Fighting livelock in the GNU i-protocol: a case study in explicit-state model checking

  • Yifei Dong
  • Xiaoqun Du
  • Gerard J. Holzmann
  • Scott A. Smolka
Regular contribution

Abstract

The i-protocol, an optimized sliding-window protocol for GNU uucp, first came to our attention in 1995 when we used the Concurrency Factory’s local model checker to detect, locate, and correct a non-trivial livelock in version 1.04 of the protocol. Since then, we have conducted a systematic case study on the protocol using four verification tools, viz. Cospan, Murϕ, Spin, and XMC, each of which supports some form of explicit-state model checking. Our results show that although the i-protocol is inherently complex – the size of its state space grows exponentially in the window size and it deploys several sophisticated optimizations aimed at minimizing control-message and retransmission overhead – it is nonetheless amenable to a number of general-purpose abstraction techniques whose application can significantly reduce the size of the protocol’s state space.

Keywords

Explicit-state model checking Livelock Protocol verification Sliding-window protocol 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag 2002

Authors and Affiliations

  • Yifei Dong
    • 1
  • Xiaoqun Du
    • 2
  • Gerard J. Holzmann
    • 3
  • Scott A. Smolka
    • 1
  1. 1.Department of Computer ScienceSUNY at Stony BrookStony BrookUSA
  2. 2.Cadence Design SystemsNew ProvidenceUSA
  3. 3.Bell LaboratoriesMurray HillUSA

Personalised recommendations