network protocol design and evaluation
play

Network Protocol Design and Evaluation 05 - Validation, Part III - PowerPoint PPT Presentation

Jan 19, 2024 •38 likes •688 views

Network Protocol Design and Evaluation 05 - Validation, Part III Stefan Rhrup University of Freiburg Computer Networks and Telematics Summer 2009 Overview In the first parts of this chapter: Validation models in Promela

  1. Network Protocol Design and Evaluation 05 - Validation, Part III Stefan Rührup University of Freiburg Computer Networks and Telematics Summer 2009

  2. Overview ‣ In the first parts of this chapter: • Validation models in Promela • Defining and checking correctness claims with SPIN ‣ In this part: • Correctness Claims with Linear Temporal Logic • Example (continued): Validation of the Alternating Bit Protocol with LTL and SPIN ABP slides referring to this example are marked with Network Protocol Design and Evaluation Computer Networks and Telematics 2 Stefan Rührup, Summer 2009 University of Freiburg

  3. Temporal Logic ‣ Transforming requirements into never claims is not always easy ‣ A more convenient way of formalization is by using Linear Temporal Logic (LTL) ‣ Example for describing a valid execution sequences: Every state satisfying p is eventually followed by one which satisfies q. In LTL: ◻ ( p → ◊ q) ‣ LTL formulae are often easier to understand than never claims Network Protocol Design and Evaluation Computer Networks and Telematics 3 Stefan Rührup, Summer 2009 University of Freiburg

  4. Motivation: LTL and Validation (1) sd ABP ‣ Example (Alternating Bit Protocol): We want to assert that a data Sender Receiver message is finally received (unless there is an error cycle) FETCH data(a,1) ACCEPT err ‣ More precisely: After a message data(a,1) has been sent, there might be ACCEPT ack(1) errors and retransmissions until it FETCH data(b,0) is received by the receiver or an ACCEPT error occurs infinitely often ack(0) ‣ We can express this in LTL ... Network Protocol Design and Evaluation Computer Networks and Telematics 4 Stefan Rührup, Summer 2009 University of Freiburg

  5. Desired Behaviour (1) ‣ Every data message sent is finally received by the receiver Sender lower layer Receiver data(a,1) ds error ack(0) ack(0) or error data(a,1) data(a,1) dr Network Protocol Design and Evaluation Computer Networks and Telematics 5 Stefan Rührup, Summer 2009 University of Freiburg

  6. Desired Behaviour (2) ‣ But there might be an error cycle due to repeated message distortion by the lower layer Sender lower layer Receiver data(a,1) ds error ack(0) ack(0) data(a,1) error err Network Protocol Design and Evaluation Computer Networks and Telematics 6 Stefan Rührup, Summer 2009 University of Freiburg

  7. Desired Behaviour (3) ‣ However, between sending and receiving a data message, there is no other data message transmitted Sender lower layer Receiver data(a,1) ds no data message with other content data(a,1) dr Network Protocol Design and Evaluation Computer Networks and Telematics 7 Stefan Rührup, Summer 2009 University of Freiburg

  8. Motivation: LTL and Validation (2) ‣ Claim: After a message x has been sent, there might be errors and retransmissions (but no other data is sent) until x is received by the receiver or an error occurs infinitely often ‣ We define: ds - data sent, dr - data received od - other data sent (with other content), err - error message received ‣ A little bit more formal: Always after ds there is no od until ( dr or err ) ‣ In LTL: ◻ ( ds → ¬ od U ( dr ∨ err )) (Always ds implies not od until ( dr or err ) Network Protocol Design and Evaluation Computer Networks and Telematics 8 Stefan Rührup, Summer 2009 University of Freiburg

  9. Temporal Logic ‣ Why “Temporal Logic”? ‣ Logic formulas expressing some system properties are not statically true or false ‣ Formulas may change their truth values dynamically as the system changes its state → Temporal Logic ‣ LTL formulae are defined over infinite transition sequences (“runs”). Linear refers to single sequential runs Network Protocol Design and Evaluation Computer Networks and Telematics 9 Stefan Rührup, Summer 2009 University of Freiburg

