Skip to main content
Springer Nature Link
Log in

Specifying and Verifying a Real-World Packet Error-Correction System

  • Conference paper
  • First Online:
Verified Software. Theories, Tools and Experiments (VSTTE 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14095))

  • 89 Accesses

Abstract

Automated and semi-automated formal methods have been widely employed to verify properties of network models and per-packet network functions, which operate on single packets in the middle of a network (firewall, NAT, etc.). But these methods do not extend to end-to-end network functions, those whose specification relates a stream of packets sent at one endpoint of the network with a stream received at the other end. Among other complications, such specifications must account for the network’s behavior, including packet reordering, duplication, delay, and loss. We develop a methodology for formally specifying and verifying such code, demonstrating our techniques on a real-world packet error-correction system that encounters all of these challenges and whose specification had been highly unclear. We prove a close model of this system correct in the Coq proof assistant; along the way, we formalize more general networking constructs including IP/UDP packets, a metric for packet reordering, and sequence number comparison. Finally, through our specification, we develop an improved version of the error-correction system, giving a more predictable, provably correct program that recovers more packets. We show that formal specification and verification can be powerful tools to clarify assumptions, improve code quality, and find and fix bugs in complex, real-world systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    See Cohen, et al. [12] for a more detailed history of this algorithm.

  2. 2.

    This implementation uses a custom sequence number that counts packets, not bytes.

  3. 3.

    This is a safe assumption. At gigabit speeds, even if each packet were only 1 bit, wraparound would only occur after 250 years. Alternatively, we could assume weak bounds on reordering, duplication, etc. to ensure that sequence numbers are never ambiguous. But we would like Property 3 to hold under any network behavior.

  4. 4.

    This loss condition is not ideal: it reveals the batch structure of the FEC algorithm. However, other formulations (for example, that k out of every \(k+h\) consecutive packets are received) are overly restrictive or do not correctly capture the condition.

  5. 5.

    The k and h bounds arise from the FEC algorithm.

  6. 6.

    We use 32-bit as an example; our proofs are generic and we also need the 64-bit case.

  7. 7.

    The Producer only compares integers between 0 and 256; wraparound is impossible.

References

  1. Abhashkumar, A., Gember-Jacobson, A., Akella, A.: Tiramisu: fast multilayer network verification. In: 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20), Santa Clara, CA, pp. 201–219. USENIX Association (2020)

    Google Scholar 

  2. Alberdingk Thijm, T., Beckett, R., Gupta, A., Walker, D.: Modular control plane verification via temporal invariants. Proc. ACM Program. Lang. 7(PLDI) (2023). https://doi.org/10.1145/3591222

  3. Appel, A.W.: Verification of a cryptographic primitive: SHA-256. ACM Trans. Program. Lang. Syst. 37(2) (2015). https://doi.org/10.1145/2701415

  4. Appel, A.W.: Coq’s vibrant ecosystem for verification engineering (invited talk). In: Proceedings of the 11th ACM SIGPLAN International Conference on Certified Programs and Proofs. CPP 2022, New York, NY, USA, pp. 2–11. Association for Computing Machinery (2022). https://doi.org/10.1145/3497775.3503951

  5. Appel, A.W., et al.: Program Logics for Certified Compilers. Cambridge University Press, Cambridge (2014)

    Book  Google Scholar 

  6. Arun, V., Arashloo, M.T., Saeed, A., Alizadeh, M., Balakrishnan, H.: Toward formally verifying congestion control behavior. In: Proceedings of the 2021 ACM SIGCOMM 2021 Conference. SIGCOMM ’21, New York, NY, USA, pp. 1–16. Association for Computing Machinery (2021). https://doi.org/10.1145/3452296.3472912

  7. Bare, A.A., Jayasumana, A.P., Banka, T.: Metrics for degree of reordering in packet sequences. In: Proceedings LCN 2002. 27th Annual IEEE Conference on Local Computer Networks, Los Alamitos, CA, USA, p. 0333. IEEE Computer Society (2002). https://doi.org/10.1109/LCN.2002.1181802

