Analysis and verification of a one-bit full-duplex sliding window protocol using PAV / by Khan, Azhar Imtiyaz
Lehigh University
Lehigh Preserve
Theses and Dissertations
1987
Analysis and verification of a one-bit full-duplex
sliding window protocol using PAV /
Azhar Imtiyaz Khan
Lehigh University
Follow this and additional works at: https://preserve.lehigh.edu/etd
Part of the Electrical and Computer Engineering Commons
This Thesis is brought to you for free and open access by Lehigh Preserve. It has been accepted for inclusion in Theses and Dissertations by an
authorized administrator of Lehigh Preserve. For more information, please contact preserve@lehigh.edu.
Recommended Citation
Khan, Azhar Imtiyaz, "Analysis and verification of a one-bit full-duplex sliding window protocol using PAV /" (1987). Theses and
Dissertations. 4760.
https://preserve.lehigh.edu/etd/4760
ANALYSIS AND VERIFICATION OF A ONE-BIT FULL-DUPLEX SLIDING 
WINDOW PROTOCOL USING PAV 
By 
AZHAR IMTIYAZ KHAN 
A Thesis 
Presented to the Graduate Committee 
of Lehigh University 
\ 
\ 
in Candidacy for the Degree of 
Master of Science 
in 
Computer Science. 
Lehigh University 
1987. 
. 
I I 
CERTIFICATE OF APPROVAL 
This thesis is accepted and approved in partial fulfillment 
of the requirements for the Master of Science degree in 
Computer Science. 
ate) 
(Head, n of Computer Science) 
of Department) 
• • 11 
ACKNOWLEDGEMENTS 
I sincerely wish to thank my thesis advisor Professor 
Richard Denton for all the guidance and help that I 
received from him during this work. 
I also wish to acknowledge the help of Krishan 
Sabnani, Aleta Lapone and their supervisor Nicholas 
Maxemchuk of AT&T Bell Laboratories, Murray Hill, NJ for 
allowing the use of their software package PAV, and for 
their continual support of our work here at Lehigh 
University. 
Finally, I would like to thank my colleagues Chang-
Seop Park, Isil Canbazoglu, Hui-Chu Chao and Charles Cerny 
for all their help and encouragement in this work. 
I I I 
11.l. 
• -··---·--- ...... 1 __ ..:__ ., 
List of Figures 
Abstract 
Chapter 
I. INTRODUCTION 
'i 
TABLE OF CON'l'ENTS 
1.1 
1.2 
General • • • • • • • • • • • • • • • • • • • • • • • 
Scope of the thesis • • • • • • • • • • • 
II. SLIDING WINDOW PROTOCOLS 
2.1 
2.2 
General • • • • • • • • • • • • • • • • • • • • • • • 
One-Bit Full-Duplex 
Sliding Window Protocol • • • 
2.3 Two Versions of the One-Bit Full-
Page 
vi 
1 
3 
3 
8 
9 
9 
13 
Duplex Sliding Window Protocol. 15 
III PROTOCOL ANALYZER AND VERIFIER (PAV) 
IV 
V 
3.1 
3.2 
3.3 
General 
• • • • • • • • • • • • • • • • • • • • • • • • 
PAV • • • • • • • • • • • • • • • • • • • • • • • • • • • • 
Input to PAV 
• • • • • • • • • • • • • • • • • • • 
PROTOCOL ANALYSIS AND VERIFICATION 
4.1 Formulation of the Protocols 
• • • 
CONCLUSIONS 
5.1 
5.2 
I 
State Space Explosipn 
• • • • • • • • • • 
Future Research· 
• • • • • • • • • • • • • • • • 
Bibliography ................ ~- ........... . 
• 1V 
17 
17 
17 
19 
22 
22 
31 
31 
34 
) 35 
' 
; 
' ,,, 
Appendix A. SLWINl: Protocol description and 
output • • • • • • • • • • • • • • • • 37 
Appendix B. SLWIN2: Protocol description and 
output • • • • • • • • • • • • • • • • 51 
Vita • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 69 
t 
V 
. I 
Figure 
2.1 
2.2 
3.1 
4.1 
LIST OF FIGURES 
Model of Communicating IMP·'s and Hosts. 
A One-Bit Sliding Window of size 1. 
A typical process description in PSL. 
Inputs and outputs to and from the SLWIN 
Page 
10 
14 
21 
protocols. 23 
4.2 Components of SLWINl- Protocol. 26 
4.3 Final Reduced machine (SLWINl and SLWIN2). 28 
4.4 Components of SLWIN2 Protocol. 30 
vi 
ABSTRACT 
In this thesis, work has been done to use the Protocol 
Analyzer and Verifier (PAV) package to analyze and verify 
the One-Bit Full-Duplex Sliding Window protocol of the Data 
link layer in the International Standards Organization's 
Open Systems Intercommunication (OSI) standard. The 
components of the protocol consist of two IMP's which send 
messages and acknowledgements to one another, two timers 
and two channels over which the IMP's communicate. 
To analyze and verify, PAV requires that the protocol 
be modeled as a collection of interacting finite state 
machines. This model must then be translated into the 
Protocol Specification Language (PSL) for input to PAV. The 
One-Bit Full-Duplex sliding window protocol was modeled in 
two different ways and then analyzed. In the first model, 
each IMP was modeled as one finite state machine. In this 
case, the IMP acted both as the sender and the receiver. In 
the second model, each IMP was split into two parts, the 
sender and the receiver. The sender sent messages over the 
channel to the other IMP, while the receiver accepted 
messages from the other IMP and passed these to its sender. 
After the two versions were modeled, the PSL description of 
the protocol was generated and fed to PAV. PAV then 
' 
performed the analysis and checked the protocol for any 
1 
\ 
errors such as deadlocks or livelocks. 
PAV verified the fact that the two versions of the 
protocol, as modeled, did not have any deadlocks and/or 
livelocks. The final reduced Application View Finite State 
machine (AVF) was the same for both the analyses and 
depicted the exact behavior of the protocol with respect to 
the user processes. The user processes corresponded to the 
transitions where the hosts send and receive messages to 
and from the protocol. 
Due to the large amount of computer resources that PAV 
uses to perform the analysis, it was necessary to split 
each version of the One-Bit Full-Duplex sliding window 
protocol into two parts and analyze and verify each part 
separately. Then the reduced machines from the two analyses 
were taken and analyzed together to give the entire 
analysis of the protocol. This process not only used less 
computer resources but also helped one to have a better 
control over the entire analysis due to the small number of 
machines analyzed each time. 
2 
•{' 
i~, .' . 
1.1 General 
Chapter I 
IN·l'RODUCTIOH 
.. 
Computer networks are becoming increasingly popular 
with a lot of companies investing heavily in their 
development. These networks are being utilized to perform a 
wide variety of services and users are already heavily 
dependant on them. With such a demand for network services 
the proper functioning of the network becomes a critical 
issue in its development. 
In order to have the networks functioning properly, it 
is very necessary to have reliable protocol 
implementations. "Reliable" when used with protocols 
implies that the protocol should be free of the following 
general errors1 and have certain 'specific• properties. The 
general errors are identified as follows: 
Deadlocks 
These are global states from which there are no 
transitions for the global machine to any other state. The 
global machine is said to be locked in this state. This 
state is an error state. It is, however, ~ite possible 
that the deadlocked state maybe the terminal state, hence 
desirable. 
',J 
3 
~--.J 
Unspecified Message Receptions 
This corresponds to a situation when a protocol 
receives a message it is not expecting, and has no 
knowledge of what to do with it. This is an error state and 
can lead to unpredictable behavior. 
Non-executable sections 
It is quite likely that a protocol can be designed for 
message transmissions and receptions that cannot occur 
under normal conditions. This constitutes a non-executable 
interaction for the protocol. It is equivalent to dead code 
or unused message. 
Livelocks 
A livelock is said to have occured when the global 
machine is locked in a small set of states within which the 
protocol makes no progress towards providing its expected 
services. Such a condition is undesirable and ways must be 
found to break the livelock in these cases. 
The 'specific' properties2 that the protocol must have 
are classified into two categories. Safety properties and 
Liveness properties. 
Safety properties state that nothing bad can happen, 
and if a protocol makes progress then it will be in a 
position to provide the expected services correctly. On the 
other hand liveness properties mean that the protocol will 
4 
" 
make progress. Liveness properties describe the future 
behavior of the protocol. 
Thus, it is essential that the protocols used in a, 
computer network be thoroughly tested and verified for any 
errors before they are implemented. 
In recent years there has been a lot of progress to 
create an integrated set of tools which can be used to 
develop reliable communication protocols. These tools help 
the user to specify, verify, implement and test protocols. 
These tools are quite complicated because protocols are 
complex and require thorough testing. Many of these tools 
require that the protocol and its elements be specified in 
the form of one or several finite state machines 
interacting with each other. 
For communicating FSM's the reachability computation1 
is the most popular approach used. This computation 
requires that all the component FSM's be composed into one 
global FSM. All the states of the· global FSM are known as 
global states. Each global state is a vector and the 
components of this vector are states of the component 
FSM's. During the composition of FSM's, all possible 
interactions between the component FSM's are considered and 
all possible global states are found. The process of 
5 
' . , 
finding out the successor states is recursive and continues 
until no more successor states can be found. 
All the global states with no successor states are 
deadlocked states, some of which may be desirable terminal 
states. This process requires the use of a computer because 
composing all the component FSM's can take a very long time 
and could be very tedious. 
Many other techniques have also been used to model 
protocols and verify their functional behavior. Petri nets, 
proposed by Danthine and Merlin 314 , is one modeling 
technique used to represent protocols. Petri nets are used 
to detect protocol failures in the same way as finite state 
machines. Hajek516 , proposed another approach and developed 
a program called APPROVER which could mechanically 
generate all states from a given initial state and also 
check the validity of user specified conditions in each 
state. The APPROVER has been used to verify many actual 
protocols and has also been able to detect errors in 
protocols previously proven correct by hand. 
In their paper 7 , Sabnani and Schwartz have described 
the verification of a multi-destination protocol using 
temporal logip. Temporal logic is an extension of predicate 
l 
calculus to enable reasoning about concurrent ~rograms. 
6 
•·, 
A validation technique proposed by Zafiropulo8 is 
known as the Duologue Matrix Approach. This approach is 
however too limited for verifying most protocols because it 
has two serious limitations. These limitations are as 
follows: 
1. This technique can only be used with protocols in 
which the interacting processes return back to their 
initial states and 
2. It can only be used with protocols which have only two 
processes interacting with each other. 
Another validation technique proposed by West9 is the 
state Perturbation approach which removes the limitations 
of the Duologue Matrix approach. It begins with an initial 
state, which consists of the states of all the component 
processes and then generates all the successor states from 
this initial state. It then checks all the system states 
transitions and their possible interactions. This approach 
is very similar to the reachability computation used in 
. 
connection with finite state machines. 
The last two techniques can be automated using a 
computer program. 
7 
,, 
• 
1.2 Scope of the Thesis 
In this thesis, work has been done to use the Protocol 
Analyzer and Verifier (PAV) package10 to analyze and verify 
the One-bit full-duplex sliding window protocol 11 of the 
data link layer in the ISO OSI standard. 
This protocol has been modeled in two different ways 
and has been thoroughly analyzed and verified using PAV. 
The analysis and verification included a complete check for 
any deadlocks and livelocks in the protocol. The resultant 
reduced finite state machine depicts the behavior of the 
entire protocol when machine A sends a message to machine B 
and vice versa. 
This work was done on the CDC CYBER 8 50 mainframe in 
an emulated UNIX (NOS/VE) environment. The first task was 
to transfer PAV from the AT&T 3B2 UNIX environment onto the 
CYBER UNIX environment and iron out all the system 
inconsistencies and incompatibilities. Several times the 
source code had to be modified and/or additions made, to 
override certain memory constraints or to fix some 
erroneous conditions which hindered the working of PAV. 
8 
2.1 General 
Chapter II 
SLIDING WINDOW PROTOCOIS 
Sliding Window protocols11 are classic examples of 
protocols which can be used in the transfer of,data between 
two adjacent Interface Message Processor's (IMP's). These 
are the protocols which carry out the data transfer in the 
data link layer of the International Standards 
Organization's Open System Intercommunication (OSI) model. 
These protocols may be simplex, meaning the data transfer 
can be in one direction only or the protocol may be half-
duplex in which case there is only one communication line 
but both IMP's can transmit data to one another. There can 
also be full-duplex data transmission in which the data 
transfer • 1S and there • is one in both directions 
communication line each for each one of the two IMP's. 
Inthe Sliding Window protocols, the IMP's are assumed 
to be physically connected by a communication channel, 
which delivers bits in exactly the same order in which they 
are transmitted. The general model for the communicatin,g 
hosts and IMP's is shown in Figure 2.1. The communication 
line between the IMP and the host is assumed to be perfect. 
9 
.. 
'• 
• 
Hosts exchange messages 
HOSTA I ~ --· -- --- -· .- - - .,.-------.... _ _. HOSTB 
• 
IMPA IMPB 
IMP's exchange frames 
• 
• 
.. 
rigure 2.1 Model of ·.communicating. ·IMP' s and Host'.~. 