  10. LTL Formulae ‣ LTL extends propositional logic by modal operators ‣ Well-formed LTL formulae • Propositional state formulae, including true or false are well-formed • If p and q are well-formed formulae, then α p, p β q, and (p) are well-formed formulae, where α and β are unary/binary temporal operators ‣ Grammar: ltl ::= operand | ( ltl ) | ltl binary_operator ltl | unary_operator ltl (where operand is either true, false, or a user-defined symbol) Network Protocol Design and Evaluation Computer Networks and Telematics 10 Stefan Rührup, Summer 2009 University of Freiburg

  11. Linear Temporal Logic ‣ LTL Operators: Operator Description Definition σ [i] ⊨ X p ⇔ σ i+1 ⊨ p X Next U Weak Until σ [i] ⊨ (p U q) ⇔ σ i ⊨ q ∨ ( σ i ⊨ q ∧ σ [i+1] ⊨ (p U q)) U Strong Until σ [i] ⊨ (p U q) ⇔ σ i ⊨ (p U q) ∧ ∃ j, j ≥ i σ j ⊨ q Always ◻ σ ⊨ ◻ p ⇔ σ ⊨ (p U false) Eventually ◊ σ ⊨ ◊ p ⇔ σ ⊨ (true U p) σ i = i-th element of the run σ σ [i] = suffix of σ starting at the i-th element Network Protocol Design and Evaluation Computer Networks and Telematics 11 Stefan Rührup, Summer 2009 University of Freiburg

  12. LTL Operators (1) ‣ Next X p = Property p is true in the following state Operator Description Definition σ [i] ⊨ X p ⇔ σ i+1 ⊨ p X Next p Network Protocol Design and Evaluation Computer Networks and Telematics 12 Stefan Rührup, Summer 2009 University of Freiburg

  13. LTL Operators (2) ‣ Until p U q = Property p holds until q becomes true. After that p does not have to hold any more. Weak until does not require that q ever becomes true Operator Description Definition σ [i] ⊨ (p W q) ⇔ σ i ⊨ q ∨ ( σ i ⊨ q ∧ σ [i+1] ⊨ (p W q)) W Weak Until U Strong Until σ [i] ⊨ (p U q) ⇔ σ i ⊨ (p W q) ∧ ∃ j, j ≥ i σ j ⊨ q (weak and p p p q strong until) (allowed in p p p weak until) Network Protocol Design and Evaluation Computer Networks and Telematics 13 Stefan Rührup, Summer 2009 University of Freiburg

  14. LTL Operators (3) ‣ Always and Eventually ◻ p = Property p remains invariantly true. ◊ p = Property p becomes eventually true at least once in a run Operator Description Definition σ ⊨ ◻ p ⇔ σ ⊨ (p W false) Always (also called Globally, G) ◻ Eventually (also called Finally, F) ◊ σ ⊨ ◊ p ⇔ σ ⊨ (true U p) (always) p p p p p (eventually) p Network Protocol Design and Evaluation Computer Networks and Telematics 14 Stefan Rührup, Summer 2009 University of Freiburg

  15. LTL Rules Alternative definition of Weak Until p W q ≡ (p U q) ∨ ◻ p LTL Formula Equivalent ¬ ◻ p ◊ ¬p ¬ ◊ p ◻ ¬p ◻ (p ∧ q) ◻ p ∧ ◻ q ◊ (p ∨ q) ◊ p ∨ ◊ q ¬(p U q) ¬q W (¬p ∧ ¬q) p U (q ∨ r) (p U q) ∨ (p U r) (p U q) ∨ r (p U r) ∨ (p U r) ◻ ◊ (p ∨ q) ◻ ◊ p ∨ ◻ ◊ q ◊ ◻ (p ∧ q) ◊ ◻ p ∧ ◊ ◻ q [Holzmann 2003] Network Protocol Design and Evaluation Computer Networks and Telematics 15 Stefan Rührup, Summer 2009 University of Freiburg

  16. Using LTL (1) ‣ A simple property: Every system state in which p is true is eventually followed by a system state in which q is true ‣ Can’t we simply express this by the implication p → q ? ‣ No, p → q has no temporal operators. It is simply (!p ∨ q ) and applies as a propositional claim to the first system state. Network Protocol Design and Evaluation Computer Networks and Telematics 16 Stefan Rührup, Summer 2009 University of Freiburg

