Formal verification of an improved sliding window protocol

2012

In the world of designing network protocols, verification is a crucial step to eliminate weaknesses and inaccuracies of effective network protocols. There are many models and tools to verify network protocols, including, Finite State Machines (FSM), Colored Petri Nets (CP-Nets), Temporal Logic, Predicate Logic, Estelle Specification, Path based Approach etc. This paper presents a survey of various techniques for verifying correctness properties of communications protocol

The Journal of Supercomputing, 2011

This study presents a method to construct formal rules used to run-time verify message passing between clients in distributed systems. Rules construction is achieved in four steps: (1) Visual specification of expected behavior of the sender, receiver, and network in sending and receiving a message, (2) Extraction of properties of sender, receiver, and network from the visual specification, (3) specification of constraints that should govern message passing in distributed systems, and (4) construction of verifier rules from the properties and the constraints. The rules are used to verify actual sender, receiver, and network behavior. Expected behavior of the client (process) is one that to be and the actual one is the behavior should be verified. The rules were applied to verify the behavior of client and servers that communicated with each other in order to compute Fibonacci numbers in parallel and some violations were discovered. Keywords Client-server • Distributed systems • Reliable message passing • Specification and verification 1 Introduction While centralized systems use shared memory to communicate between processes, distributed systems use messaged-based interaction for interprocess communications. Message passing is used in a wide range of applications from low-level ones such as remote procedure call (RPC) to high-level ones such as group communication and message-oriented middleware (MOM) [1]. In addition, in traditional technologies including Remote Method Invocation (RMI) [2], Distributed Component Object Model (DCOM) [3], and Common Object Request Broker Architecture (CORBA) [4] and

IEEE Transactions on Computers, 2000

This paper introduces a simple algebra for the validation of communication protocols in message passing systems. The behavior of each process participating in a communication is first modeled in a finite state machine. The symbol sequences that can be accepted by these machines are then expressed in 'protocol expressions,' which are defined as regular expressions extended with two new operators: division and multiplication. The interactions of the machines can be analyzed by combining protocol expressions via multiplication and algebraically manipulating the terms. The method allows for an arbitrary number of processes to participate in an interaction. In many cases an analysis can be performed manually, in other cases the analysis can be automated. The method has been applied to a number of realistic protocols with up to seven interacting processes.

Lecture Notes in Computer Science, 2018

Ensuring software correctness and safety for communicationcentric programs is important but challenging. In this paper we introduce a solution for writing communication protocols, for checking protocol conformance and for verifying implementation safety. This work draws on ideas from both multiparty session types, which provide a concise way to express communication protocols, as well as from separationstyle logics for shared-memory concurrency, which provide strong safety guarantees for resource sharing. On the one hand, our proposal improves the expressiveness and precision of session types, without sacrificing their conciseness. On the other hand, it increases the applicability of software verification as well as its precision, by making it protocol aware. We also show how to perform the verification of such programs in a modular and automatic fashion. one of the communicating entities requires the re-validation of the entire system. Since validation might be expensive, or difficult to achieve if the source code of certain components is not available, it is desirable for the developer to be able to only validate her changes locally, rather than at the global level. Over the last decades, behavioral types [35,26] have been studied as specifications of the interactions in communicating systems. In particular, multiparty session types [23], or MPSTs, provide a user-friendly syntax for writing choreographic specifications of distributed systems, and a lightweight mechanism for enforcing communication safety. Communication is considered correct when the system's constituent processes are statically type-checked against the end-point projections of the MPST. This formalism and its numerous extensions are attractive in checking if the implementation follows the intended communication pattern, but it lacks the strong safety and correctness guarantees normally provided by the resource-aware verification systems. Specifically, the MPST approach checks if a transmission's exchanged type is the expected one. However, in their most common form, MPSTs are unable to assert something about the message's numerical properties, and even less so about its carried resources in the case of tightly coupled systems. All these, while numerical properties and resource sharing constitute the pièce de résistance for separation logic [38], a logic for reasoning about resource sharing. In this work, we attach a communication logic in the user-friendly style of MPST, to a separation logic for program verification. Even though we draw on ideas from MPST, the proposed logic differs from MPST in a number of features which yield a more expressive communication specification-without compromising its friendly syntax. The current proposal ultimately leads to stronger guarantees w.r.t. the safety and correctness of distributed system. We shall next highlight these differences. Writing Multiparty Communication Protocols. The language we propose for writing communication protocols is described in Fig. 1a. Similar to MPST, the language contains the terminal notation S− →R : c v•∆ to describe a transmission from sender S to receiver R, over channel c. Different from type approaches where a message abstracts a type, the exchanged message v is expressed in the logical form ∆ (defined in Fig. 1b). Do note that v•∆ is in fact a shorthand for the lambda function (λv. ∆). This language uses G 1 * G 2 for the concurrency of global protocols G 1 and G 2 , and G 1 ∨ G 2 for disjunctive choice between either G 1 or G 2 , and finally G 1 ; G 2 on the implicit sequentialization of G 1 before G 2 for either the same party or the same channel. Let us next consider a series of examples to introduce this language and to highlight the benefits over MPST. Example 1: We consider a cloud service for video editing, where a client sends to the cloud a file of some video format, and expects back an enhanced version of the original file, see Fig. 2a. A client-server protocol to describe this simple interaction is written as follows: CS a C− →S : c v•v : file ; S− →C : c v•v : file. The CS a lightweight protocol suffices to describe the order of communication and the exchanged message type. A rigorous specification though, also emphasizes that the server applies some filter on the original file:

Lecture Notes in Computer Science, 1994