-
Proofs about Network Communication: For Humans and Machines
Authors:
Wolfgang Jeltsch,
Javier Díaz
Abstract:
Many concurrent and distributed systems are safety-critical and therefore have to provide a high degree of assurance. Important properties of such systems are frequently proved on the specification level, but implementations typically deviate from specifications for practical reasons. Machine-checked proofs of bisimilarity statements are often useful for guaranteeing that properties of specificati…
▽ More
Many concurrent and distributed systems are safety-critical and therefore have to provide a high degree of assurance. Important properties of such systems are frequently proved on the specification level, but implementations typically deviate from specifications for practical reasons. Machine-checked proofs of bisimilarity statements are often useful for guaranteeing that properties of specifications carry over to implementations. In this paper, we present a way of conducting such proofs with a focus on network communication. The proofs resulting from our approach are not just machine-checked but also intelligible for humans.
△ Less
Submitted 21 August, 2023;
originally announced August 2023.
-
Correctness of Broadcast via Multicast: Graphically and Formally
Authors:
Wolfgang Jeltsch,
Javier Díaz
Abstract:
Maintaining data consistency among multiple parties requires nodes to repeatedly send data to all other nodes. For example, the nodes of a blockchain network have to disseminate the blocks they create across the whole network. The scientific literature typically takes the ideal perspective that such data distribution is performed by broadcasting to all nodes directly, while in practice data is dis…
▽ More
Maintaining data consistency among multiple parties requires nodes to repeatedly send data to all other nodes. For example, the nodes of a blockchain network have to disseminate the blocks they create across the whole network. The scientific literature typically takes the ideal perspective that such data distribution is performed by broadcasting to all nodes directly, while in practice data is distributed by repeated multicast. Since correctness and security of consistency maintenance protocols usually have been established for the ideal setting only, it is vital to show that these properties carry over to real-world implementations. Therefore, it is desirable to prove that the ideal and the real behavior are equivalent.
In the work described in this paper, we take an important step towards such a proof by proving a simpler variant of this equivalence statement. The simplification is that we consider only a concrete pair of network topologies, which nevertheless illustrates important phenomena encountered with arbitrary topologies. For describing systems that distribute data, we use a domain-specific language of processes that corresponds to a class of Petri nets and is embedded in a general-purpose process calculus. This way, we can outline our proof using an intuitive graphical notation and leverage the rich theory of process calculi in the actual proof, which is machine-checked using the Isabelle proof assistant.
△ Less
Submitted 20 September, 2022;
originally announced September 2022.
-
Your Blockchain Needn't Care How the Message is Spread
Authors:
Wolfgang Jeltsch,
Javier Díaz
Abstract:
In a blockchain system, nodes regularly distribute data to other nodes. The ideal perspective taken in the scientific literature is that data is broadcast to all nodes directly, while in practice data is distributed by repeated multicast. Since correctness and security typically have been established for the ideal setting only, it is vital to show that these properties carry over to real-world imp…
▽ More
In a blockchain system, nodes regularly distribute data to other nodes. The ideal perspective taken in the scientific literature is that data is broadcast to all nodes directly, while in practice data is distributed by repeated multicast. Since correctness and security typically have been established for the ideal setting only, it is vital to show that these properties carry over to real-world implementations. This can be done by proving that the ideal and the real behavior are equivalent.
In the work described in this paper, we take an important step towards such a proof by proving a simpler variant of the above equivalence statement. The simplification is that we consider only a concrete pair of network topologies, which nevertheless illustrates important phenomena encountered with arbitrary topologies. For describing systems that distribute data, we use a domain-specific language of processes that is embedded in a general-purpose process calculus. This allows us to leverage the rich theory of process calculi in our proof, which is machine-checked using the Isabelle proof assistant.
△ Less
Submitted 23 August, 2022;
originally announced August 2022.
-
A Process Calculus for Formally Verifying Blockchain Consensus Protocols
Authors:
Wolfgang Jeltsch
Abstract:
Blockchains are becoming increasingly relevant in a variety of fields, such as finance, logistics, and real estate. The fundamental task of a blockchain system is to establish data consistency among distributed agents in an open network. Blockchain consensus protocols are central for performing this task.
Since consensus protocols play such a crucial role in blockchain technology, several projec…
▽ More
Blockchains are becoming increasingly relevant in a variety of fields, such as finance, logistics, and real estate. The fundamental task of a blockchain system is to establish data consistency among distributed agents in an open network. Blockchain consensus protocols are central for performing this task.
Since consensus protocols play such a crucial role in blockchain technology, several projects are underway that apply formal methods to these protocols. One such project is carried out by a team of the Formal Methods Group at IOHK. This project, in which the author is involved, aims at a formally verified implementation of the Ouroboros family of consensus protocols, the backbone of the Cardano blockchain. The first outcome of our project is the $\natural$-calculus (pronounced "natural calculus"), a general-purpose process calculus that serves as our implementation language. The $\natural$-calculus is a domain-specific language embedded in a functional host language using higher-order abstract syntax.
This paper will be a ramble through the $\natural$-calculus. First we will look at its language and its operational semantics. The latter is unique in that it uses a stack of two labeled transition systems to treat phenomena like data transfer and the opening and closing of channel scope in a modular fashion. The presence of multiple transition systems calls for a generic treatment of derived concurrency concepts. We will see how such a treatment can be achieved by capturing notions like scope opening and silent transitions abstractly using axiomatically defined algebraic structures based on functors and monads.
△ Less
Submitted 18 November, 2019;
originally announced November 2019.
-
Categorical Semantics for Functional Reactive Programming with Temporal Recursion and Corecursion
Authors:
Wolfgang Jeltsch
Abstract:
Functional reactive programming (FRP) makes it possible to express temporal aspects of computations in a declarative way. Recently we developed two kinds of categorical models of FRP: abstract process categories (APCs) and concrete process categories (CPCs). Furthermore we showed that APCs generalize CPCs. In this paper, we extend APCs with additional structure. This structure models recursion and…
▽ More
Functional reactive programming (FRP) makes it possible to express temporal aspects of computations in a declarative way. Recently we developed two kinds of categorical models of FRP: abstract process categories (APCs) and concrete process categories (CPCs). Furthermore we showed that APCs generalize CPCs. In this paper, we extend APCs with additional structure. This structure models recursion and corecursion operators that are related to time. We show that the resulting categorical models generalize those CPCs that impose an additional constraint on time scales. This constraint boils down to ruling out $ω$-supertasks, which are closely related to Zeno's paradox of Achilles and the tortoise.
△ Less
Submitted 8 June, 2014;
originally announced June 2014.