RFC 4465 - Signaling Compression (SigComp) Torture Tests
Network Working Group A. Surtees Request for Comments: 4465 M. West Category: Informational Siemens/Roke Manor Research June 2006 Signaling Compression (SigComp) Torture Tests Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document provides a set of "torture tests" for implementers of the Signaling Compression (SigComp) protocol. The torture tests check each of the SigComp Universal Decompressor Virtual Machine instructions in turn, focusing in particular on the boundary and error cases that are not generally encountered when running well-behaved compression algorithms. Tests are also provided for other SigComp entities such as the dispatcher and the state handler. Table of Contents 1. Introduction ....................................................3 2. Torture Tests for UDVM ..........................................4 2.1. Bit Manipulation ...........................................4 2.2. Arithmetic .................................................5 2.3. Sorting ....................................................7 2.4. SHA-1 ......................................................8 2.5. LOAD and MULTILOAD .........................................9 2.6. COPY ......................................................11 2.7. COPY-LITERAL and COPY-OFFSET ..............................12 2.8. MEMSET ....................................................14 2.9. CRC .......................................................15 2.10. INPUT-BITS ...............................................16 2.11. INPUT-HUFFMAN ............................................17 2.12. INPUT-BYTES ..............................................19 2.13. Stack Manipulation .......................................20 2.14. Program Flow .............................................22 2.15. State Creation ...........................................23 2.16. STATE-ACCESS .............................................26 3. Torture Tests for Dispatcher ...................................28 3.1. Useful Values .............................................28 3.2. Cycles Checking ...........................................31 3.3. Message-based Transport ...................................32 3.4. Stream-based Transport ....................................34 3.5. Input Past the End of a Message ...........................36 4. Torture Tests for State Handler ................................38 4.1. SigComp Feedback Mechanism ................................38 4.2. State Memory Management ...................................41 4.3. Multiple Compartments .....................................44 4.4. Accessing RFC 3485 State ..................................49 4.5. Bytecode State Creation ...................................50 5. Security Considerations ........................................53 6. Acknowledgements ...............................................53 7. Normative References ...........................................53 Appendix A. UDVM Bytecode for the Torture Tests ..................54 A.1. Instructions ..............................................54 A.1.1. Bit Manipulation ...................................54 A.1.2. Arithmetic .........................................55 A.1.3. Sorting ............................................55 A.1.4. SHA-1 ..............................................56 A.1.5. LOAD and MULTILOAD .................................56 A.1.6. COPY ...............................................56 A.1.7. COPY-LITERAL and COPY-OFFSET .......................57 A.1.8. MEMSET .............................................57 A.1.9. CRC ................................................57 A.1.10. INPUT-BITS ........................................57 A.1.11. INPUT-HUFFMAN .....................................58 A.1.12. INPUT-BYTES .......................................58 A.1.13. Stack Manipulation ................................58 A.1.14. Program Flow ......................................59 A.1.15. State Creation ....................................59 A.1.16. STATE-ACCESS ......................................60 A.2. Dispatcher Tests ..........................................61 A.2.1. Useful Values ......................................61 A.2.2. Cycles Checking ...................................62 A.2.3. Message-based Transport ............................62 A.2.4. Stream-based Transport .............................62 A.2.5. Input Past the End of a Message ....................63 A.3. State Handler Tests .......................................64 A.3.1. SigComp Feedback Mechanism .........................64 A.3.2. State Memory Management ............................64 A.3.3. Multiple Compartments ..............................65 A.3.4. Accessing RFC 3485 State ...........................66 A.3.5. Bytecode State Creation ............................66 1. Introduction This document provides a set of "torture tests" for implementers of the SigComp protocol, RFC 3320 [2]. The idea behind SigComp is to standardize a Universal Decompressor Virtual Machine (UDVM) that can be programmed to understand the output of many well-known compressors including DEFLATE and LZW. The bytecode for the chosen decompressor is uploaded to the UDVM as part of the SigComp message flow. The SigComp User's Guide [1] gives examples of a number of different algorithms that can be used by the SigComp protocol. However, the bytecode for the corresponding decompressors is relatively well behaved and does not test the boundary and error cases that may potentially be exploited by malicious SigComp messages. This document is divided into a number of sections, each containing a piece of code designed to test a particular function of one of the SigComp entities (UDVM, dispatcher, and state handler). The specific boundary and error cases tested by the bytecode are also listed, as are the output the code should produce and the number of UDVM cycles that should be used. Each test runs in the SigComp minimum decompression memory size (that is, 2K), within the minimum number of cycles per bit (that is, 16) and in tests where state is stored 2K state memory size is needed. 2. Torture Tests for UDVM The following sections each provide code to test one or more UDVM instructions. In the interests of readability, the code is given using the SigComp assembly language: a description of how to convert this assembly code into UDVM bytecode can be found in the SigComp User's Guide [1]. The raw UDVM bytecode for each torture test is given in Appendix A. Each section also lists the number of UDVM cycles required to execute the code. Note that this figure only takes into account the cost of executing each UDVM instruction (in particular, it ignores the fact that the UDVM can gain extra cycles as a result of inputting more data). 2.1. Bit Manipulation This section gives assembly code to test the AND, OR, NOT, LSHIFT, and RSHIFT instructions. When the instructions have a multitype operand, the code tests the case where the multitype contains a fixed integer value, and the case where it contains a memory address at which the 2-byte operand value can be found. In addition, the code is designed to test that the following boundary cases have been correctly implemented: 1. The instructions overwrite themselves with the result of the bit manipulation operation, in which case execution continues normally. 2. The LSHIFT or RSHIFT instructions shift bits beyond the 2-byte boundary, in which case the bits must be discarded. 