Skip to main content
SpringerLink
Log in

Dione: A Protocol Verification System Built with Dafny for I/O Automata

  • Conference paper
  • First Online:
Book cover Integrated Formal Methods (IFM 2019)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11918))

Included in the following conference series:

Abstract

Input/Output Automata (IOA) is an expressive specification framework with built-in properties for compositional reasoning. It has been shown to be effective in specifying and analyzing distributed and networked systems. The available verification engines for IOA are based on interactive theorem provers such as Isabelle, Larch, PVS, and Coq, and are expressive but require heavy human interaction. Motivated by the advances in SMT solvers, in this work we explore a different expressivity-automation tradeoff for IOA. We present Dione, the first IOA analysis system built with Dafny and its SMT-powered toolchain and demonstrate its effectiveness on four distributed applications. Our translator tool converts Python-esque Dione language specification of IOA and their properties to parameterized Dafny modules. Dione automatically generates the relevant compatibility and composition lemmas for the IOA specifications,which can then be checked with Dafny on a per module-basis. We ensure that all resulting formulas are expressed mostly in fragments solvable by SMT solvers and hence enables Bounded Model Checking and k-induction-based invariant checking using Z3. We present successful applications of Dione in verification of an asynchronous leader election algorithm, two self-stabilizing mutual exclusion algorithms, and CAN bus Arbitration. We automatically prove key invariants of all four protocols; for the last three this involves reasoning about arbitrary number of participants. These analyses are largely automatic with minimal manual inputs needed, and they demonstrate the effectiveness of this approach in analyzing networked and distributed systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Also, none of the tools appear to be maintained for at least two years.

  2. 2.

    Question mark ‘ ’ and prime symbol ‘ ’ are allowed in identifiers in Dafny.

  3. 3.

    See https://github.com/cyphyhouse/Dione/tree/master/system_tests/ioa_examples.

  4. 4.

    See https://github.com/cyphyhouse/Dione/tree/master/system_tests/expected_dafny.

References

  1. Athalye, A.A.R.: CoqIOA: a formalization of IO automata in the Coq proof assistant. Thesis, Massachusetts Institute of Technology (2017)

    Google Scholar 

  2. Bhargavan, K., Bond, B., et al.: Everest: towards a verified, drop-in replacement of HTTPS. In: SNAPL 2017, vol. 71, pp. 1:1–1:12. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik (2017)

    Google Scholar 

  3. Bogdanov, A.: Formal verification of simulations between I/O automata. Thesis, Massachusetts Institute of Technology (2001)

    Google Scholar 

  4. Chockler, G., Lynch, N., Mitra, S., Tauber, J.: Proving atomicity: an assertional approach. In: Fraigniaud, P. (ed.) DISC 2005. LNCS, vol. 3724, pp. 152–168. Springer, Heidelberg (2005). https://doi.org/10.1007/11561927_13

    Chapter  Google Scholar 

  5. Cordeiro, L., Fischer, B., Marques-Silva, J.: SMT-based bounded model checking for embedded ANSI-C software. In: ASE 2009, pp. 137–148, November 2009

    Google Scholar 

  6. Fekete, A., Kaashoek, M.F., Lynch, N.A.: Implementing sequentially consistent shared objects using broadcast and point-to-point communication. J. ACM 45(1), 35–69 (1998)

    Article  MathSciNet  Google Scholar 

  7. Fekete, A., Lynch, N.A., Shvartsman, A.A.: Specifying and using a partitionable group communication service. ACM Trans. Comput. Syst. 19(2), 171–216 (2001)

    Article  Google Scholar 

  8. Garland, S.J., Lynch, N.A., et al.: IOA user guide and reference manual (2003)

    Google Scholar 

  9. Ghosh, S.: Distributed Systems: An Algorithmic Approach, 2nd Edition, 2nd edn. Chapman & Hall/CRC, Boca Raton (2014)

    Google Scholar 

  10. Gurfinkel, A., Shoham, S., Meshman, Y.: SMT-based verification of parameterized systems. In: FSE 2016, pp. 338–348. ACM (2016)

    Google Scholar 

  11. Hawblitzel, C., Howell, J., et al.: IronFleet: proving practical distributed systems correct. In: SOSP 2015, pp. 1–17. ACM (2015)

