Advertisement

A TLA solution to the specification and verification of the RLP1 retransmission protocol

  • Abdelillah Mokkedem
  • Michael J. Ferguson
  • Robert de Johnston
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1313)

Abstract

This paper presents a series of TLA+ specification/implementations that lead to an implementation of the retransmission policy of RLP1, the Radio Link Protocol proposed for TDMA (Time Division Multiple Access) digital cellular radio. Both safety and liveness properties are proved for SWPInitial, a very abstract, but formal, specification of a sliding window protocol. The rest of the work consists of a series of refinements which finally result in a model of RLP1. Each refinement step is formally proved. In all cases the most difficult part of the proof is for liveness. We prove, formally and rigorously, and parametrised by the window size N, that the model of RLP1 obtained from the last refinement step is an implementation of the initial specification SWPInitial, and thus inherits safety and liveness properties proved for all the higherlevel specifications. The specifications are written in TLA+, a formal language based on TLA, and proofs are given in Lamport's hierarchical proof-style. Most proof steps are checked mechanically in Eves.

Keywords

Temporal Logic Time Division Multiple Access Liveness Property Refinement Mapping Message Channel 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abadi, M., and Lamport, L. The existence of refinement mappings. Theoretical Computer Science 82, 2 (may 1991), 253–283.Google Scholar
  2. 2.
    CCITT. CCITT specification and description language (SDL). ITU-T Standard Recommendation Z.100, ITU, 1988.Google Scholar
  3. 3.
    Craigen, D. Eves, an overview. In Proceedings VDM'91 (1991), Springer-Verlag.Google Scholar
  4. 4.
    Ferguson, M. J. On the syntactic, semantic, and functional analysis of the RLP1 (layer2) protocol standard. Contribution TR45.3.2.5/94.06.10.01, Data Services Task Group of ANSI Accredited TIA TR45-3, jun 1994.Google Scholar
  5. 5.
    Ferguson, M. J. Formalization and validation of the Radio Link Protocol (RLP1). Computer Networks and ISDN Systems 29, 3 (feb 1997), 357–372.Google Scholar
  6. 6.
    Holzmann, G.Design and Validation of Computer Protocols. Prentice Hall, Englewood Cliffs, NJ, 1991.Google Scholar
  7. 7.
    Ladkin, P. Formal but lively buffers in tla+. WWW page, http:/ /www.techfak.uni-bielefeld.de/techfak/persons/ladkin, 1995.Google Scholar
  8. 8.
    Lamport, L. A temporal logic of actions. Tech. Rep. 57, Digital, SRC, apr 1990.Google Scholar
  9. 9.
    Lamport, L. The temporal logic of actions. ACM Transactions on Programming Languages and Systems 16, 3 (may 1994), 872–923.Google Scholar
  10. 10.
    Lamport, L. TLA WWW page. WWW page, http://www.research.digital.com /SRC/tla/tla.html, 1996.Google Scholar
  11. 11.
    Mokkedem, A., Ferguson, M., and DEB. Johnston, R. A TLA solution to the specification and verification of the RLP1 retransmission protocol. WWW page, http://www.inrs-telecom.uquebec.ca/users/telesoft/Ferguson /FME97fullpaper.ps.gz, 1997.Google Scholar
  12. 12.
    Ora, Canada. Eves — http://www.ora.on.ca/eves.html.WWW page, ORA, 1996.Google Scholar
  13. 13.
    Sacuta, A. D. PN-3306: Radio link protocol 1 (ballot resolution draft). TIA Draft Standard TR45.3.2/95.02.28.03, Data Services Task Group of ANSI Accredited TIA TR45-3, feb 1995.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  • Abdelillah Mokkedem
    • 1
  • Michael J. Ferguson
    • 1
  • Robert de Johnston
    • 1
  1. 1.INRS-TelecommunicationsQuébecCanada

Personalised recommendations