Developing a Framework for Simulation, Verification and Testing of SDL Specifications Olga Shumsky Lawrence Henschen Northwestern University

Slides:



Advertisements
Similar presentations
Fakultät für informatik informatik 12 technische universität dortmund SDL Peter Marwedel TU Dortmund, Informatik 12 Graphics: © Alexandra Nolte, Gesine.
Advertisements

INTERVAL Next Previous 13/02/ Timed extensions to SDL Analysis requirements –Assumptions on moments and duration Semantics with controllable time.
System and Software Engineering Research 1 Motorola 2003 Integrated Application of MSC Clive Jervis Rapporteur Q15 Motorola UK Research Labs.
Switching Techniques In large networks there might be multiple paths linking sender and receiver. Information may be switched as it travels through various.
Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.
DISTRIBUTED SYSTEMS II FAULT-TOLERANT BROADCAST Prof Philippas Tsigas Distributed Computing and Systems Research Group.
NETWORK LAYER (1) T.Najah AlSubaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.
CECS 474 Computer Network Interoperability Notes for Douglas E. Comer, Computer Networks and Internets (5 th Edition) Tracy Bradley Maples, Ph.D. Computer.
Answers of Exercise 7 1. Explain what are the connection-oriented communication and the connectionless communication. Give some examples for each of the.
CS 582 / CMPE 481 Distributed Systems Fault Tolerance.
Protocols. Basics Defining Interactions VERTICAL Application Presentation Session Transport Network Data Link Physical Please do this for me OK It’s.
CS335 Networking & Network Administration Tuesday, May 11, 2010.
Software Engineering, COMP201 Slide 1 Protocol Engineering Protocol Specification using CFSM model Lecture 30.
20101 The Data Link Layer Chapter Design Issues Controls communication between 2 machines directly connected by “wire”-like link Services Provided.
TCP: Software for Reliable Communication. Spring 2002Computer Networks Applications Internet: a Collection of Disparate Networks Different goals: Speed,
Timing analysis of an SDL subset in UPPAAL Anders Hessel Institution of Information Technology Department of Computer Systems Uppsala University M.Sc.
Error Checking continued. Network Layers in Action Each layer in the OSI Model will add header information that pertains to that specific protocol. On.
SEPT, 2005CSI Part 2.2 Protocols and Protocol Layering Robert Probert, SITE, University of Ottawa.
Network Hardware for Expanding Network. Expanding Networks When do we need expansion:  Network cable is full of data movements  Printing tasks needs.
SERIAL BUS COMMUNICATION PROTOCOLS
Switching Techniques Student: Blidaru Catalina Elena.
02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.
- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 2005/6 Universität Dortmund Some general properties of languages 1. Synchronous vs. asynchronous languages.
IAY 0600 Digitaalsüsteemide disain Event-Driven Simulation Alexander Sudnitson Tallinn University of Technology.
1 Chapter 16 Protocols and Protocol Layering. 2 Protocol  Agreement about communication  Specifies  Format of messages (syntax)  Meaning of messages.
Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL ( )
Switching breaks up large collision domains into smaller ones Collision domain is a network segment with two or more devices sharing the same Introduction.
The Transmission Control Protocol (TCP) Application Services (Telnet, FTP, , WWW) Reliable Stream Transport (TCP) Connectionless Packet Delivery.
- 1 - Embedded Systems - SDL Some general properties of languages 1. Synchronous vs. asynchronous languages Description of several processes in many languages.
