Multicast routing in internetworks and extended LANs
SIGCOMM '88 Symposium proceedings on Communications architectures and protocols
Formal Methods for Protocol Testing: A Detailed Study
IEEE Transactions on Software Engineering
Requirements Specification for Process-Control Systems
IEEE Transactions on Software Engineering
Modechart: A Specification Language for Real-Time Systems
IEEE Transactions on Software Engineering
ACM Transactions on Computer Systems (TOCS)
IEEE Transactions on Software Engineering
Protocol Verification as a Hardware Design Aid
ICCD '92 Proceedings of the 1991 IEEE International Conference on Computer Design on VLSI in Computer & Processors
An improvement in formal verification
Proceedings of the 7th IFIP WG6.1 International Conference on Formal Description Techniques VII
Verification of a Reliable Net Protocol
Proceedings of the Second International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems
Validating Requirements for Fault Tolerant Systems using Model Checking
ICRE '98 Proceedings of the 3rd International Conference on Requirements Engineering: Putting Requirements Engineering to Practice
Distributed Virtual Reality for Everyone -a Framework for Networked VR on the Internet
VRAIS '97 Proceedings of the 1997 Virtual Reality Annual International Symposium (VRAIS '97)
V & V through Inconsistency Tracking and Analysis
IWSSD '98 Proceedings of the 9th international workshop on Software specification and design
| Hi-index | 0.00 |
This paper describes the process of implementing a complex communications protocol that provides reliable delivery of data in multicast-capable, packet-switching telecommunication networks. The protocol, called the Reliable Multicasting Protocol (RMP), was developed incrementally using a combination of formal and informal techniques in an attempt to ensure the correctness of its implementation. Our development process involved three concurrent activities: (1) the initial construction and incremental enhancement of a formal state model of the protocol machine; (2) the initial coding and incremental enhancement of the implementation; and (3) model-based testing of iterative implementations of the protocol. These activities were carried out by two separate teams: a design team and a V&V team. The design team built the first version of RMP with limited functionality to handle only nominal requirements of data delivery. In a series of iterative steps, the design team added new functionality to the implementation while the V&V team kept the state model in fidelity with the implementation. This was done by generating test cases based on suspected errant or off-nominal behaviors predicted by the current model. If the execution of a test was different between the model and implementation, then the differences helped identify inconsistencies between the model and implementation. The dialogue between both teams drove the co-evolution of the model and implementation. Testing served as the vehicle for keeping the model and implementation in fidelity with each other. This paper describes (1) our experiences in developing our process model; and (2) three example problems found during the development of RMP.