Modelling and verifying IEEE Std 11073-20601 session setup using mCRL2

In this paper we advocate that formal verification should be a part of the development of a communication standard; in a short period of time issues are uncovered that have been in the standard for a number of years, and all subtleties in the correctness of the protocol are understood. We model and verify the session setup protocol that is part of the IEEE 11073-20601:2008 standard for communication between personal health devices. We identify a number of issues present in the standards document. Discussion with a member of the standards committee unveiled that most, but not all, of the identified issues are fixed in the IEEE 11073-20601:2010 version of the standard. In addition, the correctness of the protocol, including the fixes, is assessed. For this, properties of the session setup protocol are formulated, and using the model checker mCRL2 it is verified whether the model satisfies these properties. We show that the session setup protocol is flawed, and propose a straightforward way to fix this issue

Generic programming in the mCRL2 toolset

The mCRL2 tool set [GKM+08] is a tool set for verification and validation of concurrent processes, based on process algebra speci??cations. The mCRL2 language is based on the Algebra of Communicating Processes (ACP), which is extended to include data and time. This paper reports on experiences with generic programming in C++ as applied in the implementation of the tool set. C++ concepts, a type system for templates [RS06], form a key ingredient of this style of programming. Using concept definitions, requirements on template types can be defined that are type checked during compile time. The main benefits for the mCRL2 tool set are uniform and exible interfaces that operate on well-defined types, and a signi??cant increase in code reuse. The use of concepts also promotes the writing of code that corresponds closely to pseudo code, since the chosen concepts correspond naturally with domain specific concepts. This will be illustrated by a simple use case, namely substitution functions. Generic programming is about generalizing software components, to enable reuse in a wide variety of situations. In C++, generic programming is enabled using templates. C++ concepts are proposed as a means to type check template types. A concept is a set of requirements (valid expressions, associated types, semantic invariants, complexity guarantees, and so on) that a type must fulfill to be correctly used as an argument in a call to a generic algorithm, see [RS06]. Language support for concepts has been proposed [GJS+06] for the next version of the C++ standard, C++0x. Concepts will be used to make the specification of the C++ standard library more complete and precise. A derivative of the GNU C++ compiler [Gre08] already implements language support for concepts. In the mCRL2 tool set we have used a portable library for concept checking. Most uses of generic programming in general, and more specifically the use of concepts, that are described in the literature treat the construction of data structures and algorithms that operate on these, see e.g. [GL05]

Experience in developing the mCRL2 toolset

mCRL2 is a language with a toolset for formal analysis of behaviour of concurrent systems. It is developed in an academic research group to support process algebra based verification in an academic as well as an industrial setting. This paper provides an insight into the experiences and practises in developing and maintaining the mCRL2 toolset

Practical Formal Methods

Contains fulltext : 207828.pdf (preprint version ) (Open Access

Structural analysis of Boolean equation systems

We analyze the problem of solving Boolean equation systems through the use of structure graphs. The latter are obtained through an elegant set of Plotkin-style deduction rules. Our main contribution is that we show that equation systems with bisimilar structure graphs have the same solution. We show that our work conservatively extends earlier work, conducted by Keiren and Willemse, in which dependency graphs were used to analyze a subclass of Boolean equation systems, viz., equation systems in standard recursive form. We illustrate our approach by a small example, demonstrating the effect of simplifying an equation system through minimization of its structure graph