Conference Paper

From LOTOS to C.

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... The development of a compiler that takes as input an ab stract (and hence theoretically tractable) protocol de ni tion and produces an implementation of that protocol has been the subject of much research in the networking com munity 24,28,20,32]. Unfortunately the compilers to date have produced code too slow to be used in production pro tocols. The goal of the work presented in this paper is to develop a protocol compiler which takes as input an abstract protocol de nition and produces code that is good enough to be used in production applications. ...
... A signi cant amount of work has been done on the gen eration of protocol implementation from standard speci ca tion languages such as SDL, LOTOS or ESTELLE 28,20,32,24]. However, the performance of the code generated by these tools is usually quite poor. ...
... Most languages and code generators currently used for protocol speci cation and design, such as SDL or Estelle, are asynchronous 20, 32, 23,24], meaning that modules are speci ed and implemented as separate processes communi cating via asynchronous queues. We believe that the syn chronous approach is more attractive for the generation of high performance implementations. ...
Conference Paper
A protocol compiler takes as input an abstract specification of a protocol and generates an implementation of that protocol. Protocol compilers usually produce inefficient code both in terms of code speed and code size. In this paper, we show that the combination of two techniques makes it possible to build protocol compilers that generate efficient code. These techniques are i) the use of a compiler that generates from the specification a unique tree-shaped automaton (rather than multiple independent automata), and ii) the use of optimization techniques applied at the automaton level, i.e. on the branches of the trees.We have developed a protocol compiler that uses both these techniques. The compiler takes as input a protocol specification written in the synchronous language Esterel. The specification is compiled into a unique automaton by the Esterel front end compiler. The automaton is then optimized and converted into C code by our protocol optimizer called HIPPCO. HIPPCO improves code performance and reduces code size by simultaneously optimizing the performance of the common path and optimizing the size of the uncommon path. We evaluate the gain expected with our approach on a real-life example, namely a working subset of the TCP protocol generated from an Esterel specification. We compare the protocol code generated with our approach to that derived from the standard BSD TCP implementation. The results are very encouraging. HIPPCO-generated code executes up to 25 % fewer instructions than the BSD code for input packet processing while maintaining comparable code size.
... The development of a compiler that takes as input an ab stract (and hence theoretically tractable) protocol de ni tion and produces an implementation of that protocol has been the subject of much research in the networking com munity 24,28,20,32]. Unfortunately the compilers to date have produced code too slow to be used in production pro tocols. The goal of the work presented in this paper is to develop a protocol compiler which takes as input an abstract protocol de nition and produces code that is good enough to be used in production applications. ...
... A signi cant amount of work has been done on the gen eration of protocol implementation from standard speci ca tion languages such as SDL, LOTOS or ESTELLE 28,20,32,24]. However, the performance of the code generated by these tools is usually quite poor. ...
... Most languages and code generators currently used for protocol speci cation and design, such as SDL or Estelle, are asynchronous 20, 32, 23,24], meaning that modules are speci ed and implemented as separate processes communi cating via asynchronous queues. We believe that the syn chronous approach is more attractive for the generation of high performance implementations. ...
Article
A protocol compiler takes as input an abstract specification of a protocol and generates an implementation of that protocol. Protocol compilers usually produce inefficient code both in terms of code speed and code size. We show that the combination of two techniques makes it possible to build protocol compilers that generate efficient code. These techniques are: (i) the use of a compiler that generates from the specification a unique tree-shaped automation (rather than multiple independent automata) and (ii) the use of optimization techniques applied at the automation level, i.e., on the branches of the trees. We have developed a protocol compiler that uses both these techniques. The compiler takes as the input a protocol specification written in the synchronous language Esterel. The specification is compiled into a unique automation by the Esterel front end compiler. The automation is then optimized and converted into C code by our protocol optimizer called HIPPCO. HIPPCO improves the code performance and reduces the code size by simultaneously optimizing the performance of the common path and optimizing the size of the uncommon path. We evaluate the gain expected with our approach on a real-life example, namely a working subset of the TCP protocol generated from an Esterel specification. We compare the protocol code generated with our approach to that derived from the standard BSD TCP implementation. The results are very encouraging. HIPPCO-generated code executes up to 25% fewer instructions than the BSD code for input packet processing while only increasing the code size by 25%
... Currently, wireless protocols are developed in C and there is no framework for developing stacks that would provide enough abstraction (despite early work like [3], [4]). Furthermore, validation heavily relies on human driven testing of the real platform and can take a very long time in the project. ...
