Abstract
The model checker Uppaal is used to formally model and analyze parts of Zeroconf, a protocol for dynamic configuration of IPv4 link-local addresses that has been defined in RFC 3927 of the IETF. Our goal has been to construct a model that (a) is easy to understand by engineers, (b) comes as close as possible to the informal text (for each transition in the model there should be a corresponding piece of text in the RFC), and (c) may serve as a basis for formal verification. Our modeling efforts revealed several errors (or at least ambiguities) in the RFC that no one else spotted before. We present two proofs of the mutual exclusion property for Zeroconf (for an arbitrary number of hosts and IP addresses): a manual, operational proof, and a proof that combines model checking with the application of a new abstraction relation that is compositional with respect to committed locations. The model checking problem has been solved using Uppaal and the abstractions have been checked by hand.
- Abadi, M. and Lamport, L. 1994. An old-fashioned recipe for real time. ACM Trans. Program. Lang. Syst. 16, 5, 1543--1571. Google Scholar
Digital Library
- Alur, R. and Dill, D. 1994. A theory of timed automata. Theoret. Comp. Sci. 126, 183--235. Google Scholar
Digital Library
- Bauer, J. 2006. Analysis of communication topologies by partner abstraction. Ph.D. dissertation. Universität des Saarlandes, Saarbrücken, Germany.Google Scholar
- Behrmann, G., David, A., and Larsen, K. 2004. A tutorial on Uppaal. In Formal Methods for the Design of Real-Time Systems, International School on Formal Methods for the Design of Computer, Communication and Software Systems, Revised Lectures, M. Bernardo and F. Corradini, Eds., Lecture Notes in Computer Science, vol. 3185. Springer, Berlin, Germany, 200--236.Google Scholar
- Behrmann, G., David, A., Larsen, K. G., Håkansson, J., Pettersson, P., Yi, W., and Hendriks, M. 2006. Uppaal 4.0. In Proceedings of the 3rd International Conference on the Quantitative Evaluation of SysTems. IEEE Computer Society, Press, Los Alamitos, CA, 125--126. Google Scholar
Digital Library
- Berendsen, J. and Vaandrager, F. 2008. Compositional abstraction in real-time model checking. In Proceedings of the 6th International Conference on Formal Modeling and Analysis of Timed Systems. Lecture Notes in Computer Science, vol. 5215. Springer Berlin/Heidelberg, Germany, 233--249. Google Scholar
Digital Library
- Berry, G. and Gonthier, G. 1992. The Esterel synchronous programming language: Design, semantics, implementation. Sci. Comput. Program. 19, 2, 87--152. Google Scholar
Digital Library
- Bohnenkamp, H., Stok, P. V. D., Hermanss, H., and Vaandrager, F. 2003. Cost-optimisation of the IPv4 zeroconf protocol. In Proceedings of the International Conference on Dependable Systems and Networks. IEEE Computer Society, Press, Los Alamitos, CA, 531--540.Google Scholar
- Brinksma, E. and Mader, A. 2004. On verification modelling of embedded systems. Tech. rep. TR-CTIT-04-03. Centre for Telematics and Information Technology, University of Twente, Twente, The Netherlands.Google Scholar
- Bruns, G. and Staskauskas, M. 1998. Applying formal methods to a protocol standard and its implementations. In Proceedings of the International Symposium on Software Engineering for Parallel and Distributed Systems. IEEE Computer Society Press, 198--205. Google Scholar
Digital Library
- Cassez, F., David, A., Fleury, E., Larsen, K., and Lime, D. 2005. Efficient on-the-fly algorithms for the analysis of timed games. In Proceedings of the 16th International Conference on Concurrency Theory, M. Abadi and L. de Alfaro, Eds., Lecture Notes in Computer Science, vol. 3653. Springer, Berlin, Germany, 66--80. Google Scholar
