Towards a Model Checker for NesC and Wireless Sensor Networks

  • Manchun Zheng
  • Jun Sun
  • Yang Liu
  • Jin Song Dong
  • Yu Gu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6991)

Abstract

Wireless sensor networks (WSNs) are expected to run unattendedly for critical tasks. To guarantee the correctness of WSNs is important, but highly nontrivial due to the distributed nature. In this work, we present an automatic approach to directly verify WSNs built with TinyOS applications implemented in the NesC language. To achieve this target, we firstly define a set of formal operational semantics for most of the NesC language structures for the first time. This allows us to capture the behaviors of sensors by labelled transition systems (LTSs), which are the underlying semantic models of NesC programs. Secondly, WSNs are modeled as the composition of sensors with a network topology. Verifications of individual sensors and the whole WSN become possible by exploring the corresponding LTSs using model checking. With substantial engineering efforts, we implemented this approach in the tool NesC@PAT to support verifications of deadlock-freeness, state reachability and temporal properties for WSNs. NesC@PAT has been applied to analyze and verify WSNs, with unknown bugs being detected. To the best of our knowledge, NesC@PAT is the first model checker which takes NesC language as the modeling language and completely preserves the interrupt-driven feature of the TinyOS execution model.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
  2. 2.
    Akyildiz, I.F., Su, W., Sankarasubramaniam, Y., Cayirci, E.: Wireless sensor networks: a survey. Computer Networks 38, 132–138 (2001)Google Scholar
  3. 3.
    Archer, W., Levis, P., Regehr, J.: Interface contracts for TinyOS. In: IPSN, pp. 158–165 (2007)Google Scholar
  4. 4.
    Bucur, D., Kwiatkowska, M.Z.: Software verification for TinyOS. In: IPSN, pp. 400–401 (2010)Google Scholar
  5. 5.
    Emerson, E.A., Jha, S., Peled, D.: Combining Partial Order and Symmetry Reductions. In: Brinksma, E. (ed.) TACAS 1997. LNCS, vol. 1217, pp. 19–34. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  6. 6.
    Gay, D., Levis, P., Culler, D.E.: Software design patterns for TinyOS. ACM Trans. Embedded Comput. Syst. 6(2) (2007)Google Scholar
  7. 7.
    Gay, D., Levis, P., Behren, R.v., Welsh, M., Brewer, E., Culler, D.: The nesC Language: A Holistic Approach to Networked Embedded Systems. In: PLDI, pp. 1–11 (2003)Google Scholar
  8. 8.
    Hanna, Y., Rajan, H.: Slede: Framework for automatic verification of sensor network security protocol implementations. In: ICSE Companion, pp. 427–428 (2009)Google Scholar
  9. 9.
    Hanna, Y., Rajan, H., Zhang, W.: Slede: a domain-specific verification framework for sensor network security protocol implementations. In: WISEC, pp. 109–118 (2008)Google Scholar
  10. 10.
    Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Englewood Cliffs (1985)MATHGoogle Scholar
  11. 11.
    Holzmann, G.J.: Design and Validation of Protocols: A Tutorial. Computer Networks and ISDN Systems 25(9), 981–1017 (1993)CrossRefGoogle Scholar
  12. 12.
    Klues, K., Liang, C.-J.M., Paek, J., Musaloiu-Elefteri, R., Levis, P., Terzis, A., Govindan, R.: TOSThreads: thread-safe and non-invasive preemption in TinyOS. In: SenSys, pp. 127–140 (2009)Google Scholar
  13. 13.
    Kothari, N., Millstein, T.D., Govindan, R.: Deriving State Machines from TinyOS Programs Using Symbolic Execution. In: IPSN, pp. 271–282 (2008)Google Scholar
  14. 14.
    Levis, P., Gay, D.: TinyOS Programming, 1st edn. Cambridge University Press, Cambridge (2009)CrossRefGoogle Scholar
  15. 15.
    Levis, P., Lee, N., Welsh, M., Culler, D.E.: TOSSIM: Accurate and Scalable Simulation of Entire TinyOS Applications. In: SenSys, pp. 126–137 (2003)Google Scholar
  16. 16.
    Levis, P., Madden, S., Polastre, J., Szewczyk, R., Woo, A., Gay, D., Hill, J., Welsh, M., Brewer, E., Culler, D.: TinyOS: An operating system for sensor networks. In: Ambient Intelligence. Springer, Heidelberg (2004)Google Scholar
  17. 17.
    Levis, P., Patel, N., Culler, D.E., Shenker, S.: Trickle: A Self-Regulating Algorithm for Code Propagation and Maintenance in Wireless Sensor Networks. In: NSDI, pp. 15–28 (2004)Google Scholar
  18. 18.
    Li, P., Regehr, J.: T-check: bug finding for sensor networks. In: IPSN, pp. 174–185 (2010)Google Scholar
  19. 19.
    Liu, Y., Sun, J., Dong, J.S.: An Analyzer for Extended Compositional Process Algebras. In: ICSE Companion, pp. 919–920. ACM, New York (2008)CrossRefGoogle Scholar
  20. 20.
    Liu, Y., Sun, J., Dong, J.S.: Developing Model Checkers Using PAT. In: Bouajjani, A., Chin, W.-N. (eds.) ATVA 2010. LNCS, vol. 6252, pp. 371–377. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  21. 21.
    Manna, Z., Pnueli, A.: The Temporal Logic of Reactive and Concurrent Systems:Specification. Springer, Heidelberg (1992)CrossRefMATHGoogle Scholar
  22. 22.
    Menrad, V., Garcia, M., Schupp, S.: Improving TinyOS Developer Productivity with State Charts. In: SOMSED (2009)Google Scholar
  23. 23.
    Nguyen, N.T.M., Soffa, M.L.: Program representations for testing wireless sensor network applications. In: DOSTA, pp. 20–26 (2007)Google Scholar
  24. 24.
    Peled, D.: Combining Partial Order Reductions with On-the-fly Model-Checking. Formal Methods in System Design 8(1), 39–64 (1996)CrossRefGoogle Scholar
  25. 25.
    Sun, J., Liu, Y., Dong, J.S., Pang, J.: PAT: Towards Flexible Verification under Fairness. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 709–714. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  26. 26.
    Sun, J., Liu, Y., Dong, J.S., Zhang, X.: Verifying Stateful Timed CSP Using Implicit Clocks and Zone Abstraction. In: Breitman, K., Cavalcanti, A. (eds.) ICFEM 2009. LNCS, vol. 5885, pp. 581–600. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  27. 27.
    Sun, J., Liu, Y., Roychoudhury, A., Liu, S., Dong, J.S.: Fair model checking with process counter abstraction. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 123–139. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  28. 28.
    Sun, J., Song, S., Liu, Y.: Model Checking Hierarchical Probabilistic Systems. In: Dong, J.S., Zhu, H. (eds.) ICFEM 2010. LNCS, vol. 6447, pp. 388–403. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  29. 29.
    Zhang, S.J., Sun, J., Pang, J., Liu, Y., Dong, J.S.: On Combining State Space Reductions with Global Fairness Assumptions. In: Butler, M., Schulte, W. (eds.) FM 2011. LNCS, vol. 6664, pp. 432–447. Springer, Heidelberg (2011)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Manchun Zheng
    • 1
  • Jun Sun
    • 2
  • Yang Liu
    • 1
  • Jin Song Dong
    • 1
  • Yu Gu
    • 2
  1. 1.School of ComputingNational University of SingaporeSingapore
  2. 2.Singapore University of Technology and DesignSingapore

Personalised recommendations