  8. Beckett, R., Gupta, A.: Katra: Realtime verification for multilayer networks. In: 19th USENIX Symposium on Networked Systems Design and Implementation (NSDI 22), pp. 617–634, Renton, WA. USENIX Association (2022)

    Google Scholar 

  9. Beckett, R., Gupta, A., Mahajan, R., Walker, D.: A general approach to network configuration verification. In: Proceedings of the Conference of the ACM Special Interest Group on Data Communication. SIGCOMM ’17, New York, NY, USA, pp. 155–168.. Association for Computing Machinery (2017). https://doi.org/10.1145/3098822.3098834

  10. Bush, R., Elz, R.: Serial Number Arithmetic. RFC 1982 (1996). https://doi.org/10.17487/RFC1982

  11. Cluzel, G., Georgiou, K., Moy, Y., Zeller, C.: Layered formal verification of a TCP stack. In: 2021 IEEE Secure Development Conference (SecDev), pp. 86–93 (2021). https://doi.org/10.1109/SecDev51306.2021.00028

  12. Cohen, J.M., Wang, Q., Appel, A.W.: Verified erasure correction in Coq with MathComp and VST. In: Shoham, S., Vizel, Y. (eds.) Computer Aided Verification, pp. 272–292. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-13188-2_14

  13. Guo, D., Chen, S., Gao, K., Xiang, Q., Zhang, Y., Yang, Y.R.: Flash: fast, consistent data plane verification for large-scale network settings. In: Proceedings of the ACM SIGCOMM 2022 Conference, pp. 314–335 (2022). https://doi.org/10.1145/3544216.3544246

  14. Hawblitzel, C., et al.: Ironfleet: proving practical distributed systems correct. In: Proceedings of the 25th Symposium on Operating Systems Principles. SOSP ’15, New York, NY, USA, pp. 1–17. Association for Computing Machinery (2015). https://doi.org/10.1145/2815400.2815428

  15. Kellison, A.E., Appel, A.W.: Verified numerical methods for ordinary differential equations. In: Isac, O., Ivanov, R., Katz, G., Narodytska, N., Nenzi, L. (eds.) Software Verification and Formal Methods for ML-Enabled Autonomous Systems, pp. 147–163. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-21222-2_9

  16. Leroy, X.: Formal verification of a realistic compiler. Commun. ACM 52(7), 107–115 (2009). https://doi.org/10.1145/1538788.1538814

    Article  Google Scholar 

  17. McAuley, A.J.: Reliable broadband communication using a burst erasure correcting code. In: Proceedings of the ACM Symposium on Communications Architectures & Protocols. SIGCOMM ’90, New York, NY, USA, pp. 297–306 (1990). https://doi.org/10.1145/99508.99566

  18. Morton, A., Ramachandran, G., Shalunov, S., Ciavattone, L., Perser, J.: Packet Reordering Metrics. RFC 4737 (2006). https://doi.org/10.17487/RFC4737

  19. Piratla, N.M., Jayasumana, A.P.: Metrics for packet reordering-a comparative analysis. Int. J. Commun. Syst. 21(1), 99–113 (2008). https://doi.org/10.1002/dac.884

    Article  Google Scholar 

  20. Piratla, N.M., Jayasumana, A.P., Bare, A.A.: Reorder density (RD): a formal, comprehensive metric for packet reordering. In: Boutaba, R., Almeroth, K., Puigjaner, R., Shen, S., Black, J.P. (eds.) NETWORKING 2005. Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems. pp. 78–89. Springer, Cham (2005). https://doi.org/10.1007/11422778_7

  21. Pirelli, S., Valentukonytė, A., Argyraki, K., Candea, G.: Automated verification of network function binaries. In: 19th USENIX Symposium on Networked Systems Design and Implementation (NSDI 22), Renton, WA, pp. 585–600. USENIX Association (2022)

    Google Scholar 

  22. Reed, I.S., Solomon, G.: Polynomial codes over certain finite fields. J. Soc. Ind. Appl. Math. 8(2), 300–304 (1960). https://doi.org/10.1137/0108018

