Abstract:
We used lightweight formal modeling and automatic analysis to explore and correct the design and implementation of the Intentional Naming System (INS). INS is a new scheme for resource discovery and service location in dynamic networks. We constructed a model of INS in Alloy, a lightweight relational notation, and analyzed it with the Alloy Analyzer (AA), a fully automatic simulation and checking tool. In doing so, we exposed several serious flaws in both the algorithms of INS and its underlying naming semantics. To correct the flaws in the INS algorithms, we developed a formal specification for naming in Alloy and refined it to specify the correctness criteria for INS algorithms. We accordingly modified the INS algorithms and verified their correctness using AA. Finally, we mapped these changes onto the original INS implementation, thereby correcting both the original design and implementation of the naming architecture of INS. 1
Citations
|
1128
|
Symbolic Model Checking
– McMillan
- 1993
|
|
927
|
The model checker SPIN
– Holzmann
- 1997
|
|
403
|
Bandera: extracting finitestate models from java source code
– Corbett, Dwyer, et al.
- 2000
|
|
343
|
The Design and Implementation of an Intentional Naming System
– Adjie-Winoto, Schwartz, et al.
- 1999
|
|
295
|
Formal verification for fault-tolerant architectures: Prolegomena to the design of PVS
– Owre, Rushby, et al.
- 1995
|
|
215
|
Model checking for programming languages using VeriSoft
– Godefroid
- 1997
|
|
85
|
Alcoa: the alloy constraint analyzer
– Jackson, Schechter, et al.
- 2000
|
|
83
|
Verification of the futurebus+ cache coherence protocol
– Clarke, Grumberg, et al.
- 1995
|
|
73
|
Automating first-order relational logic
– Jackson
- 2000
|
|
67
|
A micromodularity mechanism
– Jackson, Shlyakhter, et al.
- 2001
|
|
64
|
Finding bugs with a constraint solver
– Jackson, Vaziri
- 2000
|
|
52
|
TestEra: A novel framework for automated testing of Java programs
– Marinov, Khurshid
- 2001
|
|
33
|
Formal Specification as a Design Tool
– Guttag, Horning
- 1980
|
|
26
|
Exploring the design of an intentional naming scheme with an automatic constraint analyzer
– Khurshid, Jackson
- 2000
|
|
17
|
Design and implementation of intentional names
– Schwartz
- 1999
|
|
15
|
Jagadeesan.Model checking without a model: an analysis of the Heart-Beat Monitor of a telephone switch usingVeriSoft
– Godefroid, Hanmer, et al.
- 1998
|
|
14
|
Model checking in practice: An analysis of the ACCESS.bus protocol using SPIN
– Boigelot, Godefroid
- 1996
|
|
8
|
Checking a Java implementation of a naming architecture using TestEra
– Khurshid, Marinov
- 2001
|
|
7
|
Model checking generic container implementations
– Dwyer, Pasareanu
- 1998
|
|
7
|
COM revisited: Tool-assisted modeling of an architectural framework
– Jackson, Sullivan
- 2000
|
|
3
|
The IFAD VDM tools: Lightweight formal methods. FM-Trends
– Agerhold, Larsen
- 1998
|
