3 research outputs found
Recommended from our members
Engineering with logic: Rigorous test-oracle specification and validation for TCP/IP and the Sockets API
Conventional computer engineering relies on test-and-debug development processes, with the behavior of common interfaces described (at best) with prose specification documents. But prose specifications cannot be used in test-and-debug development in any automated way, and prose is a poor medium for expressing complex (and loose) specifications.
The TCP/IP protocols and Sockets API are a good example of this: they play a vital role in modern communication and computation, and interoperability between implementations is essential. But what exactly they are is surprisingly obscure: their original development focused on “rough consensus and running code,” augmented by prose RFC specifications that do not precisely define what it means for an implementation to be correct. Ultimately, the actual standard is the de facto one of the common implementations, including, for example, the 15 000 to 20 000 lines of the BSD implementation—optimized and multithreaded C code, time dependent, with asynchronous event handlers, intertwined with the operating system, and security critical.
This article reports on work done in the
Netsem
project to develop lightweight mathematically rigorous techniques that can be applied to such systems: to specify their behavior precisely (but loosely enough to permit the required implementation variation) and to test whether these specifications and the implementations correspond with specifications that are
executable as test oracles
. We developed post hoc specifications of TCP, UDP, and the Sockets API, both of the service that they provide to applications (in terms of TCP bidirectional stream connections) and of the internal operation of the protocol (in terms of TCP segments and UDP datagrams), together with a testable abstraction function relating the two. These specifications are rigorous, detailed, readable, with broad coverage, and rather accurate. Working within a general-purpose proof assistant (HOL4), we developed
language idioms
(within higher-order logic) in which to write the specifications: operational semantics with nondeterminism, time, system calls, monadic relational programming, and so forth. We followed an
experimental semantics
approach, validating the specifications against several thousand traces captured from three implementations (FreeBSD, Linux, and WinXP). Many differences between these were identified, as were a number of bugs. Validation was done using a special-purpose
symbolic model checker
programmed above HOL4.
Having demonstrated that our logic-based engineering techniques suffice for handling real-world protocols, we argue that similar techniques could be applied to future critical software infrastructure at design time, leading to cleaner designs and (via specification-based testing) more robust and predictable implementations. In cases where specification looseness can be controlled, this should be possible with lightweight techniques, without the need for a general-purpose proof assistant, at relatively little cost.EPSRC Programme Grant EP/K008528/1 REMS: Rigorous Engineering for Mainstream Systems
EPSRC Leadership Fellowship EP/H005633 (Sewell)
Royal Society University Research Fellowship (Sewell)
St Catharine's College Heller Research Fellowship (Wansbrough),
EPSRC grant GR/N24872 Wide-area programming: Language, Semantics and Infrastructure Design
EPSRC grant EP/C510712 NETSEM: Rigorous Semantics for Real
Systems
EC FET-GC project IST-2001-33234 PEPITO Peer-to-Peer Computing: Implementation and Theory
CMI UROP internship support (Smith)
EC Thematic Network IST-2001-38957 APPSEM 2
NICTA was funded by the Australian Government's Backing Australia's Ability initiative, in part through the Australian Research Council
Recommended from our members
New quality of service routing algorithms based on local state information. The development and performance evaluation of new bandwidth-constrained and delay-constrained quality of service routing algorithms based on localized routing strategies.
The exponential growth of Internet applications has created new challenges for the control and administration of large-scale networks, which consist of heterogeneous elements under dynamically changing traffic conditions. These emerging applications need guaranteed service levels, beyond those supported by best-effort networks, to deliver the intended services to the end user. Several models have been proposed for a Quality of Service (QoS) framework that can provide the means to transport these services. It is desirable to find efficient routing strategies that can meet the strict routing requirements of these applications. QoS routing is considered as one of the major components of the QoS framework in communication networks. In QoS routing, paths are selected based upon the knowledge of resource availability at network nodes and the QoS requirements of traffic. Several QoS routing schemes have been proposed that differ in the way they gather information about the network state and the way they select paths based on this information.
The biggest downside of current QoS routing schemes is the frequent maintenance and distribution of global state information across the network, which imposes huge communication and processing overheads. Consequently, scalability is a major issue in designing efficient QoS routing algorithms, due to the high costs of the associated overheads. Moreover, inaccuracy and staleness of global state information is another problem that is caused by relatively long update intervals, which can significantly deteriorate routing performance. Localized QoS routing, where source nodes take routing decisions based solely on statistics collected locally, was proposed relatively recently as a viable alternative to global QoS routing. It has shown promising results in achieving good routing performance, while at the same time eliminating many scalability related problems. In localized QoS routing each source¿destination pair needs to determine a set of candidate paths from which a path will be selected to route incoming flows. The goal of this thesis is to enhance the scalability of QoS routing by investigating and developing new models and algorithms based on the localized QoS routing approach.
For this thesis, we have extensively studied the localized QoS routing approach and demonstrated that it can achieve a higher routing performance with lower overheads than global QoS routing schemes. Existing localized routing algorithms, Proportional Sticky Routing (PSR) and Credit-Based Routing (CBR), use the blocking probability of candidate paths as the criterion for selecting routing paths based on either flow proportions or a crediting mechanism, respectively. Routing based on the blocking probability of candidate paths may not always reflect the most accurate state of the network. This has motivated the search for alternative localized routing algorithms and to this end we have made the following contributions. First, three localized bandwidth-constrained QoS routing algorithms have been proposed, two are based on a source routing strategy and the third is based on a distributed routing strategy. All algorithms utilize the quality of links rather than the quality of paths in order to make routing decisions. Second, a dynamic precautionary mechanism was used with the proposed algorithms to prevent candidate paths from reaching critical quality levels. Third, a localized delay-constrained QoS routing algorithm was proposed to provide routing with an end-to-end delay guarantee. We compared the performance of the proposed localized QoS routing algorithms with other localized and global QoS routing algorithms under different network topologies and different traffic conditions. Simulation results show that the proposed algorithms outperform the other algorithms in terms of routing performance, resource balancing and have superior computational complexity and scalability features.Umm AlQura University, Saudi Arabi