Verification of protocols using symbolic execution

1990

This paper studies the four basic types of algorithm that, over the last ten years, have been developed for the automated validation of the logical consistency of data communication protocols. The algorithms are compared on memory usage, CPU time requirements, and the quality, or coverage, of the search for errors.

2006

It is not likely that many traveling salesmen can be discouraged from their job by a lecture on its complexity . Not surprisingly, writers of automated protocol analyzers are much the same. The problem of determining whether an arbitrary message passing system contains deadlocks is PSPACEcomplete at best (for bounded queue lengths) . Yet for any given formal analysis model it is easy to derive state space exploration routines that can find such errors with certainty -given a sufficient amount of time and space. In practice, therefore, one of the main problems is to optimize the speed and memory usage of an automated validator. To phrase it differently: it is not hard to validate protocols, it is hard to do it (sufficiently) fast. In reachability analyses, the limits of what can be analyzed in practice can be moved substantially if the traditional finite state machine model is abandoned. To illustrate this, we introduce a simple symbolic execution method based on vector addition. It is extended into a full protocol validator, carefully avoiding known performance bottlenecks. Compared with previous methods the performance of this validator is roughly two orders of magnitude in speed faster and allows validation of protocol systems up to 10 6 states in only minutes of CPU time on a medium size computer.

Lecture Notes in Computer Science, 2018

Ensuring software correctness and safety for communicationcentric programs is important but challenging. In this paper we introduce a solution for writing communication protocols, for checking protocol conformance and for verifying implementation safety. This work draws on ideas from both multiparty session types, which provide a concise way to express communication protocols, as well as from separationstyle logics for shared-memory concurrency, which provide strong safety guarantees for resource sharing. On the one hand, our proposal improves the expressiveness and precision of session types, without sacrificing their conciseness. On the other hand, it increases the applicability of software verification as well as its precision, by making it protocol aware. We also show how to perform the verification of such programs in a modular and automatic fashion. one of the communicating entities requires the re-validation of the entire system. Since validation might be expensive, or difficult to achieve if the source code of certain components is not available, it is desirable for the developer to be able to only validate her changes locally, rather than at the global level. Over the last decades, behavioral types [35,26] have been studied as specifications of the interactions in communicating systems. In particular, multiparty session types [23], or MPSTs, provide a user-friendly syntax for writing choreographic specifications of distributed systems, and a lightweight mechanism for enforcing communication safety. Communication is considered correct when the system's constituent processes are statically type-checked against the end-point projections of the MPST. This formalism and its numerous extensions are attractive in checking if the implementation follows the intended communication pattern, but it lacks the strong safety and correctness guarantees normally provided by the resource-aware verification systems. Specifically, the MPST approach checks if a transmission's exchanged type is the expected one. However, in their most common form, MPSTs are unable to assert something about the message's numerical properties, and even less so about its carried resources in the case of tightly coupled systems. All these, while numerical properties and resource sharing constitute the pièce de résistance for separation logic [38], a logic for reasoning about resource sharing. In this work, we attach a communication logic in the user-friendly style of MPST, to a separation logic for program verification. Even though we draw on ideas from MPST, the proposed logic differs from MPST in a number of features which yield a more expressive communication specification-without compromising its friendly syntax. The current proposal ultimately leads to stronger guarantees w.r.t. the safety and correctness of distributed system. We shall next highlight these differences. Writing Multiparty Communication Protocols. The language we propose for writing communication protocols is described in Fig. 1a. Similar to MPST, the language contains the terminal notation S− →R : c v•∆ to describe a transmission from sender S to receiver R, over channel c. Different from type approaches where a message abstracts a type, the exchanged message v is expressed in the logical form ∆ (defined in Fig. 1b). Do note that v•∆ is in fact a shorthand for the lambda function (λv. ∆). This language uses G 1 * G 2 for the concurrency of global protocols G 1 and G 2 , and G 1 ∨ G 2 for disjunctive choice between either G 1 or G 2 , and finally G 1 ; G 2 on the implicit sequentialization of G 1 before G 2 for either the same party or the same channel. Let us next consider a series of examples to introduce this language and to highlight the benefits over MPST. Example 1: We consider a cloud service for video editing, where a client sends to the cloud a file of some video format, and expects back an enhanced version of the original file, see Fig. 2a. A client-server protocol to describe this simple interaction is written as follows: CS a C− →S : c v•v : file ; S− →C : c v•v : file. The CS a lightweight protocol suffices to describe the order of communication and the exchanged message type. A rigorous specification though, also emphasizes that the server applies some filter on the original file:

We present a methodology for the verification of Message Passing Interface (MPI) programs written in C. The aim is to statically verify programs against protocol specifications, enforcing properties such as fidelity and absence of deadlocks. We make use of a protocol language based on a dependent type system for message-passing parallel programs. For the verification of a program against a given protocol, the protocol is first translated into a representation read by VCC, a software verifier for the C programming language. The program is then annotated with specific assertions that, together with a pre-established set of contracts for MPI primitives, guide the verifier to either prove or disprove the program's conformance to the protocol. We successfully verified MPI programs in a running time that is independent of the number of processes or other input parameters. This contrasts with other techniques, notably model checking and symbolic execution, that suffer from the state-explosion problem. We experimentally evaluated our approach against TASS, a state-of-the-art tool for MPI program verification.

