Proving safety properties for a general communication protocol

Quantified Score

Visualization

Abstract

As the practice of networking has become more widespread, the study of communications protocols has grown accordingly. At the same time, techniques for verification of message-passing networks have been developed to the point where they can now be used to prove safety properties about such protocols. In this paper, we discuss the problem of two processes which must communicate through some semi-reliable medium. In order for communication to take place, there must be some set of rules for acknowledging correctly received messages, called frames, and for retransmitting lost or damaged frames. Such a set of rules is called a communication protocol. We present a generalized communication data link layer protocol and give a proof using a technique recently proposed by Misra and Chandy [Misra81]. We also show that this protocol and proof include two very important special cases: 1) the well-known Alternating Bit protocol, and 2) the portion of the HDLC protocol dedicated to ensuring that packets are received, and that they are received in the correct order. The problem of verifying communication protocols, has been addressed by Stenning [Stenning76], and more recently by Hailpern [Hailpern8l]. Each of these protocols can be considered to be a special case of the one presented here. Hailpern also proves liveness of his algorithm, but uses temporal logic and explicit induction (on the number of messages) for proving both safety and liveness. We do not cover the proof of liveness in this paper. However, the proof technique can be extended for liveness proofs. For a discussion of this, the reader is referred to [Misra82].