TY - GEN
T1 - Specifying and Verifying a Real-World Packet Error-Correction System
AU - Cohen, Joshua M.
AU - Appel, Andrew W.
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
PY - 2024
Y1 - 2024
N2 - Automated and semi-automated formal methods have been widely employed to verify properties of network models and per-packet network functions, which operate on single packets in the middle of a network (firewall, NAT, etc.). But these methods do not extend to end-to-end network functions, those whose specification relates a stream of packets sent at one endpoint of the network with a stream received at the other end. Among other complications, such specifications must account for the network’s behavior, including packet reordering, duplication, delay, and loss. We develop a methodology for formally specifying and verifying such code, demonstrating our techniques on a real-world packet error-correction system that encounters all of these challenges and whose specification had been highly unclear. We prove a close model of this system correct in the Coq proof assistant; along the way, we formalize more general networking constructs including IP/UDP packets, a metric for packet reordering, and sequence number comparison. Finally, through our specification, we develop an improved version of the error-correction system, giving a more predictable, provably correct program that recovers more packets. We show that formal specification and verification can be powerful tools to clarify assumptions, improve code quality, and find and fix bugs in complex, real-world systems.
AB - Automated and semi-automated formal methods have been widely employed to verify properties of network models and per-packet network functions, which operate on single packets in the middle of a network (firewall, NAT, etc.). But these methods do not extend to end-to-end network functions, those whose specification relates a stream of packets sent at one endpoint of the network with a stream received at the other end. Among other complications, such specifications must account for the network’s behavior, including packet reordering, duplication, delay, and loss. We develop a methodology for formally specifying and verifying such code, demonstrating our techniques on a real-world packet error-correction system that encounters all of these challenges and whose specification had been highly unclear. We prove a close model of this system correct in the Coq proof assistant; along the way, we formalize more general networking constructs including IP/UDP packets, a metric for packet reordering, and sequence number comparison. Finally, through our specification, we develop an improved version of the error-correction system, giving a more predictable, provably correct program that recovers more packets. We show that formal specification and verification can be powerful tools to clarify assumptions, improve code quality, and find and fix bugs in complex, real-world systems.
UR - http://www.scopus.com/inward/record.url?scp=85200777465&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85200777465&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-66064-1_4
DO - 10.1007/978-3-031-66064-1_4
M3 - Conference contribution
AN - SCOPUS:85200777465
SN - 9783031660634
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 44
EP - 63
BT - Verified Software. Theories, Tools and Experiments - 15th International Conference, VSTTE 2023, Revised Selected Papers
A2 - Reynolds, Andrew
A2 - Tasiran, Serdar
PB - Springer Science and Business Media Deutschland GmbH
T2 - 15th International Conference on Verified Software: Theories, Tools, and Experiments, VSTTE 2023
Y2 - 23 October 2023 through 24 October 2023
ER -