IEEE zyxwvutsrqponmlk TRANSACTIONS ON COMMUNICATIONS, VOL. COM-28, NO. zyxwvuts 4, APRIL 1980 66 1 D. D. Cowan (S’58-M’60) was born in Toronto, Ont., Canada, in March zyxwvutsrqp 1938. He received the B.A.Sc. degree in engineering physics from the University of Toronto in 1960 and the M.Sc. and Ph.D. degrees in applied mathematics from the University of Waterloo in 1961 and 1965, respectively. He has been on the faculty of theUnVersity of Waterloo since 1962 and was the Chairman of the Computer Science Department from 1967 to 1972 and Associate Dean of the Faculty of Mathematics from 1974 to 1978. He is currently a Professor of Computer Science. He is also involved with a number of programs of cooperation between Computer Science Departments in South America and the University of Waterloo. His researchinterests include computer communications, programming con3 sttucts and methods, and software engineering. He spent the academic year 1978-1979 at zyxwvutsrqponm the IBM Zurich Research Laboratory,,Riischlikon, Switzerland, where he participated in the research work reported in this paper. Dr. Cowan is a member of the Association for Computing Machinery and the IEEE Computer Society. * Dr. Brand is a memb I Daniel Brand was born in Prague, Czechoslovakia, in 1949. He received the Ph.D. degree in computer science from the University of Toronto, Toronto, Ont., Canada, in 1976. Since then he has been working at the IBM Thomas J. Watson Research Center, Yorktown Heights, NY, as a member of the microprogram verification group. He is currently spending one year at the IBM Zurich Research Laboratory, Ruschlikon, Switzerland. His research interests include software reliability, pro- tocol verification, and automatic theorem proving. ‘of the Association for Computing Machinery. Executable Description and Validation of SNA GARY D. SCHULTZ, DAVID B. ROSE, C. H. WEST, AND JAMES P. GRAY zyxw (Invited Paper) Abstract-The definition of IBM’s Systems Network Architecture (SNA) has evolved into a specification of a node in the form of a meta- implementation using formal, state-oriented descriptive techniques. This evolution is traced here, and the different formal techniques are described. The culmination of this process has been the development of a PL/I-based programminglanguage,FormatandProtocolLanguage(FAPL), as a descriptive tool. Using FAPL, the architects now define SNA by a programmed meta-implementation of a node. In this form, it is precise, readily accessible to the implementingproduct designers and programmers, and structurally close to the implementations. The essential features of the meta-implementation and of FAPL are described, along with the implications and advantages of describing the architecture in an executable form. Onemajorbenefit,already being realized, is the capability to test the logical consistency and completeness of the executable description itself. The current status of the validation of the executable description and sample results obtained are described. I. INTRODUCTION T HE 1960’s and early 1970’s were the design heyday and proving ground for operating systems within single com- puters and across tightly coupled ones. Today we are experi- Manuscript received May 7, 1979; revised January 28, 1980. zyxwvutsrq G. D. Schultz, D. B. Rose, and J. P. Gray are with the IBM Corpora- C. H. West is with the IBM Zurich Research Laboratory, Ruschlikon, tion, Research Triangle Park, NC 27709. Switzerland. encing a new design era for coordinating data processing distributed over ensembles of cooperating processors, con- figured into networks. Software engineering for operating systems developed layered structuring of systems, top-down design, structured programming, disciplined synchronization (e.g., semaphores) for cooperating processes, and research into proof-of-program- correctness methods. Today’s era of network architectures, which are specifications of the message formats and inter- action protocols for services provided within networks, has had the need for additional design innovations for the changed system context of loosely coupled system components, disparate processor architectures, and widely dispersed groups of people implementing a common network architecture. This paper focuses on the evolving specification of IBM’s Systems Network Architecture (SNA) and the formal tech- niques developed to design, describe, and test it. A survey of the flourishing literature on otherformal techniques, developed independentlyofthosedescribedhere, is outside the scope of this paper. We refer the reader to Sunshine’s extensive survey [l ] andother papers in this issue for discussions of parallel advances. The next section presents a brief overview of SNA. Section I11 discusses the evolution of the architectural description of SNA into a state-oriented meta-implementation, and the 0090-6778/80/0400-0661$00.75 zyxwv 0 1980 IEEE