1 Formal Automated Transformation of SDL Specifications to Estelle Specifications Hazem El-Gendy, Ph. D., P. Eng.
Dr. Nabil El Kadhi
Ministry of Endowments of Egypt, Cairo, Egypt Prof. Comp. Science, EpiTech Voice Tel. & Fax: +20 2 23936088, 14/16 Rue Voltaire 94270 Kremelin Bicetre, France e-mail:
[email protected] email:
[email protected]
Keywords:
Formal Description Techniques, SDL, Estelle, Computer/Communications
Protocols, Specification, Distributed Real Time Systems, Formal Methods, Common Semantic Model, Verification, Testing.
Abstract:
In this paper, a formal method for automated transformation of an SDL
specification into a corresponding Estelle specification is presented. applicable
The method is
to various SDL specifications and to various communications protocols for
various ISO (International Standards Organization) OSI (Open Systems Interconnections) layers. This formal automated transformation facilitates immediate indirect applicability of future formal methods for derivation of testing sequences for Estelle specifications to SDL specifications. Firstly, the formal automated transformation method is applied to generate an Estelle version. Then, the Estelle-based derivation method is applied. This facilitates the best coverage of the testing sequences for SDL specifications as the formal test derivation method with the best coverage can be applied. This also facilitates comparison of various test derivation methods in terms of coverage. Nevertheless, it facilitates comparison of protocol specifications developed in SDL with those developed in Estelle which facilitates development of Universal International Standards. We develop an algorithm for constructing the Estelle specifications.
2 I. Introduction The number of distributed systems, such as computer and telecommunications protocols and systems, are fast increasing [1-20]. Furthermore, there is increasing demand to significantly reduce the time to go from idea of a protocol to its design and specification to their implementations. This in turn increased the need for rigorous methods for their development life cycle. The development life cycle includes the specification, the design, the verification of the designs, the implementation of the designs, and the testing of the implementations. This motivated the development of formal methods for all of these phases [14]. A formal method has the following advantages over intuitive methods: 1) Less error prone 2) Less time consuming 3) Less costly because it is less time consuming and can be applied by less qualified experts (sometimes can be applied by a software program). 4) Facilitates analysis of the method for correctness, coverage, applicability, and efficiency. This facilitates extensibility of the method. ISO (International Standardization Organization) and IEC (International Electromechanical Committee) have jointly developed the Estelle [1] Formal Description Technique (FDT) for formal specification of computer/telecommunications protocols and distributed systems in general. On the other hand, the Telecommunications Standardization Section of the International Telecommunications Union (TSS/ITU; formely, CCITT) has developed SDL (Specification and Description Language) [21]. SDL is a relatively low level FDT where the concept of a state is explicitly specified. Consequently, implementing SDL specifications is relatively easier and testing these implementations is also relatively easier [14, 17, 19].
3 Furthermore, there is an increasing demand to arrive at truly universal standards. Consequently, a requirement that every computer/telecommunications protocol standard developed be formally specified in both Estelle and SDL. Member countries can develop their own computer/telecommunications products and national standards based on either Estelle or SDL. This raises the major concern that one has to ensure the consistency between these two versions of the computer/telecommunications standard: the Estelle-based version and
the
SDL-based
version.
Nevertheless,
with
large
number
of
ISO/IEC
computer/telecommunications developed and expected to be developed, using intuitive methods to transform an SDL-based standard into its corresponding Estelle-based standard is too time consuming and too expensive [14, 16]. There are some methods for formal automated transformations of Lotos specifications and Estelle or SDL specifications. However, transformation of SDL specifications into Estelle specifications are mainly intuitive [14, 16]. Wu et al [16] developed a formalization of Lotos and Estelle specifications to Extended Transition Systems. The formalization does not apply to all constructs and suffers serious problems [14]. In this paper, we develop a formal method for transformation of any specific SDLspecification into a corresponding Estelle specification. Our method is supported by algorithms that facilitates full automation of the transformation. The rest of this paper is organized as follows. An overview of the method is given in Section II. In Section III, we develop our method for the construction of the Estelle specification. We demonstrate the method by applying it to a real protocol in Section IV. Section V concludes the paper.
