This note describes a protocol for the transmission of data packets that are too large to be transferred in their entirety. Therefore, the protocol splits the data packets and broadcasts it in parts. It is assumed that in case of failure of transmission through data channels, only a limited number of retries are allowed (bounded retransmission). If repeated failure occurs, the protocol stops trying and the sending and receiving protocol users are informed accordingly. The protocol and its external behaviour are specified in ¯CRL. The correspondence between these is shown using the axioms of ¯CRL. The whole proof of this correspondence has been computer checked using the proof checker Coq. This provides an example showing that proof checking of realistic protocols is feasible within the setting of process algebras. The first author is partly supported by the Netherlands Computer Science Research Foundation (SION) with financial support of the Netherlands Organisation for Scientific Re...

The aim of this work is to investigate mechanical support for process algebra, both for concrete applications and theoretical properties. Two approaches are presented using the verification system PVS. One approach declares process terms as an uninterpreted type and specifies equality on terms by axioms. This is convenient for concrete applications where the rewrite mechanisms of PVS can be exploited. For the verification of theoretical results, often induction principles are needed. They are provided by the second approach where process terms are defined as an abstract datatype with a separate equivalence relation. 1 Introduction We investigate the possibilities of obtainingmechanical support for equational reasoning in process algebra. In particular, we consider ACP-style process algebras [2, 3]. In this framework, processes are represented by terms constructed from atoms (denoting atomic actions) and operators such as choice (non-determinism), sequential composition, and para...

In [10] Groote and Springintveld incorporated several model-oriented techniques { such asinvariants, matching criteria, state mappings { in the process-algebraic framework of CRL for structuring and simplifying protocol veri cations. In this paper, we formalise these extensions in Coq, which is a proof development tool based on type theory. In the updated framework, the length of proof constructions is reduced significantly. Moreover, the new approach allows for more automation (proof generation) than was possible in the past. The results are illustrated by an example in which we prove two queue representations equal. 1

Groote and the second author verified (a version of) the Bakery Protocol in ¯CRL. Their process-algebraic verification is rather complex compared to the protocol. Now the question is: How do other verification techniques perform on this protocol? In this paper, we present a new correctness proof by using I/O-automata theory and discuss the relative merits of both approaches. 1 Introduction In this paper, we verify a particular version of the Bakery Protocol 1 for an arbitrary large capacity max by means of I/O automata theory. The parameter max ranges over (positive) integers and denotes the number of standing places in the bakery shop. The correctness proof is developed and checked with the aid of the Larch Prover [GH93] which is a theorem prover based on first-order logic. Our verification method is semi-automatic in the sense that the intelligent proof steps are provided by the user. This is to be contrasted with fullyautomatic (finite-state) tools like CWB [CPS93], Auto [SV89]...

In the process-algebraic verification of systems with three or more components put in parallel, alphabet axioms are considered to be useful. These are rules that exploit the information about the alphabets of the processes involved. The alphabet of a process is the set of actions it can perform. In this paper, we extend CRL (a formal proof system for ACP + data) with such axioms. The alphabet axioms that are added to the proof theory are completely formal and therefore highly suited for computer-checked verification. This is new compared to previous papers where the formulation of alphabet axioms relies for a considerable extend on informal data parameters and implicit (infinite) set theory. 1 Introduction During the proof checking of Milner's Scheduler (see [KS93]), we found out that there was a need for an explicit treatment of the so-called alphabet axioms in a context of data, i.e. a setting where actions and processes are parametrized with data values (possibly ranging ...

We provide a treatise about checking proofs of distributed systems by computer using general purpose proof checkers. In particular, we present two approaches to verifying and checking the verification of the Sequential Line Interface Protocol (SLIP), one using rewriting techniques and one using the so-called cones and foci theorem. Both verifications are carried out in the setting of process algebra. Finally, we present an overview of literature containing checked proofs. Note: The research of the second author is supported by Human Capital Mobility (HCM). 1 Proof checkers Anyone trying to use a proof checker, e.g. Isabelle [67, 68], HOL [29], Coq [20], PVS [78], Boyer-Moore [14] or many others that exist today has experienced the same frustration. It is very difficult to prove even the simplest theorem. In the first place it is difficult to get acquainted to the logical language of the system. Most systems employ higher order logics that are extremely versatile and expressive. Howev...

We define a specification language called `timed CRL'. This language is designed to describe communicating processes employing data and time. Timed CRL is the successor of CRL [17]. It differs in two main aspects. It is possible to make explicit reference to time using a new `at' operator; p,t is the process p where the first action must take place at time t. Furthermore, a distinction has been made between constructors and functions in the datatypes. Care has been taken that every CRL specification is also a correct timed CRL specification with exactly the same meaning. 1991 Mathematics Subject Classification: 68M99, 68N99 1991 Computing Reviews Classification System: D.2.1, D.3.1, D.3.3 Keywords and Phrases: Specification Language, Abstract Data Types, Process Algebra, Operational Semantics, Real Time 1 Introduction The language CRL (micro Common Representation Language) has been defined to describe interacting processes that rely on data [17]. The major design objectives for CRL...

We define a specification language called `timed CRL'. This language is designed to describe communicating processes employing data and time. Timed CRL is the successor of CRL [17]. It differs in two main aspects. It is possible to make explicit reference to time using a new `at' operator; p,t is the process p where the first action must take place at time t. Furthermore, a distinction has been made between constructors and functions in the datatypes. Care has been taken that every CRL specification is also a correct timed CRL specification with exactly the same meaning. 1991 Mathematics Subject Classification: 68M99, 68N99 1991 Computing Reviews Classification System: D.2.1, D.3.1, D.3.3 Keywords and Phrases: Specification Language, Abstract Data Types, Process Algebra, Operational Semantics, Real Time 1

The mCRL2 language is a formal specification language that is used to specify and model the behavior of distributed systems and protocols. With the accompanying toolset, it is possible to simulate, visualize, analyze and verify behavioral properties of mCRL2 models automatically. The semantics of the mCRL2 language is defined formally using Structural Operational Semantics (SOS) but implemented manually in the underlying toolset using C++. Like with most formal languages, the underlying toolset was created with the formal semantics in mind but there is no way to actually guarantee that the implementation matches the intended semantics. To validate that the implemented behavior for the mCRL2 language corresponds to its formal semantics, we describe the SOS deduction rules of the mCRL2 language, and perform the transformation from the mCRL2’s SOS deduction rules to a Linear Process Specification. As our transformation directly takes the SOS deduction rules and transforms them into mCRL2 data equations, we are basically feeding the mCRL2 toolset its own formal language definition.

Studying industrial systems by simulation enables the designer to study their dynamic behaviour and to determine characteristics of the system. Unfortunately, simulation also has some disadvantages. These can be overcome by using formal methods. Formal methods allow a thorough analysis of the possible behaviours of a system, parameterised system analysis and a modular approach to the analysis of systems. We present a case study in which a model of an industrial system is studied in a formal way. For this purpose, the model is first specified and simulated using the CSP-based executable specification language χ. The model is translated into a model in the process algebra µCRL. This enables us to give a correctness proof of the parameterised model and to study the model in isolation.