Automated deductive verification of systems software

Software has become an integral part of our everyday lives, and so is our reliance on his correct functioning. Systems software lies at the heart of computer systems, consequently ensuring its reliability and security is of paramount importance. This thesis explores automated deductive verification for increasing reliability and security of systems software. The thesis is comprised of the three main threads. The first thread describes how the state-of-the art deductive verification techniques can help in developing more secure operating system. We have developed a prototype of an Android-based operating system with strong assurance guarantees. Operating systems code heavily relies on mutable data structures. In our experience, reasoning about such pointer-manipulating programs was the hardest aspect of the operating system verification effort because correctness criteria describes intricate combinations of structure (shape), content (data), and separation. Thus, in the second thread, we explore design and development of an automated verification system for assuring correctness of pointer-manipulating programs using an extension of Hoare’s logic for reasoning about programs that access and update heap allocated data-structures. We have developed a verification framework that allows reasoning about C programs using only domain specific code annotations. The same thread contains a novel idea that enables efficient runtime checking of assertions that can express properties of dynamically manipulated linked-list data structures. Finally, we describe the work that paves a new way for reasoning about distributed protocols. We propose certified program models, where an executable language (such as C) is used for modelling – an executable language enables testing, and emerging program verifiers for mainstream executable languages enable certification of such models. As an instance of this approach, concurrent C code is used for modelling and a program verifier for concurrent C (VCC from Microsoft Research) is used for certification of new class of systems software that serves as a backbone for efficient distributed data storage

Formal Verification of Communication Protocols in Distributed Systems

Protokoli predstavljaju ključni dio raspodijeljenih računalnih sustava. Osnovna karakteristika raspodijeljenih sustava je konkurentno neterminirajuće izvršavanje. Rasuđivanje o takvim sustavima je teško već zbog očitog nedostatka intuitivne slike. Raspodijeljeni računalni sustavi sve više postaju sastavni dio mnogih sustava čije je ispravno funkcioniranje iznimno važno. Pri tome se razvoj takvih sustava obično zasniva na neformalnim postupcima baziranim na tekstualnom opisu ili na korištenju grafičkih prikaza. Drugim riječima, razvoj se gotovo potpuno zasniva na intuiciji. Takav način vrlo često dovodi do mnogih grešaka koje se onda nastoje detektirati i ispraviti korištenjem neformalnim tehnika. Očito takav pristup neće povećati povjerenje u ispravnost sustava koji se razvija. U ovom radu pokazana je formalna verifikacija protokola u raspodijeljenim sustavima. Metodologija koja je korištena prilikom verifikacije temelji se na analizi konačnih modela. Konkretno, korištena je simbolička provjera modela bazirana na manipulaciji dijagrama binarnog odlučivanja. Alati koji su omogućili automatsku verifikaciju nazivaju se SMV i NuSMV. Rad pokazuje tri primjera formalne verifikacije. Pomoću svakog primjera nastoji se pokazati kako razne metode provjere modela mogu koristiti u analizi protokola u raspodijeljenim računalnim sustavima.Protocols represent a crucial part of distributed computer systems. Main characteristics of the distributed systems is a concurrent nonterminating execution. Reasoning about such systems is difficult because of the obvious lack of an intuition. Distributed systems are gaining widespread usage in many safety critical applications. Development of such systems is usually based on informal procedures based on a textual description or a graphical representation. In another words, the design is almost completely based on an intuition. The errors caused by such way of development are then being detected and corrected using an informal techniques. It is obvious that this approach will not increase the confidence in correctness of the systems being developed. In this work formal verification of the protocols in distributed systems is presented. Methodology that have been used for the verification is based on an analysis of the finite state systems. Concrete technique that has been used is called symbolic model checking,and it is based on the manipulation of the binary decision diagrams. Tools that have enabled automatic verification are called SMV and NuSMV. This work shows the three examples of the formal verification. Each example demonstrates how different model checking methods can be used in formal analysis of the protocols in distributed systems

