A Rigorous Approach to Networking: TCP, from Implementation to Protocol to Service
FM '08 Proceedings of the 15th international symposium on Formal Methods
Lem: a lightweight tool for heavyweight semantics
ITP'11 Proceedings of the Second international conference on Interactive theorem proving
| Hi-index | 0.00 |
This paper reports on an experiment in network protocol design: we use novel rigorous techniques in the design process ofa new protocol, in a close collaboration between systems and theory researchers. The protocol is a Media Access Control (MAC)protocol for the SWIFT optical network, which uses optical switching and wavelength striping to provide very high bandwidthpacket-switched interconnects. The use of optical switching (and the lack of optical buffering) means that the protocol mustcontrol the switch within hard timing constraints. We use higher-order logic to express the protocol design, in the general-purposeHOL automated proof assistant. The specification is thus completely precise, but still concise, readable, and without accidentaloverspecification. Further, we test conformance between the specification and two implementations of the protocol: an NS-2simulation model and the VHDL code of the network hardware. This involves: (1) proving, within HOL, that the specificationis equivalent to an algorithmically-checkable version; (2) using automatic code-extraction to generate a testing oracle; and(3) applying that oracle to traces of the implementation. This design-time use of rigorous methods has resulted in a protocolthat is better specified and more correct than it would otherwise be, with relatively little effort.