• • 
• 
. ' . ,.: ·-'-. i 
•' I ' ,: .\ 
~ . . . ~ . .- . ' . 
• • •· •• ·.1 :· ,, ' 
. ' • ... ·,, ··,,' · ... , . 
. '' 
' 
,' ; . ; _,' '' ,._- ,.,. I• 
. . .. 
' . 
,. . . ' 
,. .. ' 
:· ..  ·.,, •. : -.·.1.~ .  >.>·_:.·.:.:·: .. ··.:.:.·, .. : ..'.:.·.,..... · .. ·, ...... , '.:. ).• 
- - 'I ,,. __ ,_s,_;_~'· ,;._ ._,. •:.:,. 
. ' 
. ·.. '• 
'.· • ' - • - ..... .:_' j ·..., - -' • 
. . 
• , ,,: l, , .· '• I' 
. . q .. ·. • .. 
/" 
. .. 
. .. : 
. . 
. 
' . 
·, . 
~· I ' 
The two IMP's exchange messages via frames. When an 
IMP receives a message from its host, it constructs a frame 
using that message. The frame contains other information in 
addition to the message itself. A schematic diagram of a 
typical frame is shown below. 
• 
Kind Sequence# Ack. # Message 
The kind field indicates the type of the frame, i.e. 
whether the frame contains any data or not. Sequence# and 
Ack# are frame numbers of the frame being sent and the 
frame being acknowleged, respectively. Message is the unit 
of information between a host and an IMP, or a host and a 
host. 
Sliding Window protocols are very robust and reliable. 
In all sliding window protocols, every outbound frame 
contains a sequence number which can be from o to some 
maximum number n. The IMP's in sliding window protocols 
conceptually have a sender's or sending window and a 
receiver's or receiving window. The sender maintains a list 
of consecutive sequence numbers of the frames it is 
11 
permitted to send in its sending window. The sequence 
numbers within the sender's window represent frames which 
have been sent but their acknowledgement has not yet been 
received. When the IMP gets a new message from its host it 
advances the upper edge of the sending window by one and 
gives this sequence number to the frame. Whenever the IMP 
receives an acknowledgement it advances the lower edge of 
the sender's window by one. The sender thus maintains a 
list of currently unacknowledge.d frames. 
In much the same way the receiver also maintains a 
list of consecutive sequence numbers of frames it is 
permitted to accept. The receiver accepts all frames whose 
sequence numbers fall within the receiving window and 
rejects any frame that falls outside this window. In the 
event the receiver receives a frame whose sequence number 
falls within its receiving window, the IMP passes the 
message along to the host and the receiving window is 
rotated by one. 
The receiver's window is of constant size unlike the 
sender's window, and a receiver's window size of 1 implies 
that the IMP accepts frames in order. However a receiver's 
window size of greater than 1 is also permitted. The IMP 
always sends data to its host in proper order, irrespective 
of the receiver's window size. In such a case the IMP 
12 
' 
buffers the data and finally sends it to the host when it 
has received all the frames falling in the receiving 
window. 
When an IMP receives the frame it is waiting for, the 
message is passed onto the host. The next step is to send 
an acknowledgement for the receipt of the frame. If the 
host now has a new message to send, the IMP ''piggybacks'' 
the acknowledgement for the frame which was received to the 
new message and sends it over the communication channel. In 
the event the host does not have a new message to send, the 
IMP simply sends the old message with the acknowledgement. 
If the sending IMP does not receive an acknowledgement 
for the frame which it has sent within a certain period of 
time, it times out. It then sends the frame again and waits 
for its acknowledgement. 
2.2 One-Bit Full-Duplex Sliding Window Protoco111 
In this protocol the data transfer is two way with 
both IMP's communicating with each other. The receiver's 
window has a size of one in this case. The outgoing frames 
simply have a sequence number of either zero or one. The 
working of this protocol is as shown in Figure 2.2. 
13 
.. 
. , ' 
1 0 1 0 i 0 
• Sender 
1 0 i 0 1 · 
• Recei:ver 
. ( a) (b.) (C) (d) 
,• 
Figure 2.2 
• 
A One-Bit Sliding Window of size 1. 
- . 
• 
., 
0 
0 
• 
·, . 
.-: : ~. ' 
' ' ... 
'. '')' ... 
. ·:.. . 
Figure 2.2a depicts the scene initially, with the 
receiving window expecting a frame with sequence number 
zero. Figure 2.2b shows the situation when the sender has 
received a message from its host, given it a sequence 
number of zero and sent it over the communication line. In 
short the sender is now waiting for an acknowledgement of 
its frame zero. Figure 2.2c is the situation when the 
receiver has received frame zero sent by the sender. The 
receiver then checks its window to make sure this is the 
frame it is expecting. On finding that it is so, it 
extracts the message from the frame, sends it to its host, 
and advances the receiving window by one to show that it is 
now ready to accept frame one. The receiver also sends an 
acknowledgement to the sender along with any new message it 
has received from its host. Figure 2.2d shows that the 
sender has received an acknowledgement for frame zero and 
thus pulls the lower edge of its window by one. The sender 
now shows that it has no unacknowledged frames. 
Since the protocol is full-duplex each IMP will have 
its own senders' and receivers' window. 
2.3 Two Versions Of The 1-Bit Sliding Window Protocol 
In this thesis two versions of the 1-bit sliding 
window protocol were analyzed and verified. The two 
15 
versions are known as SLWINl and SLWIN2 in this work. The 
communicating IMP's are known as IMPA and IMPB and their 
corresponding hosts, HOSTA and HOSTB. 
The first version (SLWINl) deals with the case in 
which the both the communicating IMP's were simply 
formulated as one machine which acts both as the sender and 
receiver. In the second version (SLWIN2) each of the two 
IMP's is modeled as two machines, the sender and the 
receiver seperately. 
In SLWIN2 the sender for one IMP sends messages to the 
other IMP's receiver and also communicates with its own 
receiver. The receiver for the IMP accepts messages from 
the other IMP's sender and then sends these messages to its 
own sender which may then send the message to its host 
machine. 
16 
• 
CHAPTER III 
PROTOCOL ANALYZER AND VERIFIER 
3.1 General 
The Protocol Analyzer and Verifier (PAV) package10 was 
developed at AT&T Bell Labs at Murray Hill, NJ, to analyze 
and verify protocol implementations. 
PAV requires that the protocol to be verified be 
modeled as a collection of finite state machines. This 
model must then be translated into the Protocol 
Specification Language (PSL) and input to PAV. PAV then 
checks the syntax and consistency of the specification. It 
then checks the protocol model for any general errors1. If 
·' 
any errors exist in the implementations, PAV informs the 
user about them. 
3.2 PAVlO 
PAV has the capability to check a protocol for the 
presence of any deadlocks and livelocks. A deadlock, as 
defined before, is a state of the global machine from which 
there are no transitions to any other states. The global 
machine is said to be locked in this state. A livelock, on 
the other hand, happens when the protocol is locked forever 
into a small set of global states in which it makes no 
17 
progress towards performing its rvices. 
As mentioned before, the protocol model, in FSM form, 
has to be translated in PSL for input to PAV. PAV takes 
this input and does a syntactic checking of the same. PAV 
mainly attempts to check and verify if the number and names 
of the states and input/output operations in the process 
declarations and the process body are identical. A further 
scan is made by PAV to verify that for each input/output 
operation declaration there is a matching input/output 
operation in the corresponding process. 
There are several options with which PAV can be run. 
If PAV is not run with any options it simply composes all 
the component finite state machines in the protocol to 
create a reachable global finite state machine. It uses an 
algorithm which first composes any two FSM's. Then this 
composed FSM is composed with another FSM and the process 
continues till only one global finite state machine 
remains. This global FSM captures the behavior of all the 
component FSM's in the protocol and depicts all possible 
outcomes the protocol may attain. 
During the computation of the global FSM, PAV also 
checks for deadlocks in the protocol and lists out all such 
deadlocked global states for the user. ( 
18 
--------------------------------··. 
If the option of ''-s'' is specified in the execution, 
PA~ not only composes the global FSM but also performs a 
reduction of the global FSM. PAV asks the user to input the 
user processes with respect to which it should perform 
~ (, 
•• • • the reduction. After the user proc~sses are supplied to it, 
PAV attempts to create a reduced FSM which portrays the 
behavior of the protocol with respect to the user 
processes. The reduced FSM so obtained is known as the 
Application View Finite State Machine, AVF in short. 
Another option that can be specified alongwith the ''s'' 
option is the 11 -1 11 option. This option causes PAV to 
perform the livelock check and determine if any livelocks 
are present in the user proto~ol. In this case, PAV 
~ 
·, 
attempts to compute all the strongly connected components 
in the global reachable FSM in which there are no 
interactions between the user and the component processes. 
It is quite possible that each one of these strongly 
connected components in the protocol could be a livelock. 
For the livelock check, PAV scans the entire domain or all 
the states of the global FSM to find the strongly connected 
components. 
3.3 Input to PAV 
The input to PAV is in the 'Protocol Specification 
19 
• __ _..i.._' 
Language (PSL). All the finite state machines modeled in 
the protocol have to be translated into PSL. The formal 
definition of PSL, in Backus Naur form, is given in the 
paperlO by Sabnani and Lapone. In PSL, the interactions of 
the finite state machines with one another using 
interprocess input/output operations are based on the 
language Communicating Sequential Processes (CSP) proposed 
by Hoare12• 
In PSL, each FSM in the protocol is considered as a 
process. Each process in PSL has the format shown in 
Figure 3.1. 
The very first element in the process declaration is 
the process name. Next, the user has to specify all the 
states that exist in the protocol. After the states, all 
the input/output operations in the protocol are listed. The 
initial state of the protocol is listed next. After all 
these process declarations, the body of the process is 
listed. The process body consists of state transitions 
alongwith the input/output operations which cause these 
state transitions. A final period (.) signifies the end of 
the process definition. Every component FSM in the protocol 
is modeled in this way. 
·20 
PROCESS processname; 
STATES list of states in the machine; 
IO list of all the I/0 in the machine; 
INITIAL STATE 
TRANSITIONS 
the initial state 
list of transitions in the machine 
in the form 
from state: to state WHEN transition. 
Figure 3.1 A typical process description in PSL. 
21 
',' 
'•·. \ 
CHAPTER IV 
PROTOCOL ANALYSIS AND VERIFICATION 
4.1 Formulation of the Protocols 
As mentioned earlier, in Chapter 2, two versions of 
the 1-Bit Sliding Window protocols were analyzed and 
verified using PAV. In one version (SLWINl) the IMP's for 
the two hosts act as receivers and senders, whereas in the 
second version (SLWIN2) each IMP is split into two distinct 
machines, the sender and the receiver. 
The two SLWIN protocols were analyzed piece-by-piece, 
meaning half the machines of the protocol were combined and 
analyzed first and the other half were combined and 
9,,, 
analyzed seperately. Then the reduced machines, for the two 
analyses, were combined. The final output gave the complete 
behavior of the protocol with respect to the inputs and 
outputs to the protocol (Figure 4.1). 
The interprocess input/output operations are defined 
as follows10• An output operation in process2 is denoted by 
processl!msg (send msg to process 1) and a matching input 
operation in processl is denoted by process2?msg (receive 
msg from process2). These matching operations are carried 
out at the same time and this message exchange is called a 
22 
.. 
' 
HOSTA 
• 
-
Figure 4.1 
. . 
• 
j• ', ,· I 
' . ' .. ~ .~... _· '·.·: ,·.·\: 
' '. •- -.... 
• ,, 
.. 
msgl msg2 
.. 
SLWIN Protocols 
msg2 msgl 
• 
With. respect.to the SLWIN protocols 
the USER PROCESSES are 
hosta?msgl hostb·!msgl 
hostb?msg2 hosta!m~g2 
HOSTB 
...... 
Inputs . and outputs .to and from the · SLWIN pi::~tocols. · -/ 
• 
. ·. ', : .. 
,.t·, Ii 
. .' .. • . 
. . .~~ . 
. . 
. ' ... 
. ' 
.·.; · ... , ' .. 
(,. '· ' 
. . ' " . ' ,' 
. . •'' ·1. . . ! :: . '\, ··,,_ ' .•• ,. .• . . 
• ' ' iii . 
. " 
. : '' 
' \, I 
. \ ' . 
. ~ . : .~: '·.:,: .' .. \ 
' .. ,,, ' 
' ' . ' 
,' . 
rendezvous. 
Terminology used in the SLWIN protocols 
In any SLWIN process the interprocess input a?msg 
means that this process receives a message msg from process 
a. In addition a!msg means that the process sends a message 
msg to the process a. 
faO and fal are the frames f with sequence numbers O 
and 1 respectively sent by hosta to hostb. Likewise fbO and 
fbl are frames of hostb sent to hosta. 
