Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Data Link Protocols By Erik Reeber. 2 Goals Use SPIN to model-check successively more complex protocols Using the protocols in Tannenbaums 3 rd Edition.

Published byKatelyn Bradford Modified over 10 years ago

Similar presentations

Presentation on theme: "1 Data Link Protocols By Erik Reeber. 2 Goals Use SPIN to model-check successively more complex protocols Using the protocols in Tannenbaums 3 rd Edition."— Presentation transcript:

1 1 Data Link Protocols By Erik Reeber

2 2 Goals Use SPIN to model-check successively more complex protocols Using the protocols in Tannenbaums 3 rd Edition of Computer Networks Compare this approach to using other verification tools

3 3 Background Processes communicate using layers Each layer provides services to higher- level layers and ultimately to the user Physical Data Link Network … User Data A Layered Packet

4 4 Data Link Layer Sits between the physical and network layers For our purposes: provides non-lossy, error- free, and ordered communication for the network layer The physical layer will provide error-free communication, but packets may get lost.

5 5 Specification Safety: [] ! Bad_network_packet Liveness: [] (network_message_sent -> <> network_message_received) A packet is bad if it is not the packet expected

6 6 Problems with the Spec Ideally, requires an infinite queue to check Ideally, any packet can be sent. This can be implemented in SPIN with: packet new_packet; do :: (i if :: true-> new_packet.p[i]++ :: true-> skip fi :: else -> break od

7 7 Simplifications Use a finite queue, that loops around Use a packet size of 1, and pick between 0 and 1. 0,4,8 12,… 123 packet new_packet; if :: true-> new_packet.p[0]=0 :: true-> new_packet.p[0]=1 fi

8 8 Why OK? Finite-queue of k elements: not always ok (consider k=2, and drop 2). We must prove: [] ((network_sent – network_received) < k). Packet size 1: ok, since the physical layer can only lose packets. Any packet loss or reordering can be detected with just 1 bit.

9 9 Protocol 1 Assumes no packets are lost by the physical layer Assumes receiver infinitely fast sender() { packet buffer; frame s; do :: true -> A_from_network?to_sender(buffer); s.info.p=buffer.p; A_to_physical!to_physical(s) } receiver() { packet pack; frame r,s; do :: true -> B_wait_for_event?to_receiver(); B_from_physical_layer?to_receiver(r); pack.info.p = r.info.p; B_to_network!to_network(pack) }

10 10 Notes on Protocol 1 I use separate processes for the network, physical, and data-link processes (6 processes already!) Wire is multiple channel, all other communication is done with 0 width (synchronous) channels. Need to add a constraint to both properties: [] (num_packets_in_DLR < 2) With the constraint, both properties went through SPIN

11 11 Protocol 2 No longer assume infinite speed receiver Instead, receiver sends ack back to sender A B frame ack

12 12 Notes on Protocol 2 Up to 8 processes! Model-checker getting slow (liveness proof went 252,700 states deep) Never more than one message being dealt with at a time Both checks went through

13 13 Protocol 2_5 Tannenbaum mentions a simple extension to protocol 2 to make it handle dropped messages. Just set a timer on the sender, if the timer buzzes resend. Why doesnt that work? Safety proofs goes through if add the condition that the ack is never dropped

14 14 Protocol 3 Truly handle lost messages Add a one bit sequence number to the message and the ack. Also timeout as in 2_5. But how does one implement a timer in SPIN…

15 15 Timer Implementations Use the timeout keyword: Had problems with the timeout keyword sticking Use the scheduler: timer() { do :: timeout -> A_wait_for_event!to_sender(time_out) od } timer() { do :: true -> A_wait_for_event!to_sender(time_out) od }

16 16 More timer implementations Use non-determinism: timer() { do :: true -> do :: true -> skip :: true -> break od; A_wait_for_event!to_sender(time_out) od }

17 17 Notes on protocol 3 Proved liveness with the schedulers timer and safety under the timeout keyword. Looking for the right timer implementation Made a pretty and an ugly version of protocol 3. The ugly version gets rid of the physical senders

18 18 Protocol 4 Bidirectional 1-bit windowing protocol (only 1 bit ack) More efficient && symmetric Original implementation has 12 processes: my ugly version weans this down to 6 – and still does not make it through.

19 19 Notes on Protocol 4 I tried using various forms of compression, but never got a full search On the other hand, between my 5 implementations of protocol 4, SPIN caught a lot of errors.

20 20 3 More Protocols? There are three more data link protocols in Tannenbaums book. First n-bit windowing, then 1-bit sliding window, and finally the n-bit sliding window protocol Since Protocol 4 did not go through, …

21 21 Spin v. ACL2 ACL2 proof would work at a lower level: + ACL2 can handle more states - if the user can do the proof + SPIN has a better simulator: its tough to simulate this type of ACL2 code. (defun next_system_state (i system_state) (cond ((== i 0) (execute_A system_state)) (t (execute_B system_state))))... (thm (and (not (get-val bad_network_packet (init_state))) (implies (not (get-val bad_network_packet s)) (not (get-val bad_network_packet (next_system_state i s))))

22 22 Conclusions Model-checking complex protocols is hard SPIN is very good at helping users find bugs. The interactive simulator is useful. Try combining SPIN with theorem proving

23 23 Future Work Simplify the spec: Is there something simpler that will still distinguish ordering? Simplify the model: 6 processes are not really necessary. Implement a better timer Prove the network protocols in ACL2 or PVS for comparison

Download ppt "1 Data Link Protocols By Erik Reeber. 2 Goals Use SPIN to model-check successively more complex protocols Using the protocols in Tannenbaums 3 rd Edition."

Similar presentations

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
Congestion Control and Fairness Models Nick Feamster CS 4251 Computer Networking II Spring 2008.

Congestion Control and Fairness Models Nick Feamster CS 4251 Computer Networking II Spring 2008.
1 Formal Modeling & Verification of Messaging Framework of Simple Object Access Protocol (SOAP) Manzur Ashraf Faculty,BRAC University.

1 Formal Modeling & Verification of Messaging Framework of Simple Object Access Protocol (SOAP) Manzur Ashraf Faculty,BRAC University.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
0 - 0.

0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts 1 - 20.

Addition Facts
31.03.2011-ZMQS- 1. 2 31.03.2011 -ZMQS- 3 31.03.2011.

ZMQS ZMQS
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.

Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 14 Introduction to Computer Networks.

CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 14 Introduction to Computer Networks.
Chapter 3 The Data Link Layer.

Chapter 3 The Data Link Layer.
Data Link Layer Protocols Flow Control in Data Link Layer.

Data Link Layer Protocols Flow Control in Data Link Layer.
Data Link Layer (cont’d)

Data Link Layer (cont’d)
Homework Reading Machine Projects Labs

Homework Reading Machine Projects Labs
Local Area Networks - Internetworking

Local Area Networks - Internetworking
ABC Technology Project

ABC Technology Project
1 Improving TCP Performance over Mobile Networks HALA ELAARAG Stetson University Speaker : Aron ACM Computing Surveys 2002.

1 Improving TCP Performance over Mobile Networks HALA ELAARAG Stetson University Speaker : Aron ACM Computing Surveys 2002.
1 Carnegie Mellon UniversitySPIN ExamplesFlavio Lerda Bug Catching15-398 SPIN Examples.

1 Carnegie Mellon UniversitySPIN ExamplesFlavio Lerda Bug Catching SPIN Examples.

Similar presentations

Ads by Google