Fault origin adjudication

When a program <italic>P</italic> fails to satisfy a requirement <italic>R</italic> supposedly ensured by a detailed specification <italic>S</italic> that was used to implement <italic>P</italic>, there is a question about whether the problem arises in <italic>S</italic> or in <italic>P</italic>. We call this determination <italic>fault origin adjudication</italic> and illustrate its significance in various software engineering contexts. The primary contribution of this paper is a framework for formal fault origin adjudication for network protocols using the NS simulator and the SPIN model checker. We describe our architecture and illustrate its use in a case study involving a standard specification for packet radio routing.

[1]  Michael Jackson,et al.  The Village Telephone System: A Case Study in Formal Software Engineering , 1998, TPHOLs.

[2]  Qing Yu,et al.  Oracles for checking temporal properties of concurrent systems , 1994, SIGSOFT '94.

[3]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[4]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[5]  Deborah Estrin,et al.  Simulation-based 'STRESS' testing case study: a multicast routing protocol , 1998, Proceedings. Sixth International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (Cat. No.98TB100247).

[6]  Charles E. Perkins,et al.  Ad-hoc on-demand distance vector routing , 1999, Proceedings WMCSA'99. Second IEEE Workshop on Mobile Computing Systems and Applications.

[7]  Dimitri P. Bertsekas,et al.  Data Networks , 1986 .

[8]  Sheng Liang,et al.  Dynamic class loading in the Java virtual machine , 1998, OOPSLA '98.

[9]  Gary Scott Malkin,et al.  RIP Version 2 Carrying Additional Information , 1993, RFC.

[10]  Gary Scott Malkin RIP Version 2 Protocol Analysis , 1993, RFC.

[11]  Carl A. Gunter,et al.  Formal Veri cation of Standards for Distance Vector Routing Protocols KARTHIKEYAN BHARGAVAN, DAVOR OBRADOVIC, and CARL A. GUNTER , 2022 .

[12]  Debra J. Richardson,et al.  Specification-based test oracles for reactive systems , 1992, International Conference on Software Engineering.

[13]  A GunterCarl,et al.  Formal verification of standards for distance vector routing protocols , 2002 .

[14]  Martín Abadi,et al.  Composing specifications , 1989, TOPL.

[15]  Michael Jackson,et al.  A Reference Model for Requirements and Specifications , 2000, IEEE Softw..

[16]  S. Easterbrook,et al.  Generating Test Oracles via Model Checking , 1997 .

[17]  Laura K. Dillon,et al.  Generating oracles from your favorite temporal logic specifications , 1996, SIGSOFT '96.

[18]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[19]  Troy Downing,et al.  Java Virtual Machine , 1997 .

[20]  Michael Jackson,et al.  Four dark corners of requirements engineering , 1997, TSEM.

[21]  Mahesh Viswanathan,et al.  Verisim: Formal analysis of network simulations , 2000, ISSTA '00.

[22]  Michael Jackson,et al.  Domain descriptions , 1993, [1993] Proceedings of the IEEE International Symposium on Requirements Engineering.

[23]  Deborah Estrin,et al.  Advances in network simulation , 2000, Computer.

[24]  Charles L. Hedrick,et al.  Routing Information Protocol , 1988, RFC.

[25]  Adam A. Porter,et al.  Specification-based Testing of Reactive Software: Tools and Experiments Experience Report , 1997, Proceedings of the (19th) International Conference on Software Engineering.