SC7/WG19 Geneva 2003 ISO/IEC 15909: A Simple Example of Protocol Specification and Verification Jonathan Billington Computer Systems Engineering Centre.

Slides:



Advertisements
Similar presentations
WS Choreography v.0-1 Overview This is work-in-progress David Burdett, Commerce One 18 June 2003.
Advertisements

Milano 25/2/20031 Bandwidth Estimation for TCP Sources and its Application Prepared for QoS IP 2003 R. G. Garroppo, S.Giordano, M. Pagano, G. Procissi,
Michele Pagano – A Survey on TCP Performance Evaluation and Modeling 1 Department of Information Engineering University of Pisa Network Telecomunication.
CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 14 Introduction to Computer Networks.
Data Link Layer (cont’d)
COS 461 Fall 1997 Data Link Layer u Today: LANs other than Ethernet –token rings –switched networks –cellular technology u remaining issues –error detection.
Modelling and Analysis of the CES Protocol of H.245 Lin Liu and Jonathan Billington Computer Systems Engineering Centre University of South Australia.
Kurt Jensen Lars M. Kristensen 1 Coloured Petri Nets Department of Computer Science Coloured Petri Nets Modelling and Validation of Concurrent Systems.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
Assume that a file is transferred from a node A to a node B. The file has been fragmented in 5 frames (denoted as f0, f1, f2, f3, f4). Show the flow of.
Assume that a file is transferred from a node A to a node B. The file has been fragmented in 5 frames. Frame 0 is corrupted, the ACK of frame 1 is corrupted,
1 Transport Protocols & TCP CSE 3213 Fall April 2015.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Chapter 6 Transport Layer.
Answers of Exercise 7 1. Explain what are the connection-oriented communication and the connectionless communication. Give some examples for each of the.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Introduction to the Transport.
School of Information Technologies TCP Congestion Control NETS3303/3603 Week 9.
EEC-484/584 Computer Networks Lecture 12 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.
EEC-484/584 Computer Networks Lecture 12 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.
Sweep-line Analysis of DCCP Connection Management Somsak Vanit-Anunchai Jonathan Billington Guy Edward Gallasch 25 th October 2006.
William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Transport Layer.
Data Communications Architecture Models. What is a Protocol? For two entities to communicate successfully, they must “speak the same language”. What is.
CSEC Experimenting with Progress Mappings for the Sweep-Line Analysis of the Internet Open Trading Protocol Guy Edward Gallasch, Chun Ouyang, Jonathan.
University of South Australia CPN’05 Oct Enhancing the CES Protocol and its Verification Lin Liu 1,2 and Jonathan Billington 2 1 School of Computer.
Error Checking continued. Network Layers in Action Each layer in the OSI Model will add header information that pertains to that specific protocol. On.
Process-to-Process Delivery:
TRANSPORT LAYER T.Najah Al-Subaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.
TCP: flow and congestion control. Flow Control Flow Control is a technique for speed-matching of transmitter and receiver. Flow control ensures that a.
Lect3..ppt - 09/12/04 CIS 4100 Systems Performance and Evaluation Lecture 3 by Zornitza Genova Prodanoff.
CIS 725 Wireless networks. Low bandwidth High error rates.
Principles of Reliable Data Transfer. Reliable Delivery Making sure that the packets sent by the sender are correctly and reliably received by the receiver.
The Transport Layer  introduction  fundamental problems in networking  communicating reliably over an unreliable channel  congestion and flow control.
ARQ Mechanisms Rudra Dutta ECE/CSC Fall 2010, Section 001, 601.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 11 Data Link Control Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Wireless TCP Prasun Dewan Department of Computer Science University of North Carolina
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Data Link Layer Part I – Designing Issues and Elementary.
COP 4930 Computer Network Projects Summer C 2004 Prof. Roy B. Levow Lecture 3.
Towards a High-Level Petri Net Type DefinitionWorkshop on Interchange Formats for Petri Nets 1/18 June 26, 2004 Towards a High-Level Petri Net Type Definition.
1 Transport Layer Lecture 10 Imran Ahmed University of Management & Technology.
3 June Paris Seminar Modelling and Analysis of TCP’s Connection Management Procedures Jonathan Billington and Bing Han Computer Systems Engineering.
Wireless TCP. References r Hari Balakrishnan, Venkat Padmanabhan, Srinivasan Seshan and Randy H. Katz, " A Comparison of Mechanisms for Improving TCP.
CSC 600 Internetworking with TCP/IP Unit 5: IP, IP Routing, and ICMP (ch. 7, ch. 8, ch. 9, ch. 10) Dr. Cheer-Sun Yang Spring 2001.
Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Protocols and Architecture Slide 1 Use of Standard Protocols.
Failure detection The design of fault-tolerant systems will be easier if failures can be detected. Depends on the 1. System model, and 2. The type of failures.
CS/EE 145A Reliable Transmission over Unreliable Channel II Netlab.caltech.edu/course.
© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Congestion Control 0.
Transmission Control Protocol (TCP) TCP Flow Control and Congestion Control CS 60008: Internet Architecture and Protocols Department of CSE, IIT Kharagpur.
Classifying fault-tolerance Masking tolerance. Application runs as it is. The failure does not have a visible impact. All properties (both liveness & safety)
1 The Data Link Layer A. S. Tanenbaum Computer Networks W. Stallings Data and Computer Communications Chapter 3.
DATA LINK CONTROL. DATA LINK LAYER RESPONSIBILTIES  FRAMING  ERROR CONTROL  FLOW CONTROL.
Computer Networking Lecture 16 – Reliable Transport.
Data Link Layer.
3. END-TO-END PROTOCOLS (PART 1) Rocky K. C. Chang Department of Computing The Hong Kong Polytechnic University 22 March
Protocols and layering Network protocols and software Layered protocol suites The OSI 7 layer model Common network design issues and solutions.
The Transport Layer introduction fundamental problems in networking
Data Link Layer Flow Control.
5. End-to-end protocols (part 1)
Introduction of Transport Protocols
Transport Layer Unit 5.
Transport Layer Our goals:
TCP - Part II Relates to Lab 5. This is an extended module that covers TCP flow control, congestion control, and error control in TCP.
Introduction to the Transport Layer
Process-to-Process Delivery:
CS412 Introduction to Computer Networking & Telecommunication
Assume that a file is transferred from a node A to a node B
The Transport Layer Chapter 6.
Chapter 5 Peer-to-Peer Protocols and Data Link Layer
Lecture 4 Peer-to-Peer Protocols and Data Link Layer
Process-to-Process Delivery: UDP, TCP
Error Checking continued
ECN in QUIC - Questions Surfaced
Presentation transcript:

