A Formal Specification of DSM-CC Interfaces Yoonsik Cheon, Soosun Cho and Heung-Nam Kim Real-Time Computing Department ETRI Computer & Software Technology Laboratory g fcheon, scho, hnkim @etri.re.kr. Abstract— This paper explores an application of formal methods to the specification languages specifically designed for specifying the standard description in the context of DSM-CC (Digital Storage Media - interface of program modules, sometimes called (behavioral) in- Command and Control). DSM-CC is a recent ISO/IEC standard developed for the delivery of multimedia broadband services such as video on demand terface specification languages (BISL) [12] [13] [14]. and home shopping. The standard specifies the user-to-network (U-N) pro- In this paper we show that we need a formalization of inter- tocols and the user-to-user (U-U) interfaces. We suggest a technique for for- faces and behaviors of DSM-CC standards. Without such a for- mally specifying the U-U interfaces, provide a concrete example and show the benefits of applying formal techniques to the standard descriptions. In malization of behaviors, it is in question whether the promised particular, we demonstrate that a declarative interface specification method portability of multimedia applications can be achieved through tailored to CORBA-IDL is well suited to specifying the behavioral seman- the use of standard such as DSM-CC. We establish a foundation tics of DSM-CC interfaces. Abstract models for interface types are defined for applying formal methods to standard specification, provide by a family of mathematical functions and the interface operations are spec- ified by a pair of pre and postconditions written in terms of the abstract a concrete example of such an application, and show its bene- models. An explicit connection is established between the abstract world fits. In particular, we demonstrate that the declarative interface and the interface world by an abstraction function that maps interface val- specification style tailored to CORBA-IDL is ideally suited for ues to abstract values. specifying the behavioral semantics for DSM-CC interfaces. We Keywords—DSM-CC, U-U interface, abstraction, formal methods, inter- face specification, stream naturally hope to reveal a number of problems or inconsistencies in the standard specification, if any. One of the most important contributions of our work is that we provide a concrete example I. INTRODUCTION of formal interface specifications in the context of MPEG stan- There is a widespread belief in the formal methods commu- dards. We hope that the example clearly shows the benefits of nity that formal techniques are ideally suited for specifying stan- formal methods applied to the standard development and spec- dards. In particular, formal notations are advocated for specify- ification. There are also several novel features in our method ing communication protocols and services being standardized of interface specifications — e.g., making abstraction functions by ISO [1]. In fact, formal methods have been used and are be- explicit and the notion of hidden interface operations. ing used in varying degrees to aid the development and descrip- In the rest of this section we give a quick overview of DSM- tion of standards [2] [3]. Formal methods can be used to provide CC. Section II informally introduces the notion of interface precise, abstract models for standards and to provide analytical specifications and its general approach. In section III and IV, the techniques based on these models. It can be used to provide no- heart of this paper, we formalize the stream interface of DSM- tations for describing specific design made and it is also useful CC standard. For this, we first define an abstract model for the for simulating behavior or rigorously testing conformance [4]. stream interface and then formally specify its interface opera- It is reasonable to expect that formal methods will have a tions based on the formal model. We conclude in section V with wide variety of uses in the area of MPEG standards as well. a discussion of lessons we learned and further research issues. In this paper, we are concerned with formally specifying DSM- CC (Digital Storage Media — Command and Control), a re- cent addition to ISO/IEC MPEG standard series [5]. Indeed, we can enumerate several different things that might be formal- ized: core concepts, communication protocols between client and server, and application portability interfaces and their be- haviors. It seems that there is no universal formal specification language or approach best suited for the work on formalizing DSM-CC. The best approach is through a composite approach which uses several techniques suggested so far. For example, Fig. 1. The basic reference architecture of DSM-CC the set theory-based Z notation [6] is known to be excellent for specifying mathematical concepts and defining underlying se- mantic models [7] [8]. Protocols and services can be best speci- A. An Overview of DSM-CC fied by using process algebra-based languages such as CCS [9], DSM-CC is a very recent ISO/IEC standard developed for the CSP [10] and LOTOS [11], which are equipped with the theory delivery of multimedia broadband services [5] [15]. It defines of concurrent communicating processes. There are also formal the protocols needed to deliver a complete application such as The author’s work was supported in part by the Korean Ministry of Informa- video on demand or home shopping. Fig. 1 shows the functional tion and Communications under the contract number 8MC2800. reference model of DSM-CC. It is based upon a very general model of client, server and network entities for selecting, ac- annotations are given as boolean expressions of underlying pro- cessing and controlling distributed video sources. In the DSM- gramming language [17] [18]. In the declarative approach the CC model, a stream is delivered from a server to a client through annotations are formula that may refer to program variables, but a logical entity called the session and resource manager (SRM). not to procedures of the underlying programming language. The The SRM provides a (logically) centralized management of the operational interface specifications are in general easy to learn DSM-CC sessions and resources. The standard does not dic- and they are executable; annotations can be checked at runtime. tate how each entity must be realized, rather it focuses on the On the other hand, the expressive power of such annotations is user-to-network (U-N) protocols and the user-to-user (U-U) in- rather limited. They do not support free variables or quantifica- terfaces. The U-U information flow is used between the client tion, and there is no guarantee of termination and defined-ness and the server and the interfaces provide a generic set of multi- of annotations. Even worse, they are implementation-dependent media interfaces, i.e., a set of modular building blocks that can and unsuitable for formal verification. Thus, we explore the be used to enable a wide range of multimedia applications. For declarative approach. In the declarative approach, each speci- example, defined are such interfaces as for navigating services fication consists of two components: an abstract model and an provided by a server, attaching to (or detaching from) a partic- interface specification [4] [12] [14]. The abstract model defines ular service, reading or writing to files stored in the server, and the underlying mathematical models of the modules being spec- manipulating MPEG continuous media streams. The U-N infor- ified, and the interface specification specifies the interface prop- mation flows between the SRM and the client or the server and erties of modules in terms of the abstract model. The interface its primary purpose is to control sessions and network resources. specification part is typically composed of an invariant property For example, defined are such protocols as for creating sessions, of the module and a set of operation specifications for the oper- allocating resources to a session, de-allocating resources from a ations exported by the module. session, and destroying a session. In this paper we are only concerned with the U-U interfaces, III. A FORMAL MODEL OF DSM-CC STREAM INTERFACE in particular the stream interface, the core of U-U interfaces, but A. DSM-CC Stream Interface our approach is equally applicable to other interfaces or stan- The core of DSM-CC U-U interfaces is the stream interface dard descriptions as well. The stream interface primitives are to that defines operations to control the delivery of a MPEG me- control the delivery of a media stream through commands such dia stream stored in the server [5]. The standard specifies such as pause, resume, play, jump, etc. The server is represented operations as pause, resume, play, jump, status and reset. These as a stream object that provides this interface and can transport stream operations make use of a temporal addressing scheme MPEG over the network. called normal play time (NPT) to support random positioning and a variety of play rates. The NPT can be thought of as a vir- II. INTERFACE SPECIFICATIONS tual clock that a viewer associates with his program. It is similar A program consists of several modules declaring types, vari- to the one digitally displayed on a VCR. The NPT clock ad- ables, and procedures with their implementation. The interface vances normally in the normal play mode, advances at a faster of a module describes the syntactic and semantic properties of rate in the fast forward mode and decrements in the reverse play the module. The syntactic interface of a module comprises the mode. Using NPT, it is possible to request a position relative type, variable, and procedure identifiers as well as the types of to a specific application program and to control the positioning variables, procedure parameters, and procedure results.