Digital Library
- Cheshire, S. 2006. Personal communication.Google Scholar
- Cheshire, S., Aboba, B., and Guttman, E. 2005. Dynamic configuration of IPv4 link-local addresses (RFC 3927). http://www.ietf.org/rfc/rfc3927.txt.Google Scholar
- Cheshire, S. and Steinberg, D. 2005. Zero Configuration Networking: The Definite Guide. O'Reilly Media, Inc., San Francisco, CA. Google Scholar
Digital Library
- Chkliaev, D., Hooman, J., and de Vink, E. 2003. Verification and improvement of the sliding window protocol. In Proceedings of the Workshop on Tools and Algorithmes for the Construction and Analysis of Systems. Lecture Notes in Computer Science, vol. 2619. Springer-Verlag, Berlin, Germany, 113--127. Google Scholar
Digital Library
- Clarke, E. M., Grumberg, O., Hiraishi, H., Jha, S., Long, D. E., McMillan, K. L., and Ness, L. A. 1993. Verification of the Futurebus+ cache coherence protocol. In Proceedings of the International Conference on Computer Hardware Description Languages and there Application. 15--30. Google Scholar
Digital Library
- Devillers, M., Griffioen, W., Romijn, J., and Vaandrager, F. 2000. Verification of a leader election protocol: Formal methods applied to IEEE 1394. Form. Meth. Syst. Des. 16, 3, 307--320. Google Scholar
Digital Library
- Gebremichael, B. and Vaandrager, F. 2005. Specifying urgency in timed I/O automata. In Proceedings of the 3rd IEEE International Conference on Software Engineering and Formal Methods. IEEE Computer Society Press, Los Alamitos, CA, 64--73. Google Scholar
Digital Library
- Gebremichael, B., Vaandrager, F., and Zhang, M. 2006. Analysis of the Zeroconf protocol using Uppaal. In Proceedings of the 6th Annual ACM & IEEE Conference on Embedded Software. ACM Press, New York, NY, 242--251. Google Scholar
Digital Library
- Hendriks, M., Behrmann, G., Larsen, K., Niebert, P., and Vaandrager, F. 2004. Adding symmetry reduction to Uppaal. In Proceedings of the 1st International Workshop on Formal Modeling and Analysis of Timed Systems. Lecture Notes in Computer Science, vol. 2791. Springer-Verlag, Berlin, Germany.Google Scholar
- Hoare, C. 1985. Communicating Sequential Processes. Prentice-Hall International, Englewood Cliffs, NJ. Google Scholar
Digital Library
- Holzmann, G. 2004. The SPIN Model Checker: Primer and Reference Manual. Addison Wesley, Readings, MA. Google Scholar
Digital Library
- Ip, C. and Dill, D. 1993. Better verification through symmetry. In Proceedings of the 11th IFIP WG10.2 International Conference on Computer Hardware Description Languages and their Applications, D. Agnew, L. J. M. Claesen, and R. Camposano, Eds., IFIP Transactions, vol. A-32. North-Holland, Amsterdam, The Netherlands, 97--111. Google Scholar
Digital Library
- Jensen, H., Larsen, K., and Skou, A. 2000. Scaling up Uppaal: Automatic verification of real-time systems using compositionality and abstraction. In Proceedings of the 6th Annual Symposium Formal Techniques in Real-Time and Fault-Tolerant Systems, M. Joseph, Ed., Lecture Notes in Computer Science, vol. 1926. Springer, Berlin, Germany, 19--30. Google Scholar
Digital Library
- Kwiatkowska, M., Norman, G., and Parker, D. 2004. PRISM 2.0: A tool for probabilistic model checking. In Proceedings of the 1st International Conference on Quantitative Evaluation of Systems. IEEE Computer Society Press, Los Alamitos, CA, 322--323. Google Scholar
Digital Library
- Kwiatkowska, M., Norman, G., Parker, D., and Sproston, J. 2003. Performance analysis of probabilistic timed automata using digital clocks. In Proceedings of the Conference on Formal Modeling and Analysis of Timed Systems, K. Larsen and P. Niebert, Eds., Lecture Notes in Computer Science, vol. 2791. Springer-Verlag, Berlin, Germany, 105--120.Google Scholar
