On Modular Algebraic Protocol Specification Jacob Brunekreef Abstract: The information exchange between computers is governed by a set of rules that is usually called a `communication protocol'. Such a protocol contains a detailed description of how to act and, equally important, of how to react in a communication session with one or more other computers. This thesis is about communication protocols. Process algebra is a new part of computer science. For about fifteen years the behaviour of systems is being studied within this particular mathematical framework. Behaviour is described (specified) in process equations that look like the well--known algebraic equations. Furthermore, like in ordinary algebra, the elements of these equations can be subject to symbolic manipulations. This thesis is about the specification of communication protocols in terms of process algebra equations. A modular approach is obvious when large problems have to be solved. The decomposition of a large problem into a set of smaller sub--problems (modules) is a well--known technique in computer science. On the other hand, a `library' of modules can be helpful in the composition of a solution out of previously solved sub--problems. This thesis is about a modular approach to algebraic protocol specification. Process algebra is one of the many Formal Description Techniques that have been defined during the last decades. These Formal Description Techniques play an increasing role in the battle against erroneous software that is delivered too late at a price that is is much too high. In Chapter 1 a general introduction to the application of Formal Methods in the field of software development is given. The algebraic specification formalism PSF, applied throughout this thesis, is introduced. If formal specifications ever are to play a significant role, they not only have to be correct, but also have to be comprehensible for human readers. In Chapter 2 the construction of (large) algebraic specifications is discussed. Topics such as specification styles, modular specification and a well--considered application of data structures are investigated. In this chapter a modular specification style is developed that will be applied in the case studies in the last three chapters. The world of communication protocols is briefly introduced in Chapter 3. In this chapter also some general aspects of algebraic protocol specification are treated, such as channel specification and the modelling of timeouts. The remainder of this thesis consists of three case studies in modular algebraic protocol specification. Sliding Window Protocols are used to obtain an error--free two--way communication link for data exchange between two adjacent computers in a network. In Chapter 4 three Sliding Window Protocols of increasing complexity are specified. The protocols are taken from the literature on computer networks. The Ethernet Protocol is used in Local Area Networks in which a single communication medium (a `bus') is used by all connected network stations. In this protocol the problem that has to be solved is the use of the medium by two or more network stations at the same time. In Chapter 5 the Ethernet Protocol is specified. This protocol is one of the growing number of communication protocols that has been officially standardised. The IEEE/ANSI standard 802.3 has served as the basis for the formal specifications in this chapter. As the complete standard contains many details, in this chapter first an `abstract' version is specified which focusses on the central issues of the Ethernet Protocol. Leader Election Protocols are used when the election of a single network process out of a set of processes is needed. Usually the elected `leader' holds certain rights with respect to the offering of certain services or with respect to network management functions. In Chapter 6 three related Leader Election Protocols for a broadcast network (in which each transmitted message is received by all other network components) are specified. The final protocol is fault--tolerant: network components may crash and revive at any moment during the election. At the end of each case study some concluding remarks are made. These remarks are concerned with the protocols as well as with the limitations of the specification formalism PSF.