  17. Using LTL (2) ‣ We can apply this claim to all states by using the always operator: ◻ ( p → q) ‣ There is still the temporal implication missing: “q is eventually reached”: ◻ ( p → ◊ q) Network Protocol Design and Evaluation Computer Networks and Telematics 17 Stefan Rührup, Summer 2009 University of Freiburg

  18. Standard Correctness Properties LTL Formula English Type ◻ p always p Invariance ◊ p eventually p Guarantee p → ◊ q p implies eventually q Response p → q U r p implies q until r Precedence ◻ ◊ p always eventually p Recurrence (progress) ◊ ◻ p eventually always p Stability (non-progress) ◊ p → ◊ q eventually p implies eventually q Correlation [Holzmann 2003] Network Protocol Design and Evaluation Computer Networks and Telematics 18 Stefan Rührup, Summer 2009 University of Freiburg

  19. LTL in SPIN ‣ Spin accepts ... • propositional symbols, including true and false • temporal operators always ( [ ] ), eventually ( <> ), and strong until ( U ) • logical operators and ( && ), or ( || ) and not ( ! ) • Implication ( -> ) and equivalence ( <-> ) ‣ Arithmetic and relational expressions are not supported But they can be replaced by a propositional symbol. Example: #define q (seqno <= last + 1) Network Protocol Design and Evaluation Computer Networks and Telematics 19 Stefan Rührup, Summer 2009 University of Freiburg

  20. Using LTL with SPIN ‣ Specify an LTL property ‣ Generate symbols: #define p expression ‣ Generate a never claim: spin -f ‘ LTL formula ’ >> claim.ltl ‣ Validate your model: • Generate the verifier: spin -a model.pml -N claim.ltl • Compile and run the verifier ‣ Recommendation : Use the LTL property manager of XSPIN Network Protocol Design and Evaluation Computer Networks and Telematics 20 Stefan Rührup, Summer 2009 University of Freiburg

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Network Protocol Design and Evaluation 04 - Protocol Specification, Part III Stefan Rhrup

Network Protocol Design and Evaluation 04 - Protocol Specification, Part III Stefan Rhrup

Network Protocol Design and Evaluation 04 - Protocol Specification, Part III Stefan Rhrup University of Freiburg Computer Networks and Telematics Summer 2009 Overview In previous parts of this chapter: Modeling behaviour with

773 views • 74 slides
Network Protocol Design and Evaluation 02 - Design Principles Stefan Rhrup University of

Network Protocol Design and Evaluation 02 - Design Principles Stefan Rhrup University of

Network Protocol Design and Evaluation 02 - Design Principles Stefan Rhrup University of Freiburg Computer Networks and Telematics Summer 2009 In the last lecture... Specification: 5 Elements of a protocol Service

977 views • 58 slides
Network Protocol Design and Evaluation 04 - Protocol Specification, Part II Stefan Rhrup

Network Protocol Design and Evaluation 04 - Protocol Specification, Part II Stefan Rhrup

Network Protocol Design and Evaluation 04 - Protocol Specification, Part II Stefan Rhrup University of Freiburg Computer Networks and Telematics Summer 2009 Overview In Part I of this chapter: Modeling with state machines and

1.8k views • 126 slides
Network Protocol Design and Evaluation 08 - Analytical Evaluation Stefan Rhrup University of

Network Protocol Design and Evaluation 08 - Analytical Evaluation Stefan Rhrup University of

Network Protocol Design and Evaluation 08 - Analytical Evaluation Stefan Rhrup University of Freiburg Computer Networks and Telematics Summer 2009 Overview In the last chapter: Simulation In this part: Analytical

921 views • 44 slides
Network Protocol Design and Evaluation 06 - Design Techniques Stefan Rhrup University of

Network Protocol Design and Evaluation 06 - Design Techniques Stefan Rhrup University of

Network Protocol Design and Evaluation 06 - Design Techniques Stefan Rhrup University of Freiburg Computer Networks and Telematics Summer 2009 Overview In the last lectures: Specification and Verification In this part:

663 views • 63 slides
Network Protocol Design and Evaluation 07 - Simulation, Part I Stefan Rhrup University of

