Modelling and Analysing Dynamic Decentralised Systems

We introduce a method to specify and analyse decentralised dynamic systems; the method is based on the combination of an event-based multi-process system specification approach with a multi-facet analysis approach that considers a reference abstract model and several specific ones derived from the abstract model in order to support facet-wise analysis. The method is illustrated with the modelling and the analysis of a mobile ad-hoc network. The Event-B framework and its related tools B4free and ProB are used to conduct the experiments.

💡 Research Summary

The paper presents an integrated methodology for the formal specification and analysis of dynamic decentralized systems, with a particular focus on mobile ad‑hoc networks (MANETs). The authors combine an event‑driven, multi‑process modeling approach based on the Event‑B framework with a multifacet analysis technique that leverages a single abstract model together with several concrete derivatives. The abstract model captures the essential global state and invariants of the system using a minimal set of variables, guards, and actions. From this foundation, concrete models are derived to represent distinct aspects such as node mobility, link creation and deletion, routing protocol behavior, and security concerns. Each concrete model inherits the core invariants of the abstract model while extending the state space with additional variables and constraints specific to its facet.

The methodology proceeds in three stages. First, the system is described as a set of interacting processes (e.g., individual nodes) whose behavior is expressed through Event‑B events like “node moves”, “link appears/disappears”, and “packet transmitted”. Second, the abstract model is proved using the B4free tool, establishing safety (e.g., every transmitted packet eventually reaches its destination) and liveness properties. Third, the concrete models are automatically checked for invariant preservation using the same proof obligations, while ProB is employed to simulate realistic execution traces, explore state spaces, and detect potential violations under dynamic scenarios.

In the case study, the authors model a MANET with an arbitrary number of mobile nodes. The abstract model defines global variables for node positions, adjacency lists, and packet queues, and asserts that the network never loses a packet that has been injected. Concrete extensions include a mobility model with bounded speed, an AODV‑style routing algorithm that recomputes paths on link changes, and a security layer that introduces malicious nodes capable of dropping or altering packets. By running B4free proofs, the authors demonstrate that all concrete models satisfy the abstract invariants without requiring duplicate manual proofs. ProB simulations further illustrate that even under rapid topology changes, high‑frequency link churn, and simultaneous routing updates, the system remains deadlock‑free and respects the safety property.

The key contributions of the work are: (1) a systematic way to decompose dynamic distributed systems into hierarchical Event‑B models, (2) a multifacet analysis framework that reuses proofs across multiple concrete scenarios, dramatically reducing verification effort, (3) empirical validation using mature tools (B4free and ProB) that confirms both theoretical soundness and practical applicability, and (4) a concrete demonstration on a realistic MANET example that showcases the approach’s relevance to emerging domains such as IoT, autonomous vehicle swarms, and decentralized ledger networks. The paper thus advances the state of the art in formal methods for systems where topology and behavior evolve continuously, offering a scalable path toward rigorous assurance of safety and liveness in complex decentralized environments.