网络协议设计中形式结构模型的创建方法研究

形式描述技术在协议设计中的应用是至关重要的和必不可少的,为形式规范确定一个合适的结构又是应用此技术的关键步骤,基于此文中重点研究了基于LOTOS技术的形式结构模型的创建方法。简要介绍了开发网络协议的形式描述技术、网络协议的结构概念、等级抽象和LOTOS描述规范风格。基于LOTOS技术,提出了网络协议开发过程中形式结构模型的创建原则和方法,此方法结合LOTOS语言特征,应用其描述规范风格,融协议结构、逐步改进和等级抽象为一体,简化了所开发协议的验证、测试和实现的复杂性。     

An interpreter for LOTOS,a specification language for distributed systems

LOTOS is an executable specification language for distributed systems currently being standardized within ISO as a tool for the formal specification of open systems interconnection protocols and services. It is based on an extended version of Milner's calculus of communicating systems (CCS) and on ACT ONE abstract data type (ADT) formalism. A brief introduction to LOTOS is given, along with a discussion of LOTOS operational semantics, and of the executability of LOTOS specifications. Further, an account of a prototype LOTOS interpreter is given, which includes an interactive system that allows the user to direct the execution of a specification (for example, for testing purposes). The interpreter was implemented in YACC/LEX, C and Prolog. The following topics are discussed: syntax and static semantics analysis; translation from LOTOS external format to internal representation; evaluation of ADT value expressions and extended CCS behaviour expressions. It is shown that the interpreter can be used in a variety of ways: to recognize whether a given sequence of interactions is allowed by the specification; to generate randomly chosen sequences of interactions; in a user-guided generation mode, etc.     

Executable structural operational semantics in Maude

This paper describes in detail how to bridge the gap between theory and practice when implementing in Maude structural operational semantics described in rewriting logic, where transitions become rewrites and inference rules become conditional rewrite rules with rewrites in the conditions, as made possible by the new features in Maude 2. We validate this technique using it in several case studies: a functional language Fpl (evaluation and computation semantics), an imperative language WhileL (evaluation and computation semantics), Kahn’s functional language Mini-ML (evaluation or natural semantics), Milner’s CCS (with strong and weak transitions), and Full LOTOS (including ACT ONE data type specifications). In addition, on top of CCS we develop an implementation of the Hennessy–Milner modal logic for describing local capabilities of processes, and for LOTOS we build an entire tool where Full LOTOS specifications can be entered and executed (without user knowledge of the underlying implementation of the semantics). We also compare this method based on transitions as rewrites with another one based on transitions as judgements.     

LORETO: a tool for reducing state explosion in verification of LOTOS programs

LOTOS is a formal specification language for concurrent and distributed systems. Basic LOTOS is the version of LOTOS without value‐passing. A widely used approach to the verification of temporal properties is model checking. Often, in this approach the formal specification is translated into a labeled transition system on which formulae expressing properties are checked. A problem with this verification technique is state explosion: concurrent systems are often represented by automata with a prohibitive number of states. In this paper we show how, given a set ρ of actions, it is possible to automatically obtain for a Basic LOTOS program a reduced transition system to which only the arcs labeled by actions in ρ belong. The set ρ of actions plays a fundamental role in conjunction with a temporal logic defined by the authors in a previous paper: selective mu‐calculus. The reduced system with respect to ρ preserves the truth value of all selective mu‐calculus formulae with actions from the set ρ. We act at both syntactic and semantic levels. From a syntactic point of view, we define a set of transformation rules obtaining a smaller program. On the semantic side, we define a non‐standard semantics which dynamically reduces the transition system during generation. We present a tool implementing both the syntactic and the semantic reduction. Copyright © 1999 John Wiley & Sons, Ltd.     

一种用于类测试的改进型EFSM模型

扩展有限状态机(EFSM)中迁移存在前置条件和相应操作,而前置条件和相应操作中变量的相互依赖性导致了EFSM中存在不可达路径,不利于基于EFSM模型的类的测试。通过把UML状态图转换成EFSM模型,提出一种消除EFSM模型不可达路径算法,从而建立一种用于面向对象软件的类测试模型,通过该模型可以应用传统的数据流和控制流分析技术对类进行测试。     

Deriving protocols for services supporting mobile users

A Prolog tool for automated derivation of protocol specifications from service specifications is described. The server for which the protocol is derived may consist of any finite number of protocol entities co-operating over reliable unbounded first-in-first-out channels. Its service is expected to consist of service primitives that read or write unstructured global virtual variables, implicitly receive or compute their current values or delete their local copies. In addition, service primitives may access distributed virtual queues, to which they append elements with desired priority or consume their head elements. Service users are allowed to dynamically select the service-access point through which they interact with the distributed server. The adopted specification language has been inspired by LOTOS.     

Structural models for specifying telephone systems

Two approaches, resource-oriented and constraint-oriented, for structuring telephone systems specifications, are presented. Both approaches express behaviour by collections of communicating processes, using the language LOTOS. However, requirements are distributed differently among processes. Examples are taken from specifications of telephone systems, first basic, and then with features. The features used as examples are call forwarding, originating call screening, and three-way calling. The two structuring methods are compared.     