3. The UDVM registers byte_copy_left and byte_copy_right are used to store the results of the bit manipulation operations. Since no byte copying is taking place, these registers should behave in exactly the same manner as ordinary UDVM memory addresses. at (64) :a pad (2) :b pad (2) at (128) JUMP (start) ; Jump to address 255 at (255) :start ; The multitypes are values ; $start = 448 (first 2 bytes of AND instr) AND ($start, 21845) ; 448 & 21845 = 320 = 0x0140 OR ($a, 42) ; 0 | 42 = 42 = 0x002a NOT ($b) ; ~0 = 65535 = 0xffff LSHIFT ($a, 3) ; 42 << 3 = 336 = 0x0150 RSHIFT ($b, 65535) ; 65535 >> 65535 = 0 = 0x0000 OUTPUT (64, 4) ; Output 0x0150 0000 ; The multitypes are references AND ($a, $start) ; 336 & 320 = 320 = 0x0140 OR ($a, $a) ; 320 | 320 = 320 = 0x0140 NOT ($a) ; ~320 = 65215 = 0xfebf LSHIFT ($b, $a) ; 0 << 65215 = 0 = 0x0000 RSHIFT ($a, $b) ; 65215 >> 0 = 65215 = 0xfebf OUTPUT (64, 4) ; Output 0xfebf 0000 END-MESSAGE (0, 0, 0, 0, 0, 0, 0) The output of the code is 0x0150 0000 febf 0000. Executing the code costs a total of 22 UDVM cycles. 2.2. Arithmetic This section gives assembly code to test the ADD, SUBTRACT, MULTIPLY, DIVIDE, and REMAINDER instructions. The code is designed to test that the following boundary cases have been correctly implemented: 1. The instructions overwrite themselves with the result of the arithmetic operation, resulting in continuation as if the bytes were not bytecode. 2. The result does not lie between 0 and 2^16 - 1 inclusive, in which case it must be taken modulo 2^16. 3. The divisor in the DIVIDE or REMAINDER instructions is 0 (in which case decompression failure must occur). at (64) :a pad (2) :b pad (2) :type pad (1) :type_lsb pad (1) at (128) INPUT-BYTES (1, type_lsb, decomp_failure) SUBTRACT ($type, 1) JUMP (start) :decomp_failure DECOMPRESSION-FAILURE ; Now the value in $type should be 0xffff, 0x0000, or 0x0001 ; according to whether the input was 0x00, 0x01, or 0x02. at (255) :start ; The multitypes are values ; For all three messages ; $start = 1728 (first 2 bytes of ADD instr) ADD ($start, 63809) ; 1728 + 63809 = 1 = 0x0001 SUBTRACT ($a, 1) ; 0 - 1 = 65535 = 0xffff MULTIPLY ($a, 1001) ; 65535 * 1001 = 64535 = 0xfc17 DIVIDE ($a, 101) ; 64535 / 101 = 638 = 0x027e REMAINDER ($a, 11) ; 638 % 11 = 0 = 0x0000 OUTPUT (64, 4) ; output 0x0000 0000 ; The multitypes are references ADD ($b, $start) ; 0 + 1 = 1 = 0x0001 ; If the message is 0x00 SUBTRACT ($b, $type) ; 1 - 65535 = 2 = 0x0002 MULTIPLY ($b, $b) ; 2 * 2 = 4 = 0x0004 DIVIDE ($a, $b) ; 0 / 4 = 0 = 0x0000 REMAINDER ($b, $type) ; 4 % 65535 = 4 = 0x0004 OUTPUT (64, 4) ; output 0x0000 0004 ; If the message is 0x01, $type = 0 ; so decompression failure occurs at ; REMAINDER ($b, $type) ; If the message is 0x02, $type = 1 so ; $b becomes 0 and decompression failure ; occurs at DIVIDE ($a, $b) END-MESSAGE (0, 0, 0, 0, 0, 0, 0) If the compressed message is 0x00, then the output of the code is 0x0000 0000 0000 0004 and the execution cost should be 25 UDVM cycles. However, if the compressed message is 0x01 or 0x02, then decompression failure occurs. 2.3. Sorting This section gives assembly code to test the SORT-ASCENDING and SORT- DESCENDING instructions. The code is designed to test that the following boundary cases have been correctly implemented: 1. The sorting instructions sort integers with the same value, in which case the original ordering of the integers must be preserved. at (128) SORT-DESCENDING (256, 2, 23) SORT-ASCENDING (256, 2, 23) OUTPUT (302, 45) END-MESSAGE (0, 0, 0, 0, 0, 0, 0) at (256) word (10, 10, 17, 7, 22, 3, 3, 3, 19, 1, 16, 14, 8, 2, 13, 20, 18, 23, 15, 21, 12, 6, 9) word (28263, 8297, 30057, 8308, 26996, 11296, 31087, 29991, 8275, 18031, 28263, 24864, 30066, 29284, 28448, 29807, 28206, 11776, 28773, 28704, 28276, 29285, 28265) The output of the code is 0x466f 7264 2c20 796f 7527 7265 2074 7572 6e69 6e67 2069 6e74 6f20 6120 7065 6e67 7569 6e2e 2053 746f 7020 6974 2e, and the number of cycles required is 371. 2.4. SHA-1 This section gives assembly code to test the SHA-1 instruction. The code performs four tests on the SHA-1 algorithm itself and, in addition, checks the following boundary cases specific to the UDVM: 1. The input string for the SHA-1 hash is obtained by byte copying over an area of the UDVM memory. 