From protocol specification to statechart to implementation

IEEE Design and Test of Computers, 2004

IEEE Transactions on Computers, 1991

A description is given of L.0, an executable specification language designed for describing communications protocols and similar reactive systems. L.0 is synchronous and rule-based. The rules are either cause-effect rules or constraints. Rules can be activated and deactivated dynamically, and several can be fired simultaneously. L.0 has modern notions of encapsulation and data sharing. Indirection, quantification, and recursive definition of

Computer Communications, 2003

Reliable protocols require early-stage validation and testing. Due to the state explosion problem in validation methods such as model checking [IEEE Trans. Software Engng 19 (1993) 24], sometimes it is not possible to test all the system states. We apply our state-of-the-art algorithm in computing the most critical states and branches to be tested. We prioritize this information to guide the validation of the protocol. We implemented this technology in a tool that visualizes the specifications of protocols with their testing priorities. Such a tool can also be used to identify faulted place in the protocol when some tests failed. It provides information such as where in the protocol is most likely to have bugs. Our tool provides many benefits, including (1) early detection and recovery of protocol faults, (2) visualization and simulation of the protocol specifications, (3) quantification of the reliability confidence of protocols, (4) making code generation directly from protocol specifications more possible, and (5) reduction of the number of introduced faults. This paper considers the case when the specification of the protocol is given in Specification and Description Language (International Telecommunication Union standard). Our technology is based on both the control flow and the data flow of the specifications. It first generates a control flow diagram from the specification and then automatically analyses the coverage features of the diagram. It collects the corresponding flow data during the simulation time to be mapped to the control flow diagram. The coverage information for the original specification is then obtained from the coverage information of the flow diagram.

During the decade that has elapsed since its standardisation by ISO, the Estelle formal description technique has been successfully applied to the development of various communications protocols. We present in this paper a protocol engineering methodology that has resulted from the use of Estelle in several projects, involving the specification, validation, performance analysis and implementation of real-life, complex protocols. The methodology is based on the support offered by the Estelle Development Toolset (EDT). It gradually evolved, in parallel with the continuous enhancement of EDT, aiming to provide a protocol engineering environment that consistently supports the entire development process. We outline in the paper the principles of the methods and illustrate them with examples of their application to the development of an innovative transport protocol with multicast and multimedia capabilities. .H\ZRUGV Computer aided software engineering tools based on formal description techniques (FDT) can provide essential support for developing communications protocols and distributed systems. Ideally, this support should extend to all the development phases, from requirements capture and design (formal description and validation), to performance evaluation, implementation (automatic code generation) and conformance testing (automatic test generation). The tools gradually mature and become able to cope with industrial applications, but the user still encounters frustrating limitations and contradictions. For example, the design phase produces a simplified or partial formal description, due to limitations of the validation method and/or the FDT, while the automatic implementation requires a complete (yet correct) specification. For complex systems, this gap results in coding the implementation or a large part of it by hand. Also, classical FDT based approach focused on functional properties, neglecting quantitative, real-time properties. A different model is needed for performance analysis (e.g., queuing networks), resulting in substantial additional effort for developing and maintaining it during the design process. However, a trend towards an integrated FDT based methodology can be observed, e.g., in the tools using the standard FDTs Estelle [1] and SDL [2]. An Estelle model of a system is a hierarchy of communicating extended finite state machines , with a rigorous operational semantics. The current standard syntax is similar to that of the Pascal programming language. A graphical syntax has also been proposed [3]. Recent enhancements of the Estelle Development Toolset (EDT) [4] allow a more consistent support of the protocol engineering process, from formal specification to prototype implementation , with performance evaluation in early design phases. Moreover, several case studies have confirmed the applicability of this methodology to real-life, complex protocols. The first case study was dedicated to the Xpress Transport Protocol (XTP) version 4.0 [5]. It consisted of an Estelle specification and validation [6], a performance evaluation by

… IEEE Transactions on, 1980

Abstraft--The production of error-& protomls or complex process interactions is essential to reliable communications. This paper presents techniques for both the detection of errors in prdoeols and for prevention of errors in their design. The methods have been used suceesstully , t o detect and correct errors in existing protomls. A technique based on a reachability analysis is described which detects errors in a design. This "perturbation technique" has been implemented and has s u d y detected inconsistencies or errors in existing protocol designs including both X.21 and X.25. The types of errors handled are state deadlocks, unspecified receptions, nonexecutable interactions, and state ambiguities. Therrors are d s e d and their effects considered. An interactive design technique is then described that prevents design errors. The technique is based on a set of production rules which guarantee that complete reception capability is provided in the interacting processes. These rules have been implemented in the form of a tracking algorithm that prevents a designer from creating unspecified receptions and nonexecutable interactions and monitors for the presence of state deadlocks and ambiguities. ZAFIROPULO et al.: ANALYZING AND SYNTHESIZING PROTOCOLS IEEE

