This document provides comprehensive API documentation for the Hybrid Verification Framework.
- System Interface API
- Adapter API
- Template Loader API
- Code Generation API
- Counterexample Conversion API
- Property Analysis API
The system interface defines the abstract operations that all protocol adapters must implement.
typedef void* SystemNode;Opaque pointer representing a system node. Implementation-specific.
typedef void* SystemMessage;Opaque pointer representing a system message. Implementation-specific.
typedef enum {
STATE_INITIAL,
STATE_ACTIVE,
STATE_TRANSITIONAL,
STATE_TERMINATED
} SystemState;Enumeration of system states.
typedef struct {
int num_nodes; // Number of nodes in the system
int max_rounds; // Maximum number of execution rounds
int timeout_range[2]; // [min_timeout, max_timeout]
void* domain_specific; // For domain-specific configurations
} SystemConfig;Configuration structure for system parameters.
typedef void (*init_node_fn)(SystemNode* node, int id, SystemConfig* config);Initialize a system node with the given ID and configuration.
Parameters:
node: Pointer to node to initializeid: Node identifierconfig: System configuration
typedef void (*process_msg_fn)(SystemNode* node, SystemMessage* msg,
void* network_state, void* metrics);Process an incoming message for a node.
Parameters:
node: Node receiving the messagemsg: Message to processnetwork_state: Network state (can be NULL)metrics: Metrics structure (can be NULL)
typedef SystemMessage* (*gen_msg_fn)(SystemNode* node, int target_id);Generate a message from a node to a target node.
Parameters:
node: Source nodetarget_id: Target node ID
Returns: Pointer to generated message (or NULL if no message)
typedef int (*should_send_msg_fn)(SystemNode* node, int target_id);Determine if a node should send a message to a target.
Parameters:
node: Source nodetarget_id: Target node ID
Returns: Non-zero if message should be sent, 0 otherwise
typedef int (*verify_safety_fn)(SystemNode* nodes[], int num_nodes, void* metrics);Verify safety properties across all nodes.
Parameters:
nodes: Array of nodesnum_nodes: Number of nodesmetrics: Metrics structure (can be NULL)
Returns: Non-zero if safety properties hold, 0 if violated
typedef int (*verify_liveness_fn)(SystemNode* nodes[], int num_nodes,
int round, void* metrics);Verify liveness properties across all nodes at a given round.
Parameters:
nodes: Array of nodesnum_nodes: Number of nodesround: Current execution roundmetrics: Metrics structure (can be NULL)
Returns: Non-zero if liveness properties hold, 0 if violated
typedef int (*verify_invariant_fn)(SystemNode* nodes[], int num_nodes, void* metrics);Verify system invariants across all nodes.
Parameters:
nodes: Array of nodesnum_nodes: Number of nodesmetrics: Metrics structure (can be NULL)
Returns: Non-zero if invariants hold, 0 if violated
typedef void (*alloc_nodes_fn)(SystemNode** nodes, int num_nodes);
typedef void (*free_nodes_fn)(SystemNode* nodes, int num_nodes);
typedef void (*free_msg_fn)(SystemMessage* msg);typedef struct {
init_node_fn initialize_node;
process_msg_fn process_message;
gen_msg_fn generate_message;
should_send_msg_fn should_send_message;
verify_safety_fn verify_safety;
verify_liveness_fn verify_liveness;
verify_invariant_fn verify_invariant;
alloc_nodes_fn alloc_nodes;
free_nodes_fn free_nodes;
free_msg_fn free_message;
} SystemOperations;Structure containing all function pointers for system operations.
typedef struct {
const char* name; // Protocol name (e.g., "Raft", "Paxos")
const char* domain; // Domain type (e.g., "consensus", "concurrency")
SystemOperations* ops; // Function pointers to operations
SystemConfig* default_config; // Default configuration
void* property_definitions; // Property definitions (implementation-specific)
} SystemDefinition;Complete system definition linking operations to protocol metadata.
typedef SystemDefinition* (*protocol_factory_fn)(void);Each adapter must provide a factory function that creates and returns a SystemDefinition*.
#define SYSTEM_NODE(ptr, type) ((type*)(ptr))
#define SYSTEM_MSG(ptr, type) ((type*)(ptr))Type-safe casting macros for converting opaque pointers to concrete types.