In the SLWIN2 protocol the following additional i/o 
messages are used. 
raaOfbO, raaOfbl, raalfbO and raalfbl. 
rabOfaO, rabOfal, rablfaO and rablfal. 
These messages are sent by the receiver to the sender. For 
example in the case of the transition sa!raaOfbO in machine 
ra, the receiver ra is telling its sender sa that it has 
received an acknowledgement (the string •ra' after the '!' 
character stand for 'received acknowledgement for frame') 
for the frame faO which was sent to impb, along with the 
frame fbO from impb. The senders also send messages of the 
form rx!eamn to their receivers. For example, the sender sa 
sends a message ra!eaao to its receiver ra,telling it to 
24 
expect an acknowledgement (the string •ea• in the message) 
for its frame faO from hostb. 
Formulation of SLWINl 
In order to verify this protocol, finite state 
machines were constructed for all the components of the 
protocol. The various components of the protocol are as 
shown in Figure 4.2. This protocol consists of 6 component 
machines. These are impa, impb, chl, ch2, timerl and 
timer2. Impa and impb are the two communicating IMP's which 
send and receive messages. Chl and ch2 are the two channels 
over which messages and acknowledgements are sent and 
received. Timerl and timer2 are simply two timers 
associated with impa and impb respectively. The messages 
sent by impa are known as msgl and those sent by impb are 
known as msg2. These messages are given sequence numbers o 
and 1. 
This protocol has been set up in such a way that impa 
begins first by sending a message msgl to impb. On receipt 
of msgl, impb now starts sending acknowledgements and 
messages to impa. 
The analysis of the SLWINl protocol was carried out as \ 
follows. First the three machines impa, timerl and chl were 
25 
.. 
' . "" 
',' 
.. 
TIMER! 
IMPA 
CHl 
• 
CH2 
• Protocol. Figure 4.2 Components of SLWINl 
\. 
26 
• 
. . 
TIMER2 
IMPB 
. 
. 
• 
. 
. . 
• . 
• 
'' 
. •, •· ' . 
.. -· 
•• 
' . 
' . 
I, ., 
.· . . ;:, 
' ''·, ',· , . 
it·.' '' 
composed together and analyzed for deadlocks and livelocks. 
Then the remaining three machines impb, ch2 and timer2 were 
analyzed together. The result from these analyses were two 
reduced machines (one from each analysis). These reduced 
machines depict the behavior of the protocol with respect 
to the user processes, which in this case were all the 
inputs and outputs for each of the two machines. 
Finally the reduced outputs from the two analyses 
were composed tegether to get the overall behavior of the 
protocol. The entire protocol description in PSL and the 
outputs from the analyses are given in Appendix A. 
It was found that this protocol did not have any 
deadlocks or livelocks, and the final reduced machine 
depicted the exact behavior of the protocol with respect to 
its user processes. The user processes in this case were 
the inputs and outputs to and from the protocol, Figure 
4.1. The final reduced machine is shown in Figure 4.3. 
27 
'' 
., 
• Figure 4.3 
:' "-.1 . ,_.: . 
' . 
.J. - '" ..... _. • . 
• 
hosta?msgl 
hosta?msgl + 
hostb!msgl + 
hostb?msg2 t 
---..... hos ta! msg2 
Final Reduced -machine (SLWINl and SLWIN2) • 
. . . 
- 28 .. 
,, . 
. . . . 
. . ' " 
. . ·,· ; . '··: ' .. 
_ ', ___ ~. - {. · .. .. ·.'·.:·~-· .. : \_ ', ~---~ . :· ·_: -· ·. . ·'. ..... : .. ~ ..... 
. ' . 
. . 
'. 
. I ' ' ' .. '' ·~ :,' 
···' -·, - ,.·. 
, • ,, •':,·' I;•'• " ; '.· 
. ',. .'.' 
. ,• 
,', . ' . 
• ' ·.• •••• ·_ ' • 1_ ' • •.•• -- --~-~-----' 
Formulation of SLWIN2 protocol 
This protocol is a modified version of the SLWINl 
protocol. In this protocol the communicating imps are split 
into two distinct machines, the receiver and the sender. 
Thus this protocol consists of 8 machines, sa (sender for 
the impa), ra (receiver for impa), chl, timerl, sb, rb, 
ch2 and timer2. The various components of this protocol are 
shown in Figure 4.4. 
As before this protocol was analyzed in 3 steps. First 
the FSM's sa, ra, timerl and chl were composed together and 
analyzed and verified. Next the FSM's sb, rb, timer2 and 
ch2 were composed and analyzed. Finally the reduced 
machines of the two analyses were analyzed together. 
The protocol description and the results from the 
analyses are as given in Appendix B. The final output, 
Figure 4.3, in this case is the same as the one obtained 
from the analysis of SLWINl. As before it was found that 
this protocol had no deadlocks or livelocks. 
29 
SA 
• 
RA 
• 
···--- ..... 
Figure 4.4 
• 
TIMERl 
; 
CHl 
Components of SLWIN2 Protocol, 
30 
•.. 
TIMER2 
SB 
RB 
• ~· > 
' ,; 
, 
. . 
Chapter V 
CONCIDSIONS 
The analysis and verification of the one-bit full-
duplex sliding window protocols was carried out in this 
work. The Protocol Analyzer and Verifier (PAV) package was 
used for the analysis and verification. It was found that 
the protocol, as modeled, did not have any deadlocks or 
livelocks. 
PAV proved to be an excellent package for the analysis 
and verification of the protocols. PAV, which is still in 
the experimental stage, has the potential of becoming one 
of the major packages for the analysis and verification of 
communication protocols. 
5.1 State Space Explosion 
For analysis and verification, PAV requires that the 
• 
protocol be modeled as a set of interacting FSM's. It then 
uses the reachability computation1 to do the analysis. 
In the reachability computation, all the communicating 
FSM's are composed into one global FSM which gives all the 
possible outcomes the protocol may achieve. The number of 
states in this global machine is equal to the product of 
31 
I 
., .. : 
. \ 
the number of states in each of the communicating FSM's. 
The memory space required to store all these global states 
and the associated information is huge. Also the time 
required for such an exercise is quite enormous. In other 
words there is a strong likelihood of a •state Space 
Explosion' even in the case of reasonably-sized protocols. 
such a behavior was observed in the analysis of the 
SLWIN2 protocol. It was found that the computer exceeded 
the memory limits if the protocol was analyzed as a whole. 
It was found that 11llis problem could be solved by 
\ 
splitting the protocol into a number of parts and then 
analyzing each part seperately and forming a reduced 
machine. Then the reduced machines for all the parts were 
composed and analyzed together to give just one reduced 
machine which depicted the behavior of the entire protocol. 
In the case of the SLWIN protocols, each protocol was 
split into two part~ and each part was analyzed and 
verified s~~erately. Then the reduced FSM's of each part 
were composed and analyzed toge\ther to give the complete 
behavior of the protocol. 
The following observations were made during the part-
by-part-analysis of the SLWIN protocols. 
32 
0 
a) The memory requirements were considerably lower for 
such an analysis than for the analysis of the complete 
protocol at once. The Livelock check which also uses 
substantial computer resources did not cause any problems 
because of the small number of machines analyzed each time. 
b) The time required for this type of analysis was very 
small as compared to the time required for analyzing the 
entire protocol at once. In the case of the SLWINl protocol 
it was found that the time required for the part-by-part 
analysis was less than 1/20th of the time required for the 
complete protocol analysis at once. 
c) It was also found that one had a better control over 
the analysis in this case, since at any time only 3 or 4 
machines were being analyzed. 
In view of the advantages that could be realized by 
analyzing the protocol in parts, it is highly recommended 
that all the protocols analyzed by PAV be done in this 
manner. 
This however raises the question as to which and how 
many machines should be analyzed together in one part. The 
answer to the first part of the question is that all those 
machines which have a lot of interactions with each other 
should be put in one group for analysis. The second part of 
the question does not have a straight-forward solution. The 
33 
number of ~achines to be analyzed together in one group 
depends on a lot of factors such as the nature of the 
protocol, the total number of component FSM's in the 
protocol, the available computer resources, etc. It does 
require some trial-and-error evaluations before a value 
for the variable (the number of machines in one part) can 
be decided. 
5.2 Future Research 
There is a lot of scope for research in enhancing the 
available features of PAV and increasing its usability. 
Work could also be done in decreasing the amount of 
computer resources currently used by PAV while executing. 
One such area where it would be very useful to 
decrease the amount of resources used by PAV is the 
livelock check. During the livelock check, PAV scans the 
entire domain to check for the presence of livelocks. One 
way of reducing the resources used in this analysis would 
be to do a probabilistic checking of the domain. This would 
require many runs before one can state with a high level of 
confidence that there are no livelocks in the protocol. 
Each time the analysis is carried out, PAV would check only 
a small part of the domain, and, would check a different 
part every time the analysis is done. 
34 
BIBLIOGRAPHY 
1. J.W. Palmer and K. Sabnani, ''A SURVEY OF PROTOCOL 
VERIFICATION TECHNIQUES'', AT&T Bell Labs (Unpublished) • 
2. B. Hailpern, ''SPECIFYING AND VERIFYING PROTOCOLS. 
REPRESENTED AS ABSTRACT PROGRAMS''' Computer Networks and 
Protocols, P.E. Green (Ed), May 1983, pp 607-624, Plenum 
Press. 
3. A.A.S. Danthine, ''PETRI NETS FOR PROTOCOL MODELING AND 
VERIFICATION'', Proc. Computer Networks and 
Teleprocessing Symposium, pp. 663-685, Oct. 1977. 
4. P.M. Merlin, ''A METHODOLOGY FOR THE DESIGN AND 
IMPLEMENTATION OF COMMUNICATION PROTOCOLS''' IEEE Trans. 
Commun., Vol. COM-24, pp. 1036-1043, Sept. 1976. 
5. J. Hajek, ''PROTOCOLS VERIFIED BY APPROVER'', Computer 
Communication Review, vol. 9, pp. 32-34, Jan. 1979. 
6. J. Hajek, ''AUTOMATICALLY VERIFIED DATA TRANSFER 
PROTOCOLS", Proc. Fourth ICCC, pp. 749-756, Sept. 1978. 
7. K. Sabnani and M. Schwartz, ''VERIFICATION OF A 
MULTIDESTINATION PROTOCOL USING TEMPORAL LOGIC'', 
Protocol Specific~tion, Testing and Verification, c. 
Sunshine(Ed), North-Holland Publishing Company, 1982. 
8. P. Zaf iropulo, ''A NEW APPROACH TO PROTOCOL VALIDATION'', 
Proceedings of the International Communications 
Conference, Chicago, 1977, pp 30.2-259 to 30.2-263. 
9.C.H. West, ''GENERAL TECHNIQUE FOR COMMUNICATION 
35 
'' 
PROTOCOL VALIDATION",IBM Journal of Research and 
Development, Vol. 22, No. 4, July 1978, pp 393-404. 
10. K. Sabnani and A. Lapone, ''PAV-PROTOCOL ANALYZER AND 
VERIFIER'', AT&T Bell Laboratories, Murray Hill, New 
Jersey (Unpublished). 
11. A. Tanenbaum, ''COMPUTER NETWORKS'', Prentice Hall, Inc., 
New Jersey, 1981. 
12. C.A.R. Hoare, ''COMMUNICATING SEQUENTIAL PROCESSES'', 
Communications of the ACM, Vol. 21, No 8 (August 1978), 
pp. 666-677. 
13. v. Ahuja, ''DESIGN AND ANALYSIS OF COMPUTER 
COMMUNICATION NETWORKS'', McGraw-Hill Book Co., 1982. 
14. T.P.Blumer and D. Sidhu, ''MECHANICAL VERIFICATION AND 
AUTOMATIC IMPLEMENTATION OF COMMUNICATION PROTOCOLS", 
IEEE transactions on Software Engineering, vol. SE-12, 
No. 8, August 1986, pp. 827-843. 
15. W. Stallings, ''DATA AND COMPUTER COMMUNICATIONS", 
Macmillan Publishing Company, New York, 1985. 
36 
\ 
APPENDIX A. SLWINl: Protocol Description and Output. 
37 
Here machines impa, chl and timerl are composed and 
analyzed. This part of the protocol is named SLWINl 1. The 
descriptions of the machines and the outputs from the 
analysis follow. 