II. Overview of the Method and Concepts The method has two phases:
4 -
Map & Determine Estelle transitions:
In this phase, we develop a mapping
from SDL constructs/building blocks to Estelle transitions to determine the number of Estelle transitions to be used in the Estelle-based specification. The main SDL building block is the “outgoing branch from a state” while the corresponding Estelle building block is the “transition”. -
Transform Specification: In this phase, a transformation method is applied to produce the specifications of the Estelle-transitions.
III. Transformation of the SDL Specifications into Estelle Specifications In this Section, we develop two methods for the construction of the Estelle specifications.
III.1 Mapping and Determination of the Estelle-Behavior Processes To determine the Estelle transitions, we have:
Rule I: For every outgoing branch of every SDL state, generate a corresponding Estelle transition.
Also, it is desirable, for purposes of implementation as well as verification and testing, that the given SDL-based specification be a minimal specification meaning that it is constructed using the minimum number of states. States should represent a logical meaning in the protocol and the protocol design should not include multiple different but equivalent states (duplicates of states) [7,8].
5 III.2. Transformation of an SDL Specification into an Estelle Specification In this Section, we develop a formal method to transform a given SDL-based specification into an Estelle-based specification. The method uses Algoithm_Generate_Specification that facilitates full automation.
The
algorithm has two phases. In the first phase, we determined the number of Estelle transitions to be used. Then, the formal descriptions of these transitions are generated in the second phase. Algoithm_Generate_Specification: Phase I
"Generate the Number and Names of the Estelle transitions in the Estelle
Specification": Using Rule I, generate the number of Estelle transitions of the Estelle specification equal to the total number of SDL outgoing branches of all the SDL states, and give each a unique name. Phase II "Generate the Behavior Specifications of the Estelle transitions": For every SDL state s DO 1) For every outgoing outgoing branch represented by tj = = i1 o1 o2 . . .on from state s to state s' Generate the following Estelle transition: WHENi1
t j:
FROM:
s
TO:
s'
OUT(o1 o2 . . .on)
2) If io1 (io means input interaction or output interaction) is preceded by the positive ("Yes") result of a condition c the transition becomes as follows: WHENi1
6 PROVIDED c
t j:
FROM:
s
TO:
s'
OUT(o1 o2 . . .on)
3) If io1 is preceded by the negative ("No") result of a condition c the transition becomes as follows: WHENi1 PROVIDED ¬c
t j:
FROM:
s
TO:
s'
OUT(o1 o2 . . .on)
End Do End Do As the number of SDL states and outgoing branches are finite, the above algorithm is guaranteed to terminate and consequently generate the Estelle specification in finite time. Furthermore, it does not require any human interaction and consequently facilitates full automation. Nevertheless, it does not impose any restrictions on any of the SDL constructs and consequently the applicability of the method is as wide as the applicability of SDL; consequently, it can be applied to various computer/communications protocols.
IV.
Example
In this Section, we demonstrate the method by illustrating the application of the method to a real protocol; an ISO Transport Layer Protocol class 0 for the case of the initiator of establishing a connection.
7 The protocol is as given by the SDL diagram in Figure 1.
Start R tcreq
tcreq
cr
tdind Start
Wait cc
dr tccon
tdind
Data
ndind
tdatr
Start
tdat tdreq
tdind
Data
Data
ndreq
Start Start Figure 1: SDL Specification of TPC0 for the Initiator The given SDL specification has 8 outgoing branches from states.
Consequently, the
corresponding Estelle specification has 8 transitions; this is the result of applying Phase I of the algorithm.
