symbolic analysis of networked systems
play

Symbolic Analysis of Networked Systems Klaus Wehrle t Joint work - PDF document

Symbolic Analysis of Networked Systems Klaus Wehrle t Joint work by the COMSYS team http://comsys.rwth-aachen.de klaus@comsys.rwth-aachen.de Challenges in Softwarized Communication Systems Software plays an increasingly important role in


  1. Symbolic Analysis of Networked Systems Klaus Wehrle t Joint work by the COMSYS team http://comsys.rwth-aachen.de klaus@comsys.rwth-aachen.de Challenges in Softwarized Communication Systems — Software plays an increasingly important role in networking „ Protocols, billions of apps, etc. „ Network elements become flexible (SDN, NFV, In-network processing) — Important: Analysis of real code – not models Data Data Center Center Switch Switch Cloud- based Control Switch Switch Switch Switch wired network Sensors Actuators Ne Netwo worked Systems (protocols, apps) Lat Latenc ency-cr critica cal networke ked co control Goal: devise a new methodology for Networked Systems In-Network Processing Reliability? Predictable? Software Analysis of Interacting Systems? „ Edge: Protocols, Apps, ... „ Reducing latency (bugs, loops) (performance, resources) Rigorous, automated and effective! „ Core: Network Functions „ Networked control http://comsys.rwth-aachen.de 2

  2. State of the Art in Distributed Systems Testing Testbeds, Prototypes Random testing Simulation Model-based proofs Emulation model model Automatism Automatism Automatism Automatism Coverage Coverage Coverage Coverage Effectiveness Effectiveness Effectiveness Effectiveness http://comsys.rwth-aachen.de 3 if (x == 0) Traditional if (x<5) Symbolic Execution http://comsys.rwth-aachen.de

  3. Symbolic Execution: A Simple Example int get_range(int x) { int x = symbolic_input(); if (x == 0) à x may be any value return blue(); if (x < 50) { if (x == 0) if (x > 10) x = 0 x ≠ 0 return red(); if (x < 50) return green(); x ≥ 50 x ≠ 0 && x < 50 } if (x > 10) return orange(); x > 10 && x < 50 x ≤ 10 && x ≠ 0 } SMT Path 1: { x = 0 } Test 1: x = 0 But, is Symbolic Execution able Path 2: { 10 < x < 50 } Test 2: x = 22 Path 3: { x ≠ 0 ∧ x ≤ 10 } Test 3: x = 5 to analyze networked systems? Path 4: { 50 ≤ x } Test 4: x = 99 http://comsys.rwth-aachen.de 5 Symbolic Execution and Networked Systems — Symbolic analysis of networked systems? Additional influence factor: à Consider packets as additional input X Y P if (x == 0) if (x < 5) P http://comsys.rwth-aachen.de 6

  4. Symbolic Execution and Networked Systems — Symbolic analysis of networked systems? Additional influence factor: à Consider packets as additional input X Y à It may arrive at various/any times P if (x == 0) if (x < 5) P Need for a rigorous analysis of any input at any time http://comsys.rwth-aachen.de 7 Symbolic Analysis of Network Input t http://comsys.rwth-aachen.de

  5. Symbolic Execution of Networked Systems — Symbolic analysis of network input P P P P P P P P P P ? http://comsys.rwth-aachen.de 9 Symbolic Distributed Execution (SDE) Branching within a node causes branches in all other nodes http://comsys.rwth-aachen.de 10

  6. SDE: State Explosion — Test scenarios Destination „ Grid with n 2 nodes (example: 49) „ Transmissions via a static path „ Symbolic network failures „ 10s simulated time Source — Results using the conservative approach (49 nodes) >779K states The basic implementation of >24 GB the formal model of SDE is not scalable >22 h http://comsys.rwth-aachen.de 11 SDE: Elimination of Redundant States — Test scenarios Destination „ Grid with n 2 nodes (example: 49) „ Transmissions via static path „ Symbolic network failures „ 10s simulated time Source — Results using conservative and lazy forking algorithms 533 states Significant elimination of duplicates enables much more scalable analyses ~587 MB 1:49 min http://comsys.rwth-aachen.de 12