SC7/WG19 Geneva 2003 ISO/IEC 15909: A Simple Example of Protocol Specification and Verification Jonathan Billington Computer Systems Engineering Centre School of Electrical and Information Engineering University of South Australia 16 September 2003

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva Goal To illustrate the use of ISO/IEC Use a simple stop and wait protocol Illustrate specification and verification Use concrete syntax of Coloured Petri Nets Use Design/CPN for graphical representation

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva High-level Nets Standard: ISO/IEC Part 1: Concepts, Definitions and Graphical Notation (FDIS) CPN semantics Algebraic graphical form (signatures) Part 2: Transfer Format (PNML) XML based First draft (Ekkart Kindler) Part 3: Extensions (Future) Modularity (eg hierarchical models) Time

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva High-level Net Semantics HLPN = (P,T,D;Type,Pre,Post,M 0 ) P is a finite set of Places T is a finite set Transitions disjoint from P D is a non-empty finite set of non-empty domains (sets) where each element of D is called a type Type:PUT D is a function used to assign types to places and to determine transition modes Pre,Post:TRANS μPLACE are the pre and post mappings TRANS = {(t,m) | t Є T, m Є Type(t)} PLACE = {(p,g) | p Є P, g Є Type(p)} M 0 Є μPLACE is a multiset, the initial marking of the net μPLACE is the set of multisets over the set, PLACE