... We believe that the work presented here is new with respect to the`systematic' use of transformation rules in the implementation approach: it is based on the use of particular FD structures, or speci cation styles, to facilitate the transformation process. Related work can be found in MdM89], where protocol implementation from LOTOS to C is explored but without taking advantage of speci cation styles. A similar approach to eliminating parallelism is related in CP85]. 1 ...
... We believe that the work presented here is new with respect to the`systematic' use of transformation rules in the implementation approach: it is based on the use of particular FD structures, or speci cation styles, to facilitate the transformation process. Related work can be found in MdM89], where protocol implementation from LOTOS to C is explored but without taking advantage of speci cation styles. A similar approach to eliminating parallelism is related in CP85]. 1 ...
Article
Distributed system design, including implementation and software development, should be based on formal methods in order to achieve correct design. In this paper we study the possibility of automated protocol implementation by transformations from structured formal specifications, in LOTOS, to program code, in C. Particular specification structures are referred to as specification styles. The implementation approach presented here is based on the successful implementation of a medium-scale protocol, the sliding window protocol. Details of this design exercise are included. 1 Introduction Distributed system design involves architectural design and subsequent implementation phases. So far emphasis in formal approaches for distributed system design has been on the production of `implementation independent' formal descriptions (FDs) (examples can be found in the OSI arena where FDTs are applied to formally specify services and protocols [vEVD89]) or `intermediate ' implementation FDs. In ...
... This dynamic semantics of Lotos is operational: it can be interpreted by some machine to generate the graph corresponding to a Lotos specification. Some Lotos tools take advantage of this, by giving these rules to a term-rewriting engine, which can be either general [AF88] [Boo89] [NQS89], or specifically designed for Lotos [MdM88]; some other tools rely on Prolog [BC88] [GL88]. These approaches are straightforward and directly ensure the correctness of the translation, but they suffer from lack of efficiency: ...
Article
Full-text available
This paper presents the main features of the Caesar system, intended for formal
... Even for evaluable specifications, the general interpretation of ACT ONE specifications is hungry in computation time and space. To optimize performance, other approaches allow the replacement of some sorts and operations by similar constructive data types taken from conventional programming languages like C, as in [Manas88]. This allows efficient implementations but the validity of the substitution is left to the appreciation of the specifier. ...
Article
This paper introduces VLib, an extension to LOTOS that eases the specification of data types. It allows the definition and use of virtual libraries containing conceptually an infinite number of data types. The extraction of a working finite subset for a particular application is also considered. After a general introduction to LOTOS data specification issues, the extension is explained and formally defined. A prototype tool implementing the extraction operation is described, and a specification discipline is proposed that benefits from the provided gain of functionality. Keyword codes:D.3.3; D.3.4 Keywords: Programming Languages, Language Constructs and Features; Processors 1. INTRODUCTION The formal specification language LOTOS was standardized by ISO [ISO89] and has been applied to numerous developments, both in the applicative and theoretical domains. LOTOS combines two clearly distinguished concepts: process algebras for describing behaviours and algebraic specifications for de...
Article
FDT tools support protocol development by making certain activities feasible, easier to be performed, more reliable, and faster. This paper discusses the desirable properties of FDT tools and classifies them according to the different stages of the protocol development cycle. An assessment of the tools available so far and projections (or suggestions) of the tools to come are given. A list of the tools that have appeared since the mid 1980's is also included.
Article
A new tool for generating implementation prototypes of communication protocols and concurrent systems specified using the ISO LOTOS language is presented in this paper. A brief introduction to LOTOS and a discussion of the main problems related to the efficient execution of specifications written in LOTOS are presented first. The design and implementation of the tool are then considered: LOTOS specifications are analysed and translated into C functions which are executed by co-operating processes in the Unix environment. The set of LOTOS process definitions is first translated into a suitable number of extended finite-state machines (EFSMs). The method proposed allows the problem of deriving unbounded EFSMs to be circumvented and a sort of control on the process number/size trade-off to be obtained at the same time. The problem of implementing the LOTOS multi-way rendezvous mechanism for process synchronization is solved by using an algorithm based on message-passing techniques. An example of prototype derivation is also described, showing the form of C code generated by translating a simple specification. Finally, some performance figures are presented.