8 Applying Phase II of the algorithm to state "Start", for example, produces the following: applying step 1: WHENtcreq
t1:
FROM
Start
TO
Start
OUT(tdind)
applying step 3: WHENtcreq PROVIDED ¬R
t1:
FROM
Start
TO
Start
OUT(tdind)
Similarly, applying step 1 to the other outgoing branch gives the following: WHENtcreq
t2:
FROM :
Start
TO
Wait
OUT(cr)
Similarly, applying step 2 to the other outgoing branch gives the following: WHENtcreq PROVIDED R
t2:
FROM
Start
TO
Wait
OUT(cr)
9 Applying the algorithm fully to the given SDL specification, one gets the following corresponding Estelle Specification: WHENtcreq PROVIDED ¬R
t1:
FROM
Start
TO
Start
OUT(tdind)
WHENtcreq PROVIDED R
t2:
FROM
Start
TO
Wait
OUT(cr)
WHENcc
t3:
FROM
Wait
TO
Data
OUT(tccon)
WHENdr
t4:
FROM
Wait
TO
Start
OUT(tdind)
WHENndind
10
t5:
FROM
Data
TO
Start
OUT(tdind)
WHENtdatr FROM
Data
TO
Data
t6: WHENtdat FROM
Data
TO
Data
t7:
WHENtdreq
t8:
FROM
Data
TO
Start
OUT(ndreq)
V. Conclusions A formal method for automated transformation of an SDL specification into a corresponding Estelle specification has been presented. The method is supported by an algorithm that facilitates full automation. Consequently, the method is much less error prone than current intuitive methods and saves a lot of time and cost for the transformation. The scope of applicability of the method is as wide as the scope of applicability of the SDL itself. Consequently, the method can be applied to various SDL protocols.
11 Also, methods for the automated derivation of testing sequences to test the implementations of the protocols and that are developed for Estelle and now instantly available to SDL specification. Estelle and SDL currently use different formal methods for specifying data types. Our method focuses only on the specification of the dynamic behavior rather than the transformation of the data types. However, both ISO/IEC Technical Group in charge of the development/evolution of Estelle and TSS/ITU
Technical Group in charge of the
development of SDL are considering adopting the ISO Abstract Syntax Notation 1 (ASN.1) standard for data types. ASN.1 is a very well recognized standard for data types that has been used extensively in the industry. The adoption of ASN.1 will harmonize both Estelle and SDL, as far as data types are considered, and result in no need to develop an automated method to transform data types.
References 1.
ISO/IEC 9074, “Information processing Systems - Open Systems Interconnection -
ESTELLE - Formal Description Technique Based on an Extended State Transition Model”, 1989. 2.
Hazem
El-Gendy,
“A
New
Theory
for
Equivalence
between
Process
Specifications”, Proceedings of the IEEE International Conference on Electronics, Circuits, and Systems, Rodous, Greece, October 16-18, 1996, pp. 1186-1189. Was also accepted for Publications in the Proceedings of the International Conference on Networks sponsored by the International Association of Science and Technology for Development (IASTED), Orlando, Florida, USA, Jan. 8-10, 1996. 3.
Hossein Saiedian, “An Invitation to Formal Methods”, IEEE Computer, April
1996, pp. 16-30.
12 4.
Hazem El-Gendy, and Hoda Baraka, “Transformation of Lotos Specifications to
Estelle-Based Specifications”, Proceedings of the International Symposium on Computers & Communications sponsored by both IEEE Communications Society and IEEE Computer Society, Alexandria, Egypt, July 1-3, 1997, pp. 215-220. 5.
Tommaso Bolognesi, Ferdinando Lucidi, Sebastiano Trigila, “Converging Towards
a Timed Lotos Standard”, Journal of Computer Standards & Interfaces, Vol. 16, 1994, pp. 87-118. 6.
Caglan M. Aras, James F. Kurose, Douglas S. Reeves, and Henning Schulzrinne,
“Real-Time Communication in Packet Switched Networks”, Proceedings of the IEEE, Vol. 82, No. 1, January 1994, Special Issue on Real-Time Systems, pp. 122-139. 7.