  7. Infinite Loop Detection Symbolic Analysis of Protocol Loops t http://comsys.rwth-aachen.de Liveness of a Protocol – Infinite Loop Detection — Why are infinite loops an issue with protocols? „ The outmost (protocol) loop should run infinitely (intended loop) „ The input handler should always finalize (non-intended loop) „ Infinite inner loop is a bug — When is a loop infinite? „ If it comes to the same state, again and again! ¾ maybe with (different) intermediate steps o r — When is a loop erroneous „ If it does not consume any input any more? — How can we detect re-occurring same states? http://comsys.rwth-aachen.de Source: baynote.com 14

  8. Efficient Implementation of Same State Detection — Two states are the same if all their memory is the same „ Including call stack and instruction pointer — Compare each new state S X to all its predecessor states „ How can this be achieved efficiently ? memcmp(NULL1, NULL2, 0xFF…FF); 1 bool x = false; S 0 „ For every predecessor state „ Naïve implementation is 2 x = true; S 1 prohibitively expensive! 3 while (x) { S 2 … S 2 4 x = true; S 3 … S 3 5 } http://comsys.rwth-aachen.de 15 Efficient Implementation of Same State Detection — Two states are the same if all their memory is the same „ Including call stack and instruction pointer — Compare each new state S X to all its predecessor states „ How can this be achieved efficiently ? Efficient same state detection? 1 bool x = false; S 0 „ Compare hashes instead of states H 0 „ Hash after blocks, not instructions 2 x = true; 3 while (x) { S 2 H 2 … S 2 H 2 4 x = true; S 3 H 3 … S 3 H 3 5 } http://comsys.rwth-aachen.de 16

  9. Efficient Implementation of Same State Detection — Two states are the same if all their memory is the same „ Including call stack and instruction pointer — Compare each new state S X to all its predecessor states „ How can this be achieved efficiently ? Efficient same state detection? 1 bool x = false; S 0 H 0 „ Compare hashes instead of states H 0 „ Hash blocks, not instructions 2 x = true; H 1 „ Compute hashes iteratively 3 while (x) { H 2 … H 2 4 x = true; H 3 … H 3 5 } http://comsys.rwth-aachen.de 17 Results — So far, a total of seven previously undetected bugs were detected „ Five bugs in the GNU Coreutils ¾ e.g. in “ tail ”: 130 line while(1) loop calling 2 functions „ Two bugs in busybox ¾ e.g. In a 490 line while(1) loop calling 2 functions o r „ All bugs have been reported, confirmed and fixed „ The coreutils bugs have existed for over 12 years! http://comsys.rwth-aachen.de 18

  10. The Next Challenge Symbolic Analysis of Temporal Uncertainty t http://comsys.rwth-aachen.de A B t Analyzing uncertain event times – Why is time so important? „ State of system at arrival time of input determines the behavior „ Rigorous analysis requires analysis of all points in time! „ Moreover, time is continuous – not discrete! 20

  11. A B t Challenge: Automatic Generation of Temporal Equivalence Classes Symbolic Time: Symbolic analysis of uncertain event times Problems Challenges „ Time is continuous – not discrete à How to derive temporal equival. classes? „ Temporal dependencies in code à How to detect them? „ Deriving all combinations and dependencies à How to make sure to consider all cases? 21 Challenges in Softwarized Communication Systems — Trend: Software plays an increasingly important role in networking „ Protocols, billions of apps, etc. „ Network elements become flexible (SDN, NFV, In-network processing) — Important: Analysis of real code – not models Data Data Center Switch Center Switch Cloud- based Control Switch Switch Switch Switch wired network Sensors Actuators Netwo Ne worked Systems (protocols, apps) Lat Latenc ency-cr critica cal networke ked co control Networked Systems In-Network Processing Reliability? Reliability! Predictable? „ Edge: Protocols, Apps, ... „ Reducing latency (bugs, loops) (bugs, loops) (performance, resources) „ Core: Network Functions „ Networked control http://comsys.rwth-aachen.de 22

  12. ? If pkt > 40 do_this(pkt); else do_that(pkt): ... Symbolic Analysis of Protocol / NF Performance http://comsys.rwth-aachen.de Performance Prediction of Softwarized Network Functions — Challenge: Prediction of Processing Effort/Time of a NF „ Necessary processing resources? „ Expected/worst latency? „ Achievable data rate? „ Influence among NFs? „ Are we under attack? „ … Achieved throughput per processing effort of a NF — Influence Factors „ Code of the NF „ Input Traffic (Pattern, Volume) „ CPU Execution ¾ Superscalar execution ¾ Branch prediction ¾ Caching http://comsys.rwth-aachen.de 24

Recommend


More recommend