INTRODUCTION. A Communications Model Source –generates data to be transmitted Transmitter –Converts data into transmittable signals Transmission System.
Chapter 12 Transmission Control Protocol (TCP)
COP 4930 Computer Network Projects Summer C 2004 Prof. Roy B. Levow Lecture 3.
CSC 311 Chapter Eight FLOW CONTROL TECHNIQUES. CSC 311 Chapter Eight How do we manage the large amount of data on the network? How do we react to a damaged.
Delivery, Forwarding, and Routing of IP Packets
Introduction to SDL Bibliography: [Doldi2001] L. Doldi, (2001), SDL Illustrated. [Edwards2001] S. Edwards, (2001), SDL,
Requirements Specification. Welcome to Software Engineering: “Requirements Specification” “Requirements Specification”  Verb?  Noun?  “Specification”
Internet Protocol: Routing IP Datagrams Chapter 8.
3.2 Software Fundamentals. A protocol is a formal description of digital message formats and the rules for exchanging those messages in or between computing.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Connecting Devices CORPORATE INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL Department of Electronics and.
Protocol Specification Prof Pallapa. Venkataram Department of Electrical Communication Engineering Indian Institute of Science Bangalore – , India.
Modelling Reactive Systems 4 Professor Muffy Calder Dept. of Computing Science University of Glasgow
Formal Verification. Background Information Formal verification methods based on theorem proving techniques and model­checking –To prove the absence of.
IAY 0600 Digital Systems Design Event-Driven Simulation VHDL Discussion Alexander Sudnitson Tallinn University of Technology.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
Winter 2007SEG2101 Chapter 121 Chapter 12 Verification and Validation.
© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Principles of reliable data transfer 0.
1 Protocols and Protocol Layering. 2 Protocol Agreement about communication Specifies –Format of messages –Meaning of messages –Rules for exchange –Procedures.
1 Device Controller I/O units typically consist of A mechanical component: the device itself An electronic component: the device controller or adapter.
UDP: User Datagram Protocol Chapter 12. Introduction Multiple application programs can execute simultaneously on a given computer and can send and receive.
Agenda  Quick Review  Finish Introduction  Java Threads.
TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).
1 An SDL Tutorial Two primary elements: –Structure –Identifies the various components of the system, and the communication paths among them. –Components:
DATA LINK CONTROL. DATA LINK LAYER RESPONSIBILTIES  FRAMING  ERROR CONTROL  FLOW CONTROL.
NETWORKING CONCEPTS. STOP AND WAIT FLOW CONTROL simplest form of flow control, After the destination entity receives the frame, it indicates its willingness.
Data Link Layer.
Powerpoint Templates Data Communication Muhammad Waseem Iqbal Lecture # 07 Spring-2016.
Network Layer COMPUTER NETWORKS Networking Standards (Network LAYER)
Network Hardware for Expanding Network
Part III Datalink Layer 10.
Ch 16 Protocols and Layering
Layered Architectures
CMPT 371 Data Communications and Networking
6 Transport Layer Computer Networks Tutun Juhana
Switching Techniques In large networks there might be multiple paths linking sender and receiver. Information may be switched as it travels through various.
Protocol Basics.
Switching Techniques.
Protocols and Protocol Layering
Protocols and Protocol Layering
Error Checking continued
Presentation transcript:

