Enumerative Data Types with Constraints

Many verification and validation activities involve reasoning about constraints over complex, hierarchical data types. For example, distributed protocols are often defined using state machines that govern the behavior of processes communicating with messages which are hierarchical data types with state-dependent constraints and dependencies between component fields. Fuzzing, analyzing and evaluating implementations of such protocols requires solving complex queries that pose challenges to current SMT solvers. Generating fields that satisfy type constraints is one of the challenges and this can be tackled using enumerative data types: types that come with an enumerator, an efficiently computable function from natural numbers to elements of the type. Enumerative data types were introduced in ACL2s as a key component of counterexample generation, but they do not handle constraints such as dependencies between types. We extend enumerative data types with constraints and show how this extension enables applications such as hardware-in-the-loop fuzzing of complex distributed protocols.

[1]  P. Manolios,et al.  ACL2s Systems Programming , 2022, ACL2.

[2]  H. Waeselynck,et al.  TAF: a Tool for Diverse and Constrained Test Case Generation , 2021, 2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS).

[3]  IEEE Standard for Information Technology--Telecommunications and Information Exchange between Systems--Local and Metropolitan Area Networks-Specific Requirements--Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications - Amendment 3: Wake-Up Radio Operation , 2021, IEEE Std 802.11ba-2021 (Amendment to IEEE Std 802.11-2020 as amendment by IEEE Std 802.11ax-2021, and IEEE Std 802.11ay-2021).

[4]  Sudipta Chattopadhyay,et al.  Greyhound: Directed Greybox Wi-Fi Fuzzing , 2020, IEEE Transactions on Dependable and Secure Computing.

[5]  Mehrdad Sabetzadeh,et al.  Practical Constraint Solving for Generating System Test Data , 2019, ACM Trans. Softw. Eng. Methodol..

[6]  Andrew Gacek,et al.  Trapezoidal Generalization over Linear Constraints , 2018, ACL2.

[7]  John D. Backes,et al.  The JKind Model Checker , 2017, CAV.

[8]  Frank Piessens,et al.  Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 , 2017, CCS.

[9]  Frank Piessens,et al.  Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing , 2017, AsiaCCS.

[10]  Sarfraz Khurshid,et al.  Automated Test Generation and Mutation Testing for Alloy , 2017, 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST).

[11]  Panagiotis Manolios,et al.  The Inez Mathematical Programming Modulo Theories Framework , 2015, CAV.

[12]  Panagiotis Manolios,et al.  Data Definitions in the ACL2 Sedan , 2014, ACL2.

[13]  Panagiotis Manolios,et al.  ILP Modulo Theories , 2012, CAV.

[14]  Panagiotis Manolios,et al.  Automated specification analysis using an interactive theorem prover , 2011, 2011 Formal Methods in Computer-Aided Design (FMCAD).

[15]  Panagiotis Manolios,et al.  Computer-Aided Reasoning: An Approach , 2011 .

[16]  Panagiotis Manolios,et al.  Integrating Testing and Interactive Theorem Proving , 2011, ACL2.

[17]  Panagiotis Manolios,et al.  The ACL2 Sedan Theorem Proving System , 2011, TACAS.

[18]  Sarfraz Khurshid,et al.  Query-Aware Test Generation Using a Relational Constraint Solver , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[19]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[20]  Laurent Butti,et al.  Discovering and exploiting 802.11 wireless driver vulnerabilities , 2008, Journal in Computer Virology.

[21]  Panagiotis Manolios,et al.  Termination Analysis with Calling Context Graphs , 2006, CAV.

[22]  Panagiotis Manolios,et al.  Ordinal Arithmetic: Algorithms and Mechanization , 2005, Journal of Automated Reasoning.

[23]  Panagiotis Manolios,et al.  Integrating Reasoning About Ordinal Arithmetic into ACL2 , 2004, FMCAD.

[24]  Panagiotis Manolios,et al.  Algorithms for Ordinal Arithmetic , 2003, CADE.

[25]  Pascal Raymond,et al.  The synchronous data flow programming language LUSTRE , 1991, Proc. IEEE.

[26]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[27]  K. Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2000, ICFP '00.

[28]  H. R. Chamarthi Interactive non-theorem disproving , 2022 .