Guidelines for the Use of Formal Languages in IETF Specifications
Date: 1 Oct 2001
This temporary guideline has been prepared by the IESG in response to a
specific case; it is intended that it be put into an internet-draft and
progressed as an IETF consensus position.
At the moment, it is an indication to document authors of things the
IESG is likely to think of when reviewing a document using a formal
Formal languages are useful tools for specifying parts of protocols.
However, as of today, there exists no well-known language that is able
to capture the full syntax and semantics of reasonably rich IETF
We therefore expect that people will continue using English to describe
protocols, with formal languages as a supporting mechanism.
Often, one finds people specifying parts of a protocol in "pseudocode";
constructs that look like a programming language, but are not
conforming to any fixed syntax. The IESG evaluation will be on clarity
of specification, just as if the specification had been in English.
- Procedural parts of a specification may be written in a pseudo-code
which is unambiguously defined in the document. This is clearly a
very good way in which to express the algorithm.
- Use of a program in any known or intuitive programming language,
including pseudo-code, may be used to illustrate and support a
specification which is in itself complete.
The emphasis when using pseudocode needs to be on clarity.
When a specification makes use of a formal language, such as C, ASN.1,
SMI, ABNF, UML or MOF, there are a number of considerations:
- The use of a language requires a reference to the specification for
that language. This reference is normative, and needs to fulfil the
usual requirements for normative references (section 7 of RFC 2026).
- The language must be used correctly according to its specification.
It must be clear whether the language is really in the language, or
just pseodocoe that happens to look like that language.
- The specification needs to be verifiable. This means that it should
be relatively easy to extract the code from the document and run it
through a verification tool for conformance to the language syntax.
Use of code fragments is problematic in this regard; the commonly
used technique of collecting all code fragments in a complete form as
an appendix can often be an useful way to avoid this problem,
although care must be taken to make sure the appendix is consistent
with the body of the text.
- The specification needs to be complete. In particular, any modules
referenced but not included in the specification are normative
references. Their syntactic and semantic properties need to be known
to any implementor of the specification; therefore, stability of
reference is as important as for the language itself, and
accessibility of the specification is a primary concern. Reference
to library components that are well defined by the standards for the
language under consideration, and commonly supplied together with
validation tools or compilers for the language, are not a problem.
- The specification needs to be reasonably implementation independent.
This means in particular that care must be taken to avoid or document
dependencies on implementation idiysyncrasies, such as size of
integers, character set of implementation, and so on. It is also
wise to avoid areas known to create problems, such as use of (for
instance) dynamic memory allocation and pointer arithmetic.
The code in the specification is NOT required to itself be a reference
implementation, but it must be clear from the document what parts of the
specification are outside the code.
Note: It is not required that syntax checking tools are available
before a specification using a language is first entered on the
IETF standards track. However, experience shows that people are
lousy at checking formal syntax, so when such tools are
available, they SHOULD be used.
A specification that fails verification tools is not likely to progress.