0018-9340 (c) 2013 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TC.2014.2308203, IEEE Transactions on Computers 1 On Synthesizing a Consistent Operational Transformation Approach Aurel Randolph, Hanifa Boucheneb, Abdessamad Imine, and Alejandro Quintero Abstract— The Operational Transformation (OT) approach, used in many collaborative editors, allows a group of users to concurrently update replicas of a shared object and exchange their updates in any order. The basic idea is to transform any received update operation before its execution on a replica of the object. Concretely, OT consists of a centralized / decentralized integration procedure and a transformation function. In the context of decentralized integration, designing transformation functions for achieving convergence of object replicas is a critical and challenging issue. Indeed, the transformation functions proposed in the literature are all revealed inefficient. In this paper, we investigate the existence of transformation functions. From the theoretical point of view, two properties, named TP1 and TP2, are necessary and sufficient to ensure convergence. Using controller synthesis technique, we show that there are some transformation functions, which satisfy TP1 for the basic signatures of insert and delete operations. But, there is no transformation function, which satisfies both TP1 and TP2. Consequently, a transformation function which satisfies both TP1 and TP2 must necessarily have additional parameters in the signatures of some update operations. We propose, in this paper, a new transformation function and show formally that it ensures convergence. Index Terms— Collaborative editors, operational transforma- tion, proof of convergence, symbolic model checking, controller synthesis. I. I NTRODUCTION C OLLABORATIVE editing systems (CESs for short) con- stitute a class of distributed systems where dispersed users interact by manipulating some shared objects like texts, images, graphics, XML documents, etc. To improve data availability, these systems are based on data replication. Each user has a local private copy of the shared object that he can access and update. The update operations executed locally are propagated to other users. The execution of these operations in different orders may lead to a divergence (object replicas are not identical). As an example, suppose two users u 1 and u 2 working on their own copies of a text containing the word “efecte”, starting at position 0. User u 1 inserts ‘f ′ at position 1, to change the word into “effecte”. Concurrently, user u 2 deletes element at position 5 (i.e., the last ′ e ′ ), to change the word into “efect”. Each user will receive an update operation that was applied on a different version of the text. Applying naively the received update operations will lead to divergent replicas (“effece” for user u 1 and “effect” for user u 2 , see Fig.1). Moreover, users may generate concurrently conflicting or identical operations. The challenge in A. Randolph, H. Boucheneb and A. Quintero are with the Department of Computer and Software Engineering, ´ Ecole Polytechnique de Montr´ eal, P.O. Box 6079, Station Centre-ville, Montr´ eal, Qu´ ebec, Canada, H3C 3A7. E-mail: {aurel.randolph, hanifa.boucheneb, alejandro.quintero}@polymtl.ca A. Imine is with Lorraine University and INRIA Nancy-Grand-Est, France. E-mail: abdessamad.imine@inria.fr such situations is to ensure convergence of replicated data whilst preserving the intention of users. Several approaches are proposed in the literature, to deal with the convergence of replicated data: Multi-Version (MV) [1], Serialization-Resolution of Conflicts (SRC) [2], Commutative Replicated Data Type (CRDT) [3], [4], Operational Transforma- tion (OT) [2], etc. The multi-version approach , used in CVS, Subversion and ClearCase, is based on the paradigm “Copy-Modify-Merge”. In this approach, update operations made by a user are not automatically propagated to the others. They will be propagated only when the user explicitly calls the merge function. It would be interesting to propagate automatically, to all others, each update operation performed by a user. This is the basic idea of SRC. To achieve convergence, SRC imposes to execute the operations in the same order at every site. Therefore, sites may have to undo and execute again operations, as they receive the final execution order of update operations. This order is determined by a central server fixed when the system is launched. For the previous example, this approach requires that sites of both users execute the two operations in the same order. However, even if we obtain an identical result in both sites, the execution order imposed by the central server may not correspond to the original intention of some user. For instance, executing, in both sites, the operation of u 1 followed by the one of u 2 results in the text “effece”, which is inconsistent with the intention of u 2 . The Commutative Replicated Data Type (CRDT) is a data type where all concurrent operations commute with each other [3], [4]. In such a case, to ensure convergence of replicas it suffices to respect the causality principle (i.e., whenever an operation o ′ is generated after executing another operation o, o is executed before o ′ at every site). The main challenge of CRDT is designing commutative operations for the data type. The commonly used idea consists in associating a unique identifier with the position of each symbol, line or atom of the shared document and when an operation is generated, a unique identifier is also associated with the inserting/deleting position. The position identifiers do not change and are totally ordered with regard to <. Symbols, lines or atoms of the document appear in increasing order with regard to their identifiers. Let us apply this paradigm to the previous example. A unique identifier is associated with each symbol of the initial text: “(e,3) (f,6) (e, 8) (c,9) (t,9.5) (e,10)”. A unique identifier between 3 and 6 is affected to position 1 of the operation of u 1 . Let 4.5 be the selected identifier. The identifier affected to position 5 of the delete operation of u 2 is 10. Both execution orders of operations of u 1 and u 2 lead to the text “(e,3) (f,4.5) (f,6) (e, 8) (c,9) (t,9.5)”. CESs like TreeDoc [3], Logoot [5], Logoot-Undo [4] and WOOT [6] are based on CRDT paradigm. Managing position identifiers is a very important issue in this approach as the correctness is based on the uniqueness of position identifiers. Ensuring uniqueness may