Integrating Module Checking and Deduction in a Formal Proof for the Perlman Spanning Tree Protocol (STP)
Hossein Hojjat (University of Tehran, Iran)
Hootan Nakhost (Sharif University of Technology, Iran)
Marjan Sirjani (University of Tehran, Iran)
Abstract: In the IEEE 802.1D standard for the Media Access Control layer (MAC layer) bridges, there is an STP (Spanning Tree Protocol) definition, based on the algorithm that was proposed by Radia Perlman. In this paper, we give a formal proof for correctness of the STP algorithm by showing that finally a single node is selected as the root of the tree and the loops are eliminated correctly. We use formal inductive reasoning to establish these requirements. In order to ensure that the bridges behave correctly regardless of the topology of the surrounding bridges and LANs, the Rebeca modular verification techniques are applied. These techniques are shown to be efficiently applicable in model checking of open systems.
Keywords: Rebeca, formal methods, formal verification, modular verification, network protocols
Categories: C.2.2, D.2.4