INTRODUCTION

The Amoeba Distributed Operating System uses a Transaction Protocol for the communication between different processes running under the supervision of the Operating System. A transaction is a basic form of information exchange between two processes, consisting of a request followed by a reply. Contrary to a Connection Oriented Protocol a Transaction Protocol does not establish a permanent (logical) connection between two communicating processes. For each transaction a connection is built up. As soon as the transaction is finished the connection is broken. The choice of a Transaction Protocol in favour of a Connection Oriented Protocol is based on the observation that in a distributed operating system most communications within a network do not imply massive data transport during a long time. As a result the overhead costs of building up and maintaining a permanent connection between two processes will be (too) high.

In the Amoeba Operating System transactions take place between a Client process and a Server process. A Client process sends a request to the network. This request can be answered by a Server process with a reply. In order to increase the performance and the fault tolerance of the operating system several Server processes may provide the same service. When a specific Server crashes or is temporarily busy another one can take over its task.

As in all communication protocols, acknowledgements are needed for reliable communications. In the Amoeba Transaction Protocol, abbreviated to ATP in the sequel, an acknowledgement message from Client to Server is used to report the reception of a reply. The reply itself serves as an acknowledgement of the reception of a request.

AIM AND SCOPE

An important reason why formal description techniques are not appreciated as widely as wished by the developers of such techniques, is that people who actually design and implement software have relatively little knowledge of formal methods. The acceptance of formal techniques not only depends on the existence of techniques that are easy to understand and easy to use, but also on the training of potential users. This implies that there is a need for text books and case-studies. We think that a collection of formal specifications in a restricted area of application may help to get a better understanding of the use of formal techniques. Although the method we use is well suited for formal verification, we concentrate on the act of specification. A first requirement for a formal correctness proof is a formal specification.

We restrict ourselves in this book to a collection of specifications concerning one application area, the field of communication protocols. Although this seems to be an area with a relatively high acceptance of formal techniques, most of the protocols that are actually in use are specified in natural language, if ever specified otherwise than by the actual implementation. Even well-known and accepted standards, such as the token ring protocol, do not have a rigorous formal definition. Informal specifications in this area may lead to misinterpretations and, thus, to different implementations that will not be able to work together. Formal techniques are especially needed for communication protocol design, since these protocols describe distributed systems which have a high degree of non-determinism.

INTRODUCTION

Sliding Window Protocols are used to provide reliable data communication between two computers in a network environment. A Sliding Window Protocol is connection oriented: a logical connection between the computers is established before data are transferred. Establishing a connection is not part of a Sliding Window Protocol. The connection is supposed to be a point-to-point connection without an intermediate network station. Sliding Window Protocols are situated in the Data Link Layer of the ISO OSI layer model.

In Tanenbaum ([Tan89]) three Sliding Window Protocols are presented. In this chapter a formal specification of these protocols is given. In the remainder of this section we give a general and informal description of a Sliding Window Protocol. In sections 4.2 to 4.4 the different Sliding Window Protocols are introduced and specified in PSF. The communication between Host processes and a Sliding Window Protocol is specified in section 4.5.

GENERAL DESCRIPTION OF A SLIDING WINDOW PROTOCOL

A Sliding Window Protocol (SWP) manages the communication on a point-to-point connection between two computers in a network at the Data Link Layer level in the OSI terminology. A SWP is a full-duplex protocol. This means that data can be transmitted simultaneously from station <I>A to station <I>B and vice versa. On both sides a SWP process is active, taking care of correct transmission. A SWP process contains a sending and a receiving part, managing outgoing and incoming data respectively. As we shall see in the sequel, these parts are not fully separated.

The specifications in this book are the result of a number of case studies performed by researchers from the Programming Research Group at the University of Amsterdam. The primary goal was to study the use of the techniques developed by the Programming Research Group for the specification of real-life protocols. From the pool of available case studies we made a selection that focuses on communication protocols, which we present in an order well suited for use in education. We hope that this book provides a first step towards a methodology for the design of communication protocols using PSF.

The following people have contributed to this book: Jacob Brunekreef, Henrik Jacobsson, Sjouke Mauw, Gert Veltink and Jos van Wamel.

Other people have helped in initiating and creating this book. The editors would like to express their gratitude for their help in various ways to Jan Bergstra, Jacob Brunekreef, Bob Diertens, Casper Dik, Hans Kamps, Hans Mulder and Jos van Wamel.

INTRODUCTION

In this chapter we will focus on the specification language used throughout this book: PSF (Process Specification Formalism). We will discuss the mathematical origins of PSF as well as its syntax and semantics. The language itself will be clarified by using a running example, which gets more complicated as new language features are introduced. Apart from giving specifications in PSF we will also describe the implementations that make up the so-called PSF-Toolkit, such as the term rewriting system and the simulator.

The PSF-Toolkit also embodies a collection of frequently used specifications in the form of the PSF standard library. In this chapter we will explain which modules are part of the library and how they can be used. A full listing of the relevant modules from the PSF standard library can be found in Appendix A.

ACP

Before we turn our attention to PSF, we will give some information on ACP (Algebra of Communicating Processes). ACP is the theoretical foundation for the process part of PSF, and deserves some explanation as such.

The development of ACP was started in 1982 by J.A. Bergstra and J.W. Klop, at the Centre for Mathematics and Computer Science in Amsterdam. Compared with other concurrency theories like CCS, CSP and Petri Nets, ACP is most closely allied to CCS. The main difference between ACP and the other approaches is the way in which the semantics is treated.

Most formalisms, like CCS, CSP and Petri Nets are based on one specific model of concurrency. ACP, however, is a theory based on algebraic methods. The theory is defined by a set of axioms.

INTRODUCTION

In this chapter specifications of three simple protocols are given in the formalism of PSF. The main goal is to make the reader familiar with the way the formal description technique PSF can be used for the specification of communication protocols. For this reason we specify protocols which are, in technical terms, not hard to understand.

The communication protocols specified in this chapter are the Alternating Bit Protocol (ABP), the Positive Acknowledgement with Retransmission Protocol (PAR-Protocol), and the Concurrent Alternating Bit Protocol (CABP), which is a more complicated version of the ABP.

The three protocols have in common that they follow a simplex scheme, which means that there is only one sender and one receiver and that the data flows in one direction. Moreover, the protocols handle just one data element at a time. These two restrictions make the protocols behave externally as one-element buffers.

The simple protocols considered have an interesting history in the theories of concurrency. Many different specifications and verifications can be found in the literature. Our specifications of the simple protocols are based on existing specifications in ACP that were made for mathematical analysis.

The ABP as specified in this chapter has been verified algebraically in the formalism of ACP. The PAR-Protocol has also been specified and verified by means of ACP but a special operator was needed to specify some restrictions on the communication between the timer process and the sender process: the priority operator. We present a version without priorities which is very similar to this specification. This is because priorities cannot be specified in PSF.

Basics of complexity

The basic notions of computational complexity are now familiar concepts in most branches of mathematics. One of the main purposes of the theory is to separate tractable problems from the apparently intractable. Deciding whether or not P = NP is a fundamental problem in theoretical computer science. We will give a brief informal review of the main concepts.

We regard a computational problem as a function, mapping inputs to solutions, (graphs to the number of their 3-vertex colourings for example). A function is polynomial time computable if there exists an algorithm which computes the function in a length of time (number of steps) bounded by a polynomial in the size of the problem instance. The class of such functions we denote by FP. If A and B are two problems we say that A is polynomial time Taring reducible to B, written A ∞ B, if it is possible with the aid of a subroutine for problem B to solve A in polynomial time, in other words the number of steps needed to solve A (apart from calls to the subroutine for B) is polynomially bounded.

The difference between the widely used P and the class FP is that, strictly speaking, both P and NP refer to decision problems.

A typical member of NP is the following classical problem known as SATISFIABILITY, and often abbreviated to SAT.

These lecture notes axe based on a series of lectures which I gave at the Advanced Research Institute of Discrete Applied Mathematics (ARIDAM VI) in June 1991.

The lectures were addressed to an audience of discrete mathematicians and computer scientists. I have tried to make the material understandable to both groups; the result is that there are introductions to topics such as the complexity of enumeration, knots, the Whitney/Tutte polynomials and various models of statistical physics.

The main thrust throughout is towards algorithms, applications and the interrelationship among seemingly diverse problem areas. In many cases I have only given sketches of the main ideas rather than full proofs. However, I have tried to give detailed references. I have assumed some familiarity with the basic concepts of computational complexity and combinatorics, but I have aimed to define anything nonstandard when it is first encountered. My notation in both cases corresponds to standard usage, such as Garey and Johnson (1979) and Bollobás (1979).

Since the lectures I have rewritten the notes to incorporate some of the new developments but the basic material is the essence of what was presented. Much of the work was done when I held a John von Neumann Professorship at the University of Bonn. I am very grateful for the opportunity this offered, and to my friends at the Forschungsinstitut für Diskrete Mathematik, where the facilities and atmosphere make it such a stimulating place to visit.