Abstract

Speaker: Tom Ridge

Despite more then 30 years of research on protocol specification, the major protocols deployed in the Internet, such as TCP , are described only in informal prose RFCs and executable code. In part this is because the scale and complexity of these protocols makes them challenging targets for formalization.

In this work we show how these difficulties can be addressed. We develop a high-level specification for TCP and the Sockets API , expressed in the HOL proof assistant, describing the byte-stream service that TCP provides to users. This complements our previous low-level specification of the protocol internals, and makes it possible for the first time to state what it means for TCP to be correct: that the protocol implements the service. We define a precise abstraction function between the models and validate it by testing, using verified testing infrastructure within HOL . This is a pragmatic alternative to full proof, providing reasonable confidence at a relatively low entry cost.