Integrating Module Checking and Deduction in a Formal Proof for the Perlman Spanning Tree Protocol (STP)

In the IEEE 802.1D standard for the Media Access Control layer (MAC layer) bridges, there is an STP (Spanning Tree Protocol) definition, based on the algorithm that was proposed by Radia Perlman. In this paper, we give a formal proof for correctness of the STP algorithm by showing that finally a single node is selected as the root of the tree and the loops are eliminated correctly. We use formal inductive reasoning to establish these requirements. In order to ensure that the bridges behave correctly regardless of the topology of the surrounding bridges and LANs, the Rebeca modular verification techniques are applied. These techniques are shown to be efficiently applicable in model checking of open systems.

[1]  Orna Kupferman,et al.  Robust Satisfaction , 1999, CONCUR.

[2]  Natarajan Shankar,et al.  PVS: Combining Specification, Proof Checking, and Model Checking , 1996, FMCAD.

[3]  Richard Lai,et al.  Timed verification of the reliable adaptive multicast protocol , 2007, J. Syst. Softw..

[4]  Radia J. Perlman,et al.  An algorithm for distributed computation of a spanningtree in an extended LAN , 1985, SIGCOMM '85.

[5]  Sérgio Vale Aguiar Campos,et al.  Symbolic Model Checking , 1993, CAV.

[6]  Jozef Hooman,et al.  Concurrency Verification: Introduction to Compositional and Noncompositional Methods , 2001, Cambridge Tracts in Theoretical Computer Science.

[7]  Frank S. de Boer,et al.  Modeling and Verification of Reactive Systems using Rebeca , 2004, Fundam. Informaticae.

[8]  Jean H. Gallier,et al.  Logic for Computer Science: Foundations of Automatic Theorem Proving , 1985 .

[9]  Amir Pnueli,et al.  On the Development of Reactive Systems , 1989, Logics and Models of Concurrent Systems.

[10]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[11]  M. Gordon,et al.  Introduction to HOL: a theorem proving environment for higher order logic , 1993 .

[12]  Javier Tuya,et al.  Formal Verification and Simulation of the NetBill Protocol Using SPIN1 , 2002 .

[13]  Gul A. Agha,et al.  ACTORS - a model of concurrent computation in distributed systems , 1985, MIT Press series in artificial intelligence.

[14]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[15]  Rasool Jalili,et al.  Modeling and Verification of Complex Network Attacks Using an Actor-Based Language * , 2006 .

[16]  Gerard J. Holzmann,et al.  Design and validation of computer protocols , 1991 .

[17]  Carl A. Gunter,et al.  Formal verification of standards for distance vector routing protocols , 2002, JACM.

[18]  Carl A. Gunter,et al.  Fault origin adjudication , 2000, FMSP '00.

[19]  Martin Peschke,et al.  Design and Validation of Computer Protocols , 2003 .

[20]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[21]  Frédéric Tronel,et al.  Compositional Verification Using CADP of the ScalAgent Deployment Protocol for Software Components , 2003, FMOODS.

[22]  Donal Heffernan,et al.  Modeling and Verification of a Time-triggered Networking Protocol , 2006, International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies (ICNICONSMCL'06).

[23]  Hassan Seyed Razi,et al.  Model Checking CSMA / CD Protocol using an Actor-Based Language , 2004 .

[24]  Stephan Merz,et al.  Model Checking , 2000 .

[25]  Carl Hewitt,et al.  A Universal Modular ACTOR Formalism for Artificial Intelligence , 1973, IJCAI.

[26]  Orna Kupferman,et al.  Module Checking , 1996, Inf. Comput..

[27]  Radia Perlman,et al.  An algorithm for distributed computation of a spanningtree in an extended LAN , 1985, SIGCOMM '85.

[28]  Mohammad Mahdi Jaghoori,et al.  Efficient Symmetry Reduction for an Actor-Based Model , 2005, ICDCIT.

[29]  BolognesiTommaso,et al.  Introduction to the ISO specification language LOTOS , 1987 .

[30]  Marjan Sirjani,et al.  Formal Verification of the IEEE 802.1D Spanning Tree Protocol Using Extended Rebeca , 2006, Electron. Notes Theor. Comput. Sci..

[31]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.

[32]  Zohar Manna,et al.  How to cook a temporal proof system for your pet language , 1983, POPL '83.

[33]  Marina Mongiello Finite-state verification of the ebXML protocol , 2006, Electron. Commer. Res. Appl..

[34]  Frank S. de Boer,et al.  Model Checking, Automated Abstraction, and Compositional Verification of Rebeca Models , 2005, J. Univers. Comput. Sci..

[35]  Marjan Sirjani,et al.  FORMAL SPECIFICATION AND VERIFICATION OF CONCURRENT AND REACTIVE SYSTEMS , 2004 .

[36]  Orna Kupferman,et al.  Module Checking Revisited , 1997, CAV.

[37]  Alain Kerbrat,et al.  CADP - A Protocol Validation and Verification Toolbox , 1996, CAV.

[38]  Frank S. de Boer,et al.  Modular Verification of a Component-Based Actor Language , 2005, J. Univers. Comput. Sci..

[39]  Mohammad Mahdi Jaghoori,et al.  Modere: the model-checking engine of Rebeca , 2006, SAC.

[40]  Vlad Rusu Compositional Verification of an ATM Protocol , 2003, FME.

[41]  Carlos A. Varela,et al.  Programming dynamically reconfigurable open systems with SALSA , 2001, SIGP.

[42]  Tommaso Bolognesi,et al.  Tableau methods to describe strong bisimilarity on LOTOS processes involving pure interleaving and enabling , 1994, FORTE.

[43]  Ryszard Janicki,et al.  Verifying protocols by model checking: a case study of the wireless application protocol and the model checker SPIN , 2004, CASCON.

[44]  K. Harada,et al.  Modeling and verification of some communication protocols , 2006, 2006 8th International Conference Advanced Communication Technology.