CADP a protocol validation and verification toolbox
Alain Kerbrat1996, Computer Aided Verification
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
AI
AI
CADP (C/ESAR/ALDEBARAN Development Package) is a comprehensive toolbox designed for protocol engineering, offering functionalities that range from interactive simulations to advanced formal verification techniques. Developed since 1985 and featuring several interconnected components, CADP supports various protocol description languages and provides tools for testing, deadlock detection, and behavioral verification. The toolbox is implemented in numerous academic and industrial applications, highlighting its versatility and practical importance in protocol development.
Related papers
From protocol models to their implementation: a versatile testing methodology
IEEE Design and Test of Computers, 2004
A scalable tool for efficient protocol validation and testing
Computer Communications, 2003
Reliable protocols require early-stage validation and testing. Due to the state explosion problem in validation methods such as model checking [IEEE Trans. Software Engng 19 (1993) 24], sometimes it is not possible to test all the system states. We apply our state-of-the-art algorithm in computing the most critical states and branches to be tested. We prioritize this information to guide the validation of the protocol. We implemented this technology in a tool that visualizes the specifications of protocols with their testing priorities. Such a tool can also be used to identify faulted place in the protocol when some tests failed. It provides information such as where in the protocol is most likely to have bugs. Our tool provides many benefits, including (1) early detection and recovery of protocol faults, (2) visualization and simulation of the protocol specifications, (3) quantification of the reliability confidence of protocols, (4) making code generation directly from protocol specifications more possible, and (5) reduction of the number of introduced faults. This paper considers the case when the specification of the protocol is given in Specification and Description Language (International Telecommunication Union standard). Our technology is based on both the control flow and the data flow of the specifications. It first generates a control flow diagram from the specification and then automatically analyses the coverage features of the diagram. It collects the corresponding flow data during the simulation time to be mapped to the control flow diagram. The coverage information for the original specification is then obtained from the coverage information of the flow diagram.
Bus Protocols: MSC-Based Specifications and Translation into Program of Verification Tool for Formal Verification
2010
Message Sequence Charts (MSCs) are an appealing visual formalism mainly used in the early stages of system design to capture the system requirements. However, if we move towards an implementation, an executable specifications related in some fashion to the MSC-based requirements must be obtained. The MSCs can be used effectively to specify the bus protocol in the way where high-level transition systems is used to capture the control flow of the system components of the protocol and MSCs to describe the non-atomic component interactions. This system of specification is amenable to formal verification. In this paper, we present the way how we can specify the bus protocols using MSCs and how these specifications can be translated into program of verification tool (we have used Symbolic Model Verifier (SMV)) for the use of formal verification. We have contributed to the following tasks in this respect. Firstly, the way to specify the protocol using MSC has been presented. Secondly, a tr...
Verification and test generation for the SSCOP protocol
Science of Computer Programming, 2000
Many formal tools are now e cient enough to deal with small-to-medium size systems. Working with larger systems requires not so much to improve these tools, but to use them in combination, applying one tool for what it is most e cient for, and using its results to improve the applicability of the other tools. This paper presents such a combination, illustrated on an industrial protocol, large enough to break any brute force approach. Two research teams allied their forces with a software engineering tools maker in order to analyse, verify and generate automatically tests for this protocol, by the extension and the interconnection of their various tools. The results obtained give some hints on a methodology for the formal validation of large systems.
A Progressive Method for Testing Protocol Conformance
paginas.fe.up.pt
The development of communications systems demands testing. This paper presents a framework for testing onthe-fly, which relies on the identification of 3 types of tests and on their sequential execution. The ioco conformance relation was adopted in order to assign verdicts.
Experience in developing and testing network protocol software using FDTs
Information and Software Technology, 2003
This paper presents the research effort to formally specify, develop and test a complex real-life protocol for mobile network radios (MIL-STD 188-220). As a result, the team of researchers from the University of Delaware and the City College of the City University of New York, collaborating with scientists from CECOM (an R&D facility of the US Army) and the US Army Research Laboratory, have helped advance the state-of-the-art in the design, development, and testing of wireless communications protocols. Estelle is used both as the formal specification language for MIL-STD 188-220 and the source to automatically generate conformance test sequences. The formal test generation effort identified several theoretical problems for wireless communication protocols (possibly applicable to network protocols in general): (1) the timing constraint problem, (2) the controllability problem, (3) inconsistency detection and elimination problem and (4) the conflicting timers problem. Based on the collaborative research results, two software packages were written to generate conformance test sequences for MIL-STD 188-220. These packages helped generate tests for MIL-STD 188-220's Data Link Types 1 and 4 services that were realizable without timer interruptions while providing a 200% increase in test coverage. The test cases have been delivered and are being used by a CECOM conformance testing facility. q
Directed-simulation assisted formal verification of serial protocol and bridge
2006
Robust verification of protocol conversion and arbitration schemes of SoC bridges forms a significant component of the overall SoC verification. Formal verification provides a way to achieve this, but a naive approach often leads to explosion of the state space, and is impractical for most of today's protocols and bridges. This problem is further complicated in the presence of serial protocols, where control and data are mixed together and transactions continue for very great depths. White-box verification is not a feasible solution, since these bridges are often imported or generated from other sources, and internal information is not readily available. In this paper, we propose a black-box and hybrid approach to this problem, by judiciously mixing simulation and formal verification. We illustrate our approach by applying it to two dual stage bridges that perform serial to parallel protocol conversion and vice versa.
