{"id":21340007,"url":"https://github.com/imandra-ai/fix-engine","last_synced_at":"2025-07-12T14:32:51.925Z","repository":{"id":37972777,"uuid":"75571156","full_name":"imandra-ai/fix-engine","owner":"imandra-ai","description":"Imandra FIX Engine","archived":false,"fork":false,"pushed_at":"2024-11-18T21:25:35.000Z","size":8244,"stargazers_count":51,"open_issues_count":3,"forks_count":3,"subscribers_count":17,"default_branch":"master","last_synced_at":"2024-11-18T22:37:21.824Z","etag":null,"topics":["financial-markets","fix","fix-protocol","formal","formal-methods","formal-verification","imandra","verification"],"latest_commit_sha":null,"homepage":"","language":"OCaml","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/imandra-ai.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-12-04T23:21:22.000Z","updated_at":"2024-10-31T16:09:02.000Z","dependencies_parsed_at":"2024-01-17T15:29:57.411Z","dependency_job_id":"d63ad771-3f56-472c-801e-e27066ba2097","html_url":"https://github.com/imandra-ai/fix-engine","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imandra-ai%2Ffix-engine","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imandra-ai%2Ffix-engine/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imandra-ai%2Ffix-engine/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/imandra-ai%2Ffix-engine/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/imandra-ai","download_url":"https://codeload.github.com/imandra-ai/fix-engine/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225824984,"owners_count":17529905,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["financial-markets","fix","fix-protocol","formal","formal-methods","formal-verification","imandra","verification"],"created_at":"2024-11-22T00:48:44.393Z","updated_at":"2024-11-22T00:48:45.447Z","avatar_url":"https://github.com/imandra-ai.png","language":"OCaml","readme":"# FIX Engine Model\n## Overview\n\nThe development of the FIX Engine model began at [Imandra Inc.](http://www.imandra.ai) (AI) as part of the [Imandra\nMarkets](https://www.imandra.ai) product. The model consists of an\nexecutable formalisation of an administrative-level FIX engine, a\nsample application-level model and a set of verified precise\nstatements about the engine's behaviour. The properties we verify are\nderived from the English prose specification published by the FIX\nCommunity.\n\nThere's an explicit interface between administrative and application\nmodels to make it easier to generate the application-level logic from\na higher-level language (e.g., AI's Imandra Protocol Language or FIX Orchestra).\n\nWe hope this project will be the beginning of an industry-wide effort to\nmathematically formalise the rules and algorithms that run the\nfinancial markets. This formalisation will significantly benefit the\nindustry, cutting down time and costs for connecting (and ensuring\nregulatory compliance of) the numerous systems relying on this\nprotocol.\n\nThis README will give you a brief overview of the project. For further information please see the documentation page at https://docs.imandra.ai/fix-engine/\n\n## Why\n\nHaving a complete formal model of the FIX protocol brings many\nbenefits. To name a few:\n\n- Consensus: With the formal model, the industry has a precise,\n  unambiguous foundation for describing, evaluating and\n  improving the definitions and mechanics of the protocol.\n\n- Queryable: A formal verification engine like Imandra can be used to\n  ask and answer deep questions about the behaviour of the model\n  automatically.\n\n- Testing: Powerful model-based testing techniques can be used to\n  automatically generate high-coverage test suites (see Test Suite\n  section below).\n\n- Executable: Outside of the Imandra-specific commands used in\n  verification, the model itself is all valid OCaml code. You may use\n  the full OCaml stack to compile and run the engine.