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva Stop and Wait Protocols (SWP) Send a message and wait for ack before sending the next message (flow control) Recover from loss by retransmissions (ARQ) Receiver discarding messages with bit errors Router discarding messages due to congestion Sequence Number included to detect duplicates Finite maximum sequence number: MaxSeqNo Modulo arithmetic MaxSeqNo + 1 Maximum Retransmission Counter: MaxRetrans Medium Initially order preserving channels (DLL Protocol) However, part of TCP (window size of one)

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva Motivation TCP is the dominant transport protocol in the Internet TCP uses ARQ with 32 bit sequence numbers Original designers were concerned about duplicates message is delayed in reordering medium sequence numbers wrap then duplicate can be accepted as a new message Proposed 3 way handshake (old connections) plus large sequence numbers (same connection) time to live in IP (but implemented as hop count) Networks are getting faster – Gbit/s and beyond How does the simplest ARQ (SWP) fail?

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva Approach Use graphical models that allow for visualisation Coloured Petri net models of the SWP Lossy FIFO channel Lossy reordering channel Properties Boundedness of channels Stop and Wait Service – alternating sends and receives Duplicate acceptance Message Loss Hand proofs for boundedness (general) Reachability analysis, automata reduction and language equivalence for the other 3 properties (limited parameter values) Use Design/CPN (Aarhus) and FSM (ATT)

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva Modelling Assumptions Stop and Wait ARQ Protocol Recovery from loss by retransmissions Retransmission counter with limit: MaxRetrans Transmission is aborted when limit reached – not modelled Bounded sequence numbers: MaxSeqNo Message represented by sequence number only – data independence assumption Channels Lossy/lossless unbounded FIFO Lossy/lossless, re-ordering and unbounded Lossy/lossless, re-ordering and bounded

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva CPN Model 1 SWP over Lossy FIFO Channels Sender: Send message as sequence number (sn) Retransmission on timeout to limit (MaxRetrans) Receive acks and duplicate acks Increment sn modulo MaxSeqNo + 1 Receiver: Receive messages (sn=rn) and discard duplicates Send ack of next expected message (rn) FIFO Channel: Message loss (or not)

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva SWP over Lossy FIFO: Results Boundedness arbitrary MaxSeqNo and MaxRetrans bound on FIFO length of both mess_channel and ack_channel given by 2MaxRetrans + 1 Alternating sends and receives (sn=rn) No duplication No loss (except for possibly the last message if the transmission is aborted, i.e. MaxRetrans limit is reached)

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva CPN Model 2 SWP over Lossy Reordering Channels Same as CPN Model 1 except for the message and ack channels Each channel is represented by a place, where a token is a message (rather than a list of messages) Loss of any message or ack at anytime Can switch loss off readily by use of the guard false on the loss transitions

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva SWP over Lossy non-FIFO: Results 1 Theorem 1 For the SWP of CPN2 (lossy non-FIFO channels), with MaxRetrans and MaxSeqNo > 0, the message channel is unbounded. Proof sketch: find transition sequence (cycle) that on each repetition will increase the number of tokens in mess_channel by 1 consider: send_mess, receive_mess (sn=rn), send_ack, timeout_retrans, receive_ack from the initial marking, a new marking with send_mess enabled and duplicate in mess_channel is obtained repeat transition sequence every repetition of the sequence increases the number of tokens in mess_channel by one sequence can be repeated indefinitely => unbounded.