Network Protocol Design and Evaluation 07 - Simulation, Part I Stefan Rhrup University of

Network Protocol Design and Evaluation 07 - Simulation, Part I Stefan Rhrup University of Freiburg Computer Networks and Telematics Summer 2009 Overview In the last chapters: Formal Specification, Validation, Design Techniques

1.22k views • 94 slides
Network Protocol Design and Evaluation 05 - Validation, Part I Stefan Rhrup University of

Network Protocol Design and Evaluation 05 - Validation, Part I Stefan Rhrup University of

Network Protocol Design and Evaluation 05 - Validation, Part I Stefan Rhrup University of Freiburg Computer Networks and Telematics Summer 2009 Overview In the last lectures: Specification of protocols and data/message formats

526 views • 49 slides
Network Protocol Design and Evaluation 05 - Validation, Part II Stefan Rhrup University of

Network Protocol Design and Evaluation 05 - Validation, Part II Stefan Rhrup University of

Network Protocol Design and Evaluation 05 - Validation, Part II Stefan Rhrup University of Freiburg Computer Networks and Telematics Summer 2009 Overview In the first part of this chapter: Promela, a language to describe

692 views • 67 slides
Network Protocol Design and Evaluation 01 - Introduction Stefan Rhrup University of Freiburg

Network Protocol Design and Evaluation 01 - Introduction Stefan Rhrup University of Freiburg

Network Protocol Design and Evaluation 01 - Introduction Stefan Rhrup University of Freiburg Computer Networks and Telematics Summer 2009 Organization Schedule Lecture: Wednesday 9-11 and Friday 11-12 Exercise: Friday

884 views • 39 slides
Network Protocol Design and Evaluation 07 - Simulation, Part II Stefan Rhrup University of

Network Protocol Design and Evaluation 07 - Simulation, Part II Stefan Rhrup University of

Network Protocol Design and Evaluation 07 - Simulation, Part II Stefan Rhrup University of Freiburg Computer Networks and Telematics Summer 2009 Overview In the first part of this chapter: Discrete-event simulation In this

941 views • 59 slides
Design and Evaluation of a new MAC Protocol for Long- Distance 802.11 Mesh Networks by

Design and Evaluation of a new MAC Protocol for Long- Distance 802.11 Mesh Networks by

Design and Evaluation of a new MAC Protocol for Long- Distance 802.11 Mesh Networks by Bhaskaran Raman &amp; Kameswari Chebrolu ACM Mobicom 2005 Reviewed by Anupama Guha Thakurta CS525M - Mobile and Ubiquitous Computing Seminar, Spring

863 views • 41 slides
Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement Petr Velan, Tom

Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement Petr Velan, Tom

Design and Evaluation of HTTP Protocol Parsers for IPFIX Measurement Petr Velan, Tom Jirsk, Pavel eleda {velan|jirsik|celeda}@ics.muni.cz 19th EUNICE Workshop on Advances in Communication Networking 28-30 August 2013, Chemnitz, Germany

726 views • 23 slides
B. Hull et al., Techniques for Mitigating Congestion in Sensor Network , Proceedings of 5.3.

B. Hull et al., Techniques for Mitigating Congestion in Sensor Network , Proceedings of 5.3.

Suggested presentation topics 1. Multicast Routing in Multi-hop Wireless Networks Sang Ho Bae; Sung- Ju Lee; Su, W.; Gerla, M., The design, implementation, and performance 1.1. evaluation of the on-demand multicast routing protocol in multihop

224 views • 3 slides
CS3505/5020 Software Practice II A bit of team player review Network protocol design Quiz

CS3505/5020 Software Practice II A bit of team player review Network protocol design Quiz

CS3505/5020 Software Practice II A bit of team player review Network protocol design Quiz Tuesday CS 3505 L16 - 1 Types Over the Years Contributor Collaborator Communicator Challenger Spring 07 26 18 12 11 Spring 08 27 17 9 10

437 views • 11 slides
Call Semantics Finding Remote Objects Method Call Semantics what does it mean to It

Call Semantics Finding Remote Objects Method Call Semantics what does it mean to It