\n\n- Exportable: Using the OCaml stack, the model can be compiled into a\n  number of target languages and library formats. The community can\n  use the verified model to generate source code in other languages\n  (e.g. C++ or Java) targeting specific proprietary (or open source)\n  libraries.\n\n- Simulation: The model can be used as the basis of simulation\n  environments, using the verified engine as a semantic\n  \"gold-standard\" and test oracle.\n\n## How\n\nThe model is written in two languages: OCaml and IML. OCaml is a\nfunctional language that is gaining tremendous momentum within the\nfinancial services industry. For more information, please see\nwww.ocaml.org. For example, Jane Street a well-known market\nparticipant is a strong supporter of the language, with an active\n[blog](https://blogs.janestreet.com/category/ocaml/).\n\nIML stands for Imandra Modelling Language - it is a pure subset of\nOCaml for which we have developed a mechanised formal semantics. This\nmeans that everything written in IML can be given a precise axiomatic\n(i.e., mathematical) representation, and Imandra can then be used to\nanalyze and answer deep questions about the code. Although Imandra is\nproprietary and requires a license to use, OCaml is open source and\nthere are a number of open source theorem provers which may be adapted\nto reason about this model. For further information on theorem\nprovers, see Formal Verification section below.\n\n## What\n\nThe model is currently targeting version 4.4 of the FIX protocol. Over\ntime, we plan to cover other relevant versions. View the technical\ndocumentation for further information.\n\n## Model Verification\n\nIn addition to the model source code, you will find a collection of\n**Verification Goals** (VGs). VGs are statements in IML expressing\nproperties of the FIX engine model that we wish to verify. It's\nimportant to note that IML is used for both building the model and\ndescribing the properties we wish to verify about it.\n\nConsider the following quote from Volume 2 of the FIX 4.4 specification:\n\u003e When either end of a FIX connection has not sent any data for [HeartBtInt] seconds, it will transmit a Heartbeat message.\n\nOne way to formalise that statement is to create two VGs:\n- VG.1.1 - any outbound message will result in an updated `fe_last_time_data_sent` field\n- VG.1.2 - any time update will result in check whether Heartbeat should be sent out\n\n```ocaml\n\n(* VG.1.1 *)\nverify last_time_data_sent_gets_updated ( engine : fix_engine_state ) =\n    let engine' = one_step ( engine ) in\n    let cond = \n        begin\n            engine.outgoing_fix_msg = None \u0026\u0026 engine'.outgoing_fix_msg \u003c\u003e None \u0026\u0026\n            engine.fe_curr_mode \u003c\u003e Retransmit\n        end in\n    cond ==\u003e (engine'.fe_last_time_data_sent = engine'.fe_curr_time )\n;;\n\n(** VG.1.2 *)\nlet outbound_msg_heartbeat ( m : full_top_level_msg option )=\n    match m with\n    | Some ( ValidMsg vmsg )  -\u003e\n        begin \n            match vmsg.full_msg_data with \n            | Full_FIX_Admin_Msg admin_msg  -\u003e\n                begin \n                    match admin_msg with \n                    | Full_Msg_Heartbeat _      -\u003e true\n                    | _                         -\u003e false\n                end \n            | _ -\u003e false\n        end\n    | _ -\u003e false\n;;\n\nlet time_update_received ( m, last_time_data_sent, last_time_data_received, hbeat_interval : fix_engine_int_msg option * fix_utctimestamp * fix_utctimestamp * fix_duration ) =\n    match m with\n    | Some ( TimeChange tc_data ) -\u003e \n        begin \n            let valid_send_time = utctimestamp_duration_Add ( last_time_data_sent, hbeat_interval ) in\n            let valid_received_time = utctimestamp_duration_Add ( last_time_data_received, hbeat_interval ) in\n            utctimestamp_GreaterThan ( tc_data, valid_send_time ) \u0026\u0026 utctimestamp_GreaterThan ( valid_received_time, tc_data )\n        end\n    | _ -\u003e