PROCESS impa; 
STATES 
0,1,2,3,4,5,6,7,8,9,lO,ll,12,13,14,15,16,17,18,19,20; 
IO hosta?msgl, hosta!msg2, chl!faOabO, chl!faOabl, 
chl!falabo, chl!falabl, timerllstart, 
timerl?timeout, ch2?fb0aao, ch2?fbOaal, ch2?fblaao, 
ch2?fblaal; 
INITIAL STATE O; 
TRANSITIONS 
0 • 1 WHEN hosta?msgl, • 
1 • 2 WHEN chl!faOabO * timerl!start, • 
1 • 3 WHEN chl!faOabl * timerl!start, • 
1 • 4 WHEN ch2?fb0aal, • 
1 • 5 WHEN ch2?fblaal, • 
1 • 6 WHEN ch2?fbOaao, • 
1 • 7 WHEN ch2?fblaao, • 
2 • 8 WHEN timerl?timeout, • 
3 • 9 WHEN timerl?timeout, • 
4 • 2 WHEN chl!faOabO * timerl!start, • 
4 • 4 WHEN ch2?fb0aal, • 
4 • 5 WHEN ch2?fblaal, • 
4 • 6 WHEN ch2?fbOaao, • 
4 • 7 WHEN ch2?fblaao, • 
5 • 3 WHEN chl!faOabl * timerl! start, • 
5 • 4 WHEN ch2?fb0aal, • 
5 • 5 WHEN ch2?fblaal, • 
5 • 6 WHEN ch2?fbOaao, • 
5 • 7 WHEN ch2?fblaao, • 
6 • 10 WHEN hosta!msg2, • 
7 • 11 WHEN hosta ?msgl, • 
8 • 2 WHEN chl!faOabO * timerl! start, • 
8 • 4 WHEN ch2?fb0aal, • 
8 • 5 WHEN ch2?fblaal, • 
8 • 6 WHEN_ch2?fbOaao, • 
8 • 7 WHEN ch2?fblaao, • 
38 
~--- - ------~-~ 
9 • 3 WHEN chllfaOabl * timerl 1 start, • 
9 • 4 WHEN ch2?fb0aal, • 
9 • 5 WHEN ch2?fblaal, • 
9 • 6 WHEN ch2?fbOaao, • 
9 • 7 WHEN ch2?fblaao, • 
10 • 11 WHEN hosta?msgl, • 
11 • 12 WHEN chllfalabO * timerllstart, • 
11 • 13 WHEN chl!falabl * timerl ! start, • 
11 • 16 WHEN ch2?fbOaao, • 
11 • 17 WHEN ch2?fblaao, • 
11 • 18 WHEN ch2?fb0aal, • 
11 • 19 WHEN ch2?fblaal, • 
12 • 14 WHEN timerl?timeout, • 
13 • 15 WHEN timerl?timeout, • 
14 • 12 WHEN chl!falabo * timerl!start, • 
14 • 16 WHEN ch2?fbOaao, • 
14 • 17 WHEN ch2?fblaao, • 
14 • 18 WHEN ch2?fb0aal, • 
14 • 19 WHEN ch2?fblaal, • 
15 • 13 WHEN chl!falabl * timerl!start, • 
15 • 16 WHEN ch2?fbOaao, • 
15 • 17 WHEN ch2?fblaao, • 
15 • 18 WHEN ch2?fb0aal, • 
15 • 19 WHEN ch2?fblaal, • 
16 • 12 WHEN chl!falabO * timerl!start, • 
16 • 16 WHEN ch2?fbOaao, • 
16 • 17 WHEN ch2?fblaao, • 
16 • 18 WHEN ch2?fb0aal, • 
16 • 19 WHEN ch2?fblaal, • 
17 • 13 WHEN chl!falabl * timerl ! start, • 
17 • 16 WHEN ch2?fbOaao, • 
17 • 17 WHEN ch2?fblaao, • 
17 • 18 WHEN ch2?fb0aal, • 
17 • 19 WHEN ch2?fblaal, • 
19 • 20 WHEN hostalmsg2, • 
18 • 1 WHEN hosta?msgl, • 
20 • l WHEN hosta?msgl. • 
PROCESS timerl; 
STATES O, 1 ; 
IO impa?start, impa!timeout; 
INITIAL STATE O; 
TRANSITIONS 
0 : 1 
1 : 1 
1 : 0 
WHEN impa?start, 
WHEN impa?start, 
WHEN impa!timeout. -
39 
. ,, 
PROCESS chl; 
STATES O,l,2,3,4,5,6,7,8; 
IO impa?faOabO, impa?faOabl, impa?falabO, 
impa?falabl, impb!faOabO, impb!faOabl, 
impb!falabo, impb!falabl; 
INITIAL STATE O; 
TRANSITIONS 
0 • 1 WHEN impa?faOabO, • 
0 • 2 WHEN impa?faOabl, • 
0 • 3 WHEN impa?falabO, • 
0 • 4 .WHEN impa?falabl, • 
1 • 5 WHEN impb! faOabO, • 
2 • 6 WHEN impb! faOabl, • 
3 • 7 WHEN impb! falabO, • 
4 • 8 WHEN impb! falabl, • 
5 • 1 WHEN impa?faOabO, • 
5 • 2 WHEN impa? f aoabl, • 
5 • 3 WHEN impa?falabO, • 
5 • 4 WHEN impa?falabl, • 
6 • 1 WHEN impa? f aOabO, • 
6 • 2 WHEN impa?faOabl, • 
6 • 3 WHEN impa?falabO, • 
6 • 4 WHEN impa?falabl, • 
7 • 1 WHEN impa?faOabO, • 
7 • 2 WHEN impa?faOabl, • 
7 • 3 WHEN impa?falabo, • 
7 • 4 WHEN impa?falabl, • 
8 • 1 WHEN impa?faOabO, • 
8 • 2 WHEN impa?faOabl, • 
8 • 3 WHEN impa?falabO,_ • 
8 • 4 WHEN impa?falabl. • 
Th~ User 2rocesses ~it~ re~ec~ ~2 ~hich th~ ~na!_ysi~ !~ 
carried out. 
hosta?msgl hosta!msg2 impb!faOabO impb!faOabl impb!falabo 
impb!falabl ch2?fbOaao ch2?fbOaal ch2?fblaao ch2?fblaal / 
40 
Reduced output from the analysis. 
Reduced Abstraction 
(0) • (1) WHEN hosta?msgl • (1) • (1) WHEN ch2?fbOaal • (1) • (1) WHEN ch2?fblaa0 • (1) • (1) WHEN hosta?msgl • 
(1) • (3) WHEN impblfaOabO • 
(1) • (4) WHEN impblfaOabl • (1) • (4) WHEN impb!falabO • (1) • (4) WHEN impblfalabl • (1) • (7) WHEN ch2?fbOaaO • (1) • (7) WHEN ch2?fblaal • (2) • (1) WHEN hosta?msgl • (2) • (3) WHEN impb!faOabO • (2) • (4) WHEN impb!faOabl • (2) • (4) WHEN impb!falabO • (2) • (4) WHEN impb!falabl • (3) • (1) WHEN ch2?fb0aal • (3) • (1) WHEN ch2?fblaa0 • (3) • (1) WHEN hosta?msgl • (3) • (2) WHEN hostal msg2 • (3) • (3) WHEN impb!faOabO • (3) • (4) WHEN impb!faOabl • 
(3) • (4) WHEN impblfalabO • (3) • (4) WHEN impb!falabl • (3) • (7) WHEN ch2?fbOaao • (3) • (7) WHEN ch2?fblaal • (4) • (1) WHEN ch2?fb0aal • 
(4) • (1) WHEN ch2?fblaao • 
(4) • (1) WHEN hosta?msgl • 
(4) • (2) WHEN hosta! msg2 • 
(4) • (3) WHEN ? • (4) • (4) WHEN impb!faOabl • (4) • (4) WHEN impblfalabO • 
(4) • (4) WHEN impb!falabl • 
(4) • (7) WHEN ch2?fbOaaO • 
(4) • (7) WHEN ch2?fblaal • (7) • (1) WHEN ch2?fb0aal • (7) • (1) WHEN ch2?fblaa0 • (7) • (2) WHEN hosta! msg2 • (7) • (3) WHEN impb!faOabO • 
(7) • (4) WHEN impb!faOabl • (7) • (4) WHEN impb! falabo1• • (7) • (4) WHEN impb!falabl • (7) • (7) WHEN ch2?fbOaao • 
(7) • (7) WHEN ch2?fblaal • 
Checking for Livelocks: 
41 
---------------..----~----------------~-~--------------,:: -j' ' f 
,· 
Here machines impb, ch2 and timer2 are composed and 
analyzed together. This part of the protocol is named 
SLWIN12. The descriptions of the machines and the results 
from the analysis follow. 
PROCESS impb; 
STATES 
O,l,2,J,4,5,6,7,8,9,10,ll,12, 
13,14,15,16,17,18,19,20,21,22; 
IO hostb?msg2, ch21fbOaao, ch2!fb0aal, 
ch21fblaao, ch21fblaal, timer2!start, 
timer2?timeout, chl?faOabO, chl?faOabl, 
chl?falabO, chl?falabl, hostb!msgl; 
INITIAL STATE O; 
TRANSITIONS 
0 • 1 WHEN chl?faOabO, • 
1 • 2 WHEN hostb!msgl, • 
2 • 3 WHEN hostb?msg2, • 
3 • 4 WHEN ch2!fbOaao * timer2!start, • 
3 • 5 WHEN ch2!fb0aal * timer2!start, • 
3 • 6 WHEN chl?faOabl, • 
3 • 7 WHEN chl ?falabl, • 
3 • 10 WHEN chl?falabO, • 
3 • 11 WHEN chl?faOabO, • 
4 • 8 WHEN timer2?timeout, • 
5 • 9 WHEN timer2?timeout, • 
6 • 4 WHEN ch2!fbOaaO * timer2!start, • 
6 • 6 WHEN chl ?faOabl, • 
6 • 7 WHEN chl ?falabl, • 
6 • 10 WHEN chl?falabO, • 
6 • 11 WHEN chl?faOabO, • 
7 • 5 WHEN ch2!fb0aal * timer2!start, • 
7 • 6 WHEN chl?faOabl, • 
7 • 7 WHEN chl ?falabl, • 
7 • 10 WHEN chl?falabO, • 
7 • 11 WHEN chl?faOabO, • 
8 • 4 WHEN ch2!fbOaao * timer2!start, • 
8 • 6 WHEN chl?faOabl, • 
8 • 7 WHEN chl ?falabl, • 
8 • 10 WHEN chl?falabO, • 
8 • 11 WHEN chl ?faOabO, • 
I' 42 
,, 
·, 
9 • 5 WHEN ch21fb0aal * timer21 start, • 
9 • 6 WHEN chl ?faOabl, • 
9 • 7 WHEN chl?falabl, • 
9 • 10 WHEN chl?falabO, • 
9 • 11 WHEN chl?faOabO, • 
10 • 12 WHEN hostblmsgl, • 
12 • 13 WHEN hostb?msg2, • 
11 • 13 WHEN hostb?msg2, • 
13 • 14 WHEN ch21fblaao * timer2lstart, • 
13 • 15 WHEN ch21fblaal * timer21 start, • 
13 • 16 WHEN chl?faOabO, • 
13 • 17 WHEN chl?falabO, • 
13 • 20 WHEN chl?falabl, • 
13 • 21 WHEN chl?faOabl, • 
14 • 18 WHEN timer2?timeout, • 
15 • 19 WHEN timer2?timeout, • 
16 • 14 WHEN ch2!fblaao * timer2!start, • 
16 • 16 WHEN chl?faOabO, • 
16 • 17 WHEN chl?falabO, • 
16 • 20 WHEN chl?falabl, • 
16 • 21 WHEN chl?faOabl, • 
17 • 15 WHEN ch2!fblaal * timer2!start, • 
17 • 16 WHEN chl?faOabO, • 
17 • 17 WHEN chl?falabO, • 
17 • 20 WHEN chl?falabl, • 
17 • 21 WHEN chl?faOabl, • 
18 • 14 WHEN ch2!fblaao * timer2 ! start, • 
18 • 16 WHEN chl?faOabO, • 
18 • 17 WHEN chl?falabO, • 
18 • 20 WHEN chl?falabl, • 
18 • 21 WHEN chl?faOabl, • 
19 • 15 WHEN ch2!fblaal * timer2 l start, • 
19 • 16 WHEN chl?faOabO, • 
19 • 17 WHEN chl?falabO, • 
19 • 20 WHEN chl?falabl, • 
19 • 21 WHEN chl?faOabl, • 
20 • 3 WHEN hostb?msg2, • 
21 • 22 WHEN hostb!msgl, • 
22 • 3 WHEN hostb?msg2. • 
PROCESS timer2; 
STATES O, 1 ; 
IO impb?start, impbltimeout; 
INITIAL STATE O 1 
TRANSITIONS 
0 : 1 WHEN impb?start, 
43 
'" 
,, l 
1: 1 WHEN impb?start, 
1: o WHEN impbltimeout. 
