This chapter addresses the question how to verify distributed and communicating systems in an e#ective way from an explicit process algebraic standpoint. This means that all calculations are based on the axioms and principles of the process algebras.

Abstract. We report on a novel development to model check quantitative reachability properties on Markov decision processes together with its prototype implementation. The innovation of the technique is that the analysis is performed on an abstraction of the model under analysis. Such an abstraction is significantly smaller than the original model and may safely refute or accept the required property. Otherwise, the abstraction is refined and the process repeated. As the numerical analysis necessary to determine the validity of the property is more costly than the refinement process, the technique profits from applying such numerical analysis on smaller state spaces.

We consider the problem of verifying automatically infinitestate systems that are systems of finite machines that communicate by exchanging messages through unbounded lossy fifo channels. In a previous work [1], we proposed an algorithmic approach based on constructing a symbolic representation of the set of reachable configurations of a system by means of a class of regular expressions (SREs). The construction of such a representation consists of an iterative computation with an acceleration technique which enhance the chance of convergence. This technique is based on the analysis of the effect of iterating control loops. In the work we present here, we experiment our approach and show how it can be effectively applied. For that, we developed a tool prototype based on the results in [1]. Using this tool, we provide a fully automatic verification of (the parameterized version of) the Bounded Retransmission Protocol, for arbitrary values of the size of the transmitted files, and the allowed number of retransmissions. ? Contact author. 1 1

This paper concerns the transfer of files via a lossy communication channel. It formally specifies this file transfer service in a property-oriented way and investigates -- using two different techniques -- whether a given bounded retransmission protocol conforms to this service. This protocol is based on the well-known alternating bit protocol but allows for a bounded number of retransmissions of a chunk, i.e., part of a file, only. So, eventual delivery is not guaranteed and the protocol may abort the file transfer. We investigate to what extent real-time aspects are important to guarantee the protocol's correctness and use Spin and

We consider symbolic on-the-fly verification methods for systems of finite-state machines that communicate by exchanging messages via unbounded and lossy FIFO queues. We propose a novel representation formalism, called simple regular expressions (SREs), for representing sets of states of protocols with lossy FIFO channels. We show that the class of languages representable by SREs is exactly the class of downward closed languages that arise in the analysis of such protocols. We give methods for (i) computing inclusion between SREs, (ii) an SRE representing the set of states reachable by executing a single transition in a system, and (iii) an SRE representing the set of states reachable by an arbitrary number of executions of a control loop of a program. All these operations are rather simple and can be carried out in polynomial time. With these techniques, one can straightforwardly construct an algorithm which explores the set of reachable states of a protocol, in order t...

ion and Reachability Analysis ? Parosh Aziz Abdulla 1 Aurore Annichini 2 Saddek Bensalem 2 Ahmed Bouajjani 2 Peter Habermehl 3 Yassine Lakhnech 4 1 Dept. of Computer Systems, P.O. Box 325, 75105 Uppsala, Sweden. 2 Verimag, Centre Equation, 2 av. de Vignate, 38610 Gi`eres, France. 3 Liafa - Case 7014, 2 place Jussieu, 75251 Paris Cedex 05, France. 4 Institut fur Informatik und Praktishe Mathematik, Christian-Albrechts-Universitat zu Kiel, Preußerstr. 1-9, 24105 Kiel, Germany. Abstract. We address the problem of verifying systems operating on different types of variables ranging over infinite domains. We consider in particular systems modeled by means of extended automata communicating through unbounded fifo channels. We develop a general methodology for analyzing such systems based on combining automatic generation of abstract models (not necessarily finite-state) with symbolic reachability analysis. Reachability analysis procedures allow to verify automatically prope...

: This paper reports about the formal specification and verification of a Bounded Retransmission Protocol (Brp) used by Philips in one of its products. We started with the descriptions of the Brp service (i.e., external behaviour) and protocol written in the ¯Crl language by Groote and van de Pol. After translating them in the Lotos language, we performed verifications by model-checking using the Cadp (Caesar/Ald' ebaran) toolbox. The models of the Lotos descriptions were generated using the Caesar compiler (by putting bounds on the data domains) and checked to be branching equivalent using the Ald' ebaran tool. Alternately, we formulated in the Actl temporal logic a set of safety and liveness properties for the Brp protocol and checked them on the corresponding model using our Xtl generic model-checker. Key-words: Formal methods, Formal description techniques, Communication protocols, Protocol engineering, Lotos, Verification, Validation, Model-checking, Labelled Transition Systems,...

Programs written in value-passing description languages such as Crl and Lotos can be naturally translated into Labelled Transition Systems (Ltss) containing data values. In order to express temporal properties interpreted over these Ltss, we define a value-based alternation-free modal -calculus built from typed variables, pattern-matching modalities, and parameterised fixed point operators. The verification of a temporal formula over a (finite) Lts is reduced to the (partial) resolution of a Parameterised Boolean Equation System (Pbes). We propose a resolution method for Pbess that leads to a local model-checking algorithm, which could also be applied in the framework of abstract interpretation.

We present a temporal logic model-checking environment based on a new language called Xtl (eXecutable Temporal Language). Xtl is a functional programming language designed to allow a compact description of various temporal logic operators, which are evaluated over a Labelled Transition System (Lts). Xtl offers primitives to access the data values (possibly) contained in the states and labels of the Lts, as well as to explore the transition relation. The temporal logic operators are implemented by means of iteration expressions computing sets of states and sets of transitions. Various useful modal and temporal logics like Hml, Ctl, Ltac and Actl, have been implemented in Xtl, and several industrial case-studies, such as the Brp protocol designed by Philips, the Ieee-1394 serial bus standardized by Ieee, and the Cfs protocol developed by Bull and Inria, have been successfully validated using the Xtl model-checker. 1 Introduction The last years have witnessed an increasing ap...

This paper reports on the first steps towards the formal verification of correctness proofs of real-life protocols in process algebra. We show that proofs can be verified, and partly constructed, by a general purpose proof checker. The process algebra we use is µCRL, ACP augmented with data, which is small enough to make the verification feasible, and at the same time expressive enough for the specification of real-life protocols. The proof checker we use is Coq, which is based on the Calculus of Constructions, an extension of simply typed lambda calculus. The focus is on the translation of the proof theory of µCRL and µCRL-specifications to Coq. As a case study, we verified the Alternating Bit Protocol.