What makes industries believe in formal methods

The introduction of formal methods in the design and development departments of an industrial company has far reaching and long lasting consequences. In fact it changes the whole environment of methods, tools and skills that determine the design culture of that company. A decision to replace current design practice by formal methods, therefore, appears a vital one and is not lightly taken. The past has shown that efforts to introduce formal methods in industry has faced a lot of controversy and opposition at various hierarchical levels in companies, resulting in a marginal spread of such methods. This paper revisits the requirements for formal description techniques and identifies some critical success and inhibiting factors associated with the introduction of formal methods in the industrial practice. One of the inhibiting factors is the often encountered lack of appropriateness of the formal model to express and manipulate the design concerns that determine the world of the engineer. This factor motivated our research in the area of architectural and implementation design concepts. The last two sections of this paper report on some results of this research

Advances in architectural concepts to support distributed systems design

This paper presents and discusses some architectural concepts for distributed systems design. These concepts are derived from an analysis of limitations of some currently available standard design languages. We conclude that language design should be based upon the careful consideration of architectural concepts. This paper aims at supporting designers by presenting a methodological design framework in which they can reason about the design and implementation of distributed systems. The paper is also meant for language developers and formalists by presenting a collection of architectural concepts which deserve consideration for formal support

LOTOS specification style for OSI

The architecture of OSI is used to derive guidelines for writing LOTOS specifications of distributed systems. In particular, the architectural concepts that underlie service and protocol designs are examined in detail. For each of these concepts a representation in LOTOS is given. Examples are provided of how the LOTOS representations of the concepts are used in the construction of LOTOS specifications of service and protocol designs. The approach described in this paper is motivated by the need to produce distributed system specifications in a more consistent and productive fashion

Specification and implementation of computer network protocols

A reliable and effective computer network can only be achieved by adopting efficient and error-free communication protocols. Therefore, the protocol designer should produce an unambiguous specification meeting these requirements. Techniques for producing protocol specifications have been the subject of intense interest over the last few years. This is partly due to the advent of an international standard for networking. A variety of methods have been employed, some of which are described in detail in this thesis. [Continues.

Protocol engineering from Estelle specifications

Bibliography: leaves 129-132.The design of efficient, reliable communication protocols has long been an area of active research in computer science and engineering, and will remain so while the technology continues to evolve, and information becomes increasingly distributed. This thesis examines the problem of predicting . the performance of a multi-layered protocol system directly from formal specifications in the ISO specification language Estelle, a general-purpose Pascal-based language with support for concurrent processes in the form of communicating extended finite-state machines. The thesis begins with an overview of protocol engineering, and a discusses the areas of performance evaluation and protocol specification. Important parts of the mathematics of discrete-time semi-Markov processes are presented to assist in understanding the approaches to performance evaluation described later. Not much work has been done to date in the area of performance prediction from specifications. The idea was first mooted by Rudin, who illustrated it with a simple model based on the global state reachability graph of a set of synchronous communicating FSMs. About the same time Kritzinger proposed a closed multiclass queueing model. Both of these approaches are described, and their respective strengths and weaknesses pointed out. Two new methods are then presented. They have been implemented as part of an Estelle-based CASE tool, the Protocol Engineering Workbench (PE!V). In the first approach, we show how discrete-time semi-Markov chain models can be derived from meta-executions of Estelle specifications, and consider ways of using these models predictively. The second approach uses a structure similar to a global-state graph. Many of the limitations of Rudin's approach are overcome, and our technique produces highly accurate performance predictions. The PEW is also described in some detail, and its use in performance evaluation illustrated with some examples. The thesis concludes with a discussion of the strengths and weaknesses of the new methods, and possible ways of improving them

Model Driven Communication Protocol Engineering and Simulation based Performance Analysis using UML 2.0

The automated functional and performance analysis of communication systems specified with some Formal Description Technique has long been the goal of telecommunication engineers. In the past SDL and Petri nets have been the most popular FDTs for the purpose. With the growth in popularity of UML the most obvious question to ask is whether one can translate one or more UML diagrams describing a system to a performance model. Until the advent of UML 2.0, that has been an impossible task since the semantics were not clear. Even though the UML semantics are still not clear for the purpose, with UML 2.0 now released and using ITU recommendation Z.109, we describe in this dissertation a methodology and tool called proSPEX (protocol Software Performance Engineering using XMI), for the design and performance analysis of communication protocols specified with UML. Our first consideration in the development of our methodology was to identify the roles of UML 2.0 diagrams in the performance modelling process. In addition, questions regarding the specification of non-functional duration contraints, or temporal aspects, were considered. We developed a semantic time model with which a lack of means of specifying communication delay and processing times in the language are addressed. Environmental characteristics such as channel bandwidth and buffer space can be specified and realistic assumptions are made regarding time and signal transfer. With proSPEX we aimed to integrate a commercial UML 2.0 model editing tool and a discrete-event simulation library. Such an approach has been advocated as being necessary in order to develop a closer integration of performance engineering with formal design and implementation methodologies. In order to realize the integration we firstly identified a suitable simulation library and then extended the library with features required to represent high-level SDL abstractions, such as extended finite state machines (EFSM) and signal addressing. In implementing proSPEX we filtered the XML output of our editor and used text templates for code generation. The filtering of the XML output and the need to extend our simulation library with EFSM abstractions was found to be significant implementation challenges. Lastly, in order to to illustrate the utility of proSPEX we conducted a performance analysis case-study in which the efficient short remote operations (ESRO) protocol is used in a wireless e-commerce scenario

FLECS: A Data-Driven Framework for Rapid Protocol Prototyping

Flecs is a framework for facilitating rapid implementation of communication protocols. Forwarding functionality of protocols can be modeled as a combination of packet processing components called abstract switching elements or Ases. The design of Ases is constrained by the axioms of communication which enables us to formally analyze forwarding mechanisms in communication networks. Ases can be connected in a directed graph to define complex forwarding functionality. We have developed Flecs on top of the Click modular router. The compilers in the Flecs framework translate protocol specifications into its Click implementation. We claim that the use of our framework reduces the implementation time by allowing the programmer to specify Ases and the forwarding configuration in a high-level meta-language and produces reasonably efficient implementations. It allows rapid prototyping through configuration, as well as specialized implementation of performance-critical functionality through inheritance

A conformance test framework for the DeviceNet fieldbus

The DeviceNet fieldbus technology is introduced and discussed. DeviceNet is an open standard fieldbus which uses the proven Controller Area Network technology. As an open standard fieldbus, the device conformance is extremely important to ensure smooth operation. The error management in DeviceNet protocol is highlighted and an error injection technique is devised to test the implementation under test for the correct error-recovery conformance. The designed Error Frame Generator prototype allows the error management and recovery of DeviceNet implementations to be conformance tested. The Error Frame Generator can also be used in other Controller Area Network based protocols. In addition, an automated Conformance Test Engine framework has been defined for realising the conformance testing of DeviceNet implementations. Automated conformance test is used to achieve consistent and reliable test results, apart from the benefits in time and personnel savings. This involves the investigations and feasibility studies in adapting the ISO 9646 conformance test standards for use in DeviceNet fieldbus. The Unique Input/Output sequences method is used for the generation of DeviceNet conformance tests. The Unique Input/Output method does not require a fully specified protocol specification and gives shorter test sequences, since only specific state information is needed. As conformance testing addresses only the protocol verification, it is foreseen that formal method validation of the DeviceNet protocol must be performed at some stage to validate the DeviceNet specification