419,363 research outputs found
Specifying and Refining Internal Operations in Z
Abstract An important aspect in the specification of distributed systems is the role of the internal (or unobservable) operation. Such operations are not part of the interface to the environment (i.e. the user cannot invoke them), however, they are essential to our understanding and correct modelling of the system. In this paper we are interested in the use of the formal specification notation Z for the description of distributed systems. Various conventions have been employed to model internal operations when specifying such systems in Z. If internal operations are distinguished in the specification notation, then refinement needs to deal with internal operations in appropriate ways. Using an example of a telecommunications protocol we show that standard Z refinement is inappropriate for refining a system when internal operations are specified explicitly. We present a generalization of Z refinement, called weak refinement, which treats internal operations differently from observable operations when refining a system. We discuss the role of internal operations in a Z specification, and in particular whether an equivalent specification not containing internal operations can be found. The nature of divergence through livelock is also discussed. Keywords: Z; Refinement; Distributed Systems; Internal Operations; Process Algebras; Concurrency
Weak refinement in Z
An important aspect in the specification of distributed systems is the role of the internal (or unobservable) operation. Such operations are not part of the user interface (i.e. the user cannot invoke them), however, they are essential to our understanding and correct modelling of the system. Various conventions have been employed to model internal operations when specifying distributed systems in Z. If internal operations are distinguished in the specification notation, then refinement needs to deal with internal operations in appropriate ways. However, in the presence of internal operations, standard Z refinement leads to undesirable implementations.
In this paper we present a generalization of Z refinement, called weak refinement, which treats internal operations differently from observable operations when refining a system. We illustrate some of the properties of weak refinement through a specification of a telecommunications protocol
Formal Specification and Testing of a Management Architecture
The importance of network and distributed systems management to supply and maintain services required by users has led to a demand for management facilities. Open network management is assisted by representing the system resources to be managed as objects, and providing standard services and protocols for interrogating and manipulating these objects. This paper examines the application of formal description techniques to the specification of managed objects by presenting a case study in the specification and testing of a management architecture. We describe a formal specification of a management architecture suitable for scheduling and distributing services across nodes in a distributed system. In addition, we show how formal specifications can be used to generate conformance tests for the management architecture
Specifying and analysing reputation systems with coordination languages
Reputation systems are nowadays widely used to support decision making in networked systems. Parties in such systems rate each other and use shared ratings to compute reputation scores that drive their interactions. The existence of reputation systems with remarkable differences calls for formal approaches to their analysis. We present a verification methodology for reputation systems that is based on the use of the coordination language Klaim and related analysis tools. First, we define a parametric Klaim specification of a reputation system that can be instantiated with different reputation models. Then, we consider stochastic specification obtained by considering actions with random (exponentially distributed) duration. The resulting specification enables quantitative analysis of properties of the considered system. Feasibility and effectiveness of our proposal is demonstrated by reporting on the analysis of two reputation models
Requirements analysis of the VoD application using the tools in TRADE
This report contains a specification of requirements for a video-on-demand (VoD) application developed at Belgacom, used as a trial application in the 2RARE project. The specification contains three parts: an informal specification in natural language; a semiformal specification consisting of a number of diagrams intended to illustrate the informal specification; and a formal specification that makes the requiremants on the desired software system precise. The informal specification is structured in such a way that it resembles official specification documents conforming to standards such as that of IEEE or ESA. The semiformal specification uses some of the tools in from a requirements engineering toolkit called TRADE (Toolkit for Requirements And Design Engineering). The purpose of TRADE is to combine the best ideas in current structured and object-oriented analysis and design methods within a traditional systems engineering framework. In the case of the VoD system, the systems engineering framework is useful because it provides techniques for allocation and flowdown of system functions to components. TRADE consists of semiformal techniques taken from structured and object-oriented analysis as well as a formal specification langyage, which provides constructs that correspond to the semiformal constructs. The formal specification used in TRADE is LCM (Language for Conceptual Modeling), which is a syntactically sugared version of order-sorted dynamic logic with equality. The purpose of this report is to illustrate and validate the TRADE/LCM approach in the specification of distributed, communication-intensive systems
Brief Announcement: Update Consistency in Partitionable Systems
Data replication is essential to ensure reliability, availability and
fault-tolerance of massive distributed applications over large scale systems
such as the Internet. However, these systems are prone to partitioning, which
by Brewer's CAP theorem [1] makes it impossible to use a strong consistency
criterion like atomicity. Eventual consistency [2] guaranties that all replicas
eventually converge to a common state when the participants stop updating.
However, it fails to fully specify shared objects and requires additional
non-intuitive and error-prone distributed specification techniques, that must
take into account all possible concurrent histories of updates to specify this
common state [3]. This approach, that can lead to specifications as complicated
as the implementations themselves, is limited by a more serious issue. The
concurrent specification of objects uses the notion of concurrent events. In
message-passing systems, two events are concurrent if they are enforced by
different processes and each process enforced its event before it received the
notification message from the other process. In other words, the notion of
concurrency depends on the implementation of the object, not on its
specification. Consequently, the final user may not know if two events are
concurrent without explicitly tracking the messages exchanged by the processes.
A specification should be independent of the system on which it is implemented.
We believe that an object should be totally specified by two facets: its
abstract data type, that characterizes its sequential executions, and a
consistency criterion, that defines how it is supposed to behave in a
distributed environment. Not only sequential specification helps repeal the
problem of intention, it also allows to use the well studied and understood
notions of languages and automata. This makes possible to apply all the tools
developed for sequential systems, from their simple definition using structures
and classes to the most advanced techniques like model checking and formal
verification. Eventual consistency (EC) imposes no constraint on the convergent
state, that very few depends on the sequential specification. For example, an
implementation that ignores all the updates is eventually consistent, as all
replicas converge to the initial state. We propose a new consistency criterion,
update consistency (UC), in which the convergent state must be obtained by a
total ordering of the updates, that contains the sequential order of eachComment: in DISC14 - 28th International Symposium on Distributed Computing,
Oct 2014, Austin, United State
- …