Reasoning about Protocols using Dijkstra’s Calculus

A mathematical model for the specification and verification of a data link layer protocol is proposed. The weakest precondition calculus, developed by Dijkstra, originally for sequential programs, has been chosen for this purpose. It is demonstrated that the wp-calculus provides a basis, not only for the modeling but also, for a straightforward and thorough analysis of large and complex distributed systems like data link layer protocol. This analysis contributes to the understanding of the system and could lead to an improvement in the design. The technique has been illustrated by describing the sliding window protocol.Facultad de Informátic

A TLA Solution to the Specification and Verification of the RLP1 Retransmission Protocol

This paper presents a series of TLA + specification/implementations that lead to an implementation of the retransmission policy of RLP1, the Radio Link Protocol proposed for TDMA (Time Division Multiple Access) digital cellular radio. Both safety and liveness properties are proved for SWPInitial, a very abstract, but formal, specification of a sliding window protocol. The rest of the work consists of a series of refinements which finally result in a model of RLP1. Each refinement step is formally proved. In all cases the most difficult part of the proof is for liveness. We prove, formally and rigorously, and parametrised by the window size N , that the model of RLP1 obtained from the last refinement step is an implementation of the initial specification SWPInitial, and thus inherits safety and liveness properties proved for all the higher-level specifications. The specifications are written in TLA + , a formal language based on TLA, and proofs are given in Lamport's hierarchical pr..

A TLA solution to the specification and verification of the RLP1 retransmission protocol (Extended Abstract)

This paper presents a series of TLA specification/implementations that lead to an implementation of the retransmission policy of RLP1, the Radio Link Protocol proposed for TDMAbased digital cellular radio. Both safety and liveness properties are proved for SWPInitial, a very abstract, but formal, specification of a sliding window protocol. The rest of the work consists of a series of refinements which finally result in a model of RLP1. Each refinement step is formally proved. In all cases the most difficult part of the proof is for liveness. We prove, formally and rigorously, and parametrised by the window size N, that the model of RLP1 obtained from the last refinement step is an implementation of the initial specification SWPInitial, and thus inherits safety and liveness properties proved for all the higher-level specifications. The specifications are written in TLA, a formal language based on TLA, and proofs are given in Lamport's hierarchical proof-style. Most proof steps are checked mechanically in Eves