Article
A common characteristic of process algebras is that they permit us the partial description of concurrent systems by including non-deterministic behaviours. These non-deterministic components are abstractions of the actual ones, and they can be detailed in successive refinements. This paper proposes an enrichment of the above abstraction. It defines a formal description technique which is able to characterize the non-determinism in a probabilistic way. The proposed technique, called LOTOS-P is an upward compatible extension of LOTOS. The compatibility includes also the possibility of specifying non-deterministic behaviours; that is, without probabilistic characterization. The contents of the paper are mainly related to the definition of probabilistic models based on process algebras, and the study of the observable behaviour of systems by using testing relations. The advantage of the proposed model with respect to previous works is twofold. First, the model is simpler, and second, the compatibility with LOTOS is achieved. The simplicity does not make the model useless because its expressive power permits us to express random behaviours in the same way they are being expressed with classical techniques of discrete systems modeling. The probabilistic evaluation of the properties of the system can be done by applying the defined calculus, but also bysimulation. Simulation means that we are able to obtain the desired results with a given confidence level.
Conference Paper
A model for executing LOTOS (language of temporal ordering specification) specifications (temporal control part) is described. It is based on an activity tree with attributes. The activity tree reflects the dynamic relations between the process invocations and activations of behavior expressions in the specified system, while functions related to the attributes control the execution of interactions and the growing and updating of the tree. The problem of infinite branching, which is caused by non-well-guarded specifications or specifications containing generalized choices, is discussed based on the strategies for growing the activity tree. The general execution model described can also be used as a basis for designing LOTOS implementaton strategies for distributed environments or for systems with parallel processors
Article
This paper describes a LOTOS (ISO International Standard 8807) based technique (LOTOS-TP), and a performance evaluation tool (TOPO-SIM) based on it. LOTOS-TP is able to cope with the modeling of timing and probabilistic system characteristics. It is applied to the modeling and performance evaluation of discrete event systems. The performance evaluation is obtained with TOPO-SIM simulation tool which has been developed using an existing full LOTOS compiler. The structure of the discrete event simulation tool and the simulation machine are described.
Article
LOTOS is a specification language that aims to describe the dynamic behavior of complex systems. To a large extent, LOTOS semantics is operational, which gives an opportunity to execute the specifications. There may be several targets in specification execution, three of which are considered in the paper: rapid prototyping, system testing, and real product derivation. The outstanding problem is to map abstract entities onto real entities, both to effectively act on the environment, and to allow the environment to influence specification behavior. For a final product, performance must be assessed too, as well as other non-functional requirements.The paper describes the opportunities provided by TOPO, a compiler from LOTOS into either C or Ada code. Supported features are described and wrapped into a method. Performance figures are provided too, in order to make estimates on realization performance after the specification style.
Article
An informal, design-oriented introduction to the specification language for distributed systems LOTOS is presented. Examples based on variations of the well-known producer-consumer problem are used to illustrate the different aspects of the language.
Conference Paper
This paper presents a methodology for hardware-software co-design. It is based on the formal description technique LOTOS in the specification phase, and on estimation methods at different levels of abstraction in the partitioning phase. The LOTOS specification describes the system as a set of interacting communicating processes. Our HW-SW partitioning algorithm is guided by communications, performance and area estimates and by the suitability of each process for implementation in hardware or software. A partition is evaluated against the design goals and constraints, first using high-level estimates and then, if requirements are met, computing estimates at lower levels of abstraction. If the partition fails, the partitioning model is updated with the new low-level estimates and a new partition is generated. If it succeeds, the resulting hardware and software specifications are synthesized using existing high-level synthesis tools and compilers.
Conference Paper
Full-text available
We describe our experience using Formal Description Techniques (FDTs) to support the design of interception systems for GSM networks. Both the GSM protocol and the interceptor have been specified using LOTOS, an FDT standardized by the International Standardization Organization (ISO) to describe communication systems and protocols. This has permitted us to asses the feasibility of the proposed system and speed up further design phases. From the LOTOS model, a simulator has been generated automatically. The TOPO tool set was used across the process. An FTP link to a package containing the specification and the simulator is provided.
Conference Paper
Full-text available
We propose an approach to testing that combines formal methods with practical criteria, close to the testing engineer's experience. It can be seen as a framework to evaluate and select test suites using formal methods, assisted by informal heuristics. This proposal is illustrated with a practical case study: the testing of a protocol for mobile auctions in a distributed, wireless environment.
