A Mechanized Proof of Loop Freedom of the (Untimed) AODV Routing Protocol

  • Timothy Bourke
  • Rob van Glabbeek
  • Peter Höfner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8837)


The (AODV) routing protocol allows the nodes in a (MANET) or a (WMN) to know where to forward data packets. Such a protocol is ‘loop free’ if it never leads to routing decisions that forward packets in circles. This paper describes the mechanization of an existing pen-and-paper proof of loop freedom of AODV in the interactive theorem prover Isabelle/HOL. The mechanization relies on a novel compositional approach for lifting invariants to networks of nodes. We exploit the mechanization to analyse several improvements of AODV and show that Isabelle/HOL can re-establish most proof obligations automatically and identify exactly the steps that are no longer valid.


Intermediate Node Wireless Mesh Network Process Algebra Proof Obligation Route Request 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bengtson, J., Parrow, J.: Psi-calculi in Isabelle. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 99–114. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Bhargavan, K., Obradovic, D., Gunter, C.A.: Formal verification of standards for distance vector routing protocols. J. ACM 49(4), 538–576 (2002)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Bishop, S., Fairbairn, M., Norrish, M., Sewell, P., Smith, M., Wansbrough, K.: Engineering with logic: HOL specification and symbolic-evaluation testing for TCP implementations. In: POPL 2006, pp. 55–66. ACM (2006)Google Scholar
  4. 4.
    Bourke, T., van Glabbeek, R.J., Höfner, P.: Showing invariance compositionally for a process algebra for network protocols. In: Klein, G., Gamboa, R. (eds.) ITP 2014. LNCS, vol. 8558, pp. 144–159. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  5. 5.
    Bourke, T., Höfner, P.: Loop freedom of the (untimed) AODV routing protocol. Archive of Formal Proofs (2014),
  6. 6.
    Chaudhuri, K., Doligez, D., Lamport, L., Merz, S.: Verifying safety properties with the TLA +  proof system. In: Giesl, J., Hähnle, R. (eds.) IJCAR 2010. LNCS, vol. 6173, pp. 142–148. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Dutertre, B., Schneider, S.: Using a PVS embedding of CSP to verify authentication protocols. In: Gunter, E.L., Felty, A.P. (eds.) TPHOLs 1997. LNCS, vol. 1275, pp. 121–136. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  8. 8.
    Fehnker, A., van Glabbeek, R.J., Höfner, P., McIver, A., Portmann, M., Tan, W.L.: A process algebra for wireless mesh networks used for modelling, verifying and analysing AODV. Technical Report 5513, NICTA (2013),
  9. 9.
    Feliachi, A., Gaudel, M.-C., Wolff, B.: Isabelle/Circus: A process specification and verification environment. In: Joshi, R., Müller, P., Podelski, A. (eds.) VSTTE 2012. LNCS, vol. 7152, pp. 243–260. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  10. 10.
    van Glabbeek, R.J., Höfner, P., Tan, W.L., Portmann, M.: Sequence numbers do not guarantee loop freedom —AODV can yield routing loops—. In: MSWiM 2013, pp. 91–100. ACM (2013)Google Scholar
  11. 11.
    Göthel, T., Glesner, S.: An approach for machine-assisted verification of Timed CSP specifications. Innovations in Systems and Software Engineering 6(3), 181–193 (2010)CrossRefGoogle Scholar
  12. 12.
    Heyd, B., Crégut, P.: A modular coding of UNITY in COQ. In: Goos, G., Hartmanis, J., van Leeuwen, J., von Wright, J., Grundy, J., Harrison, J. (eds.) TPHOLs 1996. LNCS, vol. 1125, pp. 251–266. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  13. 13.
    Hirschkoff, D.: A full formalisation of π-calculus theory in the Calculus of Constructions. In: Gunter, E.L., Felty, A.P. (eds.) TPHOLs 1997. LNCS, vol. 1275, pp. 153–169. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  14. 14.
    IEEE: IEEE standard for information technology—telecommunications and information exchange between systems—local and metropolitan area networks—specific requirements part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications amendment 10: Mesh networking (2011)Google Scholar
  15. 15.
    Lynch, N.A.: Distributed Algorithms. Morgan Kaufmann (1996)Google Scholar
  16. 16.
    Manna, Z., Pnueli, A.: Temporal Verification of Reactive Systems: Safety. Springer (1995)Google Scholar
  17. 17.
    Miskovic, S., Knightly, E.W.: Routing primitives for wireless mesh networks: Design, analysis and experiments. In: INFOCOM 2010, pp. 2793–2801. IEEE (2010)Google Scholar
  18. 18.
    Müller, O.: I/O automata and beyond: Temporal logic and abstraction in Isabelle. In: Grundy, J., Newey, M. (eds.) TPHOLs 1998. LNCS, vol. 1479, pp. 331–348. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  19. 19.
    Müller, O.: A Verification Environment for I/O Automata Based on Formalized Meta-Theory. Ph.D. thesis, TU München (1998)Google Scholar
  20. 20.
    Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL. LNCS, vol. 2283. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  21. 21.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. J. Computer Security 6(1-2), 85–128 (1998)Google Scholar
  22. 22.
    Perkins, C.E., Royer, E.M.: Ad-hoc On-Demand Distance Vector Routing. In: Mobile Computing Systems and Applications (WMCSA 1999), pp. 90–100. IEEE (1999)Google Scholar
  23. 23.
    Perkins, C.E., Belding-Royer, E.M., Das, S.R.: Ad hoc on-demand distance vector (AODV) routing. RFC 3561 (Experimental), Network Working Group (2003),
  24. 24.
    de Roever, W.P., de Boer, F., Hannemann, U., Hooman, J., Lakhnech, Y., Poel, M., Zwiers, J.: Concurrency Verification: Introduction to Compositional and Noncompositional Methods. Cambridge Tracts in Theoretical Computer Science, vol. 54. Cambridge University Press (2001)Google Scholar
  25. 25.
    Schirmer, N., Wenzel, M.: State spaces—the locale way. In: Huuck, R., Klein, G., Schlich, B. (eds.) SSV 2009. ENTCS, vol. 254, pp. 161–179. Elsevier (2009)Google Scholar
  26. 26.
    Zhou, M., Yang, H., Zhang, X., Wang, J.: The proof of AODV loop freedom. In: WCSP 2009. IEEE (2009)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Timothy Bourke
    • 1
    • 2
  • Rob van Glabbeek
    • 3
    • 4
  • Peter Höfner
    • 3
    • 4
  1. 1.INRIA Paris-RocquencourtFrance
  2. 2.Ecole normale supérieureParisFrance
  3. 3.NICTAAustralia
  4. 4.Computer Science and EngineeringUNSWAustralia

Personalised recommendations