related data, the number of possible global synchronization states for K components is about 2^K, in general. Because of this "state-explosion" phenomenon, the manual verification of large concurrent programs typically requires lengthy, and therefore error-prone, proofs. Using a theorem prover increases reliability, but requires extensive formal labor to axiomatize and solve verification problems. Automatic verification methods (such as reachability analysis and temporal logic model checking) use state-space exploration to decide if a program satisfies its specification, and are therefore also subject to state-explosion. To date, proposed techniques for ameliorating state-explosion either require significant manual labor, or work well only when the program is highly symmetric and regular (e.g., many functionally similar components connected in similar ways).To overcome these drawbacks, we advocate the synthesis of programs from specifications. This approach performs the refinement from specifications to programs automatically. Thus, the amount of formal labor is reduced to writing a formal specification and applying the appropriate synthesis step at each stage of the derivation. While nontrivial, writing a formal specification is necessary in any methodology that guarantees correctness.