论文信息 - Formal specification and analysis of zeroconf using uppaalS

Formal specification and analysis of zeroconf using uppaalS

The model checker Uppaal is used to formally model and analyze parts of Zeroconf, a protocol for dynamic configuration of IPv4 link-local addresses that has been defined in RFC 3927 of the IETF. Our goal has been to construct a model that (a) is easy to understand by engineers, (b) comes as close as possible to the informal text (for each transition in the model there should be a corresponding piece of text in the RFC), and (c) may serve as a basis for formal verification. Our modeling efforts revealed several errors (or at least ambiguities) in the RFC that no one else spotted before. We present two proofs of the mutual exclusion property for Zeroconf (for an arbitrary number of hosts and IP addresses): a manual, operational proof, and a proof that combines model checking with the application of a new abstraction relation that is compositional with respect to committed locations. The model checking problem has been solved using Uppaal and the abstractions have been checked by hand.

[1] C. A. R. Hoare,et al. Communicating sequential processes , 1978, CACM.

[2] Joseph Sifakis,et al. Compositional Specification of Timed Systems (Extended Abstract) , 1996, STACS.

[3] Kim G. Larsen,et al. A Tutorial on Uppaal , 2004, SFM.

[4] Glenn Bruns,et al. Applying Formal Methods to a Protocol Standard and its Implementations , 1998, PDSE.

[5] Gérard Berry,et al. The Esterel Synchronous Programming Language: Design, Semantics, Implementation , 1992, Sci. Comput. Program..

[6] Hendrik Brinksma,et al. On Verification Modelling of Embedded Systems , 2004 .

[7] Kim G. Larsen,et al. Testing real-time embedded software using UPPAAL-TRON: an industrial case study , 2005, EMSOFT.

[8] Rajeev Alur,et al. A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[9] Frits W. Vaandrager,et al. Verification of a Leader Election Protocol: Formal Methods Applied to IEEE 1394 , 2000, Formal Methods Syst. Des..

[10] Biniam Gebremichael,et al. Specifying urgency in timed I/O automata , 2005, Third IEEE International Conference on Software Engineering and Formal Methods (SEFM'05).

[11] Wang Yi,et al. UPPAAL 4.0 , 2006, Third International Conference on the Quantitative Evaluation of Systems - (QEST'06).

[12] Joseph Sifakis. The Compositional Specification of Timed Systems - A Tutorial , 1999, CAV.

[13] Stuart Cheshire,et al. Dynamic Configuration of IPv4 Link-Local Addresses , 2005, RFC.

[14] Gerd Behrmann,et al. Adding Symmetry Reduction to Uppaal , 2003, FORMATS.

[15] Stuart Cheshire,et al. Zero configuration networking - the definitive guide: things that just work: covers Apple's Bonjour APIs , 2005 .

[16] Jasper Berendsen,et al. Compositional Abstraction in Real-Time Model Checking , 2008, FORMATS.

[17] Joseph Sifakis,et al. Tools and Applications II: The IF Toolset , 2004 .

[18] Jörg Kreiker. Analysis of communication topologies by partner abstraction , 2006 .

[19] David L. Dill,et al. Better verification through symmetry , 1996, Formal Methods Syst. Des..

[20] Marta Z. Kwiatkowska,et al. PRISM 2.0: a tool for probabilistic model checking , 2004, First International Conference on the Quantitative Evaluation of Systems, 2004. QEST 2004. Proceedings..

[21] Erik P. de Vink,et al. Verification and Improvement of the Sliding Window Protocol , 2003, TACAS.

[22] Frits W. Vaandrager,et al. Cost-optimization of the IPv4 zeroconf protocol , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[23] Shin Nakajima,et al. The SPIN Model Checker : Primer and Reference Manual , 2004 .

[24] Nicolae Goga,et al. Founding FireWire bridges through Promela prototyping , 2003, Proceedings International Parallel and Distributed Processing Symposium.

[25] Jasper Berendsen,et al. Formal Specification and Analysis of Zeroconf using Uppaal , 2007 .

[26] Robin Milner,et al. Communication and concurrency , 1989, PHI Series in computer science.

[27] Frits W. Vaandrager,et al. Analysis of the zeroconf protocol using UPPAAL , 2006, EMSOFT '06.

[28] Frits W. Vaandrager,et al. Analysis of a biphase mark protocol with Uppaal and PVS , 2006, Formal Aspects of Computing.

[29] Karen Yorav,et al. Exploiting syntactic structure for automatic verification , 2000 .

[30] Jmt Judi Romijn. Improving the quality of protocol standards : correcting IEEE 1394.1 FireWire net update , 2004 .

[31] Marta Z. Kwiatkowska,et al. Performance analysis of probabilistic timed automata using digital clocks , 2003, Formal Methods Syst. Des..

[32] Arjan J. Mooij,et al. Improving the quality of protocol standards , 2001 .

[33] Kim G. Larsen,et al. Efficient On-the-Fly Algorithms for the Analysis of Timed Games , 2005, CONCUR.

[34] Kim G. Larsen,et al. Scaling up Uppaal Automatic Verification of Real-Time Systems Using Compositionality and Abstraction , 2000, FTRTFT.

[35] Mariëlle Stoelinga. Fun with FireWire: A Comparative Study of Formal Verification Methods Applied to the IEEE 1394 Root Contention Protocol , 2003, Formal Aspects of Computing.

[36] Martín Abadi,et al. An old-fashioned recipe for real time , 1994, TOPL.

[37] Seif Haridi,et al. Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[38] Somesh Jha,et al. Verification of the Futurebus+ cache coherence protocol , 1993, Formal Methods Syst. Des..