Lecture Notes in Computer Science, 1994

2018

The EMVCoorganisation (i.e. MasterCard, Visa, etc.) protocols facilitate worldwide interoperability of secure electronic payments. Despite recent advances, it has proved difficult for academia to provide an acceptable solution to construction of secure applications within industry’s constraints. In this paper, we describe a methodology we have applied to EMV1. It involves domain specific languages and verification tools targeting different analysis of interest. We are currently collaborating with EMVCo on their upcoming EMV R ©2nd Generation (EMV2) specifications.

Proceedings of the 43rd annual conference on Design automation - DAC '06, 2006

In recent years several research reports have been published on Robust verification of protocol conversion and arbitration schemes the formal verification of parallel protocol compliance [6-8], but of SoC bridges forms a significant component of the overall SoC relatively smaller number of papers has been published on the topic verification. Formal verification provides a way to achieve this, but of formal verification of serial protocols [9, 10]. Formal verification a naive approach often leads to explosion of the state space, and is of serial protocols is significantly more complex than that of parallel impractical for most of today's protocols and bridges. This problem protocols because of the following aspects: is further complicated in the presence of serial protocols, where * The state of the protocol transaction at any instant is a function control and data are mixed together and transactions continue for of all the previous bits transferred on the bus. very great depths. White-box verification is not a feasible solution, * The data and control bits are intermingled. Sometimes there is since these bridges are often imported or generated from other no explicit clock too. sources, and intemal information is not readily available. In this * Formal verification would inherently involve data path logic paper, we propose a black-box and hybrid approach to this problem, (FIFO, counter, shift register) which are typically used to by judiciously mixing simulation and formal verification. We transmit/receive/descramble data bits. illustrate our approach by applying it to two dual stage bridges that * Each transaction spans hundreds of clock cycles and perform serial to parallel protocol conversion and vice versa. maintaining the entire history in the verification environment greatly increases the complexity of the formal proofprocess. Categories and Subject Descriptors: B.6.3 [Hardware]: Logic Design-Design Aids-Verification. To formally verify serial protocol compliance, effective methodologies for all these problems have to be formulated.

The Journal of Supercomputing, 2011

This study presents a method to construct formal rules used to run-time verify message passing between clients in distributed systems. Rules construction is achieved in four steps: (1) Visual specification of expected behavior of the sender, receiver, and network in sending and receiving a message, (2) Extraction of properties of sender, receiver, and network from the visual specification, (3) specification of constraints that should govern message passing in distributed systems, and (4) construction of verifier rules from the properties and the constraints. The rules are used to verify actual sender, receiver, and network behavior. Expected behavior of the client (process) is one that to be and the actual one is the behavior should be verified. The rules were applied to verify the behavior of client and servers that communicated with each other in order to compute Fibonacci numbers in parallel and some violations were discovered. Keywords Client-server • Distributed systems • Reliable message passing • Specification and verification 1 Introduction While centralized systems use shared memory to communicate between processes, distributed systems use messaged-based interaction for interprocess communications. Message passing is used in a wide range of applications from low-level ones such as remote procedure call (RPC) to high-level ones such as group communication and message-oriented middleware (MOM) [1]. In addition, in traditional technologies including Remote Method Invocation (RMI) [2], Distributed Component Object Model (DCOM) [3], and Common Object Request Broker Architecture (CORBA) [4] and

Computer Aided Verification, 1996

Computer Communications, 2003

Reliable protocols require early-stage validation and testing. Due to the state explosion problem in validation methods such as model checking [IEEE Trans. Software Engng 19 (1993) 24], sometimes it is not possible to test all the system states. We apply our state-of-the-art algorithm in computing the most critical states and branches to be tested. We prioritize this information to guide the validation of the protocol. We implemented this technology in a tool that visualizes the specifications of protocols with their testing priorities. Such a tool can also be used to identify faulted place in the protocol when some tests failed. It provides information such as where in the protocol is most likely to have bugs. Our tool provides many benefits, including (1) early detection and recovery of protocol faults, (2) visualization and simulation of the protocol specifications, (3) quantification of the reliability confidence of protocols, (4) making code generation directly from protocol specifications more possible, and (5) reduction of the number of introduced faults. This paper considers the case when the specification of the protocol is given in Specification and Description Language (International Telecommunication Union standard). Our technology is based on both the control flow and the data flow of the specifications. It first generates a control flow diagram from the specification and then automatically analyses the coverage features of the diagram. It collects the corresponding flow data during the simulation time to be mapped to the control flow diagram. The coverage information for the original specification is then obtained from the coverage information of the flow diagram.

