Abstract
Abstract
Because potential users have to choose a formal method before they can start using one, research on assessing the applicability of specific formal methods might be as effective in encouraging their use as work on the methods themselves. This comparison of Alloy and Spin is based on a demanding project that exploited the full capabilities of both languages and tools. The study exposed issues not apparent from more superficial studies, and resulted in some unexpected conclusions. The paper provides tentative recommendations for two different classes of network protocol, a research agenda for solidifying the recommendations, and a few general lessons learned about research on selection of formal methods.
- Kes12 Editor’s message: modelingACM SIGCOMM Comput. Commun. Rev.20124233Google Scholar
- Woo09 Woodcock J, Larsen PG, Bicarregui J, Fitzgerald J (2009) Formal methods: practice and experience. ACM Comput. Surv. 41(4)Google Scholar
- Jac06 2012) Software abstractions: logic, language, and analysis2006MassachusettsMIT PressGoogle Scholar
- Hol04 The spin model checker: primer and reference manual2004BostonAddison-WesleyGoogle ScholarDigital Library
- Fra10 Frappier M, Fraiken B, Chossart R, Chane-Yack-Fa R, Ouenzar M (2010) Comparison of model checking tools for information systems. Formal methods and software engineering. Springer, Berlin, LNCS 6447, pp 581–596Google Scholar
- Sto01 Stoica I, Morris R, Karger D, Kaashoek MF, Balakrishnan H (2001) Chord: a scalable peer-to-peer lookup service for internet applications. In: Proceedings of ACM SIGCOMMGoogle Scholar
- Sto03 Chord: a scalable peer-to-peer lookup protocol for internet applicationsIn: IEEE/ACM Transactions on Networking20031111732Google ScholarDigital Library
- SML01 Stoica I, Morris R, Liben-Nowell D, Karger D, Kaashoek MF, Dabek F, Balakrishnan H (2001) Chord: a scalable peer-to-peer lookup service for internet applications. MIT LCS technical report, vol 819. http://www.pdos.lcs.mit.edu/chord/papers/chord-tnGoogle Scholar
- Lib02 Liben-Nowell D, Balakrishnan H, Karger D (2002) Analysis of the evolution of peer-to-peer systems. In: Proceedings of the 21st ACM symposium on principles of distributed computing, pp 233–242Google Scholar
- Zav12 Using lightweight modeling to understand chordACM SIGCOMM Comput. Commun. Rev.2012422505710.1145/2185376.2185383Google ScholarDigital Library
- Eme95 Emerson EA, Namjoshi KS (1995) Reasoning about rings. In: Proceedings of the symposium on principles of programming languages, pp 85–94Google Scholar
- Gri05 Using lightweight modeling to understand chordACM SIGCOMM Comput. Commun. Rev.2012422505710.1145/2185376.2185383Google ScholarDigital Library
- Ary11 Arye M, Harrison R, Wang R, Zave P, Rexford J (2011) Toward a lightweight model of BGP safety. In: Proceedings of the 1st international workshop on rigorous protocol engineeringGoogle Scholar
- Zav08 Zave P (2008) Understanding SIP through model-checking. In: Proceedings of the 2nd international conference on principles, systems and applications of IP telecommunications. Springer, Berlin, LNCS 5310, pp 256–279Google Scholar
- Zav09 Abstractions for programming SIP back-to-back user agents2009systems and applications of IP telecommunicationsIn: Proceedings of the 3rd international conference on principlesGoogle Scholar
- Bis05 Bishop S, Fairbairn M, Norrish M, Sewell P, Smith M, Wansbrough K (2005) Rigorous specification and conformance testing techniques for network protocols, as applied to TCP, UDP and sockets. In: Proceedings of SIGCOMMGoogle Scholar
- Gle11 Glendenning L, Beschastnikh I, Krishnamurthy A, Anderson T (2011) Scalable consistency in scatter. In: Proceedings of the 23rd ACM symposium on operating systems principlesGoogle Scholar
- Fre05 Freedman MJ, Lakshminarayanan K, Rhea S, Stoica I (2005) Non-transitive connectivity and DHTs. In: Proceedings of the 2nd conference on real, large, distributed systems, pp 55–60Google Scholar
- Kil07 Killian C, Anderson JA, Jhala R, Vahdat A (2007) Life, death, and the critical transition: finding liveness bugs in systems code. In: Proceedings of the 4th USENIX symposium on networked system design and implementation, pp 243–256Google Scholar
- Yab09 Yabandeh M, Knežević N, Kostić D, Kuncak V (2009) CrystalBall: predicting and preventing inconsistencies in deployed distributed systems. In: Proceedings of the 6th USENIX symposium on networked systems design and implementationGoogle Scholar
- YAC09 Yabandeh M, Anand A, Canini M, Kostić D: Almost-invariants: from bugs in distributed systems to invariants, EPFL NSL-REPORT- 2009(007), 2009–007 (2009)Google Scholar
Index Terms
- A practical comparison of Alloy and Spin
Recommendations
A LOTOS Specification of the PROWAY Highway Service
The Language for temporal ordering specification (LOTOS) is a formal description technique whose development is under way within ISO, the International Organization for standardization, mainly for application to open systems interconnection (OSI) ...
F-Alloy: a relational model transformation language based on Alloy
Model transformations are one of the core artifacts of a model-driven engineering approach. The relational logic language Alloy has been used in the past to verify properties of model transformations. In this paper we introduce the concept of functional ...
Security protocol specification and verification with AnBx
Designing distributed protocols is complex and requires actions at very different levels: from the design of an interaction flow supporting the desired application-specific guarantees to the selection of the most appropriate network-level protection ...
Comments