Scribd Logo
Upload

Welcome to Scribd!

  • DSLs For Network Protocols

    Uploaded by

    Edwin Brady
    103 views27 pages
    This document summarizes a presentation on using domain specific languages to model network protocols. It discusses using dependent types to formally specify a simple automatic repeat request (ARQ) transport protocol as a state machine. This allows expressing protocol correctness and implementing state transitions as functions, with the type system ensuring the protocol follows the state machine. An interpreter then executes the formalized protocol operations. The approach aims to prove correctness through construction of the model and implementation as a single unified formal specification.

    Original Description:

    Original Title

    DSLs for Network Protocols

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes a presentation on using domain specific languages to model network protocols. It discusses using dependent types to formally specify a simple automatic repeat request (ARQ) transport protocol as a state machine. This allows expressing protocol correctness and implementing state transitions as functions, with the type system ensuring the protocol follows the state machine. An interpreter then executes the formalized protocol operations. The approach aims to prove correctness through construction of the model and implementation as a single unified formal specification.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    103 views27 pages

    DSLs For Network Protocols

    Uploaded by

    Edwin Brady
    This document summarizes a presentation on using domain specific languages to model network protocols. It discusses using dependent types to formally specify a simple automatic repeat request (ARQ) transport protocol as a state machine. This allows expressing protocol correctness and implementing state transitions as functions, with the type system ensuring the protocol follows the state machine. An interpreter then executes the formalized protocol operations. The approach aims to prove correctness through construction of the model and implementation as a single unified formal specification.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 27

    Domain Specific Languages for

    Network Protocols
    Saleem Bhatti, Edwin Brady,
    Kevin Hammond and James McKinna
    eb@cs.st-andrews.ac.uk

    University of St Andrews
    NGNA 2009, June 22nd 2009

    NGNA 2009, June 22nd 2009 – p.1/20


    Introduction
    Next Generation Network Protocols will encompass a
    wide range of existing requirements, and certain
    applications may also require:

     Rapid prototyping of application protocols


     Strong verification of behaviour and properties

    NGNA 2009, June 22nd 2009 – p.2/20


    Our Methodology

    Edwin + Saleem + = Eureka!

    NGNA 2009, June 22nd 2009 – p.3/20


    Mantra

    “Programs must be written for people to read,


    and only incidentally for machines to execute.”
    — H. Abelson and G.J. Sussman
    (Structure and Interpretation of Computer
    Programs)

    NGNA 2009, June 22nd 2009 – p.4/20


    Domain Specific Languages

    A Domain Specific Language (DSL) is a language


    designed for a particular problem domain.
     Allows a user to focus on the high level of a problem
    domain, rather than the low level details of a general
    purpose language.
     Identify the general properties, requirements and
    operations in the domain.
    We outline the construction of a DSL for a simple
    transport protocol.

    NGNA 2009, June 22nd 2009 – p.5/20


    Protocol Correctness
    Protocol correctness can be verified by model-checking a
    finite-state machine. However:
     There may be a large number of states and
    transitions.
     The model is needed in addition to the
    implementation.

    Model-checking is therefore not self-contained. It can


    verify a protocol, but not its implementation.

    NGNA 2009, June 22nd 2009 – p.6/20


    Protocol Correctness
    In our approach we construct a self-contained
    domain-specific framework in a dependently-typed
    language.
     We can express correctness properties in the
    implementation itself.
     We can express the precise form of data and ensure
    it is validated.
     We aim for Correctness By Construction.

    NGNA 2009, June 22nd 2009 – p.7/20


    ARQ
    Our simple transport protocol:

     Automatic Repeat Request (ARQ)


     Separate sender and receiver
     State
     Session state (status of connection)
     Transmission state (status of transmitted data)

    NGNA 2009, June 22nd 2009 – p.8/20


    Session State

    NGNA 2009, June 22nd 2009 – p.9/20


    Transmission State

    NGNA 2009, June 22nd 2009 – p.10/20


    Session Management

     START — initiate a session


     START_RECV_ACK
    — wait for the receiver to be ready
     END — close a session
     END_RECV_ACK
    — wait for the receiver to close
     TIMEOUT — give up waiting

    NGNA 2009, June 22nd 2009 – p.11/20


    Session Management

     START — initiate a session


     START_RECV_ACK
    — wait for the receiver to be ready
     END — close a session
     END_RECV_ACK
    — wait for the receiver to close
     TIMEOUT — give up waiting

    When are these operations valid? What is their effect on


    the state? How do we apply them correctly?

    NGNA 2009, June 22nd 2009 – p.11/20


    Session Management
    We would like to express contraints on these operations, describing
    when they are valid, e.g.:

    Command Precondition Postcondition


    START CLOSED OPENING
    START_RECV_ACK OPENING OPEN (if ACK received)
    OPENING (if nothing received)
    END OPEN CLOSING
    END_RECV_ACK CLOSING CLOSED (if ACK received)
    CLOSED (if nothing received)
    TIMEOUT Timeout CLOSED