PROCESS ch2; 
STATES O,l,2,3,4,5,6,7,8; 
IO impb?-fbOaao, impb?fbOaal, impb?fblaao, 
impb?fblaal, impalfbOaao, impa!fbOaal, 
impa!fblaao, impa!fblaal; 
INITIAL STATE O; 
I "· 
TRANSITIONS 
0 • 1 WHEN impb?fbOaao, • 
0 • 2 WHEN impb?fbOaal, • 
0 • 3 WHEN impb?fblaao, • 
0 • 4 WHEN impb?fblaal, • 
1 • 5 WHEN impa ! fbOaaO, • 
2 • 6 WHEN impa! fbOaal, • 
3 • 7 WHEN impa! t1a10, • 
4 • 8 WHEN impa! 1;>1~~1, • 
5 • 1 WHEN impb?fb~ao, • 
5 • 2 WHEN impb?fbOaal, • 
5 • 3 WHEN impb?fblaao, • 
5 • 4 WHEN impb?fblaal, • 
6 • 1 WHEN impb?fbOaao, • 
6 • 2 WHEN impb?fbOaal, • 
6 • 3 WHEN impb?fblaao, • 
6 • 4 WHEN impb?fblaal, • 
7 • 1 WHEN impb?fbOaao, • 
7 • 2 WHEN impb?fbOaal, • 
7 • 3 WHEN impb?fblaao, • 
7 • 4 WHEN impb?fblaal, • 
8 • 1 WHEN impb?fbOaao, • 
8 • 2 WHEN impb?fbOaal, • 
8 • 3 WHEN impb?fblaao, • 
8 • 4 WHEN impb?fblaal. • 
44 
,., 
. , 
• 
The User 2rocesses ~ith re!_2ec~ ~~ ~hich th~ ~nalysi! !! 
carried out. 
hostb?msg2 hostblmsgl chl?faOabO chl?faOabl chl?falabO 
chl?falabl impa!fbOaao impalfbOaal impalfblaao impa!fblaal 
I 
The Reduced output from the analysis. 
Reduced Abstraction 
(0) • (3) WIIEN chl? f aOabO • 
(1) • (1) WHEN chl?falabl • 
(1) • (1) WHEN hostb?msg2 • 
(1) • (3) WHEN chl?faOabO • 
(1) • (3) WHEN chl?faOabl • 
(1) • (3) WHEN chl?falabO • 
(1) • (7) WHEN impa!fbOaao • 
(1) • (7) WHEN impa!fbOaal • 
(1) • (7) WHEN impa!fblaao • 
(1) • (7) WHEN impa!fblaal • (2) • (1) WHEN hostb?msg2 • (2) • (7) WHEN impa!fbOaao • (2) • (7) WHEN impa!fbOaal • (2) • (7) WHEN impa!fblaao • (2) • (7) WHEN impa!fblaal • (3) • (1) WHEN? • (3) • (1) WHEN chl?falabl • (3) • (1) WHEN hostb?msg2 • (3) • (2) WHEN hostb!msgl • (3) • (3) WHEN chl?faOabO • (3) • (3) WHEN chl?faOabl • (3) • (3) WHEN chl?falabO • (3) • (7) WHEN impa!fbOaao • 
(3) • (7) WHEN impa!fbOaal • (3) • (7) WHEN imp.a! fblaao • (3) • (7) WHEN impa! fblaal • (7) • (1) WHEN? • (7) • (1) WHEN chl?falabl • (7) • (3) WHEN chl?faOabO • (7) • (3) WHEN chl?faOabl • (7) • (3) WHEN chl?falabO • (7) • (7) WHEN impa!fbOaao • 
(7) • (7) WHEN impalfbOaal • 
(7) • (7) WHEN impa!fblaao • (7) • (7) WHEN impa!fblaal • 
Checking for Livelocks: 
45 
'. '"'·; ',',1 .. u ,., 
" 
Next the two reduced outputs from SLWINll and SLWIN12 are 
composed and analyzed. The reduced machines are put into 
the proper PSL process format. These machines are named mca 
and mcb. 
PROCESS mca; 
STATES O,l,2,3,4,7,ll,21,14,24,17; 
• 
IO hosta?msgl, hosta!msg2,mcb?fbOaaO,mcb?fbOaal, 
mcb?fblaao, mcb?fblaal, mcb!faOabO, mcb!faOabl, 
mcb!falabo, mcb!falabl; 
INITIAL STATE O; 
TRANSITIONS 
0 • 1 WHEN hosta?msgl, • 
1 • 11 WHEN mcb?fbOaal, • 
1 • 21 WHEN mcb?fblaao, • 
1 • 1 WHEN hosta?msgl, • 
1 • 3 WHEN mcb! faOabO' • 
1 • 4 WHEN mcb! faOabl, • 
1 • 14 WHEN mcb! falabO, • 
1 • 24 WHEN mcb! falabl, • 
1 • 7 WHEN mcb?fbOaao, • 
1 • 17 WHEN mcb?fblaal, • 
11 • 11 WHEN mcb?fbOaal, • 
11 • 21 WHEN mcb?fblaao, • 
11 • 1 WHEN hosta?msgl, • 
11 • 3 WHEN mcb! faOabO' • 
11 • 4 WHEN mcb! faOabl, • 
11 • 14 WHEN mcb! falabO, • 
11 • 24 WHEN mcb!falabl, • 
11 • 7 WHEN mcb?fbOaao, • 
11 • 17 WHEN mcb?fblaal, • 
21 • 11 WHEN mcb?fbOaal, • 
21 • 21 WHEN mcb?fblaao, • 
21 • 1 WHEN hosta?msgl, • 
21 • 3 WHEN mcb! faOabO, • 
21 • 4 WHEN mcbl faOabl, • 
21 • 14 WHEN mcb!falabO, • 
21 • 24 WHEN mcb!falabl, • 
21 • 7 WHEN mcb?fbOaao, • 
21 • 17 WHEN mcb?fblaal, • 
' 
2 • 1 WHEN hosta?msgl, • 
2 • 3 WHEN mcb! faOabO, • 
46 
• 
2 • 4 WHEN mcbl faOabl, • 
2 • 14 WHEN mcblfalabO, • 
2 • 24 WHEN mcb1 falabl, • 
3 • 11 WHEN mcb?fbOaal, • 
3 • 11 WHEN mcb?fblaao, • 
3 • 1 WHEN hosta?msgl, • 
3 • 2 WHEN hosta!msg2, • 
3 • 3 WHEN mcb!faOabO, • 
3 • 4 WHEN mcb! faOabl, • 
3 • 14 WHEN mcb!falabO, • 
3 • 24 WHEN mcb! falabl, J • ' •  
3 • 7 WHEN mcb?fbOaao, • 
3 • 17 WHEN mcb?fblaal, • 
4 • 11 WHEN mcb?fbOaal, • 
4 • 21 WHEN mcb?fblaao, • 
4 • 1 WHEN hosta?msgl, • 
4 • 2 WHEN hosta!msg2, • 
4 • 4 WHEN mcb! faOabl, • 
4 • 14 WHEN mcb! falabO, • 
4 • 24 WHEN mcb!falabl, • 
4 • 7 WHEN mcb?fbOaaO, .. 
4 • 17 WHEN mcb?fblaal, • 
14 • 11 WHEN mcb?fbOaal, • 
14 • 21 WHEN mcb?fblaao, • 
14 • 1 WHEN hosta?msgl, • 
14 • 2 WHEN hosta!msg2, • 
14 • 4 WHEN mcb! faOabl, • 
14 • 14 WHEN mcb!falabO, • 
14 • 24 WHEN mcb! falabl, • 
14 • 7 WHEN mcb?fbOaao, • 
14 • 17 WHEN mcb?fblaal, • 
24 • 11 WHEN mcb?fbOaal, • 
24 • 21 WHEN mcb?fblaao, • 
24 • 1 WHEN hos ta ?msgl, • 
24 • 2 WHEN hosta!msg2, • 
24 • 4 WHEN mcb! faOabl, • 
24 • 14 WHEN mcb!falabO, • 
24 • 24 WHEN mcb! falabl, • 
24 • 7 WHEN mcb?fbOaao, • 
24 • 17 WHEN mcb?fblaal, • 
7 • 11 WHEN mcb?fbOaal, • 
7 • 21 WHEN mcb?fblaao, • 
7 • 2 WHEN hosta!msg2, • 
7 • 3 WHEN mcb! faOabO, • 
7 • 4 WHEN mcb! faOabl, • 
7 • 14 WHEN mcb! falabO, • 
7 • 24 WHEN mcb! falabl, • 
7 • 7 WHEN mcb?fbOaao, • 
7 • 17 WHEN mcb?fblaal, • 
17 • 11 WHEN mcb?fbOaal, • 
17 • 21 WHEN mcb?fblaao, • 
17: 2 WHEN hosta!msg2, 
47 
, 
• 
17 • 3 WHEN mcb! faOabO, • 
17 • 4 WHEN mcb! faOabl, • 
17 • 14 WHEN mcb! falabO, • 
17 • 24 WHEN mcb! falabl, • 
17 • 7 WHEN mcb? fbOaaO, • 
17 • 17 WHEN mcb?fblaal. • 
PROCESS mcb; 
STATES 0,1,2,3,7,11,l3,23,17,27,37; 
IO hostb?msg2,hostb!msgl,mea?faOabO,mea?faOabl, 
mca?falabO, mca?falabl, mea!fbOaao, mca!fbOaal, 
mca!fblaao, mca!fblaal; 
INITIAL STATE O; 
TRANSITIONS 
0 • 3 WHEN mea?faOabO, • 
1 • 11 WHEN mea?falabl, • 
1 • 1 WHEN hostb?msg2, • 
1 • 3 WHEN mea?faOabO, • 
1 • 13 WHEN mca?faOabl, • 
1 • 23 WHEN mea?falabO, • 
1 • 7 WHEN mca! fbOaaO, • 
1 • 17 WHEN mca! fbOaal, • 
1 • 27 WHEN mea! fblaao, • 
1 • 37 WHEN mea! fblaal, • 
11 • 11 WHEN mca?falabl, • 
11 • 1 WHEN hostb?msg2, • 
11 • 3 WHEN mca?faOabO, • 
11 • 13 WHEN mca?faOabl, • 
11 • 23 WHEN mca?falabo, • 
11 • 7 WHEN mca!fbOaao, • 
11 • 17 WHEN meal fbOaal, • 
11 • 27 WHEN mca! fblaao, • 
11 • 37 WHEN meal fblaal, • 
2 • 1 WHEN hostb?msg2, • 
2 • 7 WHEN mca!fbOaao, • 
2 • 17 WHEN meal fbOaal, • 
2 • 27 WHEN mea!fblaao, • 
2 • 37 WHEN meal fblaal, • 
3 • 11 WHEN mca?falabl, • 
3 • 1 WHEN hostb?msg2, • 
3 • 2 WHEN hostb!msgl, • 
3 • 3 WHEN mca?faOabO, • 
3 • 13 WHEN mca?faOabl, • 
3 • 23 WHEN mca?falabO, • 
3 • 7 WHEN meal fbOaao, • 
3 • 17 WHEN meal fbOaal, • 
48 
\ 
3 • 27 WHEN meal fblaao, • 
3 • 37 WHEN meal fblaal, • 
13 • 11 WHEN mca?falabl, • 
13 • 1 WHEN hostb?msg2, • 
13 • 2 WHEN hostb!msgl, • 
13 • 3 WHEN mca?faOabO, • 
13 • 13 WHEN mea?faOabl, • 
13 • 23 WHEN mea?falabO, • 
13 • 7 WHEN meal fbOaao, • 
13 • 17 WHEN mea!fbOaal, • 
13 • 27 WHEN mca! fblaao, • 
13 • 37 WHEN mea! fblaal, • 
23 • 11 WHEN mea?falabl, • 
23 • 1 WHEN hostb?msg2, • 
23 • 2 WHEN hostb!msgl, • 
23 • 3 WHEN mca?faOabO, • 
23 • 13 WHEN mca?faOabl, • 
23 • 23 WHEN mea?falabO, • 
23 • 7 WHEN mealfbOaao, • 
23 • 17 WHEN mea! fbOaal, • 
23 • 27 WHEN mca! fblaao, • 
23 • 37 WHEN mca! fblaal, • 
7 • 1 WHEN mca?falabl, • 
7 • 3 WHEN mca?faOabO, • 
7 • 13 WHEN mca?faOabl, • 
7 • 23 WHEN mca?falabO, • 
7 • 7 WHEN mca! fbOaao, • 
7 • 17 WHEN mca! fbOaal, • 
7 • 27 WHEN meal fblaao, • 
7 • 37 WHEN mca! fblaal, • 
17 • 1 WHEN mca?falabl, • 
17 • 3 WHEN mca?faOabO, • 
17 • 13 WHEN mca?faOabl, • 
17 • 23 WHEN mca?falabO, • 
17 • 7 WHEN mca!fbOaao, • 
17 • 17 WHEN mca! fbOaal, • 
17 • 27 WHEN mca!fblaao, • 
17 • 37 WHEN meal fblaal, • 
27 • 1 WHEN mea?falabl, • 
27 • 3 WHEN mca?faOabO, • 
27 • 13 WHEN mca?faOabl, • 
27 • 23 WHEN mca?falabO, • 
27 • 7 WHEN mca ! fbOaao, • 
27 • 17 WHEN mca! fbOaal, • 
27 • 27 WHEN mca!fblaao, • 
27 • 37 WHEN mca! fblaal, • 
37 • 1 WHEN mca?falabl, • 
37 • 3 WHEN mca?faOabO, • 
37 • 13 WHEN mea?faOabl, • 
37 • 23 WHEN mea?falabO, • 
'}) 37 • 7 WHEN meal fbOaao, • 
37 • 17 WHEN meal fbOaal, • 
49 
37: 27 WHEN mca!fblaao, 
37: 37 WHEN mca!fblaal. 
