PROTOCOL VERIFICATION

1

• PROTOCOL VERIFICATION
• PROTOCOL VALIDATION

2

Protocol Verification

• Communication Protocols should be checked for
  correctness , robustness and performance,
  interoperability etc.
• These methods reduce the complexity in
  eliminating ambiguity and preparing more
  structured protocols.
• Programs that implement protocols must cope with
  asynchronous computing programs, hence exhibit
  extremely complicated behaviour.
• Protocol verification, verifies correctness of
  liveness and safety property of a given protocol
  specification.

3
Properties of Verification
Need to check for correctness of Safety and
Liveness Property
4
Safety Properties

• BAD THINGS WILL NOT HAPPEN
• Non-violation of assertions (operation that take
  place in a protocol)
• Invariants(Constant parameters used in a
  protocol)
• Example Safety property of ABP
• Sender ensures that data with correct seq.no. is
  sent to the receiver even though the data is lost
  in channel.
• Receiver ensures that an ack. Is sent to the
  sender even if the sent ack is lost in channel.
• Receiver never delivers two odd packets.

5
Liveness Properties

• GOOD THINGS WILL HAPPEN
• Termination of protocol
• Recurrent property (for non terminating protocol)
• Liveness Properties of ABP are
• The protocol terminates correctly. All the
  seq.msg, with seq no. 0 and 1 have been
  transmitted and received by the receiver process.

6
The Alternating Bit Protocol as CFSMs

• The Alternating Bit Protocol is used to guarantee
  the correct data delivery between a sender and
  receiver connected by an error channel that loses
  or corrupts messages.
• It got the name since it uses only one additional
  control bit in the message and this control bit
  only alternates when the previous message is
  correctly received.....

7
FSM in Protocol Verification
8
Verification of ABP
The protocol entities are considered to have the
following states and transitions sender it has
two states 0 (transmitting frame with sequence
number 0) and 1 (transmitting frame with
sequence number 1) receiver it has two
states 0 (expecting frame with sequence number 0)
and 1 (expecting frame with sequence number 1)
channel it has four states, 0 (channel
contains frame with sequence number 0). 1
(channel contains frame with sequence number 1),
A (channel contains an acknowledgement from the
receiver), and empty '-' state (channel does not
have any data).
9
Alternating bit protocol
10
(No Transcript)
11
Proof of liveness properties
Even under condition of frame and ack. Loss and
the protocol returns to its terminator
state. Terminator state is a state of a system
whose occurrence means all the specified messages
have been transmitted and received correctly.
12
Normal Operation of protocol

• Transitions are repeated in order over and again.
• In each cycle two packets are delivered to bring
  the sender back to initial state of trying to
  send a new frame with seq no.0,
• Proof of Safety properties
• Handling of lost frames, transition of states are
  done. Eventually the sender times out and system
  moves to initial state.
• Handling of an ack. Transition are states are
  done to repair the damage caused.

13
Protocol Validation
Definition Protocol validation is a method of
checking whether the interactions of protocol
entities or according to the protocol
specification. satisfy certain properties or
conditions which may be either general or
specific to the particular protocol system
directly derived from the specifications. Validati
on sometimes refers to check the protocol
specification such that it will not get into
protocol design errors like deadlock, unspecified
receptions, and livelock errors.
14
Protocol Design Errors

• State deadlocks
• Unspecified receptions
• Non-executable interactions
• State ambiguity of a protocol
• Unboundedness of a protocol
• Lack of adaptation in a protocol
• Livelocks

15
Protocol Design Errors

• Non-executable interaction This is design error,
  if occurs, which may lead to unreachable or
  unexecutable code in the protocol.
• Unspecified reception An incomplete
  specification of protocol . It causes unspecified
  reception during its execution.
• Unboundedness of protocol Design error causes
  overflowing of known system limits such as
  limited capacity of message queues.

16

• State Ambiguity This is transient error which
  arbitrarily changes the protocol states.
• Lack of adaptation Leads the protocol for huge
  loss of data, heavy buffer space requirement,
  high BW requirements, etc.,
• State Deadlock No further protocol execution is
  possible. Eg. All process are waiting for
  conditions that can never be fulfilled.
• Livelocks The protocol execution sequences that
  can be repeated indefinitely often without ever
  making effective progress.

17
(No Transcript)
18
(No Transcript)
19
(No Transcript)
20
(No Transcript)
21
(No Transcript)
22
(No Transcript)
23
(No Transcript)
24
(No Transcript)
25
(No Transcript)
26
(No Transcript)
27
(No Transcript)
28
Reachability Analysis

• Starting from initial global state, where
  channels are empty and machines at their initial
  state, explore all possible reachable state by
  firing the possible transitions (and generating
  global states) from any given reachable state.
• All deadlock and unspecified reception errors
  will be captured/marked as individual global
  state.
• By examining the number of msgs in the channels
  we can design the buffer size for the protocol.
• Can detect non-executable states and transitions
  by marking those state are touched and transition
  that are fired during the reachability analysis.

29
Reability analysis
30
Reachability Analysis Exercise

• Perform the reachability analysis on the Network
  (M, N).
• What sizes of buffers are needed for the two FIFO
  channels?
• Are there non-executable states or transitions?

31
Solution

• One unspecified reception.
• Both channels needbuffer size of 2.(see gs8 and
  gs9)
• No non-executablestates and transitions.
• Since both machinessend same typesof msgs. We
  useMachine to specifywhich machine firesthe
  transition.

32
Pros and Cons of Reachability Analysis

• Advantages
• Easily automated.
• Many logical errors can be detected by only
  examining individual global states in the
  reachability graph.
• Disadvantages
• State space explosion problem.(The state
  space of a system can be very large, or even
  infinite. Thus, at the outset, it is impossible
  to explore the entire state space with limited
  resources of time and memory. )
• Does not work on unbounded protocols.
• Many relationships among the protocol state
  variables, expressing the desirable logical
  correctness properties of the protocol, are not
  apparent from simply traversing the reachability
  graph.

33
(No Transcript)
34
(No Transcript)
35
(No Transcript)
36
(No Transcript)