130 likes | 139 Views
Chryssis Georgiou, University of Cyprus Peter Musial, VeroModo, Inc. Alexander Shvartsman, University of Connecticut Elaine Sonderegger , University of Connecticut. A Formal Treatment of an Abstract Channel Implementation Using Java Sockets and TCP. Motivation.
E N D
Chryssis Georgiou, University of Cyprus Peter Musial, VeroModo, Inc. Alexander Shvartsman, University of Connecticut Elaine Sonderegger, University of Connecticut A Formal Treatment of anAbstract Channel ImplementationUsing Java Sockets and TCP
Motivation • Abstract models and specifications of distributed systems allow formal reasoning about their safety properties • Mapping the functionality of abstract specifications to executable code for target distributed platforms is a challenging and error-prone process • Formal specifications and faithful implementations of asynchronous communication channels are particularly challenging
Related Work • Traditional communication channel models • Fixed, pre-initialized channels • Examples • Reliable FIFO channel • Lossy reordering channel • Josh Tauber’s IOA compiler used Java/MPI to implement pre-initialized channels
Our Work • First formal specification of an asynchronous communication channel with: • Explicit initialization • Dynamic interconnections with graceful comings and goings • Implementation of the specification using Java’s interface to TCP sockets • Proof by forward simulation that the implementation preserves the safety properties of the specification
Initialization Sender Receiver senderOpen receiverListening send respReceiverListening send receive send receive
Sender Closing emptying closed Sender Receiver senderClose receive senderClosing receive receive
Receiver Closing closed Sender Receiver receiverClose Bit Bucket
Abstract Channel • Input/Output Automata formalism • Transitions (where m is a message, i & j are nodes) • input send (m, i, j) • output receive (m, i, j) • input receiverListening (j) • input receiverStopListening (j) • input senderOpen (i, j) • output respReceiverListening (i, j) • input senderClose (i, j) • internal senderClosing (i, j) • input receiverClose (i, j) • internal lose (m)
Implementation • Distributed Abstract Channel functionality among nodes • Developed a Composite Channel with three types of component automata • JVM-TCP Channel • Sender Mediator • Receiver Mediator • Based on Josh Tauber’s IOA compiler for a Java/MPI interface
Node Automaton Node i TCP Sockets Send Mediator JVM- TCP Channel Application Automaton TCP Sockets Receive Mediator
Main Result • Theorem: Composite Channel implements Abstract Channel The set of traces of Composite Channel is a subset of the set of traces of Abstract Channel • Proved using forward simulation • Established a simulation relation mapping the states of Composite Channel to the states of Abstract Channel • Showed the mapping holds for the initial states of each automaton and is maintained by every transition of Composite Channel
Summary • First formal specification and implementation of an abstract asynchronous communication channel with explicit support for dynamic creation and teardown of communication links • Provides a building block for modeling dynamic distributed applications and systems • Serves as an aid to automated code generation • Future Work (supported by an NSF grant) • Bi-directional channels • Multiple concurrent channels between node pairs