Protocol conversion—correctness problems

Consider the problem of providing a logical channel for message exchange between two user processes in a network environment. When is protocol conversion needed? To answer this question, we first define a model of layered architectures. Specifically, three stepwise refinement rules are given. Any architecture that can be obtained by a sequence of applications of the stepwise refinement rules is said to be well-structured. We show that this class of well-structured architectures has several correctness properties. It is also very general and includes many well-known networking and internetworking architectures in the literature. Logical connectivity in such an architecture is defined recursively. As a result, to determine if a logical channel can be provided between two user processes, it is sufficient to examine peer protocols specified for each level of the architecture's hierarchy of processes one at a time. Thus the original problem reduces to the problem of determining if a set of processes will interoperate. When protocol conversion is needed to achieve interoperability between processes that implement different protocols, how should it be done? How does one prove that a conversion is correct? What is meant by a correct conversion? We propose the use of projections and image protocols (previously developed by Lam and Shankar for protocol verification [10]) for specifying conversions and for reasoning about the correctness of conversions. Given two processes implementing different protocols P and Q, our objective is to find the largest protocol that is an image protocol of P as well as Q. The correctness of the conversion is a consequence of the correctness properties of image protocols. There are several open problems. Most importantly, heuristics are used for finding the necessary image protocol for conversion. Although, an image protocol common to both P and Q can always be found, it may not be easy to find one with useful functionality. There are also some implementation and design issues to be addressed, such as: the construction of converters that are transparent and converters that add functionality to an image protocol common to P and Q.