Lecture Notes in Computer Science, 2009

In recent years, deductive program verification has improved to a degree that makes it feasible for real-world programs. Following this observation, the main goal of the Verisoft XT project is (a) the creation of methods and tools which allow for the pervasive formal verification of integrated computer systems, and (b) the prototypical realization of four concrete, industrial application tasks. In this paper, we report on the Verisoft XT subproject Avionics, where formal verification is applied to a commercial embedded operating system. The goal is to use deductive techniques to verify functional correctness of the PikeOS system, which is a microkernelbased partitioning hypervisor. We present our approach to verifying the microkernel's system calls, using a system call for changing the priority of threads as an example. In particular, (a) we give an overview of the tool chain and the verification methodology, (b) we explain the hardware model and how assembly semantics is specified so that functions whose implementation contain assembly can be verified, and (c) we describe the verification of the system call itself. We also explain why this effort matters in regulatory dependability frameworks such as DO-178B and IEC61508 for safety resp. Common Criteria for security. Work partially funded by the German Federal Ministry of Education and Research (BMBF) in the framework of the Verisoft XT project under grant 01 IS 07 008. The responsibility for this article lies with the authors. example to conform to partitioning requirements in the (aforementioned) Integrated Modular Avionics. At the kernel level, the mechanisms for communication between threads are IPC, events, and shared memory. High-level communication concepts such as Integrated Modular Avionics ARINC ports can be mapped onto these kernel-level mechanisms. For a thorough discussion of PikeOS and its evolution, see [17]. For an exemplary deployment of a running PikeOS system see Fig. 1. For concrete examples we (again) refer to [32-35]. Most parts of the PikeOS kernel, especially those that are generic, are written in C, while other parts that are close to the hardware are necessarily implemented in assembly. PikeOS runs on many platforms, including x86, PowerPC, MIPS, and ARM among others and the exact amount of assembly depends on the architecture one works on. The verification target we have chosen for our project, is the PikeOS version for the PowerPC processor family, the OEA architecture, and the MPC5200 platform [11, 12]. In this particular case, PowerPC assembly is about one tenth of the codebase.

2012

In the world of designing network protocols, verification is a crucial step to eliminate weaknesses and inaccuracies of effective network protocols. There are many models and tools to verify network protocols, including, Finite State Machines (FSM), Colored Petri Nets (CP-Nets), Temporal Logic, Predicate Logic, Estelle Specification, Path based Approach etc. This paper presents a survey of various techniques for verifying correctness properties of communications protocol

Proceedings of the Fourth Annual Conference on Computer Assurance, 'Systems Integrity, Software Safety and Process Security, 1989

We present a general method for formally verifying the correctness of microprocessor designs. The abstract level specification of the processor defines the effect of every instruction in terms of a suitably chosen programmer's model of the processor. The concrete level specification gives a description of the design of the processor a t a synchronous level by defining the behavior over a single microcycle. We develop a general criterion of correctness to relate the two levels of behavior of the processor. We illustrate the application of our method to a simple processor, Simple, and a larger realistic processor MiniCayuga, which uses instruction pipelining. Both the designs have been completely verified using an applicative language based verification system Clio.

Correct interaction of asynchronous protocols requires verification. Timed asynchronous protocols add another layer of complexity to the verification challenge. A methodology and automated tool flow have been developed for verifying systems of timed asynchronous circuits through compositional model checking of formal models with symbolic methods. The approach uses relative timing constraints to model timing in asynchronous hardware protocols-a novel mapping of timing into the verification flow. Relative timing constraints are enforced at the interface external to the protocol component. SAT based and BDD based methods are explored employing both interleaving and simultaneous compositions. We present our representation of relative timing constraints, its mapping to a formal model, and results obtained using NuSMV on several moderate sized asynchronous protocol examples. The results show that the capability of previous methods is enhanced to enable the hierarchical verification of substantially larger timed systems.

2001

We describe a generic switching protocol for the construction of hybrid protocols and prove it correct with the Nuprl proof development system. We introduce the concept of meta-properties to characterize communication properties that can be preserved by switching and identify switching invariants that an implementation of the switching protocol must satisfy in order to work correctly. Our work shows how a theorem prover with a rich specification language can contribute to the design and implementation of verifiably correct adaptive protocols and that it can have a large impact when being engaged at the earliest stages of the design.