    NGNA 2009, June 22nd 2009 – p.12/20


    Dependent Types

    Allow types to be parameterised by values, giving a more


    precise description of data. e.g.:

    xs : List — A monomorphic list

    NGNA 2009, June 22nd 2009 – p.13/20


    Dependent Types

    Allow types to be parameterised by values, giving a more


    precise description of data. e.g.:

    xs : List — A monomorphic list


    ys : List Int — A list of integers

    NGNA 2009, June 22nd 2009 – p.13/20


    Dependent Types

    Allow types to be parameterised by values, giving a more


    precise description of data. e.g.:

    xs : List — A monomorphic list


    ys : List Int — A list of integers
    zs : List Int 5 — A list of integers, length 5

    NGNA 2009, June 22nd 2009 – p.13/20


    Dependent Types

    Allow types to be parameterised by values, giving a more


    precise description of data. e.g.:

    xs : List — A monomorphic list


    ys : List Int — A list of integers
    zs : List Int 5 — A list of integers, length 5

    So the type of a function can also express a property of


    that function, e.g.:

    append : List a n -> List a m -> List a (n + m)

    NGNA 2009, June 22nd 2009 – p.13/20


    Sessions, Dependently Typed

    How do we express our session state machine?

     Make each transition an operation in a DSL.


     Defining the abstract syntax of the DSL language as
    a dependent type.
     Implement an interpreter for the abstract syntax.

    NGNA 2009, June 22nd 2009 – p.14/20


    Session State, Formally

    State carries the session state, i.e. states in the FSM,


    plus additional data:
    data State = CLOSED
    | OPEN PState -- onne tion state
    | CLOSING Nat -- timeout
    | OPENING Nat -- timeout

    Pstate carries the connection state. An open connection


    is either waiting for an ACK or ready to send the next
    packet.
    data PState = Waiting Seq Nat -- seq. no. and timeout
    | Ready Seq -- seq. no.

    NGNA 2009, June 22nd 2009 – p.15/20


    Sessions, Formally

    ARQLang is a data type defining the abstract syntax of our


    DSL, encoding state transitions in the type:
    data ARQLang : State -> State -> # -> # where
    START : (timeout:Nat) ->
    (ARQLang CLOSED (OPENING timeout) ())
    | START_RECV_ACK
    : (if_ok: ARQLang (OPEN (Ready First)) B Ty) ->
    (if_fail: ARQLang (OPENING timeout) B Ty) ->
    (ARQLang (OPENING timeout) B Ty)
    ...

    NGNA 2009, June 22nd 2009 – p.16/20


    Session Management

    Command Precondition Postcondition


    START CLOSED OPENING
    START_RECV_ACK OPENING OPEN (if ACK received)
    OPENING (if nothing received)
    END OPEN CLOSING
    END_RECV_ACK CLOSING CLOSED (if ACK received)
    CLOSED (if nothing received)
    TIMEOUT Timeout CLOSED

    NGNA 2009, June 22nd 2009 – p.17/20


    Protocol Implementation

    Functions explain each state transition, or composition of


    transitions, in terms of allowed operations, e.g.:
     open : (timeout : Nat) -> ARQLang CLOSED (OPENING timeout) ()

    The types guarantee that the operations are executed in


    an order consistent with the state machine.

    NGNA 2009, June 22nd 2009 – p.18/20


    Protocol Implementation

    Functions explain each state transition, or composition of


    transitions, in terms of allowed operations, e.g.:
     open : (timeout : Nat) -> ARQLang CLOSED (OPENING timeout) ()
     lose : ARQLang (CLOSING y) CLOSED ()

    The types guarantee that the operations are executed in


    an order consistent with the state machine.

    NGNA 2009, June 22nd 2009 – p.18/20


    Protocol Implementation

    Functions explain each state transition, or composition of


    transitions, in terms of allowed operations, e.g.:
     open : (timeout : Nat) -> ARQLang CLOSED (OPENING timeout) ()
     lose : ARQLang (CLOSING y) CLOSED ()
     session : ARQLang CLOSED CLOSED ()

    The types guarantee that the operations are executed in


    an order consistent with the state machine.

    NGNA 2009, June 22nd 2009 – p.18/20


    Protocol Implementation

    Functions explain each state transition, or composition of


    transitions, in terms of allowed operations, e.g.:
     open : (timeout : Nat) -> ARQLang CLOSED (OPENING timeout) ()
     lose : ARQLang (CLOSING y) CLOSED ()
     session : ARQLang CLOSED CLOSED ()
     session' : ARQLang (OPEN (Ready First)) (OPEN (Ready n)) ->
    ARQLang CLOSED CLOSED ()

    The types guarantee that the operations are executed in


    an order consistent with the state machine.

    NGNA 2009, June 22nd 2009 – p.18/20


    Protocol Implementation

    Finally, we define an interpreter which executes these


    operations, parameterised by the host name and port
    number of the receiver.
     interp : (host : String) -> (port : Int) ->
    ARQLang x y t -> IO t
     The protocol designer defines everything in terms of
    ARQLang.
     Only interp executes any low level operations (e.g.
    physical layer).

    NGNA 2009, June 22nd 2009 – p.19/20


    Conclusions and Future Work
     Built a simple transport protocol with ARQ as proof
    of concept.
     The model and proof of correctness together are the
    implementation.
     We have now begun a project to develop our ideas
    further. We are particularly interested in
     Adaptivity
     Uncertainty
     Immediate goals: larger scale implementation,
    interoperability with C/Java implementations,
    efficiency.

    NGNA 2009, June 22nd 2009 – p.20/20

    You might also like