Lecture 10: IronFleet II

Preparation

Apply the following changes to the Lock system. All file paths are relative to ironfleet/src/Dafny/Distributed/.

• In Services/Lock/AbstractService.s.dfy, extend Service_Next to say that the new lock holder is in fact a new holder:

        && |s.history| > 0
        && new_lock_holder != s.history[|s.history|-1]   

Exercise

Update the refinement proof to prove that the protocol meets the new specification. To invoke Dafny, use the following command line from ironfleet:

./tools/Dafny/Dafny.exe /noNLarith /allowGlobals /z3opt:nlsat.randomize=false /compile:0 /timeLimit:30 /noCheating:1 /autoTriggers:1 /ironDafny src/Dafny/Distributed/Protocol/Lock/RefinementProof/RefinementProof.i.dfy

Hints

• The definition of the protocol (in Protocol/Node.i.dfy) will need a small fix.
• DistributedSystem.i.dfy will need a one-line fix
• You may want to make use of and to strengthen the MakeHistory lemma in Protocol/Lock/RefinementProof/RefinementProof.i.dfy.
• You may want a handy property about mod. To get it, modify Protocol/Lock/RefinementProof/RefinementProof.i.dfy. At the top, add include "../../../../Libraries/Math/div.i.dfy". Inside the module declaration, add import opened Math__div_i. Finally, add the following lemma that will likely come in handy:

    lemma mod_identity(x:int, m:int)
        requires m > 1;
        ensures  x % m != (x+1) % m;
    {
        if x % m == (x+1) % m {
            lemma_mod_equivalence(x+1,x, m);
            lemma_mod_is_mod_recursive(1, m);
            assert false;
        }
    }