improve replay attacker, add deadlock tests
This commit is contained in:
21
tests/no-deadlocks/t1-deadlock.pml
Normal file
21
tests/no-deadlocks/t1-deadlock.pml
Normal file
@@ -0,0 +1,21 @@
|
||||
chan c = [8] of { byte };
|
||||
byte q=1;
|
||||
|
||||
init {
|
||||
c!5;
|
||||
c!5;
|
||||
c!5;
|
||||
}
|
||||
|
||||
active proctype consume() {
|
||||
MAIN:
|
||||
do
|
||||
:: c ? 5 -> goto PROC;
|
||||
od
|
||||
PROC:
|
||||
q=0;
|
||||
}
|
||||
|
||||
ltl proc {
|
||||
eventually (q == 0);
|
||||
}
|
||||
35
tests/replay/weave.pml
Normal file
35
tests/replay/weave.pml
Normal file
@@ -0,0 +1,35 @@
|
||||
// INTENDED BEHAVIOR: no violation
|
||||
// explanation: can only replay once
|
||||
chan c = [8] of { byte };
|
||||
byte q=1;
|
||||
|
||||
init {
|
||||
c!5;
|
||||
}
|
||||
|
||||
active proctype consume() {
|
||||
MAIN:
|
||||
do
|
||||
:: c ? 5 -> goto PROC1;
|
||||
od
|
||||
PROC1:
|
||||
do
|
||||
:: c ? 5 ->
|
||||
c!3;
|
||||
goto PROC2;
|
||||
od
|
||||
PROC2:
|
||||
do
|
||||
:: c ? 3 -> goto PROC3;
|
||||
od
|
||||
PROC3:
|
||||
do
|
||||
:: c ? 3 -> goto PROC4;
|
||||
od
|
||||
PROC4:
|
||||
q=0;
|
||||
}
|
||||
|
||||
ltl proc {
|
||||
always !(q == 0);
|
||||
}
|
||||
@@ -1,3 +1,18 @@
|
||||
drop-nodeadlock:
|
||||
- command: python src/main.py --model=tests/no-deadlocks/t1-deadlock.pml --attacker=drop --chan=c --output=temp.pml --eval --cleanup --mem=2
|
||||
- intended: no violation
|
||||
- explanation: drop gadget does not deadlock
|
||||
|
||||
replay-nodeadlock:
|
||||
- command: python src/main.py --model=tests/no-deadlocks/t1-deadlock.pml --attacker=replay --chan=c --output=temp.pml --eval --cleanup --mem=2
|
||||
- intended: no violation
|
||||
- explanation: replay gadget does not deadlock
|
||||
|
||||
reorder-nodeadlock:
|
||||
- command: python src/main.py --model=tests/no-deadlocks/t1-deadlock.pml --attacker=reorder --chan=c --output=temp.pml --eval --cleanup --mem=2
|
||||
- intended: no violation
|
||||
- explanation: reorder gadget does not deadlock
|
||||
|
||||
t1-reorder:
|
||||
- command: python src/main.py --model=tests/reorder/t1-reorder.pml --attacker=reorder --chan=c --output=temp.pml --eval --cleanup --mem=1
|
||||
- intended: no violation
|
||||
@@ -65,12 +80,22 @@ t2-replay:
|
||||
|
||||
3-jump:
|
||||
- command: python src/main.py --model=tests/replay/3-jump.pml --attacker=replay --chan=c --output=temp.pml --eval --cleanup --mem=1
|
||||
- intended: no violation
|
||||
- explanation: can only replay the packet once
|
||||
- intended: property violation
|
||||
- explanation: can replay the same packet multiple times
|
||||
|
||||
replay-out-of-order:
|
||||
- command: python src/main.py --model=tests/replay/replay-out-of-order.pml --attacker=replay --chan=c --output=temp.pml --eval --cleanup --mem=2
|
||||
- intended: property violation
|
||||
- explanation: replay, but in a different order than received
|
||||
|
||||
weave:
|
||||
- command: python src/main.py --model=tests/replay/weave.pml --attacker=replay --chan=c --output=temp.pml --eval --cleanup --mem=2
|
||||
- intended: property violation
|
||||
- explanation: consume-replay-consume-replay pattern is able to be found
|
||||
|
||||
weave-lessmem:
|
||||
- command: python src/main.py --model=tests/replay/weave.pml --attacker=replay --chan=c --output=temp.pml --eval --cleanup --mem=1
|
||||
- intended: no violation
|
||||
- explanation: second consume cannot be completed, as we run out of consumption budget; however, we do have enough memory room for this
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user