ABSTRACT
Sensor nodes are resource poor and failure-prone. Sensor networks are composed of many such nodes that are often hard to physically reach and that are connected by unreliable wireless links. Together, these factors make sensor network debugging into a challenging activity, and in fact it is not uncommon for a deployed sensornet to encounter sporadic faults that are effectively impossible to locate, reproduce, and fix.
We developed T-Check, a tool that uses random walks and explicit state model checking to find safety and liveness errors in sensor network applications running on TinyOS. By building upon TOSSIM---an event-driven simulator that abstracts away interrupt-driven concurrency and other low-level hardware interaction---T-Check loses the ability to detect certain low-level errors, but gains enough scalability to detect distributed errors such as a collection tree protocol's failure to properly repair when a node dies. We have used T-Check to find previously unknown bugs in TinyOS.
- Will Archer, Philip Levis, and John Regehr. Interface contracts for TinyOS. In Proc. of the Intl. Conf. on Information Processing in Sensor Networks (IPSN'07), SPOTS Track, Cambridge, MA, April 2007. Google ScholarDigital Library
- Thomas Ball and Sriram K. Rajamani. The SLAM project: Debugging system software via static analysis. In Proc. of the 29th ACM Symp. on Principles of Programming Languages (POPL), Portland, OR, USA, January 2002. Google ScholarDigital Library
- Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala, and Rupak Majumdar. The software model checker Blast: Applications to software engineering. Intl. Journal on Software Tools for Technology Transfer, 9(5--6), October 2007. Google ScholarDigital Library
- Qing Cao, Tarek Abdelzaher, John Stankovic, Kamin Whitehouse, and Liqian Luo. Declarative tracepoints: A programmable and application independent debugging system for wireless sensor networks. In Proc. of the 6th ACM Conf. on Embedded Networked Sensor Systems (SenSys), Raleigh, NC, USA, November 2008. Google ScholarDigital Library
- E. M. Clarke, E. A. Emerson, and A. P. Sistla. Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Transactions on Programming Languages and Systems (TOPLAS), 8:244--263, April 1986. Google ScholarDigital Library
- Jeremy Condit, Matthew Harren, Zachary Anderson, David Gay, and George C. Necula. Dependent types for low-level programming. In Proc. of the 16th European Symp. on Programming (ESOP), Braga, Portugal, March--April 2007. Google ScholarDigital Library
- Nathan Cooprider, William Archer, Eric Eide, David Gay, and John Regehr. Efficient memory safety for TinyOS. In Proc. of the 5th ACM Conf. on Embedded Networked Sensor Systems (SenSys), pages 205--218, Sydney, Australia, November 2007. Google ScholarDigital Library
- David Gay, Phil Levis, Robert von Behren, Matt Welsh, Eric Brewer, and David Culler. The nesC language: A holistic approach to networked embedded systems. In Proc. of the ACM SIGPLAN 2003 Conf. on Programming Language Design and Implementation (PLDI), pages 1--11, San Diego, CA, June 2003. Google ScholarDigital Library
- Omprakash Gnawali, Rodrigo Fonseca, Kyle Jamieson, David Moss, and Philip Levis. Collection tree protocol. In Proc. of the 7th ACM Conference on Embedded Networked Sensor Systems (SenSys), Berkeley, CA, USA, November 2009. Google ScholarDigital Library
- Patrice Godefroid. Model checking for programming languages using Verisoft. In Proc. of the Symp. on Principles of Programming Languages, pages 174--186, Nice, France, January 1997. Google ScholarDigital Library
- Ben Greenstein and Philip Levis. TinyOS Extension Proposal (TEP) 113: Serial Communication, 2006. http://www.tinyos.net/tinyos-2.x/doc/html/tep113.html.Google Scholar
- Alex Groce and Rajeev Joshi. Random testing and model checking: Building a common framework for nondeterministic exploration. In Proc. of the 6th Intl. Workshop on Dynamic Analysis (WODA), Seattle, WA, USA, July 2008. Google ScholarDigital Library
- Lin Gu and John A. Stankovic. t-kernel: Providing reliable OS support to wireless sensor networks. In Proc. of the 4th ACM Conf. on Embedded Networked Sensor Systems (SenSys), Boulder, CO, November 2006. Google ScholarDigital Library
- Klaus Havelund and Thomas Pressburger. Model checking Java programs using Java PathFinder. Intl. Journal on Software Tools for Technology Transfer, 2(4), March 2000.Google Scholar
- Jason Hill, Robert Szewczyk, Alec Woo, Seth Hollar, David Culler, and Kristofer Pister. System architecture directions for networked sensors. In Proc. of the 9th Intl. Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pages 93--104, Cambridge, MA, November 2000. Google ScholarDigital Library
- Mohammad Maifi Khan, Tarek Abdelzaher, and Kamal Kant Gupta. Towards diagnostic simulation in sensor networks. In Proc. of the Intl. Conf. on Distributed Computing in Sensor Systems (DCOSS), Santorini Island, Greece, June 2008. Google ScholarDigital Library