2. The SHA-1 hash overwrites its own input string. at (64) :byte_copy_left pad (2) :byte_copy_right pad (2) :hash_value pad (20) at (128) SHA-1 (test_one, 3, hash_value) OUTPUT (hash_value, 20) SHA-1 (test_two, 56, hash_value) OUTPUT (hash_value, 20) ; Set up a 1-byte buffer LOAD (byte_copy_left, test_three) LOAD (byte_copy_right, test_four) ; Perform SHA-1 over 16384 bytes in a 1-byte buffer SHA-1 (test_three, 16384, hash_value) OUTPUT (hash_value, 20) ; Set up an 8-byte buffer LOAD (byte_copy_left, test_four) LOAD (byte_copy_right, test_end) ; Perform SHA-1 over 640 bytes in an 8-byte buffer SHA-1 (test_four, 640, test_four) OUTPUT (test_four, 20) END-MESSAGE (0, 0, 0, 0, 0, 0, 0) :test_one byte (97, 98, 99) :test_two byte (97, 98, 99, 100, 98, 99, 100, 101, 99, 100, 101, 102, 100, 101, 102, 103, 101, 102, 103, 104, 102, 103, 104, 105, 103, 104, 105, 106, 104, 105, 106, 107, 105, 106, 107, 108, 106, 107, 108, 109, 107, 108, 109, 110, 108, 109, 110, 111, 109, 110, 111, 112, 110, 111, 112, 113) :test_three byte (97) :test_four byte (48, 49, 50, 51, 52, 53, 54, 55) :test_end The output of the code is as follows: 0xa999 3e36 4706 816a ba3e 2571 7850 c26c 9cd0 d89d 0x8498 3e44 1c3b d26e baae 4aa1 f951 29e5 e546 70f1 0x12ff 347b 4f27 d69e 1f32 8e6f 4b55 73e3 666e 122f 0x4f46 0452 ebb5 6393 4f46 0452 ebb5 6393 4f46 0452 Executing the code costs a total of 17176 UDVM cycles. 2.5. LOAD and MULTILOAD This section gives assembly code to test the LOAD and MULTILOAD instructions. The code is designed to test the following boundary cases: 1. The MULTILOAD instruction overwrites itself or any of its operands, in which case decompression failure occurs. 2. The memory references of MULTILOAD instruction operands are evaluated step-by-step rather than all at once before starting to copy data. at (64) :start pad (1) :start_lsb pad (1) at (128) set (location_a, 128) set (location_b, 132) LOAD (128, 132) ; address 128 contains 132 = 0x0084 LOAD (130, $location_a) ; address 130 contains 132 = 0x0084 LOAD ($location_a, 134) ; address 132 contains 134 = 0x0086 LOAD ($location_b, $location_b) ; address 134 contains 134 = 0x0086 OUTPUT (128, 8) ; output 0x0084 0084 0086 0086 INPUT-BYTES (1, start_lsb, decompression_failure) MULTIPLY ($start, 2) ADD ($start, 60) MULTILOAD ($start, 3, overlap_start, overlap_end, 128) :position set (overlap_start, (position - 7)) MULTILOAD ($start, 4, 42, 128, $location_a, $location_b) :end set (overlap_end, (end - 1)) OUTPUT (128, 8) END-MESSAGE (0, 0, 0, 0, 0, 0, 0) :decompression_failure DECOMPRESSION-FAILURE The INPUT-BYTES, MULTIPLY, and ADD instructions give the following values for $start = $64 just before the MULTILOADs begin: Input $start before 1st MULTILOAD 0x00 60 0x01 62 0x02 64 Consequently, after the first MULTILOAD the values of $start are the following: Input $start before 2nd MULTILOAD 0x00 128 0x01 overlap_end = 177 = last byte of 2nd MULTILOAD instruction 0x02 overlap_start = 162 = 7 bytes before 2nd MULTILOAD instruction Consequently, execution of the 2nd MULTILOAD (and any remaining code) gives the following: Input Outcome 0x00 MULTILOAD reads and writes operand by operand. The output is 0x0084 0084 0086 0086 002a 0080 002a 002a, and the cost of executing the code is 36 UDVM cycles. 0x01 The first write of the MULTILOAD instruction would overwrite the last byte of the final MULTILOAD operand, so decompression failure occurs. 0x02 The last write of the MULTILOAD would overwrite the MULTILOAD opcode, so decompression failure occurs. 2.6. COPY This section gives assembly code to test the COPY instruction. The code is designed to test that the following boundary cases have been correctly implemented: 1. The COPY instruction copies data from both outside the circular buffer and inside the circular buffer within the same operation. 