Formal Verification of Communication Protocols in Distributed Systems

Protokoli predstavljaju ključni dio raspodijeljenih računalnih sustava. Osnovna karakteristika raspodijeljenih sustava je konkurentno neterminirajuće izvršavanje. Rasuđivanje o takvim sustavima je teško već zbog očitog nedostatka intuitivne slike. Raspodijeljeni računalni sustavi sve više postaju sastavni dio mnogih sustava čije je ispravno funkcioniranje iznimno važno. Pri tome se razvoj takvih sustava obično zasniva na neformalnim postupcima baziranim na tekstualnom opisu ili na korištenju grafičkih prikaza. Drugim riječima, razvoj se gotovo potpuno zasniva na intuiciji. Takav način vrlo često dovodi do mnogih grešaka koje se onda nastoje detektirati i ispraviti korištenjem neformalnim tehnika. Očito takav pristup neće povećati povjerenje u ispravnost sustava koji se razvija. U ovom radu pokazana je formalna verifikacija protokola u raspodijeljenim sustavima. Metodologija koja je korištena prilikom verifikacije temelji se na analizi konačnih modela. Konkretno, korištena je simbolička provjera modela bazirana na manipulaciji dijagrama binarnog odlučivanja. Alati koji su omogućili automatsku verifikaciju nazivaju se SMV i NuSMV. Rad pokazuje tri primjera formalne verifikacije. Pomoću svakog primjera nastoji se pokazati kako razne metode provjere modela mogu koristiti u analizi protokola u raspodijeljenim računalnim sustavima.Protocols represent a crucial part of distributed computer systems. Main characteristics of the distributed systems is a concurrent nonterminating execution. Reasoning about such systems is difficult because of the obvious lack of an intuition. Distributed systems are gaining widespread usage in many safety critical applications. Development of such systems is usually based on informal procedures based on a textual description or a graphical representation. In another words, the design is almost completely based on an intuition. The errors caused by such way of development are then being detected and corrected using an informal techniques. It is obvious that this approach will not increase the confidence in correctness of the systems being developed. In this work formal verification of the protocols in distributed systems is presented. Methodology that have been used for the verification is based on an analysis of the finite state systems. Concrete technique that has been used is called symbolic model checking,and it is based on the manipulation of the binary decision diagrams. Tools that have enabled automatic verification are called SMV and NuSMV. This work shows the three examples of the formal verification. Each example demonstrates how different model checking methods can be used in formal analysis of the protocols in distributed systems

Formal Verification of Communication Protocols in Distributed Systems

Protokoli predstavljaju ključni dio raspodijeljenih računalnih sustava. Osnovna karakteristika raspodijeljenih sustava je konkurentno neterminirajuće izvršavanje. Rasuđivanje o takvim sustavima je teško već zbog očitog nedostatka intuitivne slike. Raspodijeljeni računalni sustavi sve više postaju sastavni dio mnogih sustava čije je ispravno funkcioniranje iznimno važno. Pri tome se razvoj takvih sustava obično zasniva na neformalnim postupcima baziranim na tekstualnom opisu ili na korištenju grafičkih prikaza. Drugim riječima, razvoj se gotovo potpuno zasniva na intuiciji. Takav način vrlo često dovodi do mnogih grešaka koje se onda nastoje detektirati i ispraviti korištenjem neformalnim tehnika. Očito takav pristup neće povećati povjerenje u ispravnost sustava koji se razvija. U ovom radu pokazana je formalna verifikacija protokola u raspodijeljenim sustavima. Metodologija koja je korištena prilikom verifikacije temelji se na analizi konačnih modela. Konkretno, korištena je simbolička provjera modela bazirana na manipulaciji dijagrama binarnog odlučivanja. Alati koji su omogućili automatsku verifikaciju nazivaju se SMV i NuSMV. Rad pokazuje tri primjera formalne verifikacije. Pomoću svakog primjera nastoji se pokazati kako razne metode provjere modela mogu koristiti u analizi protokola u raspodijeljenim računalnim sustavima.Protocols represent a crucial part of distributed computer systems. Main characteristics of the distributed systems is a concurrent nonterminating execution. Reasoning about such systems is difficult because of the obvious lack of an intuition. Distributed systems are gaining widespread usage in many safety critical applications. Development of such systems is usually based on informal procedures based on a textual description or a graphical representation. In another words, the design is almost completely based on an intuition. The errors caused by such way of development are then being detected and corrected using an informal techniques. It is obvious that this approach will not increase the confidence in correctness of the systems being developed. In this work formal verification of the protocols in distributed systems is presented. Methodology that have been used for the verification is based on an analysis of the finite state systems. Concrete technique that has been used is called symbolic model checking,and it is based on the manipulation of the binary decision diagrams. Tools that have enabled automatic verification are called SMV and NuSMV. This work shows the three examples of the formal verification. Each example demonstrates how different model checking methods can be used in formal analysis of the protocols in distributed systems

Predicate abstraction in protocol verification

This paper presents how predicate abstraction can be applied to protocol verification. Predicate abstraction is a method for automatic construction of abstract state graph. Basic idea is to use n predicates 1, ..., n defined on concrete state space to generate abstract state graph. Model checking is a formal verification technique which has been successfully applied to protocol verification. But model checking can only be applied to finite state systems. Many interesting systems are innite state or number of states is so large that verification becomes infeasible. Predicate abstraction can be applied in verification of infinite state systems (or large finite state systems). Abstract state graph created by predicate abstraction can be used for verification of safety properties using a model checker. We provide simple examples of protocol verification using predicate abstraction

Formal verification of communication protocols in distributed systems

Abstract — In distributed applications, software components embedded in the communication protocols collectively provide the interaction and functionality among various parts that run on the common pervasive platform. However, software components, as the target for the most of the changes, are expected to carry majority of the design faults. Hence, their verified conformance to the specification (correctness) is crucial for the reliable operation of the application. The paper surveys recent progress in the development of formal techniques as applied to the verification of protocols in distributed systems. Based on this analysis an appropriate method is selected and rigorously scrutinized by its practice to a specific protocol. Performance issues and possible improvements are discussed. I