Telecommunication Systems 20:3,4, 291–310, 2002  2002 Kluwer Academic Publishers. Manufactured in The Netherlands. Framework and Tool Support for Formal Verification of Highspeed Transfer Protocol Designs PETER HERRMANN and HEIKO KRUMM {peter.herrmann;krumm}@cs.uni-dortmund.de University of Dortmund, Department of Computer Science, Dortmund, Germany OLAF DRÖGEHORN olaf@uet.e-technik.uni-kassel.de University of Kassel, Department of Electrical Engineering, Kassel, Germany WALTER GEISSELHARDT gd@uni-duisburg.de Gerhard-Mercator-University Duisburg, Department of Electrical Engineering, Duisburg, Germany Abstract. Formal description techniques, verification methods, and their tool-based automated application meanwhile provide valuable support for the formal analysis of communication protocol designs. Never- theless the practical analysis of modern protocols still requires relatively great efforts and therefore many protocol developments do not employ formal methods. In that context the transfer protocol framework aims to complementary support. It supplies a rich collection of specification modules and guides their effi- cient composition to service and protocol specifications. Moreover the functional relations between service properties and implementing protocol mechanisms have been investigated systematically. The framework provides a collection of corresponding theorems to be applied to protocol correctness proofs. In result protocol verification can be reduced to the selection, instantiation, and proper arrangement of framework theorems. The verification process can further be supported by special tool-assistance. The tool COAST identifies the compositional structure of a protocol specification mechanically and selects according frame- work theorems. It splits service property proofs into arrangements of subproofs where the subproofs can mainly be accomplished by application of the selected framework theorems. After outlining the general transfer protocol framework approach we concentrate on the introduction of the tool COAST. We describe its functions and clarify its application by means of the verification of the complex real-life high-speed data transfer protocol XTP. Keywords: composition, framework, protocol synthesis, TLA, automated verification, XTP Introduction Due to the high performance demands of modern highspeed and multimedia applications many new data transfer protocols and protocol variants were recently developed. Since most of these protocols are very complex, one should support their design by formal methods (cf. [Gibbs, 17]). In reality, however, protocols are frequently developed with- out any formal support, although standardized formal description techniques (ISO/OSI: ESTELLE [13] and LOTOS [41], ITU: SDL [49]) are available. Therefore protocols are often designed by means of incomplete and ambiguous protocol descriptions. Further- more, many protocol developers omit the development of abstract service specifications,