Analysis of a Session-Layer Protocol in mCRL2

Verification of a Real-Life Industrial Implementation
  • Marko van Eekelen
  • Stefan ten Hoedt
  • René Schreurs
  • Yaroslav S. Usenko
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4916)


This paper reports the analysis of an industrial implementation of the session-layer of a load-balancing software system. This software comprises 7.5 thousand lines of C code. It is used for distribution of the print jobs among several document processors (workers). A large part of this commercially used software system has been modeled closely and analyzed using process-algebraic techniques. Several critical issues were discovered. Since the model was close to the code, all problems that were found in the model, could be traced back to the actual code resulting in concrete suggestions for improvement of the code. All in all, the analysis significantly improved the quality of this real-life system.


Model Check Application Layer Error Action Label Transition System Device Driver 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Groote, J.F., Mathijssen, A.H.J., Reniers, M.A., Usenko, Y.S., van Weerdenburg, M.J.: The formal specification language mCRL2. In: Proc. Methods for Modelling Software Systems. Number 06351 in Dagstuhl Seminar Proceedings (2007)Google Scholar
  2. 2.
    Holzmann, G.J.: Software model checking with spin. Advances in Computers 65, 78–109 (2005)Google Scholar
  3. 3.
    Bergstra, J.A., Ponse, A., Smolka, S.A. (eds.): Handbook of Process Algebra. Elsevier, Amsterdam (2001)zbMATHGoogle Scholar
  4. 4.
    Palmskog, K.: Verification of the session management protocol. Master’s thesis, School of Computer Science and Communication, Royal Institute of Technology, Stockholm (2006)Google Scholar
  5. 5.
    He, Y.-T., Janicki, R.: Verifying protocols by model checking: A case study of the wireless application protocol and the model checker spin. In: CASCON 2004: Proceedings of the 2004 conference of the Centre for Advanced Studies on Collaborative research, pp. 174–188. IBM Press (2004)Google Scholar
  6. 6.
    Mathijssen, A., Pretorius, A.J.: Verified design of an automated parking garage. In: Brim, L., Haverkort, B.R., Leucker, M., van de Pol, J. (eds.) FMICS 2006. LNCS, vol. 4346, pp. 165–180. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Brock, N.A., Jackson, D.M.: Formal verification of a fault tolerant computer. In: Proc. 11th Digital Avionics Systems Conference (IEEE/AIAA), pp. 132–137 (1992)Google Scholar
  8. 8.
    Hessel, A., Pettersson, P.: Model-based testing of a wap gateway: An industrial case-study. In: Brim, L., Haverkort, B.R., Leucker, M., van de Pol, J. (eds.) FMICS 2006 and PDMC 2006. LNCS, vol. 4346, pp. 116–131. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Chandra, S., Godefroid, P., Palm, C.: Software model checking in practice: an industrial case study. In: ICSE, pp. 431–441. ACM, New York (2002)Google Scholar
  10. 10.
    Fernandez, J.C., Garavel, H., Kerbrat, R.M.A., Mounier, L., Sighireanu, M.: CADP: A protocol validation and verification toolbox. In: Proceedings of the 8th Conference on Computer-Aided Verification, New Brunswick, New Jersey, USA, pp. 437–440 (August 1996)Google Scholar
  11. 11.
    del Mar Gallardo, M., Merino, P., Sanán, D.: Towards model checking c code with open/cæsar. In: Barjis, J., Ultes-Nitsche, U., Augusto, J.C. (eds.) MSVVEIS, pp. 198–201. INSTICC Press (2006)Google Scholar
  12. 12.
    Chen, H., Dean, D., Wagner, D.: Model checking one million lines of c code. In: NDSS, The Internet Society (2004)Google Scholar
  13. 13.
    Visser, W., Mehlitz, P.C.: Model checking programs with java pathfinder. In: Godefroid, P. (ed.) SPIN 2005. LNCS, vol. 3639, p. 27. Springer, Heidelberg (2005)Google Scholar
  14. 14.
    Iosif, R., Dwyer, M.B., Hatcliff, J.: Translating java for multiple model checkers: The bandera back-end. Formal Methods in System Design 26(2), 137–180 (2005)zbMATHCrossRefGoogle Scholar
  15. 15.
    Ball, T., Bounimova, E., Cook, B., Levin, V., Lichtenberg, J., McGarvey, C., Ondrusek, B., Rajamani, S.K., Ustuner, A.: Thorough static analysis of device drivers. In: Berbers, Y., Zwaenepoel, W. (eds.) EuroSys, pp. 73–85. ACM, New York (2006)CrossRefGoogle Scholar
  16. 16.
    Holzmann, G.J., Smith, M.H.: Automating software feature verification. Bell Labs Technical Journal 5(2), 72–87 (2000)CrossRefGoogle Scholar
  17. 17.
    van Eekelen, M., ten Hoedt, S., Schreurs, R., Usenko, Y.S.: Modeling and verifying a real-life industrial session-layer protocol in mCRL2. Technical Report ICIS-R07014, Radboud University Nijmegen (June 2007)Google Scholar
  18. 18.
    Groote, J.F., Ponse, A.: The syntax and semantics of μCRL. In: Ponse, A., Verhoef, C., van Vlijmen, S.F.M. (eds.) Algebra of Communicating Processes 1994. Workshop in Computing, pp. 26–62. Springer, Heidelberg (1995)Google Scholar
  19. 19.
    Usenko, Y.S.: Linearization in μCRL. PhD thesis, Eindhoven University of Technology (December 2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Marko van Eekelen
    • 1
  • Stefan ten Hoedt
    • 2
  • René Schreurs
    • 2
  • Yaroslav S. Usenko
    • 3
    • 4
  1. 1.Institute for Computing and Information SciencesRadboud Universiteit NijmegenNijmegenThe Netherlands
  2. 2.Aia Software B.V.NijmegenThe Netherlands
  3. 3.Laboratory for Quality Software (LaQuSo)Technische Universiteit EindhovenEindhovenThe Netherlands
  4. 4.Centrum voor Wiskunde InformaticaAmsterdamThe Netherlands

Personalised recommendations