false\n;;\n\nverify hbeat_sent_if_no_data_sent ( engine : fix_engine_state ) =\n    let engine' = one_step ( engine ) in \n    let cond =\n        begin \n            not ( hbeat_interval_null ( engine.fe_heartbeat_interval )) \u0026\u0026\n            engine.fe_curr_mode = ActiveSession \u0026\u0026 \n            is_int_message_valid ( engine ) \u0026\u0026 \n            is_state_valid ( engine ) \u0026\u0026 \n            time_update_received ( engine.incoming_int_msg, engine.fe_last_time_data_sent, engine.fe_last_data_received, engine.fe_heartbeat_interval )\n        end in\n    cond ==\u003e outbound_msg_heartbeat ( engine'.outgoing_fix_msg )\n;;\n```\n\nIt's important to note that the 'translation' of the English-prose\nstatements into IML (or other mathematically precise formal languages)\nmay not be unique. The inherent ambiguity of natural languages is a\nmajor reason why the efforts of formalising protocol specifications\nmust be collaborative and industry-wide.\n\nNotice how this approach differs from traditional 'testing'. In the\nstatement above, we're making a high-level claim about the model\nbehaviour, and we can subject this claim to analysis over the entire\nsystem state-space. When Imandra analyses the model with respect to\nsuch a statement, it works to symbolically verify that the claim holds\nin *all* possible scenarios. When such a claim does not hold, Imandra\nworks to construct a precise sequence of events (a \"counterexample\")\nwhich exhibits a violation of the property.\n\nFor further information on model verification, see the [Model\nVerification](https://fix.readme.io/docs/verification-overview)\nsection of the project's homepage.\n\n## Test Suite Generation\n\nA fundamental issue with financial trading systems is that they may be\nin a virtually infinite number of possible states. That is, there are\ninfinitely many (or infeasibly many) possible sequences of incoming\nmessages which they may have to process.\n\nWith Imandra, we've built on recent advances in formal verification to\ndevelop powerful new forms of model-based testing. These approaches\nconstruct high-coverage test suites by 'decomposing' the state-space\nof the system model into a finite number of symbolically described\n'regions' of behaviour and then 'solving' for relevant\ntest-cases. Each region contains a set of symbolic constraints for the\ninput parameters and a corresponding invariant that the system should\nobey whenever its inputs satisfy the constraints. Imandra also\ngenerates corresponding coverage proofs verifying that the collection\nof the generated regions properly covers the possible behaviours of\nthe decomposed algorithm. This forms a core part of Imandra's\n\"Testflow\" framework for architecting and automatically deriving test\nsuites meeting rigorous state-space coverage metrics.\n\nWe will seek to ensure that the repository contains up-to-date Imandra\nregion decompositions and test packs for the latest models.\n\n## Formal Verification\n\nTraditionally, the application of formal verification has been\nreserved to highly specialised teams (often with PhDs in the subject)\nin academia, institutions such as NASA, and safety-critical industries\nsuch as avionics and microprocessor design.\n\nAt AI, our mission is to democratize formal verification, bringing its\npower to new industries in a user-friendly and scalable way. These\napplications to new industries are powered by recent advances,\nincluding CDCL-based Satisfiability (SAT) and Satisfiability Modulo\nTheories (SMT) solving, nonlinear decision procedures and scalable\ntechniques for symbolic execution.\n\nFor more on our vision for formal verification for finance, see our\nshort explainer [video](https://vimeo.com/123746101).