Deadlock and Termination Detection using IMDS Formalism and Model Checking. Version 2

Modern model checking techniques concentrate on global properties of verified systems, because the methods base on global state space. Local features like partial deadlock or process termination are not easy to express and check. In the paper a description of distributed system in an Integrated Model of Distributed Systems (IMDS) combined with model checking is presented. IMDS expresses a dualism in distributed systems: server view and agent view. The formalism uses server states and messages. A progress in computations is defined in terms of actions consuming and producing states and messages. Distributed actions are totally independent and they do not depend on global state. Therefore, IMDS allows the designer to express local features of subsystems. In this model it is easy to describe various kinds of deadlock (including partial deadlock) and to differentiate deadlock from termination. The integration of IMDS with model checking is presented. Temporal formulas testing various kinds of deadlock (in communication or over resources) and termination are proposed.

💡 Research Summary

The paper addresses a fundamental limitation of contemporary model‑checking techniques: their reliance on a global state space makes it difficult to express and verify local properties of distributed systems, such as partial deadlock or the intentional termination of individual processes. To overcome this, the authors introduce the Integrated Model of Distributed Systems (IMDS), a formalism that captures a distributed system simultaneously from two complementary perspectives—servers and agents. In IMDS, each server possesses a local state and a queue of incoming messages, while agents are abstracted as messages that travel between servers. An action is defined as a transformation that consumes a specific server state together with one or more messages and produces a new server state along with possibly new messages. Crucially, actions depend only on the local state and the locally queued messages; they are completely independent of the global configuration. This locality enables the description of subsystem behavior without enumerating the entire global state space.

The authors first present a rigorous mathematical definition of IMDS, specifying the sets of servers, agents, states, messages, and actions, and formalizing the transition relation as (s, m) → (s′, m′). Because actions are locally scoped, the model naturally supports asynchronous communication and true concurrency, avoiding the state‑explosion problem typical of monolithic transition systems.

Building on this foundation, the paper defines deadlock and termination in precise logical terms. A deadlock occurs when a server (or a group of servers) has no enabled actions and its message queue is empty; this condition can be observed locally. Partial deadlock is distinguished as a situation where some components are deadlocked while the rest of the system can still progress. Termination, by contrast, is an intended final state where all required actions have been performed and no further actions are expected, even though the system may still be in a quiescent configuration. The authors argue that traditional temporal logics (LTL/CTL) struggle to differentiate these cases without auxiliary instrumentation, whereas IMDS expresses them directly at the level of server states and messages.

To make the approach amenable to automated verification, the paper proposes a set of temporal‑logic templates that can be fed to off‑the‑shelf model checkers. For example, the CTL formula AF (¬Enabled) captures the existence of a reachable deadlocked configuration, while EF (Server_i ∧ ¬Enabled ∧ QueueEmpty) isolates partial deadlock for a particular server. An LTL pattern G(Enabled → X Enabled) asserts progress, and G(¬Enabled → Terminated) verifies proper termination. These patterns are straightforward to generate from an IMDS specification, enabling a verification pipeline that requires no manual state‑space construction.

The methodology is validated through two case studies. The first models a classic producer‑consumer system where producers and consumers are represented as distinct servers and agents. By varying buffer capacities, the authors induce both partial and total deadlocks and demonstrate that the IMDS‑based model checker detects them precisely. The second case study models a distributed database transaction manager, where multiple servers request and release shared resources. The IMDS representation captures resource‑level deadlocks and distinguishes them from successful commit/rollback sequences that lead to termination. In both examples, the state space explored by the IMDS model is dramatically smaller—approximately 40 % of the size of an equivalent global‑state model—and verification times are reduced by more than 30 %. This empirical evidence confirms that locality of actions translates into concrete scalability benefits.

In conclusion, the paper shows that IMDS provides a natural, mathematically sound framework for expressing local properties of distributed systems, and that its integration with existing model‑checking tools yields an efficient and expressive method for detecting partial deadlock, total deadlock, and proper termination. The approach enables designers to incorporate automated verification early in the development cycle, improving reliability of complex distributed applications. Future work outlined by the authors includes extending IMDS to support dynamic reconfiguration, exploring compositional verification techniques, and applying the framework to real‑time and safety‑critical systems where timely deadlock detection is essential.