    Article  MathSciNet  Google Scholar 

  23. Uijterwaal, D.H.A.: A One-Way Packet Duplication Metric. RFC 5560 (2009). https://doi.org/10.17487/RFC5560

  24. Whitner, R., Banka, T., Piratla, N.M., Bare, A.A., Jayasumana, P.A.P.: Improved Packet Reordering Metrics. RFC 5236 (2008). https://doi.org/10.17487/RFC5236

  25. Wilcox, J.R., et al.: Verdi: a framework for implementing and formally verifying distributed systems. In: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation. PLDI ’15, New York, NY, USA, pp. 357–368. Association for Computing Machinery (2015). https://doi.org/10.1145/2737924.2737958

  26. Ye, F., et al.: Accuracy, scalability, coverage: a practical configuration verifier on a global wan. In: Proceedings of the Annual Conference of the ACM Special Interest Group on Data Communication on the Applications, Technologies, Architectures, and Protocols for Computer Communication. SIGCOMM ’20, New York, NY, USA, pp. 599–614. Association for Computing Machinery (2020). https://doi.org/10.1145/3387514.3406217

  27. Ye, K.Q., Green, M., Sanguansin, N., Beringer, L., Petcher, A., Appel, A.W.: Verified correctness and security of MbedTLS HMAC-DRBG. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. CCS ’17, New York, NY, USA, pp. 2007–2020 (2017). https://doi.org/10.1145/3133956.3133974

  28. Zaostrovnykh, A., et al.: Verifying software network functions with no verification expertise. In: Proceedings of the 27th ACM Symposium on Operating Systems Principles. SOSP ’19, New York, NY, USA, pp. 275–290 (2019). https://doi.org/10.1145/3341301.3359647

  29. Zaostrovnykh, A., Pirelli, S., Pedrosa, L., Argyraki, K., Candea, G.: A formally verified NAT. In: Proceedings of the Conference of the ACM Special Interest Group on Data Communication. SIGCOMM ’17, New York, NY, USA, pp. 141–154 (2017). doi: https://doi.org/10.1145/3098822.3098833

  30. Zhang, H., et al.: Verifying an HTTP key-value server with interaction trees and VST. In: Cohen, L., Kaliszyk, C. (eds.) 12th International Conference on Interactive Theorem Proving (ITP 2021). Leibniz International Proceedings in Informatics (LIPIcs), vol. 193, pp. 32:1–32:19. Schloss Dagstuhl – Leibniz-Zentrum für Informatik, Dagstuhl, Germany (2021). https://doi.org/10.4230/LIPIcs.ITP.2021.32

  31. Zhang, K., Zhuo, D., Akella, A., Krishnamurthy, A., Wang, X.: Automated verification of customizable middlebox properties with Gravel. In: 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20), Santa Clara, CA, pp. 221–239. USENIX Association (2020)

    Google Scholar 

  32. Zhang, P., Wang, D., Gember-Jacobson, A.: Symbolic router execution. In: Proceedings of the ACM SIGCOMM 2022 Conference. SIGCOMM ’22, New York, NY, USA, pp. 336–349. Association for Computing Machinery (2022). https://doi.org/10.1145/3544216.3544264

Download references

Acknowledgment

This material is based upon work supported by the Defense Advanced Research Projects Agency (DARPA) under Contract No. HR001120C0160.

Author information

Authors and Affiliations

  1. Princeton University, Princeton, NJ, 08544, USA

    Joshua M. Cohen & Andrew W. Appel

Authors
  1. Joshua M. Cohen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrew W. Appel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joshua M. Cohen .

Editor information

Editors and Affiliations

  1. University of Iowa, Iowa City, IA, USA

    Andrew Reynolds

  2. Amazon Web Services, New York, NY, USA

    Serdar Tasiran

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cohen, J.M., Appel, A.W. (2024). Specifying and Verifying a Real-World Packet Error-Correction System. In: Reynolds, A., Tasiran, S. (eds) Verified Software. Theories, Tools and Experiments. VSTTE 2023. Lecture Notes in Computer Science, vol 14095. Springer, Cham. https://doi.org/10.1007/978-3-031-66064-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-66064-1_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-66063-4

  • Online ISBN: 978-3-031-66064-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics