Formalization and Verification of a Mail Server in Coq
This paper reports on the formalization and verification of a mail server (SMTP server) in Coq. The correctness of a mail server is very important: bugs of the mail server may be abused for eavesdropping mail contents, spreading virus, sending spam messages, etc. We have verified a part of a mail server written in Java, by manually translating the Java program into a Coq function as faithfully as possible, and verifying properties of the Coq function. The results of this experiment indicate the feasibility and usefulness of verification of middle-sized system softwares in this style. The verification has been carried out in a few months, and a few bugs in the mail server have been indeed found during the verification process.
KeywordsModel Check Theorem Prover High Order Logic Exception Handling Inductive Type
Unable to display preview. Download preview PDF.
- 1.D. Bernstein and various contributors. The qmail home page. http://www.qmail.org.
- 2.Y. Bertot. A certified compiler for an imperative language. Technical Report RR-3488, INRIA, Sep. 1998.Google Scholar
- 3.P. E. Black. Axiomatic Semantics Verification of a Secure Web Server. PhD thesis, Department of Computer Science, Brigham Young University, Feb. 1998.Google Scholar
- 4.P. E. Black and P. J. Windley. Inference rules for programming languages with side effects in expressions. In J. von Wright, J. Grundy, and J. Harrison, editors, Theorem Proving in Higher Order Logics, volume 1125 of Lecture Notes in Computer Science, pages 51–60. Springer-Verlag, August 1996.Google Scholar
- 7.F. B. Cohen. Why is thttpd secure? Available at http://www.all.net/journal/white/whitepaper.html.
- 8.T. N. Dieter Nazareth. Formal verification of algorithm W: The monomorphic case. In J. von Wright, J. Grundy, and J. Harrison, editors, Theorem Proving in Higher Order Logics, volume 1125 of Lecture Notes in Computer Science, pages 331–345. Springer-Verlag, Aug. 1996.Google Scholar
- 10.J.-C. Filliâtre. Preuve de programmes impératifs en théorie des types. PhD thesis, Université Paris-Sud, Jul. 1999. Available at http://www.lri.fr/~filliatr/ftp/publis/these.ps.gz.
- 11.B. C. Pierce and J. Vouillon. Specifying a file synchronizer (full version). Draft, Mar. 2002.Google Scholar
- 12.J. B. Postel. Rfc 821: Simple mail transfer protocol. Available at http://www.faqs.org/rfcs/rfc821.html, Aug. 1982.
- 13.E. Shibayama, S. Hagihara, N. Kobayashi, S. Nishizaki, K. Taura, and T. Watanabe. AnZenMail: A secure and certified e-mail system. In M. Okada, B. Pierce, A. Scedrov, H. Tokuda, and A. Yonezawa, editors, Proceedings of International Symposium on Software Security, Keio University, Tokyo, Japan (Nov. 2002), Lecture Notes in Computer Science. Springer-Verlag, Feb. 2003.Google Scholar
- 14.The Coq Development Team. The Coq proof assistant reference manual. Available at http://coq.inria.fr/doc/main.html, 2002.
- 15.P. Wadler. Monads for functional programming. In M. Broy, editor, Marktoberdorf Summer School on Program Design Calculi, volume 118 of NATO ASI Series F: Computer and systems sciences. Springer-Verlag, Aug. 1992. Also in J. Jeuring and E. Meijer, editors, Advanced Functional Programming, Springer Verlag, LNCS 925, 1995. Some errata fixed August 2001.Google Scholar