Th~ User processes ~it~ re!!Eec~ !~ ~hich th~ ~nalysi~ i~ 
performed. 
hosta?msgl hostb!msgl hostb?msg2 hosta!msg2 / 
The final reduced output for SLWINl. 
Reduced Abstraction 
(0) : (1) WHEN hosta?msgl 
(1) : (1) WHEN hosta!msg2 
(1) : (1) WHEN hostb!msgl 
(1) : (1) WHEN hosta?msgl 
(1) : (1) ··WHEN hostb?msg2 
Checking for Livelocks: 
50 
APPENDIX B. SLWIN2: Protocol Description and Output. 
\ 
\ 
I 
51 
The processes sa, ra, chl and timerl are first comp
osed and 
analyzed. This part of the protocol is called SLWI
N21. The 
descriptions of the machines and the results follow
. 
PROCESS sa; 
STATES 
0,1,2,3,4,5,6,7,8,9,l0,11,12,13,14,15, 
16,17,18,19,20,21,22,23,24; 
IO hosta?msgl, chl!faOabo, chl!faOabl, chl!falabO, 
chl!falabl, timerl!start, timerl?timeout, 
ra!eaao, ra!eaal, ra?raaOfbO, ra?raaOfbl, 
ra?raalfbO, ra?raalfbl, hosta!msg2 ; 
INITIAL STATE O; 
TRANSITIONS 
0 • 1 WHEN hosta?msgl, • 
1 • 19 WHEN chl!faOabO * timerl! start • 
1 • 20 WHEN chl!faOabl * timerl ! start • 
1 • 4 WHEN ra?raalfbl, • 
1 • 5 WHEN ra?raalfbO, • 
1 • 6 WHEN ra?raaOfbO, • 
1 • 7 WHEN ra?raaOfbl, • 
2 • 17 WHEN timerl?timeout, • 
2 • 4 WHEN ra?raalfbl, • 
2 • 5 WHEN ra?raalfbO, • 
2 • 6 WHEN ra?raaOfbO, • 
2 • 7 WHEN ra?raaOfbl, • 
3 • 23 WHEN timerl?timeout, • 
3 • 4 WHEN ra?raalfbl, • 
3 • 5 WHEN ra?raalfbO, • 
3 • 6 WHEN ra?raaOfbO, • 
3 • 7 WHEN ra?raaOfbl, • 
I 
I 
4 • 20 WHEN chl!faOabl * timerl ! start , • 
4 • 4 WHEN ra?raalfbl, • 
4 • 5 WHEN ra?raalfbO, • 
4 • 6 WHEN ra?raaOfbO, • 
4 • 7 WHEN ra?raaOfbl, • 
5 • 19 WHEN chllfaOabO * timerl ! start , • 
5 • 4 WHEN ra?raalfbl, • 
5 • 5 WHEN ra?raalfbO, • 
5 • 6 WHEN ra?raaOfbO, • 
5 • 7 WHEN ra?raaOfbl, • 
6 • 8 WHEN hosta1msg2, • 
52 
. ;,' 
7 • 9 WHEN hosta?msgl, • 
8 • 9 WHEN hosta?msgl, • 
9 • 21 WHEN chllfalabO * timerl 1 start • I 
9 • 22 WHEN chl!falabl * timerl!start • I 
9 • 12 WHEN ra?raaOfbO, • 
9 • 13 WHEN ra?raaOfbl, • 
9 • 14 WHEN ra?raalfbl, • 
9 • 16 WHEN ra?raalfbO, • 
10 • 18 WHEN timerl?timeout, • 
10 • 12 WHEN ra?raaOfbO, • 
10 • 13 WHEN ra?raaOfbl, • 
10 • 14 WHEN ra?raalfbl, • 
10 • 16 WHEN ra?raalfbO, • 
11 • 24 WHEN timerl?timeout, • 
11 • 13 WHEN ra?raaOfbl, • 
11 • 14 WHEN ra?raalfbl, • 
11 • 16 WHEN ra?raalfbO, • 
11 • 12 WHEN ra?raaOfbO, • 
12 • 21 WHEN chl!falabO * timerl ! start , • 
12 • 12 WHEN ra?raaOfbO, • 
12 • 13 WHEN ra?raaOfbl, • 
12 • 14 WHEN ra?raalfbl, • 
12 • 16 WHEN ra?raalfbO, • 
13 • 22 WHEN chl!falabl * timerl ! start , • 
13 • 12 WHEN ra?raaOfbO, • 
13 • 13 WHEN ra?raaOfbl, • 
13 • 14 WHEN ra?raalfbl, • 
13 • 16 WHEN ra?raalfbO, • 
14 • 15 WHEN hosta!msg2, • 
15 • 1 WHEN hosta?msgl, • 
16 • 1 WHEN hosta?msgl, • 
17 • 17 WHEN chl!faOabO * timerl!start, • 
17 • 2 WHEN ra!eaao, • 
17 • 4 WHEN ra?raalfbl, • 
17 • 5 WHEN ra?raalfbO, • 
17 • 6 WHEN ra?raaOfbO, • 
17 • ·7 WHEN ra?raaOfbl, • 
23 • 4 WHEN ra?raalfbl, • 
23 • 5 WHEN ra?raalfbO, • 
23 • 6 WHEN ra?raaOfbO, • 
23 • 7 WHEN ra?raaOfbl, • 
23 • 20 WHEN chl!faOabl * timerl ! start, • 
18 • 21 WHEN chl!falabO * timerl ! start , • 
18 • 12 WHEN ra?raaOfbO, • 
18 • 13 WHEN ra?raaOfbl, • 
18 • 14 WHEN ra?raalfbl, • 
18 • 16 WHEN ra?raalfbO, • 
19 • 2 WHEN ra 1 eaao, • 
19 • 4 WHEN ra?raalfbl, • 
19 • 5 WHEN ra?raalfbO, • 
19 • 6 WHEN ra?raaOfbO, • 
19 • 7 WHEN ra?raaOfbl, • 
53 
20 • 3 WHEN raleaao, • 
20 • 4 WHEN ra?raalfbl, • 
20 • 5 WHEN ra?raalfbO, • 
20 • 6 WHEN ra?raaOfbO, • 
20 • 7 WHEN ra?raaOfbl, • 
21 • 10 WHEN ra!eaal, • 
21 • 12 WHEN ra?raaOfbO, • 
21 • 13 WHEN ra?raaOfbl, • 
21 • 14 WHEN ra?raalfbl, • 
21 • 16 WHEN ra?raalfbO, • 
22 : 11 WHEN ra!eaal, 
22: 12 WHEN ra?raaOfbO, 
22: 13 WHEN ra?raaOfbl, 
22: 14 WHEN ra?raalfbl, 
22 • 16 WHEN ra?raalfbO, • 
24 • 12 WHEN ra?raaOfbO, • 
24 • 13 WHEN ra?raaOfbl, • 
24 • 14 WHEN ra?raalfbl, • 
24 • 16 WHEN ra?raalfbO, • 
24 • 22 WHEN chl!falabl * timerl ! start. • 
PROCESS ra; 
STATES O,l,2,3,4,5,6,7,8,9,l0,11,12,13,l4,15,16,17,18; 
IO sa?eaao, ch2?fbOaao, ch2?fbOaal, ch2?fblaao, 
ch2?fblaal, sa!raaOfbO, sa!raaOfbl, sa!raalfbO, 
sa!raalfbl,sa?eaal; 
INITIAL STATE O; 
TRANSITIONS 
0 • 1 WHEN sa?eaao, • 
1 • 2 WHEN ch2?fbOaao, • 
1 • 3 WHEN ch2?fblaao, • 
1 • 4 WHEN ch2?fbOaal, • 
1 • 5 WHEN ch2?fblaal, • 
2 • 7 WHEN sa!raaOfbO, • 
3 • 6 WHEN sa!raaOfbl, • 
4 • 8 WHEN sa!raalfbO, • 
5 • 9 WHEN sa!raalfbl, • 
6 • 10 WHEN sa?eaal, • 
7 • 10 WHEN sa?eaal, • 
8 • 2 WHEN ch2?fbOaao, • 
8 • 3 WHEN ch2?fblaao, • 
8 • 4 WHEN ch2?fb0aal, • 
54 
' ' 
, .. 
8 • 5 WHEN ch2?fblaal, • 
9 • 2 WHEN ch2?fbOaao, • 
9 • 3 WHEN ch2?fblaao, • 
9 • 4 WHEN ch2?fbOaal, • 
9 • 5 WHEN ch2?fblaal, • 
10 • 11 WHEN ch2?fbOaaO, • 
10 • 12 WHEN ch2?fblaao, • 
10 • 13 WHEN ch2?fb0aal, • 
10 • 14 WHEN ch2?fblaal, • 
11 • 15 WHEN sa!raaOfbO, • 
12 • 16 WHEN sa!raaOfbl, • 
13 • 17 WHEN sa!raalfbO, • 
14 • 18 WHEN salraalfbl, • 
15 • 11 WHEN ch2?fbOaao, • 
15 • 12 WHEN ch2?fblaao, • 
15 • 13 WHEN ch2?fb0aal, • 
15 • 14 WHEN ch2?fblaal, • 
16 • 11 WHEN ch2?fbOaao, • 
16 • 12 WHEN ch2?fblaao, • 
16 • 13 WHEN ch2?fbOaal, • 
16 • 14 WHEN ch2?fblaal, • 
17 • 1 WHEN sa?eaao, • 
18 • 1 WHEN sa?eaao. • 
PROCESS timerl; 
STATES 0,1 ; 
IO sa?start, sa!timeout; 
INITIAL STATE O; 
TRANSITIONS 
0 : 1 
1 : 1 
1 : 0 
WHEN sa?start, 
WHEN sa?start, 
WHEN sa! timeout. 
PROCESS chl; 
STATES 0,1,2,3,4,5,6,7,8; 
IO sa?faOabO, sa?faOabl, sa?falabO, 
sa?falabl, rb!faOabO, rb!faOabl, 
rb!falabO, rb!falabl ; 
55 1 
INITIAL STATE O; 
TRANSITIONS 
0 • 1 WHEN sa?faOabO, • 
0 • 2 WHEN sa?faOabl, • 
0 • 3 WHEN sa?falabO, • 
0 • 4 WHEN sa?falabl, • 
1 • 5 WHEN rblfaOabO, • 
2 • 6 WHEN rb!faOabl, • 
3 • 7 WHEN rb!falabO, • 
4 • 8 WHEN rb!falabl, • 
5 • 1 WHEN sa?faOabO, • 
5 • 2 WHEN sa?faOabl, • 
5 • 3 WHEN sa?falabO, • 
5 • 4 WHEN sa?falabl, • 
6 • 1 WHEN sa?faOabO, • 
6 • 2 WHEN sa?faOabl, • 
6 • 3 WHEN sa?falabO, • 
6 • 4 WHEN sa?falabl, • 
7 • 1 WHEN sa?faOabO, • 
7 • 2 WHEN sa?faOabl, • 
7 • 3 WHEN sa?falabO, • 
7 • 4 WHEN sa?falabl, • 
8 • 1 WHEN sa?faOabO, • 
8 • 2 WHEN sa?faOabl, • 
8 • 3 WHEN sa?falabO, • 
8 • 4 WHEN sa?falabl. • 
Th~ :Q:se_!: E_rocesses ~ith re~ec~ to ~hich ~he ~na!_ysisi~ 
carried out. 
hosta?msglhosta!msg2rb!faOabO rb!faOabl rb!falabO 
rb!falabl ch2?fb0aao ch2?fb0aal ch2?fblaao ch2?fblaal / 
The reduced output from the analysis. 
Reduced Abstraction 
(0) : (1) WHEN hosta?msgl 
(1) : (1) WHEN ch2?fb0aal 
56 
(1) • (1) WHEN ch2?fblaao • 
(1) • (1) WHEN hosta?msgl • 
(1) • (3) WHEN rbl faOabO • 
(1) • (3) WHEN rbl faOabl • 
(1) • (5) WHEN rb 1 f alabO • (1) • (5) WHEN rbl falabl • 
(1) • (7) WHEN ch2?fbOaao • 
(1) • (7) WHEN ch2?fblaal • (2) • (1) WHEN hosta?msgl • (2) • (3) WHEN rbl faOabO • (2) • (3) WHEN rb! faOabl • (2) • (5) WHEN rb! falabO • 
(2) • (5) WHEN rbl falabl • (3) • (1) WHEN ch2?fb0aal • 
(3) • (1) WHEN ch2?fblaao • (3) • (1) WHEN hosta?msgl • 
(3) • (2) WHEN hosta!msg2 • (3) • (3) WHEN rb! faOabO • (3) • (3) WHEN rb! faOabl • 
(3) • (7) WHEN ch2?fbOaao • (3) • (7) WHEN ch2?fblaal • (5) • (1) WHEN ch2?fb0aal • 
(5) • (1) WHEN ch2?fblaao • (5) • (1) WHEN hosta?msgl • (5) • (2) WHEN hosta!msg2 • (5) • (5) WHEN rb! falabO • (5) • (5) WHEN rb! falabl • (5) • (7) WHEN ch2?fbOaao • (5) • (7) WHEN ch2?fblaal • (7) • {l) WHEN ch2?fb0aal • (7) • (1) WHEN ch2?fblaao • (7) • (2) WHEN hosta!msg2 • (7) • (3) WHEN rb! faOabO • (7) • (3) WHEN rb! f aOabl • (7) • (5) WHEN rb! f alabO • (7) • (5) WHEN rb! falabl • (7) • (7) WHEN ch2?fbOaao • (7) • (7) WHEN ch2?fblaal • 
Checking for Livelocks: 
57 
' •--I:~•-• •o• ,~·•••·' ' 
-----------------------.--,----- - -------' - --. -
The machines sb, rb, ch2 and timer2 are composed and 
analyzed. This part of the protocol is called SLWIN22. 