2. The COPY instruction performs byte-by-byte copying (i.e., some of the later bytes to be copied are themselves written into the UDVM memory by the COPY instruction currently being executed). 3. The COPY instruction overwrites itself and continues executing. 4. The COPY instruction overwrites the UDVM registers byte_copy_left and byte_copy_right. 5. The COPY instruction writes to and reads from the right of the buffer beginning at byte_copy_right. 6. The COPY instruction implements byte copying rules when the destination wraps around the buffer. at (64) :byte_copy_left pad (2) :byte_copy_right pad (2) at (128) ; Set up buffer between addresses 64 & 128 LOAD (32, 16384) LOAD (byte_copy_left, 64) LOAD (byte_copy_right, 128) COPY (32, 128, 33) ; Copy byte by byte starting to the left of ; the buffer, into the buffer and wrapping ; the buffer (inc overwriting the ; boundaries) LOAD (64, 16640) ; Change the start of the buffer to be ; beyond bytecode COPY (64, 85, 65) ; Copy to the left of the buffer, ; overwriting this instruction OUTPUT (32, 119) ; Output 32 * 0x40 + 86 * 0x41 + 0x55, ; which is 32 * '@' + 86 'A' + 'U' ; Set a new small buffer LOAD (byte_copy_left, 32) LOAD (byte_copy_right, 48) MEMSET (32, 4, 65, 1) ; Set first 4 bytes of the buffer to be ; 'ABCD' COPY (32, 4, 48) ; Copy from byte_copy_right (i.e., not ; in buffer) OUTPUT (48, 4) ; Output 0x4142 4344, which is 'ABCD' COPY (48, 4, 46) ; Copy from two before byte_copy_right to ; wrap around the buffer OUTPUT (32, 2) ; Output 0x4344, which is 'CD' END-MESSAGE (0, 0, 0, 0, 0, 0, 0) The output is above, and executing the code costs a total of 365 UDVM cycles. 2.7. COPY-LITERAL and COPY-OFFSET This section gives assembly code to test the COPY-LITERAL and COPY- OFFSET instructions. The code is designed to test similar boundary cases to the code for the COPY instruction, as well as the following condition specific to COPY-LITERAL and COPY-OFFSET: 1. The COPY-LITERAL or COPY-OFFSET instruction overwrites the value of its destination. 2. The COPY-OFFSET instruction reads from an offset that wraps around the buffer (i.e., the offset is larger than the distance between byte_copy_left and the destination). at (64) :byte_copy_left pad (2) :byte_copy_right pad (2) :destination pad (2) :offset pad (2) at (128) ; Set up circular buffer, source, and ; destination LOAD (32, 16640) LOAD (byte_copy_left, 64) LOAD (byte_copy_right, 128) LOAD (destination, 33) COPY-LITERAL (32, 128, $destination) ; Copy from the left of the ; buffer overwriting bcl, bcr, and ; destination wrapping around the buffer OUTPUT (64, 8) ; Check destination has been updated ; Output 0x4141 4141 0061 4141 LOAD (destination, copy) :copy ; Overwrite the copy instruction COPY-LITERAL (32, 2, $destination) OUTPUT (copy, 2) ; Output 0x4141 LOAD (byte_copy_left, 72) ; Set up new circular buffer LOAD (byte_copy_right, 82) LOAD (destination, 82) ; Set destination to byte_copy_right MEMSET (72, 10, 65, 1) ; Fill the buffer with 0x41 - 4A COPY-OFFSET (2, 6, $destination) ; Copy from within circular ; buffer to outside buffer LOAD (offset, 6) COPY-OFFSET ($offset, 4, $destination) ; Copy from byte_copy_right ; so reading outside buffer OUTPUT ($byte_copy_right, 10) ; Output 0x494A 4142 4344 494A 4142, ; which is 'IJABCDIJAB' LOAD (destination, 80) ; Put destination within the ; buffer COPY-OFFSET (4, 4, $destination) ; Copy where destination wraps OUTPUT (destination, 2) ; Output 0x004A COPY-OFFSET (5, 4, $destination) ; Copy where offset wraps from ; left back around to the right OUTPUT (destination, 2) ; Output 0x004E OUTPUT ($byte_copy_left, 10) ; Output the circular buffer ; 0x4748 4845 4647 4748 4546, ; which is 'GHHEFGGHEF' END-MESSAGE (0, 0, 0, 0, 0, 0, 0) The output of the code is above, and the cost of execution is 216 UDVM cycles. 