Developing a Framework for Simulation, Verification and Testing of SDL Specifications Olga Shumsky Lawrence Henschen Northwestern University

Introduction Formal verification is widely used in hardware verification Errors found late in the production cycle are more expensive to correct in hardware than in software In safety-critical software systems correctness requirements warrant formal verification Emphasis on design processes that already employ formal methods

Specification and Description Language SDL A formal description technique standardized in 1988 by International Telecommunication Union Intended for description of communication protocols Used on a variety of distributed, concurrent, communicating, asynchronous systems Many support tools exists, but no framework for theorem-proving based verification Main building blocks are processes represented by extended finite-state machines and delaying and instantaneous communication links

Example of Modeling with SDL: a simple communication protocol A sender and a receiver communicate Buffer size is 1: each message must be acknowledged before next is sent If acknowledgement does not arrive in a reasonable time, message is resent The communication network may lose but not corrupt messages

Protocol Modeling in SDL: Part 1

Protocol Modeling in SDL: Part 2

Simulator vs. Specification Verification We are building a verified simulator for SDL specifications – one-time effort Design engineers can use the simulator to verify SDL specifications – multiple verification efforts on multiple designs ACL2 used in both cases

SDL Specifications Simulator Architecture Activator Translator Process Simulator & Utilities SDL Specifications Specifications in Lisp-Based Format System Instance System Simulation Formally correct valid instance, valid specification pair equivalent specifications correct instance simulation Correct simulation of original specification

Process Translation Superficial, stores entities as lists Receiver process translated: (receiver (1. 1) (ackid frameid) (start (() (task ackid -1) (label 1) (output ack (ackid) () ()) (nextstate waiting))) (waiting ((frameid (frameid)) (decision ((= frameid (+ ackid 1)) (task ackid (+ ackid 1)) (join 1)) ((<> frameid (+ ack 1)) (join 1))))))

Communication Network Translation Paths consisting of several links are collapsed into multi-component single entities Instantaneous paths: (source destination route-name) Delaying paths: (source destination (member routes) queue) Network from example: (sender receiver (out1 link in2) nil) (receiver sender (out2 link in1) nil)

Translator Correctness Defined an inverse function untranslate, and prove that no information is lost w.r.t. to a specialized equivalence relation (equal* (untranslate (translate S)) S) Trivial for process translation Tricky for network translation

Activator SDL differentiates between process definition and process instance Defined process activation mechanism Receiver process instance (1 receiverprocess start ((ackid. nil) (frameid. nil) (self. 1) (sender. nil) (parent. 0) (offspring. nil) ((start …)) nil) Correctness property: defined a recognizer for valid instances of a system (defthm activate-makes-instance (implies (wf-type S) (wf-instance (activate S) S)))

Process Simulator Receiver Process Simulation Simulator functions defined for: signal input and output, assignment, updating state, decision, process creation, procedure call, timer operations, stop, and goto Correctness: simulating each action preserves wf-instance property actionstateMemoryqueue After instantiationstart(ackid. nil) (frameid. nil) (sender. nil)nil After initializationwaiting(ackid. -1) (frameid. nil) (sender. nil)nil Signal arrives in queuewaiting(ackid. -1) (frameid. nil) (sender. nil)Frame(0) Signal consumedwaiting(ackid. -1) (frameid. 0) (sender. 2)nil Transition completedwaiting(ackid. 0) (frameid. 0) (sender. 2)nil

Concurrency Simulation An oracle indicates to the top-level simulator function the id of the next instance to simulate How fine-grained should a simulation be? –Transitions are considered atomic: the simulation might miss some possible real-life process interleaving scenarios –Actions are considered atomic: some actions, such as procedure calls, are more time consuming than simple actions, such as goto and nextstate We are implementing mechanisms to handle both cases, so that appropriate process interleaving can be selected for each application

Network Handling A signal traveling through an instantaneous path is immediately delivered to the destination An oracle is supplied to delaying paths to determine whether the path forwards the signal If there is an inconsistency in the address of the signal, a warning is generated, and the signal is discarded

SDL Specifications Verification Once the simulator is proved correct, we can prove properties of specifications w.r.t. the simulator Our protocol is correct if sender and receiver agree on the id of the last successfully transmitted frame (defthm sender-receiver-agree-1 (<= (variable-value 'ackid (instance 'receiver (simulate S O))) (variable-value 'frameid (instance 'sender (simulate S O))))) (defthm sender-receiver-agree-2 (let ((v1 (variable-value 'ackid (instance 'receiver (simulate S O)))) (v2 (variable-value 'frameid (instance 'sender (simulate S O))))) (implies (< v1 v2) (= (+ 1 v1) v2)))) Defined access functions to extract variables and instances

Testing of implementations Simulator can be used for testing: implemented units are substituted in place of simulations

Related Work Other approaches to verification of SDL specifications are based on model checkers. A couple of examples –IF system from Verimag converts SDL to PROMELA and uses SPIN model checker –A proprietary verification system at Siemens relies on a BDD-based symbolic checker

Summary We are developing a simulator for SDL specifications We are using ACL2 for the development and verification of the simulator The goal is to provide a framework for verification of SDL specifications using a theorem prover The simulator also helps in testing of implementations: acts as a test driver and helps compute expected results for test cases

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.