A Formal Treatment of an Abstract Channel Implementation Using Java Sockets and TCP

1
A Formal Treatment of anAbstract Channel
ImplementationUsing Java Sockets and TCP

• Chryssis Georgiou, University of Cyprus
• Peter Musial, VeroModo, Inc.
• Alexander Shvartsman, University of Connecticut
• Elaine Sonderegger, University of Connecticut

2
Motivation

• Abstract models and specifications of distributed
  systems allow formal reasoning about their safety
  properties
• Mapping the functionality of abstract
  specifications to executable code for target
  distributed platforms is a challenging and
  error-prone process
• Formal specifications and faithful
  implementations of asynchronous communication
  channels are particularly challenging

3
Related Work

• Traditional communication channel models
• Fixed, pre-initialized channels
• Examples
• Reliable FIFO channel
• Lossy reordering channel
• Josh Taubers IOA compiler used Java/MPI to
  implement pre-initialized channels

4
Our Work

• First formal specification of an asynchronous
  communication channel with
• Explicit initialization
• Dynamic interconnections with graceful comings
  and goings
• Implementation of the specification using Javas
  interface to TCP sockets
• Proof by forward simulation that the
  implementation preserves the safety properties of
  the specification

5
Initialization
Receiver
Sender
receiverListening
senderOpen
respReceiverListening
send
receive
send
send
receive
6
Sender Closing
emptying
closed
Receiver
Sender
senderClose
receive
receive
senderClosing
receive
7
Receiver Closing
closed
Receiver
Sender
receiverClose
Bit Bucket
8
Abstract Channel

• Input/Output Automata formalism
• Transitions (where m is a message, i j are
  nodes)
• input send (m, i, j)
• output receive (m, i, j)
• input receiverListening (j)
• input receiverStopListening (j)
• input senderOpen (i, j)
• output respReceiverListening (i, j)
• input senderClose (i, j)
• internal senderClosing (i, j)
• input receiverClose (i, j)
• internal lose (m)

9
Implementation

• Distributed Abstract Channel functionality among
  nodes
• Developed a Composite Channel with three types of
  component automata
• JVM-TCP Channel
• Sender Mediator
• Receiver Mediator
• Based on Josh Taubers IOA compiler for a
  Java/MPI interface

10
Node Automaton
Node i
TCP Sockets
Send Mediator
JVM- TCP Channel
Application Automaton
TCP Sockets
Receive Mediator
11
Main Result

• Theorem Composite Channel implements Abstract
  Channel
• The set of traces of Composite Channel is a
  subset of the set of traces of Abstract Channel
• Proved using forward simulation
• Established a simulation relation mapping the
  states of Composite Channel to the states of
  Abstract Channel
• Showed the mapping holds for the initial states
  of each automaton and is maintained by every
  transition of Composite Channel

12
Summary

• First formal specification and implementation of
  an abstract asynchronous communication channel
  with explicit support for dynamic creation and
  teardown of communication links
• Provides a building block for modeling dynamic
  distributed applications and systems
• Serves as an aid to automated code generation
• Future Work (supported by an NSF grant)
• Bi-directional channels
• Multiple concurrent channels between node pairs

13
Thank You