The descriptions of the machines and the results follow. 
PROCESS sb; 
STATES 
O,l,2,3,4,5,6,7,8,9,10,ll,l2,l3, 
14,15,16,17,18,19,20,21,22,23,24,25,26; 
IO hostb?msg2, ch21fbOaao, ch2!fb0aal, 
ch2!fblaao, ch2!fblaal, timer2lstart, 
timer2?timeout, rb!eabO, rbleabl, 
rb?rabOfaO, rb?rabOfal, rb?rablfaO, 
rb?rablfal, hostb!msgl; 
INITIAL STATE O; 
TRANSITIONS 
0 • 1 WHEN rb?rabOfaO, • 
1 • 2 WHEN hostblmsgl, • 
2 • 3 WHEN hostb?msg2, • 
3 • 6 WHEN rb?rablfaO, • 
3 • 7 WHEN rb?rablfal, • 
3 • 8 WHEN ch2!fbOaao * timer2 ! start, • 
3 • 9 WHEN ch2!fb0aal * timer21 start, • 
3 • 10 WHEN rb?rabOfaO, • 
3 • 11 WHEN rb?rabOfal, • 
4 • 14 WHEN timer2?timeout, • 
4 • 6 WHEN rb?rablfaO' • 
4 • 7 WHEN rb?rablfal, • 
4 • 10 WHEN rb?rabOfaO, • 
4 • 11 WHEN rb?rabOfal, • 
5 • 15 WHEN timer2?timeout, • 
5 • 6 WHEN rb?rablfaO, • 
5 • 7 WHEN rb?rablfal, • 
5 • 10 WHEN rb?rabOfaO, • 
5 • 11 WHEN rb?rabOfal, • 
6 • 8 WHEN ch2!fbOaao * timer2 ! start, • 
6 • 6 WHEN rb?rablfaO, • 
6 • 7 WHEN rb?rablfal, • 
6 • 10 WHEN rb?rabOfaO, • 
6 • 11 WHEN rb?rabOfal, • 
7 • 9 WHEN ch21fb0aal * timer21 start, • 
7 • 6 WHEN rb?rablfaO, • 
58 
C 
' j• 
,,-·)1 . 
.. ~ 
7 • 7 WHEN rb?rablfal, • 
7 • 10 WHEN rb?rabOf ao, • 
7 • 11 WHEN rb?rabOfal, • 
8 • 4 WHEN rb 1 eabO, • 
8 • 6 WHEN rb?rablfaO, • 
8 • 7 WHEN rb?rablfal, • 
8 • 10 WHEN rb?rabOfaO, • 
8 • 11 WHEN rb?rabOfal, • 
9 • 5 WHEN rb! eabO, • 
9 • 6 WHEN rb?rablfaO, • 
9 • 7 WHEN rb?rablfal, • 
_,.. .. 9 • 10 WHEN rb?rabOfaO, • 
9 • 11 WHEN rb?rabOfal, • 
14 • 8 WHEN ch21fbOaaO * timer2 ! start, • 
14 • 6 WHEN rb?rablfaO, • 
14 • 7 WHEN rb?rablfal, • 
14 • 10 WHEN rb?rabOfaO, • 
14 • 11 WHEN rb?rabOfal, • 
15 • 9 WHEN ch2!fb0aal * timer2 ! start, • 
15 • 6 WHEN rb?rablfaO, • 
15 • 7 WHEN rb?rablfal, • 
15 • 10 WHEN rb·?rabOfaO, • 
15 • 11 WHEN rb?rabOfal, • 
10 • 13 WHEN hostb?msg2, • 
11 • 12 WHEN hostb!msgl, • 
12 • 13 WHEN hostb?msg2, • 
13 • 23 WHEN ch2!fblaao * timer2 ! start, • 
13 • 24 WHEN ch21fblaal * timer2 ! start, • 
13 • 18 WHEN rb?rabOfaO, • 
13 • 19 WHEN rb?rabOfal, • 
13 • 20 WHEN rb?rablfal, • 
13 • 21 WHEN rb?rablfaO, • 
16 • 18 WHEN rb?rabOfaO, • 
16 • 19 WHEN rb?rabOfal, • 
16 • 20 WHEN rb?rablfal, • 
16 • 21 WHEN rb?rablfaO, • 
16 • 25 WHEN timer2?timeout, • 
17 • 18 WHEN rb?rabOfaO, • 
17 • 19 WHEN rb?rabOfal, • 
17 • 20 WHEN rb?rablfal, • 
17 • 21 WHEN rb?rablfaO, • 
17 • 26 WHEN timer2?timeout, • 
18 • 18 WHEN rb?rabOfaO, • 
18 • 19 WHEN rb?rabOfal, • 
18 • 20 WHEN rb?rablfal, • 
18 • 21 WHEN rb?rablfaO, • 
18 • 23 WHEN ch2!fblaa0 * timer2 ! start, • 
19 • 18 WHEN rb?rabOfaO, • 
19 • 19 WHEN rb?rabOfal, • 
19 • 20 WHEN rb?rablfal, • 
19 • 21 WHEN rb?rablfaO, • 
19 • 24 WHEN ch2!fblaal * timer2 ! start, • 
59 
' ·~\·'.: 
. . . - -_ .. > _____ ...... ~·~,, :-.t 
20 • 3 WHEN hostb?msg2, • 
21 • 22 WHEN hostbl msgl, • 
22 • 3 WHEN hostb?msg2, • 
23 • 16 WHEN rbleabl, • 
23 • 18 WHEN rb?rabOfaO, • 
23 • 19 WHEN rb?rabOfal, • 
23 • 20 WHEN rb?rablfal, • 
23 • 21 WHEN rb?rablfaO, • 
24 • 17 WHEN rbleabl, • 
24 • 18 WHEN rb?rabOfaO, • 
24 • 19 WHEN rb?rabOfal, • 
24 • 20 WHEN rb?rablfal, • 
24 • 21 WHEN rb?rablfaO, • 
25 • 23 WHEN ch2!fblaao * timer2 ! start, • 
25 • 18 WHEN rb?rabOfaO, • 
25 • 19 WHEN rb?rabOfal, • 
25 • 20 WHEN rb?rablfal, • 
25 • 21 WHEN rb?rablfaO, • 
26 • 24 WHEN ch2!fblaal * timer2 ! start, • 
26 • 18 WHEN rb?rabOfaO, • 
26 • 19 WHEN rb?rabOfal, • 
26 • 20 WHEN rb?rablfal, • 
26 • 21 WHEN rb?rablfaO. • 
PROCESS rb; 
STATES 
O,l,2,3,4,5,6,7,8,9,10, 
ll,12,13,14,15,16,17,18,19,20; 
IO chl?faOabO, chl?faOabl, cpl?falabO, 
chl?falabl, sb?eabO, sb?eabl, sb!rabOfaO, 
sb!rabOfal, sb!rablfaO, sb!rablfal; 
INITIAL STATE O; 
TRANSITIONS 
0 • 1 WHEN chl?faOabO, • 
1 • 2 WHEN sb!rabOfaO, • 
2 • 1 WHEN chl?faOabO, • 
2 • 3 WHEN sb?eabO, • 
3 • 4 WHEN chl?faOabO, • 
3 • 5 WHEN chl ?faOabl, • 
3 • 6 WHEN chl?falabO, • 
3 • 7 WHEN chl ?falabl, • 
4 • 11 WHEN sb! rabOf ao, • 
5 • 8 WHEN sb! rablf ao, • 
6 • 10 WHEN sb! rabOfal, • 
60 
7 • 9 WHEN sb! rablfal, • 
8 • 4 WHEN chl?faOabO, • 
8 • 5 WHEN chl?faOabl, • 
8 • 6 WHEN chl?falabO, • 
8 • 7 WHEN chl ?falabl, • 
9 • 4 WHEN chl?faOabO, • 
9 • 5 WHEN chl ?faOabl, • 
9 • 6 WHEN chl?falabO, • 
9 • 7 WHEN chl ?falabl, • 
10 • 12 WHEN sb?eabl, • 
11 • 12 WHEN sb?eabl, • 
12 • 13 WHEN chl?faOabO, • 
12 • 14 WHEN chl ?faOabl, • 
12 • 15 WHEN chl?falabO, • 
12 • 16 WHEN chl?falabl, • 
13 • 17 WHEN sb!rabOfaO, • 
14 • 20 WHEN sb!rablfaO, • 
15 • 18 WHEN sb!rabOfal, • 
16 • 19 WHEN sb!rablfal, • 
17 • 13 WHEN chl?faOabO, • 
17 • 14 WHEN chl?faOabl, • 
17 • 15 WHEN chl?falabO, • 
17 • 16 WHEN chl?falabl, • 
18 • 13 WHEN chl?faOabO, • 
18 • 14 WHEN chl?faOabl, • 
18 • 15 WHEN chl?falabO, • 
18 • 16 WHEN chl?falabl, • 
19 • 3 WHEN sb? eabO, • 
20 • 3 WHEN sb?eabO. • 
PROCESS timer2; 
STATES 0,1 ; 
IO sb?start, sb!timeout; 
INITIAL STATE O; 
TRANSITIONS 
0 : 1 
1 : 1 
1 : 0 
WHEN sb?start, 
WHEN sb?start, 
WHEN sb! timeout • 
61 
--
PROCESS ch2 ; 
STATES O,l,2,3,4,5,6,7,8; 
IO sb?fbOaao, sb?fbOaal, sb?fblaao~ 
sb?fblaal, ralfbOaao, ralfbOaal, 
ra!fblaao, ra!fblaal ; 
INITIAL STATE O; 
TRANSITIONS 
0 • 1 WHEN sb?fbOaao, • 
0 • 2 WHEN sb?fbOaal, • 
0 • 3 WHEN sb?fblaao, • 
0 • 4 WHEN sb?fblaal, • 
1 • 5 WHEN ra!fbOaao, • 
2 • 6 WHEN ra! fbOaal, • 
3 • 7 WHEN ra!fblaao, • 
4 • 8 WHEN ra! fblaal, • 
5 • 1 WHEN sb?fbOaao, • 
5 • 2 WHEN sb?fbOaal, • 
5 • 3 WHEN sb?fblaao, • 
5 • 4 WHEN sb?fblaal, • 
6 • 1 WHEN sb?fbOaao, • 
6 • 2 WHEN sb?fbOaal, • 
6 • 3 WHEN sb?fblaao, • 
6 • 4 WHEN sb?fblaal, • 
7 • 1 WHEN sb?fbOaaO, • 
7 • 2 WHEN sb?fbOaal, • 
7 • 3 WHEN sb?fblaao, • 
7 • 4 WHEN sb?fblaal, • 
8 • 1 WHEN sb?fbOaao, • 
8 • 2 WHEN sb?fbOaal, • 
8 • 3 WHEN sb?fblaao, • 
8 • 4 WHEN sb?fblaal. • 
The User processes with respect to ~hich the analysis is 
carried out. 
hostb?msg2 hostb!msgl chl?faOabO chl?faOabl chl?falabO 
chl?falabl ra!fbOaao ra!fbOaal ra!fblaao ra!fblaal / 
62 
The reduced output from the analysis. 
