Applying Formal Methods to Networking: Theory, Techniques and Applications

Despite its great importance, modern network infrastructure is remarkable for the lack of rigor in its engineering. The Internet which began as a research experiment was never designed to handle the users and applications it hosts today. The lack of formalization of the Internet architecture meant limited abstractions and modularity, especially for the control and management planes, thus requiring for every new need a new protocol built from scratch. This led to an unwieldy ossified Internet architecture resistant to any attempts at formal verification, and an Internet culture where expediency and pragmatism are favored over formal correctness. Fortunately, recent work in the space of clean slate Internet design---especially, the software defined networking (SDN) paradigm---offers the Internet community another chance to develop the right kind of architecture and abstractions. This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications. In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial

Deciding Conditional Termination

We address the problem of conditional termination, which is that of defining the set of initial configurations from which a given program always terminates. First we define the dual set, of initial configurations from which a non-terminating execution exists, as the greatest fixpoint of the function that maps a set of states into its pre-image with respect to the transition relation. This definition allows to compute the weakest non-termination precondition if at least one of the following holds: (i) the transition relation is deterministic, (ii) the descending Kleene sequence overapproximating the greatest fixpoint converges in finitely many steps, or (iii) the transition relation is well founded. We show that this is the case for two classes of relations, namely octagonal and finite monoid affine relations. Moreover, since the closed forms of these relations can be defined in Presburger arithmetic, we obtain the decidability of the termination problem for such loops.Comment: 61 pages, 6 figures, 2 table

Whitney algebras and Grassmann's regressive products

Geometric products on tensor powers $\Lambda(V)^{\otimes m}$ of an exterior algebra and on Whitney algebras \cite{crasch} provide a rigorous version of Grassmann's {\it regressive products} of 1844 \cite{gra1}. We study geometric products and their relations with other classical operators on exterior algebras, such as the Hodge $\ast-$operators and the {\it join} and {\it meet} products in Cayley-Grassmann algebras \cite{BBR, Stew}. We establish encodings of tensor powers $\Lambda(V)^{\otimes m}$ and of Whitney algebras $W^m(M)$ in terms of letterplace algebras and of their geometric products in terms of divided powers of polarization operators. We use these encodings to provide simple proofs of the Crapo and Schmitt exchange relations in Whitney algebras and of two typical classes of identities in Cayley-Grassmann algebras