Top down design of distributed systems: implications of a case study

Guidelines are presented for the specification and verification of the communication aspects of distributed systems. It is argued that specifications should be expressed formally, since formal methods enable the specifier to write unambiguous, clear, and concise specifications, and they provide a foundation for analyzing specifications for correctness so that errors can be detected early in the design process. Also, modifications, redesigns, maintenance, and reusability are facilitated when using formal methods. A simple specification method is proposed. The main characteristic of the method is immediate verification, i.e. verification is performed as early as possible after a design decision is made. Specifically, basic properties are verified in the course of the design process on as abstract specifications as possible. Using this method one obtains verification specifications that can be used as the starting point for specification in other description techniques, such as LOTUS, Estelle, or SDL. Guidelines for specification and verification of communication protocols and services are given. Examples of specification and verification are included, as well as a discussion of the authors´ experiences