Reduced Abstraction 
(0) • (3) WHEN chl?faOabO • (1) • (1) WHEN chl?falabl • (1) • (1) WHEN hostb?msg2 • (1) • (3) WHEN chl?faOabO • (1) • (4) WHEN chl?faOabl • (1) • (4) WHEN chl?falabO • (1) • (7) WHEN ra! fbOaaO • (1) • (7) WHEN ra! fbOaal • (1) • (7) WHEN ra! fblaao • (1) • (7) WHEN ra! fblaal • (2) • (1) WHEN hostb?msg2 • (2) • (3) WHEN chl?faOabO • (2) • (7) WHEN ra! fbOaaO • (2) • (7) WHEN ra! fbOaal • (2) • (7) WHEN ra! fblaao • (2) • (7) WHEN ra! fblaal • (3) • (1) WHEN chl?falabl • (3) • (1) WHEN hostb?msg2 • (3) • (2) WHEN hostb!msgl • (3) • (3) WHEN chl?faOabO • (3) • (4) WHEN chl?faOabl • (3) • (4) WHEN chl?falabO • 
(3) • (7) WHEN ra! fbOaaO • (3) • (7) WHEN ra! fbOaal • (3) • (7) WHEN ra! fblaao • (3) • (7) WHEN ra! fblaal • (4) • (1) WHEN chl?falabl • (4) • (2) WHEN hostb!msgl • (4) • (3) WHEN chl?faOabO • (4) • (4) WHEN chl?faOabl • (4) • (4) WHEN chl?falabO • (4) • (7) WHEN ra! fbOaao • 
(4) • (7) WHEN ra! fbOaal • (4) • (7) WHEN ra! fblaao • (4) • (7) WHEN ra! fblaal • 
(7) • (1) WHEN chl?falabl • (7) • (3) WHEN chl?faOabO • (7) • (4) WHEN chl?faOabl • (7) • (4) WHEN chl?falabO • (7) • (7) WHEN ra! fbOaaO • (7) • (7) WHEN ra! fbOaal • (7) • (7) WHEN ral fblaao • (7) • (7) WHEN ra! fblaal • 
Checking for Livelocks: 
63 
' ' ' ' 
. ' 
• i :!, 
. ·• 
i ~ 
. . . --
The reduced machines from the analyses of SLWIN21 and 
SLWIN22 are now composed and analyzed. The two machines are 
given the proper PSL process form and are called impa and 
impb. 
PROCESS impa; 
STATES 0,1,2,3,5,7,10,11,13,15,17; 
IO hosta?msgl, 
impb?fblaao, 
impbl f alabO, 
hosta!msg2, impb?fbOaao, 
impb?fblaal, impb! faOabO, 
impb! falabl; 
INITIAL STATE O; 
TRANSITIONS 
0 • 1 WHEN hosta?msgl, • 
1 • 10 WHEN impb?fbOaal, • 
1 • 11 WHEN impb?fblaao, • 
1 • 1 WHEN hosta?msgl, • 
1 • 3 WHEN impb!faOabO, • 
1 • 13 WHEN impb!faOabl, • 
1 • 5 WHEN impb!falabO, • 
1 • 15 WHEN impb!falabl, • 
1 • 7 WHEN impb?fbOaao, • 
1 • 17 WHEN impb?fblaal, • 
10 • 1 WHEN hosta?msgl, • 
10 • 10 WHEN impb?fbOaal, • 
10 • 11 WHEN impb?fblaao, • 
10 • 3 WHEN impb!faOabO, • 
10 • 13 WHEN impb!faOabl, • 
10 • 5 WHEN impb!falabO, • 
10 • 15 WHEN impb!falabl, • 
10 • 7 WHEN impb?fbOaao, • 
10 • 17 WHEN impb?fblaal, • 
11 • 1 WHEN hosta?msgl, • 
11 • 10 WHEN impb?fbOaal, • 
11 • 11 WHEN impb?fblaao, • 
11 • 3 WHEN impb!faOabO, • 
11 • 13 WHEN impb!faOabl, • 
11 • 5 WHEN impb!falabO, • 
11 • 15 WHEN impb!falabl, • 
11 • 7 WHEN impb?fbOaao, • 
11 • 17 WHEN impb?fblaal, • 
64 
impb?fbOaal, 
impb ! faOabl, 
- ------------~-----
2 • 1 WHEN hosta?msgl, • 
2 • 3 WHEN impblfaOabO, • 
2 • 13 WHEN impblfaOabl, • 
2 • 5 WHEN impblfalabO, • 
2 • 15 WHEN impblfalabl, • 
3 • 10 WHEN impb?fbOaal, • 
3 • 11 WHEN impb?fblaao, • 
3 • 1 WHEN hosta?msgl, • 
3 • 2 WHEN hostalmsg2, • 
3 • 3 WHEN impblfaOabO, • 
3 • 13 WHEN impb!faOabl, • 
3 • 7 WHEN impb?fbOaaO, • 
3 • 17 WHEN impb?fblaal, • 
13 • 10 WHEN impb?fbOaal, • 
13 • 11 WHEN impb?fblaao, • 
13 • 1 WHEN hosta?msgl, • 
13 • 2 WHEN hostalmsg2, • 
13 • 3 WHEN impblfaOabO, • 
13 • 13 WHEN impblfaOabl, • 
13 • 7 WHEN impb?fbOaaO, • 
13 • 17 WHEN impb?fblaal, • 
5 • 10 WHEN impb?fbOaal, • 
5 • 11 WHEN impb?fblaao, • 
5 • 1 WHEN hosta?msgl, • 
5 • 2 WHEN hosta!msg2, r • 
5 • 5 WHEN impb!falabO, ' \ • 
5 15 WHEN impb!falabl, . • .. __ \ • 
5 • 7 WHEN impb?fbOaaO, • 
5 • 17 WHEN impb?fblaal, • 
15 • 10 WHEN impb?fbOaal, • 
15 • 11 WHEN impb?fblaao, • 
15 • 1 WHEN hosta?msgl, • 
15 • 2 WHEN hos ta! msg2, • 
15 • 5 WHEN impblfalabO, • 
15 • 15 WHEN impb!falabl, • 
15 • 7 WHEN impb?fbOaao, • 
15 • 17 WHEN impb?fblaal, • 
7 • 10 WHEN impb?fbOaal, • t 7 • 11 WHEN impb?fblaao, • " 7 • 2 WHEN hosta!msg2, • 
7 • 3 WHEN impb!faOabO, • 
7 • 13 WHEN impb!faOabl, • 
7 • 5 WHEN impb!falabO, • 
7 • 15 WHEN impb!falabl, • 
7 • 7 WHEN impb?fbOaao, • 
7 • 17 WHEN impb?fblaal, • 
17 • 10 WHEN impb?fb.Oaal, • 
17 • 11 WHEN impb?fblaao, • 
17 • 2 WHEN hostalmsg2, • 
17 • 3 WH~N impb!faOabO, • 
17 • 13 WHEN impblfaOabl, • 
17 • 5 WHEN impb!falabO, • 
65 
) 
\ 
·! 
17: 15 WHEN impblfalabl, 
17: 7 WHEN impb?fbOaao, 
17: 17 WHEN impb?fblaal. 
PROCESS impb; 
STATES O,l,2,3,4,7,11,14,17,27,37; 
IO hostb?msg2, 
impa?falabO, 
impa! fblaao, 
hostb!msgl, impa?faOabO, 
impa?falabl, impa! fbOaao, 
impa! fblaal; 
INITIAL STATE O; 
TRANSITIONS 
0 • 3 WHEN impa?faOabO, • 
1 • 11 WHEN impa?falabl, • 
1 • 1 WHEN hostb?msg2, • 
1 • 3 WHEN impa?faOabO, • 
1 • 4 WHEN impa?faOabl, • 
1 • 14 WHEN impa?falabO, • 
1 • 7 WHEN impa! fbOaao, • 
1 • 17 WHEN impa! fbOaal, • 
1 • 27 WHEN impa! fblaao, • 
1 • 37 WHEN impa! fblaal, • 
11 • 11 WHEN impa?falabl, • 
11 • 1 WHEN hostb?msg2, • 
11 • 3 WHEN impa?faOabO, • 
11 • 4 WHEN impa?faOabl, • 
11 • 7 WHEN impa!fbOaao, • 
11 • 17 WHEN impa!fbOaal, • 
11 • 27 WHEN impa!fblaao, • 
11 • 37 WHEN impa!fblaal, • 
2 • 1 WHEN hostb?msg2, • 
2 • 3 WHEN impa?faOabO, • 
2 • 7 WHEN impa!fbOaao, • 
2 • 17 WHEN impa!fbOaal, • 
2 • 27 WHEN impa!fblaao, • 
2 • 37 WHEN impa!fblaal, • 
3 • 11 WHEN impa?falabl, • 
3 • 1 WHEN hostb?msg2, • 
3 • 2 WHEN hostb!msgl, • 
3 • 3 WHEN impa?faOabO, • 
3 • 4 WHEN impa?faOabl, • 
3 • 14 WHEN impa?falabo, • 
3 • 7 WHEN impa!fbOaao, • 
3 • 17 WHEN impalfbOaal, • 
3 • 27 WHEN impalfblaao, • 
3 • 37 WHEN impa!fblaal, • 
66 
impa? faOabl, 
impa! fbOaal, 
4 • 11 WHEN impa?falabl, • 
4 • 2 WHEN hostblmsgl, • 
4 • 3 WHEN impa?faOabO, • 
4 • 4 WHEN impa?faOabl, • 
4 • 14 WHEN impa?falabO, • 
4 • 7 WHEN impa!fbOaao, • 
4 • 17 WHEN impaJfbOaal, • 
4 • 27 WHEN impa!fblaao, • 
4 • 37 WHEN impa!fblaal, • 
14 • 11 WHEN impa?falabl, • 
14 • 2 WHEN hostb!msgl, • 
14 • 3 WHEN impa?faOabO, • C-14 • 4 WHEN impa?faOabl, • 
14 • 14 WHEN impa?falabO, • 
14 • 7 WHEN impa!fboaao, • 
14 • 17 WHEN impa!fbOaal, • 
14 • 27 WHEN impa!fblaao, • 
14 • 37 WHEN impa!fblaal, • 
7 • 11 WHEN impa?falabl, • 
7 • 3 WHEN impa?faOabO, • 
7 • 4 WHEN impa?faOabl, • 
7 • 14 WHEN impa?falabO, • 
7 • 7 WHEN impa!fbOaao, • 
7 • 17 WHEN impa!fbOaal, • 
7 • 27 WHEN impa!fblaao, • 
7 • 37 WHEN impa!fblaal, • 
17 • 11 WHEN impa?falabl, • 
17 • 3 WHEN impa?faOabO, • 
17 • 4 WHEN impa?faOabl, • 
17 • 14 WHEN impa?falabO, • 
17 • 7 WHEN impa!fbOaao, • 
17 • 17 WHEN impa!fbOaal, • 
17 • 27 WHEN impa!fblaao, • 
17 • 37 WHEN impa!fblaal, • 
27 • 11 WHEN impa?falabl, • 
27 • 3 WHEN impa?faOabO, • 
27 • 4 WHEN impa?faOabl, • 
27 • 14 WHEN impa?falabo, • 
27 • 7 WHEN impa!fbOaao, • 
27 • 17 WHEN impa!fbOaal, • 
27 • 27 WHEN impa!fblaao, • 
27 • 37 WHEN impa!fblaal, • 
37 • 11 WHEN impa?falabl, • 
37 • 3 WHEN impa?faOabO, • 
37 • 4 WHEN impa?faOabl, • 
37 • 14 WHEN impa?falabo, • 
37 • 7 WHEN impa!fboaao, • 
37 • 17 WHEN impa!fbOaal, • 
37 • 27 WHEN impa!fblaao, • 
· 37 • 37 WHEN impa!fblaal. • 
67 
ii 
.. :)· 
The User processes ~ith respect to which the analysis ~as 
carried out. 
hosta?msgl hostb!msgl hostb?msg2 hosta!msg2 / 
The final reduced output of SLWIN2. 
Reduced Abstraction 
(0) : (1) WHEN hosta?msgl 
(1) : (1) WHEN hosta!msg2 
(1) : (1) WHEN hostb!msgl 
(1) : (1) WHEN hosta?msgl 
(1) : (1) WHEN hostb?msg2 
Checking for Livelocks: 
68 
,, I. 
VITA 
Name: AZHAR IMTIYAZ KHAN. 
Pezmanent Address: 
Place of Birth: 
129/22 C.Rly. Flats, Matunga, 
Bombay - 400019. INDIA. 
Kalyan, INDIA. 
Date of Birth: 
Parents: 
Education: 
4th February 1962. 
Ahmed R. Khan. 
Raziya Sultana R. Khan. 
Institutions attended 
University of Bombay 
Degree 
B.E. (Mech) 
Bombay, INDIA. 
New Jersey Institute M.S.M.E. 
of Technology, Newark, NJ. USA. 
Lehigh University, M.S.C.S. 
Bethlehem, PA. USA. 
69 
Date Received 
Jan 1984. 
May 1985. 
May 1987. 
( 
I 
' 
,-
/ 
VITA 
Name: AZHAR IMTIYAZ KHAN. 
Permanent Address: 129/22 C.Rly. Flats, Matunga, 
Place of Birth: 
Date of Birth: 
Parents: 
Education: 
Bombay - 400019. INDIA. 
Kalyan, INDIA. 
4th February 1962. 
Ahmed R. Khan. 
Raziya Sultana R. Khan. 
Institutions attended Degree 
B.E. (Mech) University of Bombay 
Bombay, INDIA. 
New Jersey Institute M.S.M.E. 
of Technology, Newark, NJ. USA. 
Lehigh University, 
Bethlehem, PA. USA. 
69 
M.S.C.S. 
Date Received 
Jan 1984. 
May 1985. 
May 1987. 
.,_ ... , .. ,-.-•.,. 
