An example of stepwise refinement of distributed programs: quiescence detection
ACM Transactions on Programming Languages and Systems (TOPLAS) - The MIT Press scientific computation series
A verified sliding window protocol with variable flow control
SIGCOMM '86 Proceedings of the ACM SIGCOMM conference on Communications architectures & protocols
Modeling a transport layer protocol using first-order logic
SIGCOMM '86 Proceedings of the ACM SIGCOMM conference on Communications architectures & protocols
A stepwise refinement heuristic for protocol construction
A stepwise refinement heuristic for protocol construction
A Discipline of Programming
The Specification and Verification of a Connection Establishment Protocol Using Temporal Logic
Proceedings of the IFIP WG6.1 Second International Workshop on Protocol Specification, Testing and Verification
Petri nets are good for protocols
SIGCOMM '84 Proceedings of the ACM SIGCOMM symposium on Communications architectures and protocols: tutorials & symposium
Formal specification and validation of ISO transport protocol components, using petri nets
SIGCOMM '84 Proceedings of the ACM SIGCOMM symposium on Communications architectures and protocols: tutorials & symposium
Time-Dependent Distributed Systems: Proving Safety, Liveness and Real-TimeProperties
Time-Dependent Distributed Systems: Proving Safety, Liveness and Real-TimeProperties
Service specification and protocol construction for the transport layer
SIGCOMM '88 Symposium proceedings on Communications architectures and protocols
Verified data transfer protocols with variable flow control
ACM Transactions on Computer Systems (TOCS)
A Relational Notation for State Transition Systems
IEEE Transactions on Software Engineering
A stepwise refinement heuristic for protocol construction
ACM Transactions on Programming Languages and Systems (TOPLAS)
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
A Rigorous Approach to Networking: TCP, from Implementation to Protocol to Service
FM '08 Proceedings of the 15th international symposium on Formal Methods
| Hi-index | 0.00 |
We specify and verify a connection management protocol for use between entities connected by channels that can lose, reorder, and duplicate messages. The protocol is symmetric. Each entity is in one of the following states: closed, listen, open, active opening, passive opening, or closing. The first three are stable states to be exited only by user request, while the last three are transient states. Each entity maintains a local incarnation number at all times, and a remote incarnation number only when opening, open, and closing. Our protocol employs the 3-way handshake used in TCP and ISO Transport Protocol (Class 4).We verify the safety property that when an entity is open, its remote incarnation number matches the remote entity's local incarnation number. This ensures that data messages from past connection instances are not delivered to the user. We verify the following progress properties: an actively opening entity will eventually establish a connection, provided that the remote entity is willing to communicate or is itself actively opening; the states of active opening, passive opening, and closing are transient; if the entities remain closed, the channels will eventually become empty, assuming messages have a maximum lifetime.This protocol specification can be immediately combined with the data transfer protocol specifications presented in [SHAN1, SHAN2, SHAN3] to provide a transport layer protocol with the functions of connection management and two-way data transfer. The verifications too can be immediately combined to provide a hierarchical verification of the multi-function protocol. The specifications and verifications can be combined because the connection management and data transfer protocols are images of the multi-function protocol. This illustrates the power of protocol projections in constructing multi-function protocols.