\n\nAI has published several technical white papers about current application of FV to financial markets:\n- [Case Study: 2015 SEC Fine Against UBS ATS](https://www.imandra.ai/case-study-2015-sec-fine-against-ubs-ats/)\n- [Transparent Order Priority and Pricing](https://www.imandra.ai/transparent-order-priority-and-pricing/)\n- [Creating Safe and Fair Markets](https://www.imandra.ai/creating-safe-and-fair-markets/)\n\nAI has also written several public comments to regulatory proposals by the SEC and CFTC:\n- [Response to Proposed Rule, Regulation Automated Trading (“Regulation AT”) RIN 3038-AD52](https://www.imandra.ai/ai-submits-reg-at-comment-letter/)\n- [Response to Release No. 34-76474](https://www.imandra.ai/ai-submits-reg-ats-n-comment-letter/)\n\nIf you're interested in further background on techniques underlying Imandra, see the following academic papers:\n- [Decidability of Univariate Real Algebra with Predicates for Rational and Integer Powers](http://www.cl.cam.ac.uk/~gp351/passmore-cade25-univqri.pdf)\n- [A Complete Decision Procedure for Univariate Polynomial Problems in Isabelle/HOL](https://arxiv.org/abs/1506.08238)\n- [Computation in Real Closed Infinitesimal and Transcendental Extensions of the Rationals](http://www.cl.cam.ac.uk/~gp351/infinitesimals.pdf)\n- [The Strategy Challenge in SMT Solving](http://dl.acm.org/citation.cfm?id=2554475)\n- [Collaborative Verification-Driven Engineering of Hybrid Systems](http://arxiv.org/abs/1403.6085)\n\nAnd here are links to some great interactive and automated theorem provers:\n- [ACL2](http://www.cs.utexas.edu/users/moore/acl2/)\n- [Agda](http://wiki.portal.chalmers.se/agda/pmwiki.php)\n- [Coq](https://coq.inria.fr)\n- [Lean](https://leanprover.github.io)\n- [Isabelle](https://isabelle.in.tum.de)\n- [Matita](http://matita.cs.unibo.it/)\n- [MetiTarski](https://www.cl.cam.ac.uk/~lp15/papers/Arith/)\n- [Prover9 and Mace4](https://www.cs.unm.edu/~mccune/mace4/)\n- [PVS](http://pvs.csl.sri.com/)\n- [SPASS](http://www.mpi-inf.mpg.de/departments/automation-of-logic/software/spass-workbench/)\n- [Z3](https://github.com/Z3Prover/z3)\n\nFor a great non-technical introduction to the discipline of\nformal verification and some of its history, we recommend\n[\"Mechanizing\nProof\"](https://mitpress.mit.edu/books/mechanizing-proof) by Donald\nMackenzie.\n\nFor learning the mathematics behind the techniques, we suggest:\n- [Handbook of Practical Logic and Automated Reasoning](http://www.cambridge.org/catalogue/catalogue.asp?isbn=9780521899574) by John Harrison, Intel\n- [Coq'Art](https://www.labri.fr/perso/casteran/CoqArt/) by Yves Bertot and Pierre Castéran, INRIA\n- [A Computational Logic](https://www.cs.utexas.edu/users/boyer/acl.pdf) and subsequent books by Robert S. Boyer and J Strother Moore, UT Austin\n- [Isabelle/HOL - A Proof Assistant for Higher-Order Logic](https://www21.in.tum.de/~nipkow/LNCS2283/) by Tobias Nipkow, Lawrence C. Paulson and Markus Wenzel, Cambridge and T.U. München\n- [Decision Procedures - An Algorithmic Point of View](http://www.decision-procedures.org/) by Daniel Kroening, Oxford and Ofer Strichman, Technion\n- [Quantifier Elimination and Cylindrical Algebraic Decomposition](http://www.springer.com/us/book/9783211827949) by Bob Caviness and Jeremy Johnson (Eds.)\n- [Symbolic Logic and Mechanical Theorem Proving](http://dl.acm.org/citation.cfm?id=550421) by Chin-Liang Chang and Richard Char-Tung Lee, NIH\n- [Principles of Model Checking](https://mitpress.mit.edu/books/principles-model-checking) by Christel Baier and Joost-Pieter Katoen, T.U. Dresden and RWTH Aachen\n- [Handbook of Automated Reasoning](http://www.sciencedirect.com/science/book/9780444508133) by Alan Robinson and Andrei Voronkov (Eds.)\n\nIf you have other relevant publications or academic papers related to\napplication of formal verification (or formal methods, etc) to\nfinancial markets, please create a PR.\n\n\n## License\n\nApache 2.0\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fimandra-ai%2Ffix-engine","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fimandra-ai%2Ffix-engine","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fimandra-ai%2Ffix-engine/lists"}