    Google Scholar 

  12. Hsieh, C., Mitra, S.: Dione (2019). https://github.com/cyphyhouse/dione

  13. ISO: Road vehicles-Controller area network (CAN) - Part 1: Data link layer and physical signalling. Standard, International Organization for Standardization, December 2003

    Google Scholar 

  14. Kaynar, D.K., Lynch, N., et al.: Timed I/O automata: a mathematical framework for modeling and analyzing real-time systems. In: RTSS 2003, p. 166. IEEE Computer Society (2003)

    Google Scholar 

  15. Komuravelli, A., Gurfinkel, A., Chaki, S.: SMT-based model checking for recursive programs. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 17–34. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08867-9_2

    Chapter  Google Scholar 

  16. Leino, K.R.M.: Dafny: an automatic program verifier for functional correctness. In: Clarke, E.M., Voronkov, A. (eds.) LPAR 2010. LNCS (LNAI), vol. 6355, pp. 348–370. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17511-4_20

    Chapter  MATH  Google Scholar 

  17. Leino, K.R.M.: Automating theorem proving with SMT. In: Blazy, S., Paulin-Mohring, C., Pichardie, D. (eds.) ITP 2013. LNCS, vol. 7998, pp. 2–16. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39634-2_2

    Chapter  MATH  Google Scholar 

  18. Lesani, M., Bell, C.J., Chlipala, A.: Chapar: certified causally consistent distributed key-value stores. In: POPL 2016, pp. 357–370. ACM (2016)

    Article  Google Scholar 

  19. Lim, H., Kaynar, D., Lynch, N., Mitra, S.: Translating timed I/O automata specifications for theorem proving in PVS. In: Pettersson, P., Yi, W. (eds.) FORMATS 2005. LNCS, vol. 3829, pp. 17–31. Springer, Heidelberg (2005). https://doi.org/10.1007/11603009_3

    Chapter  MATH  Google Scholar 

  20. Lynch, N.A.: Distributed Algorithms. Morgan Kaufmann Publishers Inc., San Francisco (1996)

    MATH  Google Scholar 

  21. Nipkow, T., Slind, K.: I/O automata in Isabelle/HOL. In: Dybjer, P., Nordström, B., Smith, J. (eds.) TYPES 1994. LNCS, vol. 996, pp. 101–119. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-60579-7_6

    Chapter  Google Scholar 

  22. O’Hearn, P.W.: Continuous reasoning: scaling the impact of formal methods. In: LICS 2018, pp. 13–25. ACM (2018)

    Google Scholar 

  23. Padon, O., McMillan, K.L., et al.: Ivy: safety verification by interactive generalization. In: PLDI 2016, pp. 614–630. ACM (2016)

    Article  Google Scholar 

  24. Pnueli, A., Rodeh, Y., et al.: The small model property: how small can it be? Inf. Comput. 178(1), 279–293 (2002)

    Article  MathSciNet  Google Scholar 

  25. Smith, M.A.S.: Formal verification of TCP and T/TCP. Ph.D. thesis (1997)

    Google Scholar 

  26. Tuttle, M.R., Goel, A.: Protocol proof checking simplified with SMT. In: NCA 2012, pp. 195–202, August 2012

    Google Scholar 

  27. Wilcox, J.R., Woos, D., et al.: Verdi: a framework for implementing and formally verifying distributed systems. In: PLDI 2015, pp. 357–368. ACM (2015)

    Google Scholar 

Download references

Acknowledgements

The authors were supported in part by research grants from the National Science Foundation under the Cyber-Physical Systems (CPS) program (award number 1544901 and 1739966).

Author information

Authors and Affiliations

  1. University of Illinois at Urbana-Champaign, Champaign, IL, 61820, USA

    Chiao Hsieh & Sayan Mitra

Authors
  1. Chiao Hsieh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sayan Mitra
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chiao Hsieh .

Editor information

Editors and Affiliations

  1. Chalmers University of Technology, Gothenburg, Sweden

    Wolfgang Ahrendt

  2. University of Oslo, Oslo, Norway

    Silvia Lizeth Tapia Tarifa

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hsieh, C., Mitra, S. (2019). Dione: A Protocol Verification System Built with Dafny for I/O Automata. In: Ahrendt, W., Tapia Tarifa, S. (eds) Integrated Formal Methods. IFM 2019. Lecture Notes in Computer Science(), vol 11918. Springer, Cham. https://doi.org/10.1007/978-3-030-34968-4_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-34968-4_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-34967-7

  • Online ISBN: 978-3-030-34968-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation