Constructive formal methods and protocol standardization

This research is part of the NWO project "Improving the Quality of Protocol Standards". In this project we have cooperated with industrial standardization committees that are developing protocol standards. Thus we have contributed to these international standards, and we have generated relevant research questions in the field of formal methods. The first part of this thesis is related to the ISO/IEEE 1073.2 standard, which addresses medical device communication. The protocols in this standard were developed from a couple of MSC scenarios that describe typical intended behavior. Upon synthesizing a protocol from such scenarios, interference between these scenarios may be introduced, which leads to undesired behaviors. This is called the realizability problem. To address the realizability problem, we have introduced a formal framework that is based on partial orders. In this way the problem that causes the interference can be clearly pointed out. We have provided a complete characterization of realizability criteria that can be used to determine whether interference problems are to be expected. Moreover, we have provided a new constructive approach to solve the undesired interference in practical situations. These techniques have been used to improve the protocol standard under consideration. The second part of this thesis is related to the IEEE 1394.1-2004 standard, which addresses High Performance Serial Bus Bridges. This is an extension of the IEEE 1394-1995 standard, also known as FireWire. The development of the distributed spanning tree algorithm turned out to be a serious problem. To address this problem, we have first developed and proposed a much simpler algorithm. We have also studied the algorithm proposed by the developers of the standard, namely by formally reconstructing a version of it, starting from the specification. Such a constructive approach to verification and analysis uses mathematical techniques, or formal methods, to reveal the essential mechanisms that play a role in the algorithm. We have shown the need for different levels of abstraction, and we have illustrated that the algorithm is in fact distributed at two levels. These techniques are usually applied manually, but we have also developed an approach to automate parts of it using state-of-the-art theorem provers.

[1]  Yee Wei Law,et al.  Key management and link-layer security of wireless sensor networks : Energy-efficient attack and defense , 2005 .

[2]  G Georgina Fabian,et al.  A language and simulator for hybrid systems , 1999 .

[3]  Twan Laan The evolution of type theory in logic and mathematics , 1997 .

[4]  Stefan Blom,et al.  Term Graph Rewriting. Syntax and semantics , 2001 .

[5]  Pedro R. D'Argenio,et al.  Algebras and Automata for Timed and Stochastic Systems , 1999 .

[6]  Goran Frehse,et al.  Compositional verification of hybrid systems using simulation relations , 2005 .

[7]  Arjan J. Mooij,et al.  A distributed spanning tree algorithm for topology-aware networks , 2003 .

[8]  Irene Bloemraad UNITY IN DIVERSITY? , 2007, Du Bois Review: Social Science Research on Race.

[9]  A. T. Hofkamp,et al.  Reactive machine control : a simulation approach using chi , 2001 .

[10]  den Jeremy Ian Hartog,et al.  Probabilistic Extensions of Semantical Models , 2002 .

[11]  Leonor Prensa Nieto Verification of parallel programs with the Owicki-Gries and Rely-Guarantee methods in Isabelle, HOL , 2002 .

[12]  G. Rozenberg,et al.  Effective models for the structure of ð-calculus processes with replication , 2001 .

[13]  Edsger W. Dijkstra,et al.  Self-stabilizing systems in spite of distributed control , 1974, CACM.

[14]  Blaise Genest,et al.  Compositional Message Sequence Charts (CMSCs) Are Better to Implement Than MSCs , 2005, TACAS.

[15]  Marcel Kyas,et al.  Verifying OCL specifications of UML models: tool support and compositionakity , 2006 .

[16]  Felix C. Gaertner,et al.  A Survey of Self-Stabilizing Spanning-Tree Construction Algorithms , 2003 .

[17]  Peter Verbaan,et al.  The Computational Complexity of Evolving Systems , 2006 .

[18]  Lawrence Charles Paulson,et al.  Isabelle: A Generic Theorem Prover , 1994 .

[19]  F. Alkemade,et al.  Evolutionary agent-based economics , 2004 .

[20]  V Victor Bos,et al.  Formal specification and analysis of industrial systems , 2002 .

[21]  RJ Roy Willemen,et al.  School timetable construction : algorithms and complexity , 2002 .

[22]  Leon Moonen,et al.  Exploring software systems , 2003, International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings..

[23]  Jozef Hooman Developing Proof Rules for Distributed Real-Time Systems with PVS , 1998 .

[24]  Arjan J. Mooij,et al.  Non-local Choice and Beyond: Intricacies of MSC Choice Nodes , 2005, FASE.

[25]  Martijn M. Schrage,et al.  Proxima: a presentation-oriented editor for structured documents , 2000 .

[26]  Ansgar Fehnker,et al.  Citius, Vilius, Melius : guiding and cost-optimality in model checking of timed and hybrid systems , 2002 .

[27]  Wim H. Hesselink,et al.  Invariants for the Construction of a Handshake Register , 1998, Inf. Process. Lett..

[28]  Wpaj Wil Michiels Performance ratios for the differencing method , 2004 .

[29]  B. D. Fluiter Algorithms for graphs of small treewidth , 1997 .

[30]  F. Bartels,et al.  On Generalised Coinduction and Probabilistic Specification Formats , 2004 .

[31]  Thomas Wolle,et al.  Computational aspects of treewidth : Lower bounds and network reliability , 2005 .

[32]  D. Turi,et al.  Functional Operational Semantics and its Denotational Dual , 1996 .

[33]  Cj Roel Bloo,et al.  Preservation of termination for explicit substitution , 1997 .

[34]  K. Leeuw Cryptology and statecraft in the Dutch Republic , 2000 .

[35]  A. G. Engels,et al.  Languages for analysis and testing of event sequences , 2001 .

[36]  Arjan J. Mooij,et al.  A formal analysis of a dynamic distributed spanning tree algorithm , 2003 .

[37]  Vaughan R. Pratt,et al.  Modeling concurrency with partial orders , 1986, International Journal of Parallel Programming.

[38]  Marieke Huisman,et al.  Reasoning about Java programs in higher order logic using PVS and Isabelle , 2001 .

[39]  Arjan J. Mooij,et al.  Incremental Verification of Owicki/Gries Proof Outlines Using PVS , 2005, ICFEM.

[40]  Arjan J. Mooij,et al.  Progress in Deriving Concurrent Programs: Emphasizing the Role of Stable Guards , 2006, MPC.

[41]  Daniel R. Tauritz,et al.  Adaptive Information Filtering: Concepts and Algorithms , 2002 .

[42]  Rajeev Alur,et al.  Realizability and verification of MSC graphs , 2005, Theor. Comput. Sci..

[43]  Susan Owicki,et al.  An axiomatic proof technique for parallel programs I , 1976, Acta Informatica.

[44]  Jos C. M. Baeten,et al.  Delayed choice: an operator for joining Message Sequence Charts , 1994, FORTE.

[45]  Mohamed G. Gouda,et al.  Synthesis of Communicating Finite-State Machines with Guaranteed Progress , 1984, IEEE Trans. Commun..

[46]  N.J.M. van den Nieuwelaar,et al.  Supervisory machine control by predictive-reactive scheduling , 2004 .

[47]  Ts Ed Voermans Inductive datatypes with laws and subtyping : a relational model , 1999 .

[48]  Michel A. Reniers,et al.  An Algebraic Semantics of Basic Message Sequence Charts , 1994, Comput. J..

[49]  R. S. Venema,et al.  Aspects of an integrated neural prediction system , 1999 .

[50]  Emile H. L. Aarts,et al.  Parallel local search , 1995, J. Heuristics.

[51]  M. Bonsangue,et al.  Topological Dualities in Semantics , 1996 .

[52]  Dennis Dams,et al.  Abstract interpretation and partition refinement for model checking , 1996 .

[53]  Jjd Joep Aerts Random redundant storage for video on demand , 2003 .

[54]  Henry Muccini,et al.  Detecting Implied Scenarios Analyzing Non-local Branching Choices , 2003, FASE.

[55]  Simona Orzan,et al.  On Distributed Verification and Verified Distribution , 2004 .

[56]  G Goce Naumoski,et al.  A discrete-event simulator for systems engineering , 1998 .

[57]  Nicolae Goga,et al.  Founding FireWire bridges through Promela prototyping , 2003, Proceedings International Parallel and Distributed Processing Symposium.

[58]  EO Esko Dijk Indoor ultrasonic position estimation using a single base station , 2004 .

[59]  D Dmitri Chkliaev,et al.  Mechanical verification of concurrency control and recovery protocols , 2001 .

[60]  R Ronald Ruimerman,et al.  Modeling and remodeling in bone tissue , 2005 .

[61]  Joost Visser,et al.  Generic traversal over typed source code representations , 2003 .

[62]  Sebastián Uchitel,et al.  Incremental elaboration of scenario-based specifications and behavior models using implied scenarios , 2004, TSEM.

[63]  Hanêne Ben-Abdallah,et al.  Syntactic Detection of Process Divergence and Non-local Choice inMessage Sequence Charts , 1997, TACAS.

[64]  Baruch Awerbuch,et al.  Applying static network protocols to dynamic networks , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[65]  Radia J. Perlman,et al.  An algorithm for distributed computation of a spanningtree in an extended LAN , 1985, SIGCOMM '85.

[66]  G Giovanni Russello,et al.  Separation and adaptation of concerns in a shared data space , 2006 .

[67]  Ling Cheung,et al.  Reconciling nondeterministic and probabilistic choices , 2006 .

[68]  Mariëlle Stoelinga,et al.  Alea jacta est : verification of probabilistic, real-time and parametric systems , 2002 .

[69]  Anish Arora,et al.  Distributed Reset , 1994, IEEE Trans. Computers.

[70]  F.A.M. van den Beuken,et al.  A functional approach to syntax and typing , 1997 .

[71]  H.M.A. van Beek,et al.  Specification and analysis of Internet applications , 2005 .

[72]  Hui Gao,et al.  Lock-free dynamic hash tables with open addressing , 2003, Distributed Computing.

[73]  Willem Otto David Griffioen,et al.  Studies in computer aided verification of protocols , 2000 .

[74]  Jurgen Vinju,et al.  Analysis and transformation of source code by parsing and rewriting , 2005 .

[75]  Andres Löh,et al.  Exploring generic Haskell , 2004 .

[76]  Pierre A. Humblet,et al.  A Distributed Algorithm for Minimum-Weight Spanning Trees , 1983, TOPL.

[77]  van Robert Liere,et al.  Studies in Interactive Visualization , 2001 .

[78]  Rajeev Alur,et al.  Inference of message sequence charts , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[79]  Isabelle Reymen Improving design processes through structured reflection : case studies , 2001 .

[80]  M. Franssen Cocktail : a tool for deriving correct programs , 2000 .

[81]  Theodorus Cornelis Ruys,et al.  Towards effective model checking , 2001 .

[82]  Sebastián Uchitel,et al.  Detecting implied scenarios in message sequence chart specifications , 2001, ESEC/FSE-9.

[83]  T. Kuipers,et al.  Techniques for understanding legacy software systems , 2002 .

[84]  Daan Leijen,et al.  The λ Abroad - A Functional Approach to Software Components , 2003 .

[85]  Arjan J. Mooij Formal derivations of non-blocking multiprograms , 2002 .

[86]  P. Zoeteweij,et al.  Composing constraint solvers , 2005 .

[87]  J. Wessels,et al.  Faculty of Mathematics and Computing Science , 1988 .

[88]  Ivan Kurtev Ivanov,et al.  Adaptability of model transformations , 2005 .

[89]  P. Severi Normalisation in lambda calculus and its relation to type inference , 1996 .

[90]  Michel A. Reniers,et al.  A hierarchy of communication models for Message Sequence Charts , 1997, Sci. Comput. Program..

[91]  Maurice H. ter Beek,et al.  Team Automata: A Formal Approach to the Modeling of Collaboration Between System Components , 2003 .

[92]  Bastiaan Heeren,et al.  Top quality type error Messages , 2005 .

[93]  ter Hugo Wilfried Laurenz Doest Towards Probabilistic Unification-Based Parsing , 1999 .

[94]  Anca Muscholl,et al.  Compositional message sequence charts , 2001, International Journal on Software Tools for Technology Transfer.

[95]  Jeroen Eggermont,et al.  Data Mining using Genetic Programming : Classification and Symbolic Regression , 2005 .

[96]  N. Goga,et al.  Formal methods impact on ANSI standard HL7/IM - filling gaps in MSC theory , 2005, Canadian Conference on Electrical and Computer Engineering, 2005..

[97]  Radia Perlman,et al.  An algorithm for distributed computation of a spanningtree in an extended LAN , 1985, SIGCOMM '85.

[98]  Mohammad Reza Mousavi,et al.  Structuring structural operational semantics , 2005 .

[99]  D. Bosnacki Enhancing state space reduction techniques for model checking , 2001 .

[100]  Ad M. G. Peeters,et al.  Single-rail handshake circuits , 1995, Proceedings Second Working Conference on Asynchronous Design Methodologies.

[101]  Tac Tim Willemse Semantics and verification in process algebras with data and timing , 2003 .

[102]  Arjan J. Mooij,et al.  Improving the quality of protocol standards , 2001 .

[103]  M. B. van der Zwaag,et al.  Models and logics for process algebra , 2002 .

[104]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[105]  Marieke Huisman,et al.  A Comparison of PVS and Isabelle/HOL , 1998, TPHOLs.

[106]  A. J. M. van Gasteren,et al.  On a Method of Multiprogramming , 2010, Monographs in Computer Science.

[107]  Rr Rob Hoogerwoord A formal development of distributed summation , 2000 .

[108]  Ivan Kurtev,et al.  Adaptability of model transformations , 2005 .

[109]  M. Niqui,et al.  Formalising Exact Arithmetic. Representations, Algorithms and Proofs , 2004 .

[110]  Ricardo Corin,et al.  Analysis Models for Security Protocols , 2006 .

[111]  Loïc Hélouët,et al.  Some Pathological Message Sequence Charts, and How to Detect Them , 2001, SDL Forum.

[112]  Arjan J. Mooij,et al.  Realizability Criteria for Compositional MSC , 2006, AMAST.

[113]  Erik Harald Saaman,et al.  Another formal specification language , 2000 .

[114]  Sebastian Maneth,et al.  Models of tree translation , 2004 .

[115]  Lex Heerink,et al.  Ins and Outs in Refusal Testing , 1998 .

[116]  Sebastián Uchitel,et al.  Synthesis of Behavioral Models from Scenarios , 2003, IEEE Trans. Software Eng..

[117]  Arjan J. Mooij,et al.  An analysis of medical device communication standard IEEE 1073.2 , 2003 .

[118]  A. J. Markvoort Towards hybrid molecular simulations , 2006 .

[119]  M. T. Ionita,et al.  Scenario-based system architecting : a systematic approach to developing future-proof system architectures , 2005 .

[120]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[121]  Cruz Filipe,et al.  Constructive real analysis : a type-theoretical formalization and applications , 2004 .

[122]  Ka Lok Man,et al.  Formal specification and analysis of hybrid systems , 2006 .

[123]  Atze Dijkstra Stepping through Haskell , 2000 .

[124]  Dick Alstein,et al.  Distributed algorithms for hard real-time systems , 1996 .

[125]  R Rene Schiefer,et al.  Viper : a visualisation tool for parallel program construction , 1999 .

[126]  Michel A. Reniers,et al.  Hybrid process algebra , 2005, J. Log. Algebraic Methods Program..

[127]  Arjan J. Mooij,et al.  Dealing with Non-local Choice in IEEE 1073.2's Standard for Remote Control , 2004, SAM.

[128]  Maria Eva Magdalena Lijding,et al.  Real-Time Scheduling of Tertiary Storage , 2003 .

[129]  M. A. Valero Espada,et al.  Modal Abstraction and Replication of Processes with Data , 2005 .

[130]  M. Oostdijk Generation and presentation of formal mathematical documents , 2001 .

[131]  Bart Jacobs,et al.  Java Program Verification at Nijmegen: Developments and Perspective , 2003, ISSS.

[132]  Radia Perlman,et al.  Interconnections: Bridges, Routers, Switches, and Internetworking Protocols , 1999 .

[133]  J. Blanco Definability with the State Operator in Process Algebra , 1995 .

[134]  S. P. Luttik Choice quantification in process algebra , 2002 .

[135]  J. Verriet Scheduling with communication for multiprocessor computation , 1998 .

[136]  Joost-Pieter Katoen,et al.  Pomsets for message sequence charts , 1998 .

[137]  Hui Gao,et al.  Design and verification of lock-free parallel algorithms , 2005 .

[138]  Ad M. G. Peeters,et al.  An asynchronous low-power 80C51 microcontroller , 1998, Proceedings Fourth International Symposium on Advanced Research in Asynchronous Circuits and Systems.

[139]  Iso. Lotos,et al.  A Formal Description Technique Based on the Temporal Ordering of Observational Behaviour , 1985 .

[140]  Jun Pang,et al.  Formal Verification of Distributed Systems , 2004 .

[141]  Willem P. de Roever,et al.  The rely-guarantee method for verifying shared variable concurrent programs , 1997, Formal Aspects of Computing.

[142]  Hartmut Peter Benz,et al.  Casual Multimedia Process Annotations -- CoMPAs , 2003 .

[143]  Stefan Heymer,et al.  A Semantics for MSC Based on Petri Net Components , 2000, SAM.

[144]  Peter B. Ladkin,et al.  Implementing and verifying MSC specifications using Promela/XSpin , 1996, The Spin Verification System.

[145]  Bengt Jonsson,et al.  Probabilistic Process Algebra , 2001 .

[146]  Jurriaan Hage,et al.  Structural Aspects Of Switching Classes , 2001 .

[147]  Doug Goldson Extending the theory of Owicki and Gries with asynchronous message passing , 2003, Tenth Asia-Pacific Software Engineering Conference, 2003..

[148]  Yee Wei Law Key management and link-layer security of wireless sensor networks: Energy-efficient attack and defense , 2005 .

[149]  J. Ketema,et al.  Bohm-Like Trees for Rewriting , 2006 .

[150]  Bahareh Badban,et al.  Verification Techniques for Extensions of Equality Logic , 2006 .

[151]  J.J.H. Fey,et al.  Design of a fruit juice blending and packaging plant , 2000 .

[152]  Olga Tveretina,et al.  A Decision Procedure for Equality Logic with Uninterpreted Functions , 2004, AISC.

[153]  M. de Jonge,et al.  To reuse or to be reused. Techniques for component composition and construction , 2003 .

[154]  Ieee Standards Board IEEE Standard for a High Performance Serial Bus-Amendment 1 , 2000 .

[155]  Tobias Nipkow,et al.  Owicki/Gries in Isabelle/HOL , 1999, FASE.

[156]  Cheun Ngen Chong Experiments in rights control : expression and enforcement , 2005 .

[157]  Erika Ábrahám,et al.  An Assertional Proof System for Multithreaded Java - Theory and Tool Support , 2005 .

[158]  Martijn Hendriks,et al.  Model checking timed automata : techniques and applications , 2006 .

[159]  P. Madhusudan,et al.  Beyond Message Sequence Graphs , 2001, FSTTCS.

[160]  Y Yuechen Qian,et al.  Data synchronization and browsing for home environments , 2004 .

[161]  Michel A. Reniers,et al.  Message sequence chart : syntax and semantics , 1999 .

[162]  Eelco Dolstra,et al.  The purely functional software deployment model , 2006 .

[163]  M.H.G. Kesseler,et al.  The implementation of functional languages on parallel machines with distributed memory , 1996 .

[164]  Dimitri P. Bertsekas,et al.  Data Networks , 1986 .

[165]  Judi Maria Tirza Romijn,et al.  Analysing Industrial Protocols with Formal Methods , 1999 .