To create a new protocol adapter:
-
Create adapter files:
examples/{protocol}/adapter/{protocol}_adapter.c- Implementationexamples/{protocol}/adapter/{protocol}_adapter.h- Header
-
Implement all operations:
- Implement all functions in
SystemOperations - Create a factory function:
create_{protocol}_definition()
- Implement all functions in
-
Example structure:
#include "core/system_interface.h"
// Implement all required functions
static void my_protocol_init_node(SystemNode* node, int id, SystemConfig* config) {
// Implementation
}
static void my_protocol_process_message(SystemNode* node, SystemMessage* msg,
void* network_state, void* metrics) {
// Implementation
}
// ... implement all other operations
// Create operations structure
static SystemOperations my_protocol_ops = {
.initialize_node = my_protocol_init_node,
.process_message = my_protocol_process_message,
// ... assign all function pointers
};
// Factory function
SystemDefinition* create_my_protocol_definition(void) {
SystemDefinition* def = malloc(sizeof(SystemDefinition));
def->name = "MyProtocol";
def->domain = "consensus"; // or "concurrency", "network", etc.
def->ops = &my_protocol_ops;
def->default_config = &my_protocol_default_config;
return def;
}Located in tools/template_loader.py
loader = TemplateLoader(base_dir=None)Parameters:
base_dir: Base directory path (default: parent of tools directory)
List all available domain templates.
Returns: List of domain names (e.g., ['distributed', 'concurrent', 'network'])
List all available property templates.
Returns: List of property template names
List all available protocol configurations.
Returns: List of protocol names
Load a domain template by name.
Parameters:
domain: Domain name (e.g., 'distributed', 'concurrent', 'network')
Returns: Dictionary containing domain template data
Raises: FileNotFoundError if template not found
Load a property template by name.
Parameters:
template_name: Property template name (e.g., 'uniqueness', 'agreement')
Returns: Dictionary containing property template data
Raises: FileNotFoundError if template not found
Load a protocol configuration file.
Parameters:
protocol: Protocol name (e.g., 'raft')
Returns: Dictionary containing protocol configuration
Raises: FileNotFoundError if configuration not found
Expand a property template with variable substitutions.
Parameters:
template_name: Property template namevariables: Dictionary of variable substitutions
Returns: Dictionary with 'klee_code' and 'tla_code' keys containing expanded templates
Located in tools/generate_properties.py
Generate property files (JSON, KLEE C, TLA+) for a protocol.
Parameters:
protocol: Protocol nameoutput_file: Optional output JSON file path
Returns: Dictionary with keys:
'json': Path to generated JSON file'klee': Path to generated C file'tla': Path to generated TLA+ file'properties': Property definitions dictionary
Located in tools/generate_klee_test.py
Generate KLEE test harness C file.
Parameters:
protocol: Protocol nameoutput_file: Optional output file path
Returns: Path to generated C file
Located in tools/generate_tla_spec.py
Generate TLA+ specification file.
Parameters:
protocol: Protocol nameoutput_file: Optional output file path
Returns: Path to generated TLA+ file
Convert a KLEE counterexample to TLA+ format.
Parameters:
klee_cex: KLEE counterexample dictionaryprotocol_config: Optional protocol configuration
Returns: Dictionary with:
'source': 'KLEE''tla_code': Generated TLA+ code'tla_format': Format description
Convert a TLA+ counterexample to KLEE format.
Parameters:
tla_cex: TLA+ counterexample dictionaryprotocol_config: Optional protocol configuration
Returns: Dictionary with:
'source': 'TLA+''klee_code': Generated KLEE initialization code'initial_values': Dictionary of initial values
output_dir: str = 'verification',
protocol_name: str = None) -> Dict`
Convert counterexamples from JSON files.
Parameters:
klee_json_file: Path to KLEE counterexamples JSON filetla_json_file: Path to TLA+ counterexamples JSON fileoutput_dir: Output directory for converted filesprotocol_name: Optional protocol name for protocol-specific conversion
Returns: Dictionary with conversion statistics
Command-line usage:
python verification/counterexample_converter.py \
--klee-to-tla input.json \
--output-dir output/ \
--protocol raft
python verification/counterexample_converter.py \
--tla-to-klee input.json \
--output-dir output/ \
--protocol raftAnalyze counterexamples to identify property violations.
Parameters:
counterexample_file: Path to counterexample JSON fileprotocol_name: Optional protocol name for protocol-specific analysis
Returns: Dictionary with:
'total_count': Number of counterexamples analyzed'protocol': Protocol name (if specified)'analyses': List of analysis results, each containing:'violation': Violation information'candidate_property': Suggested property'pattern': Violation pattern
Command-line usage:
python synthesis/analyze_counterexample.py \
counterexamples.json \
--protocol raftIdentify which property was violated in a counterexample.
Parameters:
counterexample: Counterexample dictionaryprotocol_config: Optional protocol configuration
Returns: Dictionary with:
'property': Property name'violation_type': 'Safety' or 'Liveness''pattern': Violation pattern'description': Description of violation
- File loading functions raise
FileNotFoundErrorif files don't exist - JSON processing functions raise
json.JSONDecodeErrorfor malformed JSON - Code generation functions raise
ValueErrorif required configuration is missing
- Usage Examples - Practical usage examples
- Testing Guide - Testing documentation
- Tools README - Code generation tools