We provide a treatise about checking proofs of distributed systems by computer using general purpose proof checkers. In particular, we present two approaches to verifying and checking the verification of the Sequential Line Interface Protocol (SLIP), one using rewriting techniques and one using the so-called cones and foci theorem. Both verifications are carried out in the setting of process algebra. Finally, we present an overview of literature containing checked proofs.
Note:The research of the second author is supported by Human Capital Mobility (HCM).
Proof checkersAnyone trying to use a proof checker, e.g. Isabelle [67,68], HOL [29], Coq [20], PVS [78], Boyer-Moore [14] or many others that exist today has experienced the same frustration. It is very difficult to prove even the simplest theorem. In the first place it is difficult to get acquainted to the logical language of the system. Most systems employ higher order logics that are extremely versatile and expressive. However, before we can use the system, we must learn the syntax to express definitions and theorems and we must also learn the language to construct proofs.The second difficulty is to get used to strict logical rules that govern the reasoning allowed by the proof checker. Most of us have been educated in a mathematical style, which can be best described as intuitive reasoning with steps that are chosen to be sufficiently small to be acceptable by others.We all know examples of sound looking proofs of obviously wrong facts ('1 = -1', 'every triangle is isosceles', (in every group of people all members have the same age'). In fact it is quite common that mathematical proofs contain flaws. Especially, the correctness of distributed programs and protocols is a delicate matter due to their nondeterministic and discrete character. Proof checkers are intended to ameliorate this situation.One must get rid of the sloppiness of mathematical reasoning and get used to a more logical way of inferring facts. That is to say, one should not eliminate the mathematical intuition that helps guiding the proof, as the logical reasoning steps are so detailed that one easily looses track. And if this happens, even relatively short proofs, are impossible to find.A typical exercise that was carried out using Coq during our first encounters with theorem checkers, gives an impression of the time required to provide a formal proof. We wanted to show that there does not exist a largest prime number. A well known mathematical proof of this fact goes like this.
1
PROOF CHECKERS AND CONCURRENCY
2Suppose there exists a largest prime n. So, as now the product of all prime numbers exists, let it be m. Now consider m + 1. Clearly, dividing m + 1 by any prime number yields remainder 1, and therefore m + 1 is itself also a prime number, contradicting that n is the largest prime.The formal proof requires that first a definition of natural numbers, the induction principle, multiplication, dividahility and primality are given. Most theorem checkers contain nowadays libraries,...
