International Journal of Computer Science & Information Technology (IJCSIT) Vol 7, No 5, October 2015 DOI:10.5121/ijcsit.2015.7506 85 FORMAL SPECIFICATION AND VERIFICATION OF TOTAL ORDER BROADCAST THROUGH DESTINATION AGREEMENT USING EVENT-B Arun Kumar Singh 1 and Divakar Yadav 2 1 Department of Electronics Engg. IET, Lucknow,India 2 Department of Computer Science & Engg. IET,Lucknow,India ABSTRACT A reliable broadcast is communication primitive used to develop fault tolerant distributed applications. It in due course delivers messages to all participating sites irrespective of their ordering. Total order broadcast impose restriction on message ordering and satisfies total order requirement. A clear specifications, rigorous validation and verification is key to obtain better design of dependable services in such applications. With the help of formal methods one can specify and verify systems in systematic rather than ad hoc manner. It reveals ambiguities, incompleteness, and inconsistencies in a system by facilitating clear specification, rigorous validation and verification. In this paper, we present a formal development of total order broadcast. The model have been developed and checked by using event-B techniques supported by the RODIN tool. Event-B is a formal technique that supports the incremental design of a distributed applications using notion of refinements. KEYWORDS Total order broadcast, Event-B, reliable broadcast. 1. INTRODUCTION The verification and specification of fault- tolerant distributed application are difficult due to unavoidable concurrency and absence of global clock [1]. In reliable broadcast no assumptions on time can be made, although it is ensured that messages will be delivered irrespective of their ordering at the sites. The delivery ordering of messages in a distributed environment can be ensured in a better way by using group communication primitives. One such primitive is total order broadcast. The total order broadcast and multicast is an important problem for fault tolerant distributed application. The total order [2] broadcast is a primitive for group communication which ensures that a message is delivered to all the recipients in the same order which may not be the same order in which the messages were sent. In this context, Hadzilacos and Toueg [3] defines the Reliable Broadcast as a broadcast that posses the characteristics of Validity, Agreement and Integrity. A broadcast is supposed to posses the Validity characteristics if a correct process broadcasts a message m, and it eventually delivers m. A broadcast is supposed to be in Agreement if all correct