Abstract
Input/Output Automata (IOA) is an expressive specification framework with built-in properties for compositional reasoning. It has been shown to be effective in specifying and analyzing distributed and networked systems. The available verification engines for IOA are based on interactive theorem provers such as Isabelle, Larch, PVS, and Coq, and are expressive but require heavy human interaction. Motivated by the advances in SMT solvers, in this work we explore a different expressivity-automation tradeoff for IOA. We present Dione, the first IOA analysis system built with Dafny and its SMT-powered toolchain and demonstrate its effectiveness on four distributed applications. Our translator tool converts Python-esque Dione language specification of IOA and their properties to parameterized Dafny modules. Dione automatically generates the relevant compatibility and composition lemmas for the IOA specifications,which can then be checked with Dafny on a per module-basis. We ensure that all resulting formulas are expressed mostly in fragments solvable by SMT solvers and hence enables Bounded Model Checking and k-induction-based invariant checking using Z3. We present successful applications of Dione in verification of an asynchronous leader election algorithm, two self-stabilizing mutual exclusion algorithms, and CAN bus Arbitration. We automatically prove key invariants of all four protocols; for the last three this involves reasoning about arbitrary number of participants. These analyses are largely automatic with minimal manual inputs needed, and they demonstrate the effectiveness of this approach in analyzing networked and distributed systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Also, none of the tools appear to be maintained for at least two years.
- 2.
Question mark ‘ ’ and prime symbol ‘ ’ are allowed in identifiers in Dafny.
- 3.
- 4.
References
Athalye, A.A.R.: CoqIOA: a formalization of IO automata in the Coq proof assistant. Thesis, Massachusetts Institute of Technology (2017)
Bhargavan, K., Bond, B., et al.: Everest: towards a verified, drop-in replacement of HTTPS. In: SNAPL 2017, vol. 71, pp. 1:1–1:12. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik (2017)
Bogdanov, A.: Formal verification of simulations between I/O automata. Thesis, Massachusetts Institute of Technology (2001)
Chockler, G., Lynch, N., Mitra, S., Tauber, J.: Proving atomicity: an assertional approach. In: Fraigniaud, P. (ed.) DISC 2005. LNCS, vol. 3724, pp. 152–168. Springer, Heidelberg (2005). https://doi.org/10.1007/11561927_13
Cordeiro, L., Fischer, B., Marques-Silva, J.: SMT-based bounded model checking for embedded ANSI-C software. In: ASE 2009, pp. 137–148, November 2009
Fekete, A., Kaashoek, M.F., Lynch, N.A.: Implementing sequentially consistent shared objects using broadcast and point-to-point communication. J. ACM 45(1), 35–69 (1998)
Fekete, A., Lynch, N.A., Shvartsman, A.A.: Specifying and using a partitionable group communication service. ACM Trans. Comput. Syst. 19(2), 171–216 (2001)
Garland, S.J., Lynch, N.A., et al.: IOA user guide and reference manual (2003)
Ghosh, S.: Distributed Systems: An Algorithmic Approach, 2nd Edition, 2nd edn. Chapman & Hall/CRC, Boca Raton (2014)
Gurfinkel, A., Shoham, S., Meshman, Y.: SMT-based verification of parameterized systems. In: FSE 2016, pp. 338–348. ACM (2016)
Hawblitzel, C., Howell, J., et al.: IronFleet: proving practical distributed systems correct. In: SOSP 2015, pp. 1–17. ACM (2015)
Hsieh, C., Mitra, S.: Dione (2019). https://github.com/cyphyhouse/dione
ISO: Road vehicles-Controller area network (CAN) - Part 1: Data link layer and physical signalling. Standard, International Organization for Standardization, December 2003
Kaynar, D.K., Lynch, N., et al.: Timed I/O automata: a mathematical framework for modeling and analyzing real-time systems. In: RTSS 2003, p. 166. IEEE Computer Society (2003)
Komuravelli, A., Gurfinkel, A., Chaki, S.: SMT-based model checking for recursive programs. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 17–34. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08867-9_2
Leino, K.R.M.: Dafny: an automatic program verifier for functional correctness. In: Clarke, E.M., Voronkov, A. (eds.) LPAR 2010. LNCS (LNAI), vol. 6355, pp. 348–370. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17511-4_20
Leino, K.R.M.: Automating theorem proving with SMT. In: Blazy, S., Paulin-Mohring, C., Pichardie, D. (eds.) ITP 2013. LNCS, vol. 7998, pp. 2–16. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39634-2_2
Lesani, M., Bell, C.J., Chlipala, A.: Chapar: certified causally consistent distributed key-value stores. In: POPL 2016, pp. 357–370. ACM (2016)
Lim, H., Kaynar, D., Lynch, N., Mitra, S.: Translating timed I/O automata specifications for theorem proving in PVS. In: Pettersson, P., Yi, W. (eds.) FORMATS 2005. LNCS, vol. 3829, pp. 17–31. Springer, Heidelberg (2005). https://doi.org/10.1007/11603009_3
Lynch, N.A.: Distributed Algorithms. Morgan Kaufmann Publishers Inc., San Francisco (1996)
Nipkow, T., Slind, K.: I/O automata in Isabelle/HOL. In: Dybjer, P., Nordström, B., Smith, J. (eds.) TYPES 1994. LNCS, vol. 996, pp. 101–119. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-60579-7_6
O’Hearn, P.W.: Continuous reasoning: scaling the impact of formal methods. In: LICS 2018, pp. 13–25. ACM (2018)
Padon, O., McMillan, K.L., et al.: Ivy: safety verification by interactive generalization. In: PLDI 2016, pp. 614–630. ACM (2016)
Pnueli, A., Rodeh, Y., et al.: The small model property: how small can it be? Inf. Comput. 178(1), 279–293 (2002)
Smith, M.A.S.: Formal verification of TCP and T/TCP. Ph.D. thesis (1997)
Tuttle, M.R., Goel, A.: Protocol proof checking simplified with SMT. In: NCA 2012, pp. 195–202, August 2012
Wilcox, J.R., Woos, D., et al.: Verdi: a framework for implementing and formally verifying distributed systems. In: PLDI 2015, pp. 357–368. ACM (2015)
Acknowledgements
The authors were supported in part by research grants from the National Science Foundation under the Cyber-Physical Systems (CPS) program (award number 1544901 and 1739966).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Hsieh, C., Mitra, S. (2019). Dione: A Protocol Verification System Built with Dafny for I/O Automata. In: Ahrendt, W., Tapia Tarifa, S. (eds) Integrated Formal Methods. IFM 2019. Lecture Notes in Computer Science(), vol 11918. Springer, Cham. https://doi.org/10.1007/978-3-030-34968-4_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-34968-4_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34967-7
Online ISBN: 978-3-030-34968-4
eBook Packages: Computer ScienceComputer Science (R0)