- Langevelde, I. V., Romijn, J., and Goga, N. 2003. Founding FireWire bridges through Promela prototyping. In Proceedings of the 8<sup>th</sup> International Workshop on Formal Methods for Parallel Programming: Theory and Applications. IEEE Computer Society Press, Los Alamitos, CA. Google Scholar
Digital Library
- Larsen, K., Mikucionis, M., and Nielsen, B. 2005. Testing real-time embedded software using UPPAAL-TRON: An industrial case study. In Proceedings of the 5th ACM International Conference on Embedded Software. ACM Press New York, NY, 299--306. Google Scholar
Digital Library
- Lynch, N. 1996. Distributed Algorithms. Morgan Kaufmann, San Fransisco, CA. Google Scholar
Digital Library
- Milner, R. 1989. Communication and Concurrency. Prentice-Hall International, Englewood Cliffs, NJ. Google Scholar
Digital Library
- Plummer, D. 1982. An Ethernet address resolution protocol (RFC 826). http://www.ietf.org/rfc/rfc826.txt.Google Scholar
- Romijn, J. 2004. Improving the quality of protocol standards: Correcting IEEE 1394.1 FireWire net update. Nieuwsbrief Nederland. Verenig. Theoret. Informatica 8, 23--30. http://www.win.tue.nl/oas/index.html?iqps/.Google Scholar
- Sifakis, J. 1999. The compositional specification of timed systems&#8212;a tutorial. In Proceedings of the 11th International Conference on Computer Aided Verification, N. Halbwachs and D. Peled, Eds., Lecture Notes in Computer Science, vol. 1633. Springer-Verlag, Berlin, Germany, 2--7. Google Scholar
Digital Library
- Sifakis, J. and Yovine, S. 1996. Compositional specification of timed systems (extended abstract). In Proceedings of the Annual Symposium on Theoretical Aspects of Computer Science, C. Puech and R. Reischuk, Eds. Lecture Notes in Computer Science, vol. 1046. Springer, Berlin, Germany, 347--359. Google Scholar
Digital Library
- Stoelinga, M. 2003. Fun with FireWire: A comparative study of formal verification methods applied to the IEEE 1394 root contention protocol. Form. Aspects Comp. J. 14, 3, 328--337.Google Scholar
Cross Ref
- Vaandrager, F. and Groot, A. D. 2006. Analysis of a biphase mark protocol with Uppaal and PVS. Form. Aspects Comp. J. 18, 4, 433--458. Google Scholar
Cross Ref
- Yorav, K. 2000. Exploiting syntactic structure for automatic verification. Ph.D. dissertation, The Technion, Israel Insitute of Technology, Haifa, Israel.Google Scholar
Index Terms
Formal specification and analysis of zeroconf using uppaalS
Recommendations
Analysis of the zeroconf protocol using UPPAAL
EMSOFT '06: Proceedings of the 6th ACM & IEEE International conference on Embedded softwareWe report on a case study in which the model checker Uppaal is used to formally model parts of Zeroconf, a protocol for dynamic configuration of IPv4 link-local addresses that has been defined in RFC 3927 of the IETF. Our goal has been to construct a ...
Formal Analysis and Verification of a Multimedia Messaging Service Protocol
CSO '11: Proceedings of the 2011 Fourth International Joint Conference on Computational Sciences and Optimizationthis paper reports about the formal analysis and verification of a Multimedia Messaging Service Protocol (MMS) used by NOKIA in its products. We started with the Timed Automata models of the MMS protocol, and then we performed verifications by model-...
Synchronization verification in system-level design with ILP solvers
MEMOCODE '05: Proceedings of the 2nd ACM/IEEE International Conference on Formal Methods and Models for Co-DesignConcurrency is one of the most important issues in system-level design. Interleaving among parallel processes can cause an extremely large number of different behaviors, making design and verification difficult tasks. In this work, we propose a ...






Comments