We show how to use a decision procedure for WS1S (the MONA tool) to give automated correctness proofs of a sliding window protocol under assumptions of unbounded window sizes, buffer sizes, and channel capacities. We also verify a version of the protocol where the window size is fixed. Since our mechanized target logic is WS1S, not the finite structures of traditional model checking, our method employs only two easy reductions outside the decidable framework. Additionally, we formulate invariants that describe the reachable global states, but the bulk of the detailed reasoning is left to the decision procedure. Because the notation of WS1S is too low-level to describe complicated protocols at a reasonable level of abstraction, we use a higher level language for the protocol description, and then build a tool that automatically translates this language to the MONA syntax. The higher level language we use is IOA.


Automated Verification Formal Methods Sliding Window Protocol MONA I/O Automata 


  1. [1]
    P.A. Abdulla, A. Aniinichini, S. Bensalem, A. Bouajjani, P.Habermehl, and Y. Lakhnech. Verification of infinite-state systems by combining abstraction and reachability analysis. In Computer Aided Verification. 11th International Conference, CAV ‘89, volume 1633 of LNCS. Springer-Verlag, July 1999.Google Scholar
  2. [2]
    K. A. Barlett, R. A. Scantlebury, and P. C. Wilkinson. A note on reliable transmission over half duplex links. Communications of the ACM, 12, 1969.Google Scholar
  3. [3]
    R. E. Bryant. Symbolic boolean manipulation with ordered binary-decision diagrams. ACM Computing Surveys, 24 (3): 293–318, September 1992.CrossRefGoogle Scholar
  4. [4]
    E.M. Clarke and E.A. Emerson. Design and synthesis of synchronization skeletons using branching time temporal logic. In Workshop on Logics of Programs, volume 131 of LNCS. Springer-Verlag, 1981.Google Scholar
  5. [5]
    P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of 4th ACM Symposium on Principles of Programming Languages, pages 238–252, Los Angeles, California, 1977.Google Scholar
  6. [6]
    Stephen J. Garland and Nancy A. Lynch. The IOA language and toolset: Support for designing, analyzing, and builiding distributed systems. Technical Report MIT/LCS/TR-762, M.I.T., August 1998.Google Scholar
  7. [7]
    P. Godefroid and D.E. Long. Symbolic protocol verification with Queue BDDs. Formal Methods in System Design, 14(13):257–271, may 1999.Google Scholar
  8. [8]
    M. J. C. Gordon and T. F. Melham, editors. Introduction to HOL: A Theorem Proving Environment for Higher Order Logic. Cambridge University Press, 1993.Google Scholar
  9. [9]
    K. Havelund and N. Shankar. Experiments in theorem proving and model checking for protocol verification. In Formal Methods Europe (FME), volume 1051 of Lecture Notes in Computer Science. Springer-Verlag, July 1996.Google Scholar
  10. [10]
    J. G. Henriksen, J. Jensen, M. Jorgensen, N. Klarlund, R. Paige, T. Rauhe, and A. Sandholm. Mona: Monadic second-order login in practice. In Tools and Algorithms for the Construction and Analysis of Systems, First International Workshop, TACAS ‘85 LCNS 1019, 1995.Google Scholar
  11. [11]
    Roope Kaivola. Using compositional preorders in the verification of sliding window protocol. In Computer Aided Verification. 9th International Conference, CAV’97, volume 1254 of LNCS, pages 48–59, Haifa, Israel, June 1997. Springer-Verlag.Google Scholar
  12. [12]
    Nils Klarlund. Mona and Fido: The logic-automaton connection in practice. In CSL ‘87 Proceedings, volume 1414 of LNCS. Springer-Verlag, 1998.Google Scholar
  13. [13]
    Donald Knuth. Verification of link-level protocols. BIT, 21: 31–36, 1981.MathSciNetMATHGoogle Scholar
  14. [14]
    Nancy Lynch and Mark Tuttle. An introduction to input/output automata. CWI Quarterly, 3 (2), September 1989.Google Scholar
  15. [15]
    Panagiotis Manolios, Kedar Namjoshi, and Robert Sumners. Linking theorem proving and model-checking with well-founded bisimulations. In Computer Aided Verification. 11th International Conference, CAV ‘89, volume 1633 of LNCS. Springer-Verlag, July 1999.Google Scholar
  16. [16]
    S. Owre, J. Rushby, N. Shankar, and F. von Henke. Formal verification for fault-tolerant architectures: Prolegomena to the design of PVS. IEEE Transactions on Software Engineering, 21 (2): 107–125, 1995.CrossRefGoogle Scholar
  17. [17]
    Jon Postel. Transmission Control Protocol - DARPA Internet Program Specification (Internet Standard STC-007). Internet RFC-793, September 1981.Google Scholar
  18. [18]
    J. L. Richier, C. Rodriguez, J. Sifakis, and J. Voiron. Verification in Xesar of the sliding window protocol. In Protocol Specification, Testing and Verification VII, pages 235–248. North-Holland, 1987.Google Scholar
  19. [19]
    A. Udaya Shankar and S. S. Lam. An HDLC protocol specification and verification using image protocols. ACM Transactions on Computer Systems,1(4):331368, 1983.Google Scholar
  20. [20]
    Mark A. Smith and Nils Klarlund. Verification of a sliding window protocol using IOA and MONA. Technical report, IRISA. To appear.Google Scholar
  21. [21]
    P. Wolper. Synthesis of communication processes from temporal logic specifications. In Proceedings 13th ACM Symposium on POPL, pages 184–193, January 1986.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2000

Authors and Affiliations

  • Mark A. Smith
    • 1
  • Nils Klarlund
    • 2
  1. 1.IRISARennes CedexFrance
  2. 2.AT&T Labs ResearchFlorham ParkUSA

Personalised recommendations