Conference Paper
Process algebras represent an appropriate mechanism to formally specify concurrent systems. In order to get a thorough knowledge of these systems, some external formalism must be used. In this paper we propose an integrated framework where a (non-trivial) process algebra is combined with a (concurrent) functional language. Specifically, we consider a stochastic process algebra featuring value passing where distributions are not restricted to be exponential. In order to study properties of these specifications, we translate them into functional programs written in Eden. This functional language is very suitable for concurrent programming. On the one hand, it presents the usual features of modern functional languages. On the other hand, it allows the execution of concurrent processes. We present an example showing how specifications can be translated into Eden and how quantitative properties can be studied.
Article
LOEWE is an integrated tools environment for the specification, analysis, and implementation of communication software. Although primarily based on the formal description technique LOTOS, LOEWE additionally offers multiple, semantically equivalent representations of a given protocol specification. Each format is specially adapted to support specific tool functionality: processes are used for simulation and compilation, fast state space exploration is performed on extended finite state machines, and labelled transition graphs are used for system verification.LOEWE currently contains a LOTOS syntax and static semantic verifier, a generator of extended finite state machines with associated interactive state exploration tools, a temporal logic verifier, a compiler to generate C code from LOTOS behavior expressions, a translator of LOTOS abstract data type operations to a set of LISP functions, and a graphical trace analyzer of LOTOS process interactions.
Article
This chapter presents an extension to the codesign approach based on LOTOS presented in Fourth International Workshop on Hardware–Software (HW–SW) Codesign. Over the last few years, the level of abstraction applied to the description and design of hardware system has risen. This move to higher level of abstraction is a consequence of a number of factors. A higher level of abstraction allows the designer to reduce the time spent in specification because one does not need to take care of low-level implementation details. In high-level specification, the functionality of the system is clearer, allowing for a more extensive exploration of the design space. The improved ability to detect design errors in and verification of LOTOS specification are possible. LOTOS was designed for the sepcification of computer protocols, but it can also model any concurrent system; it is especially well suited to control-oriented applications.
Article
In this paper we show how a formal approach to design may speed up the development process for a new standard-based product: an interception device for GSM networks. We discuss the benefits, the limitations, and the lessons learnt using this approach, based on our own practical experience. A software package containing the results of this work and related documentation is freely available for academic institutions.
Conference Paper
Software synthesis for system level design languages becomes feasible because the current technology, pricing and application trends will most likely alleviate the industrial emphasis on real-time operating systems minimisation. Automatic code generation also becomes necessary, because of increasing product complexity and decreasing design time. This paper discusses software synthesis for a realistic system level design language, to generate an executable model for implementation, simulation and verification purposes. A completely automatic mapping of both the architectural aspects and data objects is shown, including real-time garbage collection. Process execution trees (PETs) are introduced to schedule real-time, concurrent processes. This paper explains the functioning of these self-modifying data structures based on the operational semantics of POOSL (Parallel Object-Oriented Specification Language). Process execution trees are generally applicable to other process algebras as well (e.g. CCS, CSP, ACP), and follow quite naturally from the inference rules of these algebras
Article
Full-text available
This paper presents the tools Ald' ebaran, Caesar, Caesar.adt and Cl' eop atre which constitute a toolbox for compiling and verifying Lotos programs. The principles of these tools are described, as well as their performances and limitations. Finally, the formal verification of the rel/REL atomic multicast protocol is given as an example to illustrate the practical use of the toolbox. Keywords: reliability, formal methods, Lotos, verification, validation, model-based methods, modelchecking, transition systems, bisimulations, temporal logics, diagnostics Introduction There is an increasing need for reliable software, which is especially critical in some areas such as communication protocols, distributed systems, real-time control systems, and hardware synthesis systems. It is now agreed that reliability can only be achieved through the use of rigorous design techniques. This has motivated a lot of research on specification formalisms and associated verification methods and tools. Ver...
Article
Full-text available
Studies have shown that errors are most likely to be introduced in the requirements phase of a development effort. This problem is largely due to prose descriptions that are ambiguous or inconsistent. One potential solution to this problem is to capture requirements information in the form of formal specifications that can be checked for consistency and completeness using automated techniques. However, during the initial phases of a project, it may be difficult to construct formal specifications directly. In contrast, many developers find it more intuitive to create diagrams to model their systems. As a means to bridge the gap between formal and informal approaches to software development, we have investigated the formalization of a commonly used object-oriented modeling notation, Object Modeling Technique (OMT). The formalization of OMT enables the automated generation of formal specifications of the diagrams that can then be analyzed using simulation, model checking, and re...
ResearchGate has not been able to resolve any references for this publication.