Formal Specification and Analysis of Zeroconf using Uppaal

We report on a case study in which the model checker Uppaal is used to formally model parts of Zeroconf, a protocol for dynamic configuration of IPv4 link-local addresses that has been defined in RFC 3927 of the IETF. Our goal has been to construct a model that (a) is easy to understand by engineers, (b) comes as close as possible to the informal text (for each transition in the model there should be a corresponding piece of text in the RFC), and (c) may serve as a basis for formal verification. Our modeling efforts revealed several errors (or at least ambiguities) in the RFC that no one else spotted before. We present two proofs of the mutual exclusion property for Zeroconf (for an arbitrary number of hosts and IP addresses): a manual, operational proof, and a proof that combines model checking with the application of a new abstraction relation that is compositional with respect to committed locations. The model checking problem has been solved using Uppaal, and the abstractions have been checked either by hand or by using Uppaal-Tiga.

[1]  Kim G. Larsen,et al.  Efficient On-the-Fly Algorithms for the Analysis of Timed Games , 2005, CONCUR.

[2]  Marta Z. Kwiatkowska,et al.  Performance analysis of probabilistic timed automata using digital clocks , 2003, Formal Methods Syst. Des..

[3]  David L. Dill,et al.  Better verification through symmetry , 1996, Formal Methods Syst. Des..

[4]  Marta Z. Kwiatkowska,et al.  PRISM 2.0: a tool for probabilistic model checking , 2004, First International Conference on the Quantitative Evaluation of Systems, 2004. QEST 2004. Proceedings..

[5]  Hendrik Brinksma,et al.  On Verification Modelling of Embedded Systems , 2004 .

[6]  Kim G. Larsen,et al.  Scaling up Uppaal Automatic Verification of Real-Time Systems Using Compositionality and Abstraction , 2000, FTRTFT.

[7]  Mariëlle Stoelinga Fun with FireWire: A Comparative Study of Formal Verification Methods Applied to the IEEE 1394 Root Contention Protocol , 2003, Formal Aspects of Computing.

[8]  Frits W. Vaandrager,et al.  Analysis of a biphase mark protocol with Uppaal and PVS , 2006, Formal Aspects of Computing.

[9]  Frits W. Vaandrager,et al.  Cost-optimization of the IPv4 zeroconf protocol , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[10]  Karen Yorav,et al.  Exploiting syntactic structure for automatic verification , 2000 .

[11]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[12]  Glenn Bruns,et al.  Applying Formal Methods to a Protocol Standard and its Implementations , 1998, PDSE.

[13]  Erik P. de Vink,et al.  Verification and Improvement of the Sliding Window Protocol , 2003, TACAS.

[14]  Martín Abadi,et al.  An old-fashioned recipe for real time , 1994, TOPL.

[15]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[16]  DE 015 ABFF Improving the Quality of Protocol Standards : Correcting IEEE 1394 . 1 FireWire Net Update , .

[17]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[18]  Frits W. Vaandrager,et al.  Verification of a Leader Election Protocol: Formal Methods Applied to IEEE 1394 , 2000, Formal Methods Syst. Des..

[19]  Biniam Gebremichael,et al.  Specifying urgency in timed I/O automata , 2005, Third IEEE International Conference on Software Engineering and Formal Methods (SEFM'05).

[20]  Nicolae Goga,et al.  Founding FireWire bridges through Promela prototyping , 2003, Proceedings International Parallel and Distributed Processing Symposium.

[21]  Jasper Berendsen,et al.  Compositional Abstraction in Real-Time Model Checking , 2008, FORMATS.

[22]  Jörg Kreiker Analysis of communication topologies by partner abstraction , 2006 .

[23]  Wang Yi,et al.  UPPAAL 4.0 , 2006, Third International Conference on the Quantitative Evaluation of Systems - (QEST'06).

[24]  Gérard Berry,et al.  The Esterel Synchronous Programming Language: Design, Semantics, Implementation , 1992, Sci. Comput. Program..

[25]  Frits W. Vaandrager,et al.  Analysis of the zeroconf protocol using UPPAAL , 2006, EMSOFT '06.

[26]  Daniel H. Steinberg,et al.  Zero Configuration Networking: The Definitive Guide , 2005 .

[27]  Stuart Cheshire,et al.  Dynamic Configuration of IPv4 Link-Local Addresses , 2005, RFC.

[28]  Gerd Behrmann,et al.  Adding Symmetry Reduction to Uppaal , 2003, FORMATS.

[29]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[30]  Kim G. Larsen,et al.  A Tutorial on Uppaal , 2004, SFM.

[31]  Somesh Jha,et al.  Verification of the Futurebus+ cache coherence protocol , 1993, Formal Methods Syst. Des..

[32]  Kim G. Larsen,et al.  Testing real-time embedded software using UPPAAL-TRON: an industrial case study , 2005, EMSOFT.