Mihaela Sigireanu and Radu Mateescu, “Validation of the Link Layer Protocol of
the IEEE-1394 Serial Bus (“FierWire”): an Experiment with E-Lotos”, INRIA Technical Report No. 3172, 1997. A short version of this report is also available in Ignac Lovrek, editor, Proceedings of COST 247 2 nd International Workshop on Applied Formal Methods in System Design, Zagreb, Croatia, June 1997. 8.
Anton Dahbura and Krishan Sabnani, “Formal Methods for Generating
Protocol Conformance Test Sequences”, Proceedings of the IEEE, Vol. 78, No. 8, Aug. 1990, pp. 1317-1326. 9.
M. Susan Bloor and Jon Owen, “Learning Lessons from Conformance
Testing”, Journal of Computer Standards & Interfaces, Vol. 17, 1995, pp. 231-251. 10. Chih-Yung Chang and Shin-Chih Tu, “Active Route-Maintenance Protocol for Signal-Based Communication Path in ad hoc Networks”, Journal of Network and Computer Applications, Vol. 25, Issue 3, July 2002, Academic Press, pp. 161-177.
13 11. S. Farahvash, K. Akhavan, and M. Kavehrad“ ,Packet Transmission Over a Fixed Wireless Loop Using Adaptive Rate Techniques”, International Journal of Wireless Information Networks, Vol. 9, No. 3, July 2002, pp. 165-178. 12. J. Q. Bao and L. Tong“ ,Protocol-Aided Channel Equalization in Wireless ATM”, IEEE Journal on Selected Areas in Communications, Vol. 18, No. 3, March 2000, pp. 418-435. 13. D. P. A. Greenwood and R. A. Carrasco, “Neural Networks for the Adaptive Control
of
Disruptive
Non-Linear
Network
Traffic”,
IEE
Proceedings
Communications, Vol. 147, No. 5, October 2000, pp. 285-291. 14. Hazem El-Gendy, “Using Formal Methods:
Importance and Experience”,
International Journal on Computing Methods in Science and Engineering,
Published in Greece, 2005. 15. Gregor Bochmann, “Specifications of a Simplified Transport Protocol Using Different Formal Description Techniques”, Technical Report #623, Department D’Informatique, University De Montreal, April 1987. Also in the Journal of Computer Networks and ISDN Systems, Vol. 18, No. 5, 1990, pp. 335-377. 16. Jian-Ping Wu and Samuel T. Chanson, “Translation from Lotos and Estelle Specifications to Extended Transition System and Its Verification”, Proceedings of IFIP Forte 89, Vancouver, B. C., Canada, Dec. 1989. 17. Hazem El-Gendy, Hani El-Sayed, and Abdel-Wahab Fayez, “Transformation of Estelle Specification into Lotos Specifications”, Proceedings of the 13th International Conference on Computers and Their Applications Sponsored by the International Society for Computer and Their Applications, Honolulu, Hawaii, USA, March 25-27, 1998, pp. 82-84. 18. Hazem El-Gendy, “Formal Method for Automated Transformation of Lotos Specifications to Estelle Specifications”, International Journal of Software Engineering & Knowledge Engineering, USA, Vol. 15, No. 5, October 2005, pp. 1-19. 19. Hazem El-Gendy, “Formal Automated Transformation of Lotos Specifications into SDL Specifications”, Proceedings of the 8th World Multi-conference on Systemics, Cybernetics, and Informatics sponsored by the International Institute of Informatics and Systemics (IIIS), Orlando – Florida, USA, July 18-21, 2004. 20. Hazem El-Gendy, "Study of the Characteristics of CT-Equivalence with Proves", Journal of Computational Methods in Sciences and Engineering, Volume 6, Numbers 5, 6, 2006, pp. 171-179.
14 21. CCITT Recommendation Z.100, “Specification and Description Language SDL”, 1992.