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva SWP over Lossy non-FIFO: Results 2 Theorem 2 For the SWP of CPN2 with MaxRetrans and MaxSeqNo > 0, the ack channel is unbounded. Proof: consider transition sequence: send_mess, receive_mess(sn=rn), send_ack, timeout_retrans, receive_ack, receive_mess, send_ack same arguments as for the proof of Theorem 1

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva SWP over Lossy non-FIFO: Results 3 Theorem 3 The SWP of CPN2 with MaxRetrans and MaxSeqNo > 0, does not satisfy the Stop and Wait service. Theorem 4 For the SWP of CPN2 with MaxRetrans and MaxSeqNo > 0, duplicates may be received as new messages. Theorem 5 For the SWP of CPN2 with MaxRetrans and MaxSeqNo > 0, messages can be lost without being detected.

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva Proof of Theorems 3-5 Use language analysis to consider sequences of sends and receives: desired service is (send receive)* send is send_mess; receive is receive_mess(sn=rn) Restricted to bounded channels (capacity = 2), but if there are failures in this case, they will also occur for capacities > 2 (conjecture) Set MaxRetrans = 1 = MaxSeqNo. Any incorrect behaviour also present when MaxRetrans, MaxSeqNo > 1 (conjecture) Two cases: No message loss With message loss

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva FSA for Lossless Channel OG: 410 nodes and 848 arcs Minimised FSA: 14 states and 21 transitions Stop and Wait Service not satisfied as Alternating sequences of sends and receives is violated (s=send, r=receive) Duplicate acceptance cycles: (srr)* : 5 s 8 r 11 r 13 s 6 r 4 r 5 (srsrrr)* : 7 s 10 r 13 s 6 r 4 r 5 r 7 Loss Cycles: (sssr)* : 13 s 6 s 9 s 12 r 13 Messages lost even though channel not lossy ! Problems do not occur till SNs wrap

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva FSA for Lossy Channel OG: 624 nodes and 2484 arcs Minimised FSA: 29 states and 47 transitions All states are acceptance states Stop and Wait Service not satisfied Duplicate acceptance cycles Loss Cycles Problems do not occur till SNs wrap

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva Relevance to TCP TCP uses a sliding window mechanism with dynamic changes to window size and 32 bit SN Reduces to a stop and wait protocol if window size is set to one Conjecture that similar modes of loss and duplication will occur with TCP if Sequence numbers wrap; and Duplicates still exist in the Internet Time-to-live field in IP packets (hop count!) RFC 793 (TCP) suggests Max Seg Lifetime of 2 minutes At 1 Gbit/s effective throughput, SN wrap in 34 secs, allowing duplicates to still be present, but need 4GB of data to send! RFC 1323 recommends the use of 32 bit time-stamps to overcome this problem (PAWS) 64 bit SN? - at 10 Gbit/s would take 470 years to wrap

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva Relevance to TCP - II Unbounded channels Will potentially unbounded growth of messages lead to congestion? Due to retransmissions, which will occur Most duplicates will be deleted by the receiver Remaining duplicates will be killed off after time to live limit is reached (if implemented) Congestion control procedures already in place Conclusion: No problem for TCP

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva Conclusions Shown that Stop and Wait Protocols do not work over reordering channels in the following ways: The channels are unbounded (for any MaxRetrans, MaxSeqNo) The SWP does not satisfy its service of (sr)* Cyclic behaviour exists where: Duplicates can be accepted as new messages Messages can be lost (unknowingly) Congestion Lossy FIFO channels, congestion contained (2MaxRetrans + 1) Reordering channels, other mechanisms required The last 3 problems depend on SNs wrapping For Gbit/s networks, duplicates and loss can be a problem => implement PAWS as per RFC 1323

How ISO/IEC 15909: Simple SWP Example J. Billington CSEC EIE16/9/2003SC7/WG19 Geneva Future Work Extend work to TCP mechanisms, including PAWS Incorporate mechanisms into CPN model for deleting old messages Formally extend results for loss and duplication to arbitrary values of MaxRetrans, MaxSeqNo and channel capacity Investigate duplication and loss even when (sr)* is not violated

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.