Formal Specification and Verification of a Network Independent Atomic Multicast Protocol

Network S T A T I O N 1 Protocol process 1 User 1 ? 6 ? 6 S T ATI O N2 Protocol process 2 User 2 ? 6 ? 6 ... S T ATI O Nn Protocol process n User n ? 6 ? 6 As already stated before, a set of scenarios is needed for the verification. Each of these scenarios describes a closed system containing the following processes (see the above figure for network configuration): A specific protocol process for each station depending on the scenario. It is obtained by assembling parts of the protocol description used in the particular scenario. In order to reduce the size of the generated state graph, parameters are tuneddown (counters for retry, buffer sizes, . . . ), andonly a singlemulticast group is considered as, according to the protocol and abstract network specifications, two different multicast groups cannot interfere. The messages are reduced to their identification, and the associated counters need not to be able to distinguish more than the maximum number of messages that can exist simultaneously.

[1]  Paulo Veríssimo,et al.  AMp: a highly parallel atomic multicast protocol , 1989, SIGCOMM 1989.

[2]  Paulo Veríssimo,et al.  Reliable broadcast for fault-tolerance on local computer networks , 1990, Proceedings Ninth Symposium on Reliable Distributed Systems.

[3]  Robert P. Kurshan,et al.  Analysis of digital circuits through symbolic reduction , 1991, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[4]  Leslie Lamport,et al.  The ``Hoare Logic'' of CSP, and All That , 1984, TOPL.

[5]  Joseph Sifakis,et al.  ATP: an Algebra for Timed Processes , 1990, Programming Concepts and Methods.

[6]  Paulo Veríssimo,et al.  AMp: a highly parallel atomic multicast protocol , 1989, SIGCOMM '89.

[7]  Gerard J. Holzmann,et al.  Algorithms for Automated Protocol Validation , 1988 .

[8]  Paulo Veríssimo,et al.  The Delta-4 approach to dependability in open distributed computing systems , 1988, [1988] The Eighteenth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[9]  Carlos Rodriguez,et al.  What are the Limits of Model Checking Methods for the Verification of Real Life Protocols? , 1989, Automatic Verification Methods for Finite State Systems.

[10]  Joseph Sifakis,et al.  Verification in XESAR of the Sliding Window Protocol , 1987, PSTV.