Abstract
This paper presents a series of TLA+ specification/implementations that lead to an implementation of the retransmission policy of RLP1, the Radio Link Protocol proposed for TDMA (Time Division Multiple Access) digital cellular radio. Both safety and liveness properties are proved for SWPInitial, a very abstract, but formal, specification of a sliding window protocol. The rest of the work consists of a series of refinements which finally result in a model of RLP1. Each refinement step is formally proved. In all cases the most difficult part of the proof is for liveness. We prove, formally and rigorously, and parametrised by the window size N, that the model of RLP1 obtained from the last refinement step is an implementation of the initial specification SWPInitial, and thus inherits safety and liveness properties proved for all the higherlevel specifications. The specifications are written in TLA+, a formal language based on TLA, and proofs are given in Lamport's hierarchical proof-style. Most proof steps are checked mechanically in Eves.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Abadi, M., and Lamport, L. The existence of refinement mappings. Theoretical Computer Science 82, 2 (may 1991), 253–283.
CCITT. CCITT specification and description language (SDL). ITU-T Standard Recommendation Z.100, ITU, 1988.
Craigen, D. Eves, an overview. In Proceedings VDM'91 (1991), Springer-Verlag.
Ferguson, M. J. On the syntactic, semantic, and functional analysis of the RLP1 (layer2) protocol standard. Contribution TR45.3.2.5/94.06.10.01, Data Services Task Group of ANSI Accredited TIA TR45-3, jun 1994.
Ferguson, M. J. Formalization and validation of the Radio Link Protocol (RLP1). Computer Networks and ISDN Systems 29, 3 (feb 1997), 357–372.
Holzmann, G.Design and Validation of Computer Protocols. Prentice Hall, Englewood Cliffs, NJ, 1991.
Ladkin, P. Formal but lively buffers in tla+. WWW page, http:/ /www.techfak.uni-bielefeld.de/techfak/persons/ladkin, 1995.
Lamport, L. A temporal logic of actions. Tech. Rep. 57, Digital, SRC, apr 1990.
Lamport, L. The temporal logic of actions. ACM Transactions on Programming Languages and Systems 16, 3 (may 1994), 872–923.
Lamport, L. TLA WWW page. WWW page, http://www.research.digital.com /SRC/tla/tla.html, 1996.
Mokkedem, A., Ferguson, M., and DEB. Johnston, R. A TLA solution to the specification and verification of the RLP1 retransmission protocol. WWW page, http://www.inrs-telecom.uquebec.ca/users/telesoft/Ferguson /FME97fullpaper.ps.gz, 1997.
Ora, Canada. Eves — http://www.ora.on.ca/eves.html.WWW page, ORA, 1996.
Sacuta, A. D. PN-3306: Radio link protocol 1 (ballot resolution draft). TIA Draft Standard TR45.3.2/95.02.28.03, Data Services Task Group of ANSI Accredited TIA TR45-3, feb 1995.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1997 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mokkedem, A., Ferguson, M.J., de Johnston, R. (1997). A TLA solution to the specification and verification of the RLP1 retransmission protocol. In: Fitzgerald, J., Jones, C.B., Lucas, P. (eds) FME '97: Industrial Applications and Strengthened Foundations of Formal Methods. FME 1997. Lecture Notes in Computer Science, vol 1313. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-63533-5_21
Download citation
DOI: https://doi.org/10.1007/3-540-63533-5_21
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-63533-8
Online ISBN: 978-3-540-69593-6
eBook Packages: Springer Book Archive