How to Verify a Turing Machine with Dafny

TL;DR

This paper demonstrates the formal verification of two classic Turing machines using Dafny, showcasing the power of modern program verifiers in proving total correctness of fundamental computational models.

Contribution

It provides the first formal, mechanized proofs of correctness for standard Turing machine examples using Dafny, highlighting the feasibility of verifying complex invariants.

Findings

Successfully verified two Turing machines with Dafny

Proved total correctness for decider Turing machines

Showcased the capabilities of program verifiers in formal proofs

Abstract

This paper describes the formal verification of two Turing machines using the program verifier Dafny. Both machines are deciders, so we prove total correctness. They are typical first examples of Turing machines used in any course of Theoretical Computer Science; in fact, the second machine is literally taken from a relevant textbook. Usually, the correctness of such machines is made plausible by some informal explanations of their basic ideas, augmented with a few sample executions, but neither by rigorous mathematical nor mechanized formal proof. No wonder: The invariants (and variants) required for such proofs are big artifacts, peppered with overpowering technical details. Finding and checking these artifacts without mechanical support is practically impossible, and such support is only available since recent times. But nowadays, just because of these technicalities, with such subjects under proof a program verifier can really show off and demonstrate its capabilities.