Use of a formal description technique in the specification of authentication protocols

Formal specification techniques have been employed over the past decade or so by various workers in data communication and computer network systems in order to provide both definitional specifications of protocols and models of protocols for analytic purposes. This paper considers the use of the specification language LOTOS (Language of Temporal Ordering Specification) for specifying some authentication protocols developed in the security field. The language LOTOS recently became an International ISO Standard and the protocols specified form part of the ISO and CCITT Standards. In fact, the CCITT protocol which is considered in this paper, has been used in the LOCATOR (X.400 Secure Mail) project within HPLabs. We first give a brief introduction to LOTOS and then specify two security protocols from ISO/DP 9798 and CCITT X.509 Standards. We feel that a formal specification of protocols is a useful and a necessary step towards understandability, analysis and implementation of the protocols. Further, we feel that LOTOS possesses the necessary features required for specifying such protocols.     

一种基于形式化规约生成软件体系结构模型的方法

使用LOTOS描述实时系统需求规约,通过建立LOTOS规约到UML-RT模型的模型转换,提出一种基于形式化规约生成软件体系结构模型的方法。最后,通过一个实例来说明如何将该方法应用于实时软件建模。利用这种方法建立的UML-RT模型,能够从整体上提高实时系统软件体系结构设计的可信性。     

基于LOTOS形式规范的目标实现

LOTOS形式规范的目标实现是协议设计中必不可少的阶段之一。该文对基于LOTOS的形式描述规范的实现方法进行了研究,包括目标实现环境的特点、实现中的空白因素、抽象模型到实现模型的转换、规范的最终目标实现,并对如何将LOTOS规范转换为C、C 语言实现进行了探讨。     

A framework for compositional nonblocking verification of extended finite-state machines

This paper presents a framework for compositional nonblocking verification of discrete event systems modelled as extended finite-state machines (EFSM). Previous results are improved to consider general conflict-equivalence based abstractions of EFSMs communicating both via shared variables and events. Performance issues resulting from the conversion of EFSM systems to finite-state machine systems are avoided by operating directly on EFSMs, deferring the unfolding of variables into state machines as long as possible. Several additional methods to abstract EFSMs and remove events are also presented. The proposed algorithm has been implemented in the discrete event systems tool Supremica, and the paper presents experimental results for several large EFSM models that can be verified faster than by previously used methods.     

Development of verification and conformance testing tools for a railway signaling communication protocol

Verification and conformance testing for protocol specification, the key part of the protocol development process, are complementary technologies employed to increase confidence that a system will function as stated in its specifications. In this paper, we verify the safety and liveness of the protocol specified for the Labeled Transition System (LTS) by using a model-checking method and implementing the testing tool, which experimentally demonstrates the presence of deadlock and reachability from the initial state to a random state. Implementing the testing tool can use modal mu-calculus to assess whether protocol model properties, presented by modal logic, meet protocol specifications. In addition, we propose a conformance testing tool to check correct implementation of sequences that have been derived by the UIO method from the specification of the protocol being verified. This generating tool uses the C++ language in the Microsoft Windows NT environment.     

Using binary decision diagrams for representation and analysis of communication protocols

A symbolic representation of a state/transition system based on binary decision diagrams (BDDs) is generally more compact than an explicit representation like a state/transition table. This is due to regular and repetitive patterns occurring in state/transition systems. By exploiting this property, huge state spaces can be represented, and the resulting BDDs can be profitably used for activities such as symbolic model checking and sequential circuit synthesis. This paper shows how such techniques can be applied to communication protocols by presenting a systematic method to build BDD representations from protocol specifications expressed in the ISO standard protocol specification language LOTOS. The method exploits the compositionality of the process algebra of LOTOS to avoid the enumeration of all the states and transitions, takes also data into account, enables building the BDDs in the more convenient disjunctive partitioned form, and can handle any LOTOS specification characterized by a finite LTS. The method consists in partitioning the set of process definitions according to their mutual recursion relationships, building an LTS for each set of mutually recursive process definitions, encoding these LTSs as BDDs which in turn are combined together, according to the process algebraic operators, to obtain the overall BDD representation. An example is used throughout the paper to illustrate the method.     

From a B formal specification to an executable code: application to the relational database domain

This paper presents a formal approach for the development of trustworthy database applications. This approach consists of three complementary steps. Designers start by modeling applications using UML diagrams dedicated to database applications domain. These diagrams are then automatically translated into B specifications suitable not only for reasoning about data integrity checking but also for the derivation of trustworthy implementations. In this paper, we present a process based on the B refinement technique for the derivation of a SQL relational implementation, embedded in the JAVA language (JAVA/SQL), from a B specification obtained by the first translation phase.     

A tool supporting efficient model checking of concurrent specifications

We show a tool supporting efficient model checking of LOTOS programs. LOTOS is a well-known specification language for concurrent and distributed systems. The main functionality of the tool is the syntactic reduction of a program with respect to a logic formula expressing a property to be checked. The method is useful to reduce the state-explosion problem in model checking. The tool is integrated with the Concurrency Workbench of North Carolina. The tool also supports a windows user interface.     

基于翻译模式的BPEL到LOTOS映射方法研究

为了实现由BPEL描述的Web服务组合到LOTOS的自动化转换, 提出一种基于翻译模式的转换算法。从BPEL语言的XML schema定义出发, 分析BPEL本身的语言结构, 得到BPEL语言的产生式。再根据BPEL到LOTOS的语义映射规则, 设计BPEL到LOTOS的翻译模式。同时, 在基本映射规则之上, 给出BPEL到LOTOS的数据类型和故障处理机制的转换规则。最后结合Web服务实例, 验证该工具的可行性。