Network Programming Paradigms Sockets programming: design a protocol CSCE 515: first, then implement clients and servers Computer Network that support the protocol. Programming RMI: Develop an application, then move ------ Remote Method

204 views • 4 slides
CS3505/5020 Software Practice II Review Network Protocol Updates Project #6 Quiz #2 CS 3505

CS3505/5020 Software Practice II Review Network Protocol Updates Project #6 Quiz #2 CS 3505

CS3505/5020 Software Practice II Review Network Protocol Updates Project #6 Quiz #2 CS 3505 L17 - 1 Blue network design Most problems fixed Frame number added to most packets OWD calculations and latency adjustments refined

586 views • 12 slides
SPIN Beginners Tutorial Grenoble, France Thursday 11-Apr-2002 Theo C. Ruys University of

SPIN Beginners Tutorial Grenoble, France Thursday 11-Apr-2002 Theo C. Ruys University of

Theo C. Ruys - SPIN Beginners' Tutorial version: Friday, 13 September 2002 SPIN 2002 Workshop SPIN Beginners Tutorial Grenoble, France Thursday 11-Apr-2002 Theo C. Ruys University of Twente Formal Methods &amp; Tools group

540 views • 50 slides
Interaktionsdesign Interaktionsdesign E2008 Lektion 5 Lektion 5 Lringsml Lringsml

Interaktionsdesign Interaktionsdesign E2008 Lektion 5 Lektion 5 Lringsml Lringsml

Interaktionsdesign Interaktionsdesign E2008 Lektion 5 Lektion 5 Lringsml Lringsml At forst den historiske baggrund for aktuelle digitale interaktionsparadigmer Dourish (kap 1) Weiser At kende til de vsentligste

1.77k views • 118 slides
ubiquitous computing and augmented realities virtual and augmented reality m aking the

ubiquitous computing and augmented realities virtual and augmented reality m aking the

ubiquitous computing and augmented realities chapter 20 ubiquitous computing filling the real world with com puters ubiquitous computing and augmented realities virtual and augmented reality m aking the real world in a

407 views • 7 slides
How to Talk Science with Just About Anyone Andre Salles and Brian Nord Users Meeting June 21,

How to Talk Science with Just About Anyone Andre Salles and Brian Nord Users Meeting June 21,

How to Talk Science with Just About Anyone Andre Salles and Brian Nord Users Meeting June 21, 2018 Hello! 2 6/22/2018 Salles/Nord | How to Talk Science With Just About Anyone What were going to cover The basics of connecting with a

492 views • 47 slides
Medical Privacy and Business Process Design John C Mitchell Stanford Motivating examples

Medical Privacy and Business Process Design John C Mitchell Stanford Motivating examples

Stanford Computer Forum March 17, 2008 Medical Privacy and Business Process Design John C Mitchell Stanford Motivating examples Vanderbilt Hospital Patient Portal Messaging system that route requests, responses Workflow: patient

389 views • 37 slides
My involvement in the Spin and Parity Programs at JLab, and beyond Xiaochao Zheng October 1,

My involvement in the Spin and Parity Programs at JLab, and beyond Xiaochao Zheng October 1,

My involvement in the Spin and Parity Programs at JLab, and beyond Xiaochao Zheng October 1, 2010 Introduction nucleon structure and electron scattering Three types of Deep Inelastic Scattering (DIS) and some completed/future experiments

477 views • 35 slides
H ow the Quantum Doctor Treats the Collapse (Of the Wave Function) R. Rosenfelder (PSI) July 26,

H ow the Quantum Doctor Treats the Collapse (Of the Wave Function) R. Rosenfelder (PSI) July 26,

H ow the Quantum Doctor Treats the Collapse (Of the Wave Function) R. Rosenfelder (PSI) July 26, 2007 Following H. Nikolics talk in the Colloquium of April 12, 2007 on the Bohmian interpretation of QM we had a lot of (informal) discussions

262 views • 24 slides
Review Suppose a doctor can work in several hospitals and receives a salary from each one.

Review Suppose a doctor can work in several hospitals and receives a salary from each one.

Review Suppose a doctor can work in several hospitals and receives a salary from each one. Moreover, suppose each doctor has a primary home address and several doctors can have the same primary home address. Is R(doctor hospital salary

687 views • 32 slides

More recommend