Veil is a foundational framework for (1) specifying, (2) implementing, (3) testing, and (4) proving safety (and, in the future, liveness) properties of state transition systems, with a focus on distributed protocols.
Veil is embedded in the Lean 4 proof assistant and provides push-button verification for transition systems and their properties expressed decidable fragments of first-order logic, with the full power of a modern higher-order proof assistant for when automation falls short.
To use veil in your project, add the following to your
lakefile.lean:
require "verse-lab" / "veil" @ git "main"Or add the following to your lakefile.toml:
[[require]]
name = "veil"
git = "https://github.com/verse-lab/veil.git"
rev = "main"See
verse-lab/veil-usage-example
for a fully set-up example project that you can
use as a template.
The file
Examples/Tutorial/Ring.lean
contains a guided tour of Veil's main features. Check it out if you want to see
what Veil can do!
Veil requires Lean 4. We have tested Veil on macOS (arm64) and Ubuntu (x86_64). Windows with WSL2 is also supported. Native Windows support is not yet available.
To build Veil, run:
lake buildTo build the case studies run:
lake build ExamplesHow to install Lean?
If you don't have Lean installed, we recommend installing it via
elan:
curl https://raw.githubusercontent.com/leanprover/elan/master/elan-init.sh -sSf | sh -s -- -y --default-toolchain leanprover/lean4:stableDependencies
Veil depends on z3,
cvc5, and
uv. You do not need to have these installed
on your system, as our build system will download them automatically when you
run lake build. Veil will use its own copies of these tools, and will not
touch your system-wide versions.
Note that if you want to invoke Lean-Auto's auto tactic, you need to have
z3 and cvc5 installed on your system and available in your PATH.
The project consists of three major folders:
Veil/: the implementation of Veil,Test/: Veil's artificial test cases for main Veil features,Examples/: Veil's benchmarks, consisting of realistic specifications of distributed protocols
DSL/: Veil DSLAction/Theory.lean: meta-theory of action DSL with the soundness proofAction/Lang.lean: implementation of action DSL expansionSpecification/Lang.lean: implementation of protocol declaration commands
SMT/: tactics for interaction with SMTTactic/: auxiliary tactics for proof automation
FO/: non-EPR protocolsIvyBench/: benchmarks translated from IvyRabia/: Rabia protocolStellarConsensus/: Stellar Consensus ProtocolSuzukiKasami/: Suzuki Kasami protocol
Docker image
We supply a script that creates a Docker image that can be used for developing and running Veil projects. This Docker image is based on x86-64 Linux, but can be used on ARM computers with any OS that can run Docker. To use it with Visual Studio Code, follow these instructions:
- Make sure Docker is running. Run
./create_docker_image.sh. This will automatically download Veil and install most of the prerequisites on the created image. This can take up to 10 minutes. - Run the container with
docker run -dt --platform=linux/amd64 <image-id>. - On your host computer, install the Dev Containers VS Code plugin.
- Connect to the Docker container with the
Dev Containers: Attach to Running Container...action from the Command Palette (Ctrl/Cmd + Shift + P). - On the container, install the Lean 4 VS Code plugin. This needs to be done once per container.
- Initially, Veil will be placed in
/root/veil. You can move it, or open that folder directly from VS Code. - Test Veil: Go to any of Veil's example files and run the
Lean 4: Server: Restart Fileaction from the Command Palette. This may take a while on the first run, as it has to rebuild all of Veil.