A validation Model for the DSR protocol
… 2004. Proceedings. 24th …, 2004
This paper presents a validation model for the Dynamic Source Routing (DSR) protocol. This model is based on a formal specification of the protocol. It also provides a verification technique to verify the protocol against the IETF DSR draft requirements [1] as well as a testing technique for the generation of a set of scenarios to check the conformance of a given implementation. The DSR protocol has been specified following the IETF DSR draft. The formal specification has been designed using the SDL language and the scenarios have been generated from the specification using a method and a tool developed at INT [2]. The test generation method is based on a set of test purposes that express specific system properties and is completely automated. In this paper, we also present the experimentation results of the application of our tool to the DSR protocol.
Test development for communication protocols: towards automation
Computer Networks, 1999
In this paper we give an introduction to methods and tools for testing communication protocols and distributed systems. In this context, we try to answer the following questions: Why are we testing? What are we testing? Against what are we Ž testing?... We present the different approaches of test automation and explain the industrial point of view automatic test . Ž . execution and the research point of view automatic test generation . The complete automation of the testing process requires the use of formal methods for providing a model of the required system behavior. We show the importance of Ž . modelling the aspects to be tested the right model for the right problem! and point out the different aspects of interest Ž . control, data, time and communication . We present the problem of testing based on models, in the form of finite state Ž . machines FSMs , extended FSMs, timed FSMs and communicating FSMs, and give an overview of the proposed solutions and their limitations. Finally, we present our own experience in automatic test generation based on SDL specifications, and discuss some related work and existing tools. q Ž . The Open Systems Interconnection OSI Reference Model has been useful in placing existing protocols in an overall communication architecture and the development of new protocol standards. The term open systems means that if a system conforms to a standard, it is open to all other systems conforming to the same standard for communication.
Related papers
Practical considerations in protocol verification: the E-2C case study
Proceedings Fifth IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'99) (Cat. No.PR00434), 1999
We report on our efforts to formally specify and verify a new protocol of the E-2C Hawkeye Early Warning Aircraft. The protocol, which is currently in test at Northrop Grumman, supports communication between a Mission Computer (MC) and three or more Tactical Workstations (TWSs), connected by a single-segment LAN. We modeled the protocol in the PROMELA specification language of the SPIN verification tool, and used SPIN to analyze a number of properties of the protocol. Our investigation revealed a race condition that can lead to a disconnect of an MC/TWS connection when there is one lost UDP datagram and significant timing delays. Such delays are virtually impossible under normal E-2C operating conditions, but could be due to noise on the MC/TWS LAN. A simple modification was proposed that avoids the disconnect in many situations. Practical considerations, however, mandated that the protocol be left as is: shutting down a noisy connection and reinitializing the TWS, with minimal delay and loss of information to the operator, was deemed preferable to operating in degraded mode.
The L.0 Language and Environment for Protocol Simulation and Prototyping
IEEE Transactions on Computers, 1991
A description is given of L.0, an executable specification language designed for describing communications protocols and similar reactive systems. L.0 is synchronous and rule-based. The rules are either cause-effect rules or constraints. Rules can be activated and deactivated dynamically, and several can be fired simultaneously. L.0 has modern notions of encapsulation and data sharing. Indirection, quantification, and recursive definition of
Towards Standardized Conformance Test Suite for ISO Transport Layer Protocol
INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY
In this paper, we develop a sound Conformance Test Suite for the Transport Layer Protocol Internationally standardized by both ISO and IEC. This is to test the implementations of the protocol, promote and facilitate standardized test suites, and promote the use of formal methods. We use formal methods for the generation of testing sequences to make the results sound. The protocol is formally specified in Lotos; the ISO/IEC Formal Description Technique for computer/communications protocols and distributed systems.
