Formal Description of Telecommunication Services in Promela and Z

This paper shows how an engineer could write a full formal description of the service layer of a telecommunication system, organized according to the Distributed Feature Composition virtual architecture. Descriptions in Promela and Z can be composed using a joint semantics based on the transition-axiom method. The described system can be reasoned about in several ways, including use of tools developed for the individual languages. 1. The Distributed Feature Composition virtual architecture Distributed Feature Composition (DFC) is a new architecture for the description of telecommunication services. One of its primary design goals was feature modularity. The other of its primary design goals was abstraction away from most implementation detail (hence the term "virtual"). As it appears to achieve these goals to a useful degree, it provides a good foundation for the application of formal methods to telecommunications. DFC was developed by Michael Jackson and myself. A full definition of the architecture, along with motivations, intuitive explanations, and examples, can be found elsewhere [6,13]. We are currently exploring various extensions, analysis/verification techniques, and implementation strategies. The goal of this paper is to provide a means by which an engineer can write a full formal description of the "service layer" [12] of a particular telecommunication system (excluding "business processes" such as billing, provisioning, marketing, and customer care), and apply formal reasoning to it. Because such a description will be organized according to the DFC architecture, it will have virtual components as shown in Figure 1. In Figure 1 the double rectangles are repositories of global data, to which access is restricted by the architecture. Some data repositories span the system boundary because they are given their initial values by the environment, not by the system. Squares in Figure 1 are DFC boxes, and can be thought of as concurrent processes with local state and ports (ports are represented by black circles). The virtual network establishes featureless voice calls between ports. When a call is established between two ports, those ports can communicate by means of a signaling channel in each direction and a voice channel in each direction. External lines and trunks also carry voice and messages in both directions, and are the means by which telecommunication services are delivered to telephones and other telecommunication systems, respectively. Each box is either a line interface, a trunk interface, or the implementation of a particular feature. When a box attempts to place a new call, its request goes from the box’s port to the router in the virtual network. The router determines a box destination for the