- Mohammad Maifi Khan, Hieu Khac Le, Hossein Ahmadi, Tarek F. Abdelzaher, and Jiawei Han. Dustminer: Troubleshooting interactive complexity bugs in sensor networks. In Proc. of the 6th ACM Conf. on Embedded Networked Sensor Systems (SenSys), Raleigh, NC, USA, November 2008. Google ScholarDigital Library
- Charles Killian, James W. Anderson, Ranjit Jhala, and Amin Vahdat. Life, death, and the critical transition: Detecting liveness bugs in systems code. In Proc. of the 4th Symp. on Networked Systems Design and Implementation (NSDI), Cambridge, MA, April 2007. Google ScholarDigital Library
- Nupur Kothari, Todd Millstein, and Ramesh Govindan. Deriving state machines from TinyOS programs using symbolic execution. In Proc. of the 7th Intl. Conf. on Information Processing in Sensor Networks (IPSN 2008), St. Louis, MO, 2008. Google ScholarDigital Library
- Veljko Krunic, Eric Trumpler, and Richard Han. NodeMD: Diagnosing node-level faults in remote wireless sensor systems. In Proc. of the 5th International Conference on Mobile Systems, Applications, and Services (Mobisys), San Juan, Puerto Rico, June 2007. Google ScholarDigital Library
- Ram Kumar, Eddie Kohler, and Mani Srivastava. Harbor: software-based memory protection for sensor nodes. In Proc. of the 6th Intl. Conf. on Information Processing in Sensor Networks (IPSN07), Cambridge, MA, USA, 2007. Google ScholarDigital Library
- Philip Levis, Nelson Lee, Matt Welsh, and David Culler. TOSSIM: Accurate and scalable simulation of entire TinyOS applications. In Proc. of the 1st ACM Conf. on Embedded Networked Sensor Systems (SenSys), pages 126--137, Los Angeles, CA, November 2003. Google ScholarDigital Library
- Kaisen Lin and Philip Levis. Data discovery and dissemination with DIP. In Proc. of the 7th Intl. Conf. on Information Processing in Sensor Networks (IPSN08), pages 433--444, St. Louis, MO, USA, April 2008. Google ScholarDigital Library
- Liqian Luo, Tian He, Gang Zhou, Lin Gu, Tarek F. Abdelzaher, and John A. Stankovic. Achieving repeatability of asynchronous events in wireless sensor networks with EnviroLog. In Proc. of the 25th Conf. on Computer Communications (INFOCOM), Barcelona, Spain, April 2006.Google ScholarCross Ref
- Moteiv. Telos rev. B datasheet, 2005. http://www.moteiv.com.Google Scholar
- Nguyet T. M. Nguyen and Mary Lou Soffa. Program representations for testing wireless sensor network applications. In Proc. of the Workshop on Domain Specific Approaches to Software Test Automation (DoSTA'07), Dubrovnik, Croatia, 2007. Google ScholarDigital Library
- Raimondas Sasnauskas, Olaf Landsiedel, Muhammad Hamad Alizai, Carsten Weise, Stefan Kowalewski, and Klaus Wehrle. KleeNet: Discovering insidious interaction bugs in wireless sensor networks before deployment. In Proc. of the 9th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN), Stockholm, Sweden, April 2010. Google ScholarDigital Library
- Bastian Schlich. Model Checking of Software for Microcontrollers. Dissertation, RWTH Aachen University, Aachen, Germany, June 2008.Google Scholar
- Geoff Werner-Allen, Konrad Lorincz, Jeff Johnson, Jonathan Lees, and Matt Welsh. Fidelity and yield in a volcano monitoring sensor network. In Proc. of the 7th USENIX Symp. on Operating Systems Design and Implementation (OSDI), Berkeley, CA, USA, November 2006. Google ScholarDigital Library
- Andreas Zeller and Ralf Hildebrandt. Simplifying and isolating failure-inducing input. IEEE Transactions on Software Engineering, 28(2):183--200, February 2002. Google ScholarDigital Library
Index Terms
- T-check: bug finding for sensor networks
Recommendations
Software verification for TinyOS
IPSN '10: Proceedings of the 9th ACM/IEEE International Conference on Information Processing in Sensor NetworksWe describe the first software tool for the verification of TinyOS 2, MSP430 applications at compile-time. Given assertions upon the state of the sensor node, the tool boundedly explores all program executions and returns to the programmer an error ...
Lifetime analysis of a sensor network with hybrid automata modelling
WSNA '02: Proceedings of the 1st ACM international workshop on Wireless sensor networks and applicationsIn this paper, we focus on TinyOS, an event-based operating system for networked sensor motes. We show how to model TinyOS as a hybrid automata with HyTech and verify the correct operation of the system by using safety verification feature of HyTech. ...
TinyPK: securing sensor networks with public key technology
SASN '04: Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networksWireless networks of miniaturized, low-power sensor/actuator devices are poised to become widely used in commercial and military environments. The communication security problems for these networks are exacerbated by the limited power and energy of the ...
Comments