The object-oriented paradigm is widely applied in designing and implementing communication systems. The Unified Modeling Language (UML) is a standard language used to model the design of object-oriented systems. A protocol state machine is a UML adopted diagram that is widely used in designing communication protocols. It has two key attractive advantages over traditional finite-state-machines: modeling concurrency and modeling nested hierarchical states. In a distributed communication system, each entity of the system has its own protocol that defines when and how the entity exchanges messages with other communicating entities in the system. The order of the exchanged messages must conform to the overall service specifications of the system. In object-oriented systems, both the service and the protocol specifications are modeled in UML protocol state machines. Protocol specification synthesis methods have to be applied to automatically derive the protocol specification from the service specification. Otherwise, a time-consuming process of design, analysis, and error detection and correction has to be applied iteratively until the design of the protocol becomes error-free and consistent with the service specification. Several synthesis methods are proposed in the literature for models other than UML protocol state machines, and therefore, because of the unique features of the protocol state machines, these methods are inapplicable to services modeled in UML protocol state machines. In this paper, we propose a synthesis method that automatically synthesizes the protocol specification of distributed protocol entities from the service specification, given that both types of specifications are modeled in UML protocol state machines. Our method is based on the latest UML version (UML2.3), and it is proven to synthesize protocol specifications that are syntactically and semantically correct. As an example application, the synthesis method is used to derive the protocol specification of the H.323 standard used in Internet calls.

IEEE Transactions on Software Engineering, 2000

SPANNER is a software package for the specification, analysis, and evaluation of protocols. It is based on a mathematical model of coordinating processes called the selection/resolution model. SPANNER presently comprises three modules. The parser module checks a formal specification (in the SPANNER specification language) for syntactic correctness. The reachable graph module generates a database that consists of reachable states, transitions, and other information useful for analysis. The analysis module, with a user-friendly interface, allows a user to query the database interactively and evaluate the behavior of the protocol. This paper discusses the selection/resolution model, describes the specification language, and shows how SPANNER can be used for the development and analysis of protocols.

2010 2nd Computer Science and Electronic Engineering Conference (CEEC), 2010

The increasing complexity in the design of protocol based sequential digital systems such as USB3.0 and PCI express (PCIe), is leading to an increased time to market constraint. This paper introduces a UML based visual design approach to address this increased complexity in the design of IP as well as Systemon-Chips (SoC). A hardware development method for USB3.0 device using the Unified Modeling Language is explored. It focuses on the conversion of UML structure diagrams and hierarchical state machines into synthesizable hardware description language. A Model Driven Development (MDD) method using UML state diagrams and hierarchical design breakdown approach is used for the development the synthesizable HDL for USB3.0 device IP with more than 20 sequential states.

1990

It can be remarkably hard to design a good communications protocol, much harder than it is to write a sequential program. Unfortunately,w hen the design of a newp rotocol is complete, we usually have little trouble convincing ourselves that it is trivially correct. It can be a unreasonably hard to prove those facts formally and to convince also others. Faced with that dilemma, a designer usually decides to trust his or her instincts and forgo the formal proofs. The subtle logical flaws in a design thus get a chance to hide, and inevitably find the worst possible moment in the lifetime of the protocol to reveal themselves. Though feww ill admit it, most people design protocols by trial and error.T here is a known set of trusted protocol standards, whose descriptions are faithfully copied in most textbooks, but there is little understanding of whysome designs are correct and whyothers are not. To design and to analyze protocols you need tools. Until recently the right tools were simply not generally available. But that has changed. In this tutorial we introduce a state-of-the-art tool called SPIN and the specification language PROMELA.W eshow howthe language and the tool can be used to design reliable protocols. The tool itself is available by anonymous ftp from research.

Systems Engineering, 2019

We propose a holistic Model-Based Protocol Specification (MBPS) framework. Standards, procedures , and protocols are important anchors for interconnected systems: they facilitate the con-nectivity of billions of devices around the world, commodify advanced technologies and solutions, and enable efficient services involving trillions of transactions in aviation, medicine, e-commerce, transportation, infrastructure, and other domains. Domain protocols allow for conventional interactions within a domain among ecosystem entities and humans (eg, airline ticketing, financial transactions, etc). Protocol specifications must be formal, consistent, and verifiable. Nevertheless , most current standard protocols are text-based, unverifiable, and often inconsistent with themselves and with other standards. Text-based standards are difficult to manage, track, control , and adopt. MBPS includes three critical enablers: a modeling language, a modeling process, and a model-supported standardization process. This paper employs Object-Process Methodology (OPM), a model-based systems engineering framework, endorsed as ISO-19450, for modeling and simulation of the generic protocol specification process and for two examples: (a) a Kerberos authentication protocol revision based on a previous Kerberos model and on a recently discovered vulnerability and (b) a domain-specific Publish-Subscribe protocol application for selective information distribution. K E Y W O R D S formal protocol specification, Kerberos, model-based systems engineering (MBSE), object-process methodology (OPM), publish-subscribe