Analyzing singularity channel contracts

This paper presents techniques for analyzing channel contract specifications in Microsoft Research's Singularity operating system. A channel contract is a state machine that specifies the allowable interactions between a server and a client through an asynchronous communication channel. We show that, contrary to what is claimed in the Singularity documentation, processes that faithfully follow a channel contract can deadlock. We present a realizability analysis that can be used to identify channel contracts with problems. Our realizability analysis also leads to an efficient verification approach where properties about the interaction behavior can be verified without modeling the contents of communication channels. We analyzed more than 90 channel contracts from the Singularity code distribution and documentation. Only two contracts failed our realizability condition and these two contracts allow deadlocks. Our experimental results demonstrate that realizability analysis and verification of channel contracts can be done efficiently using our approach.

[1]  Rajeev Alur,et al.  Realizability and verification of MSC graphs , 2005, Theor. Comput. Sci..

[2]  Xiang Fu,et al.  WSAT: A Tool for Formal Analysis of Web Services , 2004, CAV.

[3]  James R. Larus,et al.  Singularity: rethinking the software stack , 2007, OPSR.

[4]  Sebastián Uchitel,et al.  Incremental elaboration of scenario-based specifications and behavior models using implied scenarios , 2004, TSEM.

[5]  Vasco Thudichum Vasconcelos,et al.  Language Primitives and Type Discipline for Structured Communication-Based Programming Revisited: Two Systems for Higher-Order Session Communication , 1998, SecReT@ICALP.

[6]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[7]  Sjouke Mauw,et al.  Message Sequence Chart (MSC) , 1996 .

[8]  James R. Larus,et al.  Language support for fast and reliable message-based communication in singularity OS , 2006, EuroSys.

[9]  Xiang Fu,et al.  Conversation specification: a new approach to design and analysis of e-service composition , 2003, WWW '03.

[10]  A. Pnueli,et al.  On the Synthesis of an Asynchronous Reactive Module , 1989, ICALP.

[11]  Xiang Fu,et al.  Synchronizability of conversations among Web services , 2005, IEEE Transactions on Software Engineering.

[12]  Xiang Fu,et al.  Conversation protocols: a formalism for specification and verification of reactive electronic services , 2003, Theor. Comput. Sci..

[13]  Martín Abadi,et al.  Realizable and Unrealizable Specifications of Reactive Systems , 1989, ICALP.

[14]  Amir Pnueli,et al.  On the synthesis of a reactive module , 1989, POPL '89.