Integrated Model of Distributed Systems (IMDS) is a formalism for specification and verification of distributed systems, especially following IoT (Internet of Things) paradigm. The formalism emphasizes such features as asynchrony of actions and communication, locality of decisions, and autonomy in executing actions. In conjunction with model checking, IMDS allows to analyze such features of distributed systems as deadlocks or distributed termination. However, the nature of model checking allows to find one deadlock in a single run of the verifier, which produces a counterexample.The conversion of IMDS specification to a Petri net is used to identify multiple deadlocks in one verification, using siphons. Model checking is used to verify if a siphon can become empty, which denotes a true deadlock in a purely cyclic system, like FMS (Flexible Manufacturing Systems). The extension of the verification by temporal checking allows to cover systems with any structure: cyclic, terminating, or with a more complex scheme. In addition, the proposed procedure allows to easily identify processes participating in partial deadlocks. Two types of deadlock can be identified: communication deadlocks and resource deadlocks.
I. INTRODUCTION
MDS (Integrated Model of Distributed Systems [1][2]) is a formalism for describing the behavior of distributed systems, especially for finding deadlocks. A system is modeled as a set of actions, having servers' states and agents' messages on input and on output. In IMDS, a communication dualism is exploited, since the modeled system is represented as server processes that communicate by messages, or alternatively by travelling processes (agents) that communicate by means of servers' states. A model of a distributed system is uniform (that is, it has a single form), but it can be decomposed ("cut") to a set of server processes or a set of agent processes. System actions are combined in sequences to form the processes. An action has a current server's state and an agent's current message on input, and it produces a similar pair (a new server's state and a new agent's message) on output.The two views of a system (server view and agent view) are obtained by the two possible groupings of a set of all actions into sequences. In the server view, actions of an indi-This work was not supported by any organization vidual server are grouped into a process (the definition of processes is included in Sect. IIIB). The server's states are the carrier of the server process, and the messages are the communication means between server processes. In the agent view, actions concerning an individual agent conform a process. Messages are internal to a process: they are the carrier of the process. The agent processes communicate via servers' states.