Towards analyzing and synthesizing protocols
… IEEE Transactions on, 1980
Abstraft--The production of error-& protomls or complex process interactions is essential to reliable communications. This paper presents techniques for both the detection of errors in prdoeols and for prevention of errors in their design. The methods have been used suceesstully , t o detect and correct errors in existing protomls. A technique based on a reachability analysis is described which detects errors in a design. This "perturbation technique" has been implemented and has s u d y detected inconsistencies or errors in existing protocol designs including both X.21 and X.25. The types of errors handled are state deadlocks, unspecified receptions, nonexecutable interactions, and state ambiguities. Therrors are d s e d and their effects considered. An interactive design technique is then described that prevents design errors. The technique is based on a set of production rules which guarantee that complete reception capability is provided in the interacting processes. These rules have been implemented in the form of a tracking algorithm that prevents a designer from creating unspecified receptions and nonexecutable interactions and monitors for the presence of state deadlocks and ambiguities. ZAFIROPULO et al.: ANALYZING AND SYNTHESIZING PROTOCOLS IEEE
Protocol Conformance Testing — A Survey
Computer Networks, Architecture and Applications, 1995
Testing is an integral part of protocol development cycle. In this paper, we will briefly discuss the protocol conformance testing methodologies and framework proposed by the International Standards Organization. Many efficient test sequence generation methods have been proposed to check the conformance of an implementation of a protocol to its standards. We will discuss these methods briefly. Finally, we will compare different test methodologies based on their fault coverage and the length of the test sequence.
A Methodology for Protocol Verification
2018
The EMVCoorganisation (i.e. MasterCard, Visa, etc.) protocols facilitate worldwide interoperability of secure electronic payments. Despite recent advances, it has proved difficult for academia to provide an acceptable solution to construction of secure applications within industry’s constraints. In this paper, we describe a methodology we have applied to EMV1. It involves domain specific languages and verification tools targeting different analysis of interest. We are currently collaborating with EMVCo on their upcoming EMV R ©2nd Generation (EMV2) specifications.
Verification of protocol implementations by means of test generation from specifications
1993
Dans Ie cadre de mes etudes~l'Ecole Polytechnique d'Eindhoven il est necessaire d'effectuer un stage de fin d'etudes concretisant rna formation d'ingenieur. J'ai effectue Ie premier mois (decembre 1992)~Philips Research Laboratories en Eindhoven, et les huit autres mois Ganvier 1993 jusqu'
Design and validation of protocols: a tutorial
Computer Networks and ISDN Systems, 1993
It can be remarkably hard to design a good communications protocol, much harder even than it is to write a normal sequential program. Unfortunately, when the design of a new protocol is complete, we usually have little trouble convincing ourselves that it is trivially correct. It can be a unreasonably hard to prove those facts formally and to convince also others. Faced with that dilemma, a designer usually decides to trust his or her instincts and forgo the formal proofs. The subtle logical flaws in a design thus get a chance to hide, and inevitably find the worst possible moment in the lifetime of the protocol to reveal themselves.
Hybrid Verification of Protocol Bridges
IEEE Design & Test of Computers, 2007
It's usually necessary to apply formal verification on very small modules or else be content with bounded proofs on realistically large modules. But there is no denying that despite its capacity problems, formal verification has its strengths and utility and is a complementary technique to simulation. Used judiciously, simulation and formal techniques can complement each other's strengths, thereby balancing their respective weaknesses. There are different ways to combine these two techniques. In this article, we present two case studies of the application of one such technique: the hybrid verification of a serial protocol. We chose this example because of serial protocols' added complexity compared to parallel protocols. Both case studies involve the same serial protocol (I2C) but demonstrate different aspects of its verification. Selection of the same protocol in both case studies also demonstrates the tremendous value of reuse in formal verification.
Spanner: A Tool for the Specification, Analysis, and Evaluation of Protocols
IEEE Transactions on Software Engineering, 2000
SPANNER is a software package for the specification, analysis, and evaluation of protocols. It is based on a mathematical model of coordinating processes called the selection/resolution model. SPANNER presently comprises three modules. The parser module checks a formal specification (in the SPANNER specification language) for syntactic correctness. The reachable graph module generates a database that consists of reachable states, transitions, and other information useful for analysis. The analysis module, with a user-friendly interface, allows a user to query the database interactively and evaluate the behavior of the protocol. This paper discusses the selection/resolution model, describes the specification language, and shows how SPANNER can be used for the development and analysis of protocols.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.