An example of stepwise refinement of distributed programs: quiescence detection
ACM Transactions on Programming Languages and Systems (TOPLAS) - The MIT Press scientific computation series
Gaining efficiency in transport services by appropriate design and implementation choices
ACM Transactions on Computer Systems (TOCS)
A verified sliding window protocol with variable flow control
SIGCOMM '86 Proceedings of the ACM SIGCOMM conference on Communications architectures & protocols
VMTP: a transport protocol for the next generation of communication systems
SIGCOMM '86 Proceedings of the ACM SIGCOMM conference on Communications architectures & protocols
Service specification and protocol construction for the transport layer
SIGCOMM '88 Symposium proceedings on Communications architectures and protocols
A verified connection management protocol for the transport layer
SIGCOMM '87 Proceedings of the ACM workshop on Frontiers in computer communications technology
A stepwise refinement heuristic for protocol construction
A stepwise refinement heuristic for protocol construction
Specifying Concurrent Program Modules
ACM Transactions on Programming Languages and Systems (TOPLAS)
Mechanisms that enforce bounds on packet lifetimes
ACM Transactions on Computer Systems (TOCS)
An HDLC protocol specification and its verification using image protocols
ACM Transactions on Computer Systems (TOCS)
A Discipline of Programming
A Relational Notation for State Transition Systems
IEEE Transactions on Software Engineering
A stepwise refinement heuristic for protocol construction
ACM Transactions on Programming Languages and Systems (TOPLAS)
An introduction to assertional reasoning for concurrent systems
ACM Computing Surveys (CSUR)
Alternative specification and verification of a periodic state exchange protocol
IEEE/ACM Transactions on Networking (TON)
Algorithmic patterns and the case of the sliding delta
ACM SIGCSE Bulletin
Using Transient/Persistent Errors to Develop Automated Test Oracles for Event-Driven Software
Proceedings of the 19th IEEE international conference on Automated software engineering
Controversy on how to teach CS 1: a discussion on the SIGCSE-members mailing list
Working group reports from ITiCSE on Innovation and technology in computer science education
Verification and improvement of the sliding window protocol
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
Embedded network protocols for mobile devices
FMICS'10 Proceedings of the 15th international conference on Formal methods for industrial critical systems
Hi-index | 0.00 |
We present and verify a sliding window protocol which uses modulo-N sequence numbers to achieve reliable flow-controlled data transfer between a producer and a consumer connected by unreliable channels. The consumer's data needs are represented by a receive window whose size can vary with time. The producer entity sends segments of data words that lie within the consumer's receive window. The consumer entity sends acknowledgment, selective acknowledgment, and selective reject messages that inform the producer entity of the current receive window size, the data word next expected, and the reception (or lack of reception) of out-of-sequence data segments. Our protocol is, therefore, a proper extension of existing transport and data link protocol standards such as TCP, IS0 TP, HDLC, ADCCP, and so forth.We consider two types of unreliable channels. The first type, referred to as transport channels, can lose, duplicate, and reorder messages to an arbitrary extent, but impose an upper bound on message lifetimes (which can be very large, e.g., days). The second type, referred to as data link channels, can only lose messages. For both types of channels, we obtain the minimum value of N that ensures safe operation without imposing any constraints on the retransmissions of messages or on the data segment sizes. Thus, any retransmission or acknowledgment policy that optimizes the protocol's performance can be used. For transport channels, this value of N is a function of the maximum message transmission rate, the maximum message lifetime, and the maximum receive window size. For data link channels, this value of N is a function only of the maximum receive window size. We verify progress under three different liveness assumptions: retransmissions initiated by both entities, only by the producer entity, and only by the consumer entity. The protocol also satisfies a convenient noninterference safety property between the acknowledgement, selective acknowledgment, and selective reject messages.The protocols are specified as event-driven systems and verified hierarchically in two major stages. First, we verify that correct flow-controlled data transfer results if the sequence numbers in the channels satisfy certain correct interpretation bounds, irrespective of the types of errors that the channels may have. Second, for both transport and data link channels, we verify that the correct interpretation bounds are enforced by the corresponding minimum values of N. For the verification of the transport channel case, we use a system model with continuous measures of time in which real-time constraints can be formally specified and verified.