Timing UDP: Mechanized Semantics for Sockets, Threads, and Failures
This paper studies the semantics of failure in distributed programming. We present a semantic model for distributed programs that use the standard sockets interface; it covers message loss, host failure and temporary disconnection, and supports reasoning about distributed infrastructure.We consider interaction via the UDP and ICMP protocols. To do this, it has been necessary to: • construct an experimentally validated post-hoc specification of the UDP/ICMP sockets interface; • develop a timed operational semantics with threads, as such programs are typically multithreaded and depend on timeouts; • model the behaviour of partial systems, making explicit the interactions that the infrastructure offers to applications; • integrate the above with semantics for an executable fragment of a programming language (OCaml) with OS library primitives; and • use tool support to manage complexity, mechanizing the model with the HOL theorem prover. We illustrate the whole with a module providing naíve heartbeat failure detection.
KeywordsOperational Semantic Parallel Composition Label Transition System Internet Protocol Address File Descriptor
- [AD99]T. Arts and M. Dam. Verifying a distributed database lookup manager written in Erlang. In World Congress on Formal Methods (1), 1999.Google Scholar
- [Bak95]F. Baker. Requirements for IP version 4 routers, RFC 1812. Internet Engineering Task Force, June 1995. http://www.ietf.org/rfc.html.
- [BCMG01]K. Bhargavan, S. Chandra, P. J. McCann, and C. A. Gunter. What packets may come: Automata for network monitoring. In Proc. POPL 2001.Google Scholar
- [Bra89]R. Braden. Requirements for internet hosts — communication layers, STD 3, RFC 1122. Internet Engineering Task Force, October 1989.Google Scholar
- [CSR83]University of California at Berkeley CSRG. 4.2BSD, 1983.Google Scholar
- [GLV00]S. J. Garland, N. Lynch, and M. Vaziri. IOA reference guide, December 2000. http://nms.lcs.mit.edu/~garland/IOA/.
- [GM93]M. J. C. Gordon and T. Melham, editors. Introduction to HOL: a theorem proving environment. Cambridge University Press, 1993.Google Scholar
- [HT91]K. Honda and M. Tokoro. An object calculus for asynchronous communication. In Proceedings of ECOOP’ 91, LNCS 512, pages 133–147, 1991.Google Scholar
- [IEE00] IEEE. Portable Operating System Interface (POSIX)-Part xx: Protocol Independent Interfaces (PII), P1003.1g. March 2000.Google Scholar
- [L+01]X. Leroy et al. The Objective-Caml System, Release 3.02. INRIA, July 30 2001. Available http://caml.inria.fr/ocaml/.
- [Nor98]M. Norrish. C formalised in HOL. PhD thesis, Computer Laboratory, University of Cambridge, 1998.Google Scholar
- [NS02]M. Norrish and K. Slind. A thread of HOL development. Computer Journal, 2002. To appear.Google Scholar
- [Pos80]J. Postel. User Datagram Protocol, STD 6, RFC 768. Internet Engineering Task Force, August 1980. http://www.ietf.org/rfc.html.
- [Pos81]J. Postel. Internet Protocol, STD 5, RFC 791. Internet Engineering Task Force, September 1981. http://www.ietf.org/rfc.html.
- [Sch96]I. Schieferdecker. Abruptly terminated connections in TCP — a verification example. In Proc. COST 247 International Workshop on Applied Formal Methods in System Design, pages 136–145, 1996.Google Scholar
- [Smi96]M. Smith. Formal verification of communication protocols. In FORTE/PSTV’96, pages 129–144, 1996.Google Scholar
- [SSW01a]A. Serjantov, P. Sewell, and K. Wansbrough. The UDP calculus: Rigorous semantics for real networking. In Proc TACS2001, Sendai, October 2001.Google Scholar
- [SSW01b]A. Serjantov, P. Sewell, and K. Wansbrough. The UDP calculus: Rigorous semantics for real networking. TR 515, Computer Laboratory, University of Cambridge, July 2001. http://www.cl.cam.ac.uk/users/pes20/Netsem/.
- [Ste94]W. R. Stevens. TCP/IP Illustrated Vol. 1: The Protocols. Addison-Wesley, 1994.Google Scholar
- [Ste98]W. R. Stevens. UNIX Network Programming Vol. 1: Networking APIs: Sockets and XTI. Prentice Hall, second edition, 1998.Google Scholar
- [Van96]M. VanInwegen. The machine-assisted proof of programming language properties. PhD thesis, University of Pennsylvania, December 1996.Google Scholar
- [WNSS01]K. Wansbrough, M. Norrish, P. Sewell, and A. Serjantov. Timing UDP: the HOL model, 2001. http://www.cl.cam.ac.uk/users/pes20/Netsem/.
- [Yi91]W. Yi. CCS + time = an interleaving model for real time systems. In Proc. ICALP 1991, LNCS 510, pages 217–228, 1991.Google Scholar