2.8. MEMSET This section gives assembly code to test the MEMSET instruction. The code is designed to test that the following boundary cases have been correctly implemented: 1. The MEMSET instruction overwrites the registers byte_copy_left and byte_copy_right. 2. The output values of the MEMSET instruction do not lie between 0 and 255 inclusive (in which case they must be taken modulo 2^8). at (64) :byte_copy_left pad (2) :byte_copy_right pad (2) at (128) LOAD (byte_copy_left, 128) ; sets up a circular buffer LOAD (byte_copy_right, 129) ; of 1 byte between 0x0080 and 0x0081 MEMSET (64, 129, 0, 1) ; fills up the memory in the range ; 0x0040-0x007f with 0x00, ... 0x3f; ; then it writes successively at ; 0x0080 the following values 0x40, ... 0x80 ; as a side effect, the values of ; bcl and bcr are modified. ; before and during the MEMSET: ; byte_copy_left: 0x0080 byte_copy_right: 0x0081 ; after the MEMSET: ; byte_copy_left: 0x0001 byte_copy_right: 0x0203 MEMSET (129, 15, 64, 15) ; fills the memory range 0x0080-0x008f ; with values 0x40, 0x4f, ... 0xf4, 0x03, 0x12. ; as a side effect, it overwrites a ; part of the code including itself OUTPUT (128, 16) ; outputs 0x8040 4f5e 6d7c 8b9a ; a9b8 c7d6 e5f4 0312 END-MESSAGE (0, 0, 0, 0, 0, 0, 0) The output of the code is 0x8040 4f5e 6d7c 8b9a a9b8 c7d6 e5f4 0312. Executing the code costs 166 UDVM cycles. 2.9. CRC This section gives assembly code to test the CRC instruction. The code does not test any specific boundary cases (as there do not appear to be any) but focuses instead on verifying the CRC algorithm. at (64) :byte_copy_left pad (2) :byte_copy_right pad (2) :crc_value pad (2) :crc_string_a pad (24) :crc_string_b pad (20) at (128) MEMSET (crc_string_a, 24, 1, 1) ; sets up between 0x0046 and 0x005d ; a byte string containing 0x01, ; 0x02, ... 0x18 MEMSET (crc_string_b, 20, 128, 1) ; sets up between 0x005e and 0x0071 ; a byte string containing 0x80, ; 0x81, ... 0x93 INPUT-BYTES (2, crc_value, decompression_failure) ; reads in 2 bytes representing ; the CRC value of the byte string ; of 44 bytes starting at 0x0046 CRC ($crc_value, crc_string_a, 44, decompression_failure) ; computes the CRC value of the ; byte string crc_string_a ; concatenated with byte string ; crc_string_b (with a total ; length of 44 bytes). ; if the computed value does ; not match the 2-byte value read ; previously, the program ends ; with DECOMPRESSION-FAILURE. END-MESSAGE (0, 0, 0, 0, 0, 0, 0) :decompression_failure DECOMPRESSION-FAILURE If the compressed message is 0x62cb, then the code should successfully terminate with no output, and with a total execution cost of 95 UDVM cycles. For different 2-byte compressed messages, the code should terminate with a decompression failure. 2.10. INPUT-BITS This section gives assembly code to test the INPUT-BITS instruction. The code is designed to test that the following boundary cases have been correctly implemented: 1. The INPUT-BITS instruction changes between any of the four possible bit orderings defined by the input_bit_order register. 2. The INPUT-BITS instruction inputs 0 bits. 3. The INPUT-BITS instruction requests data that lies beyond the end of the compressed message. at (64) :byte_copy_left pad (2) :byte_copy_right pad (2) :input_bit_order pad (2) :result pad (2) at (128) :start INPUT-BITS ($input_bit_order, result, end_of_message) ; reads in ; exactly as many bits as the 2-byte ; value written in the input_bit_order ; register, get out of the loop when ; no more bits are available at input. OUTPUT (result, 2) ; outputs as a 2-byte integer ; the previously read bits ADD ($input_bit_order, 1) ; if at the beginning of this loop the ; register input_bit_order is 0, REMAINDER ($input_bit_order, 7) ; then its value varies periodically ; like this: 2, 4, 6, 1, 3, 5, 7. ADD ($input_bit_order, 1) ; that gives for the FHP bits: 010, ; 100, 110, 001, 011, 101, 111 JUMP (start) ; run the loop once more :end_of_message END-MESSAGE (0, 0, 0, 0, 0, 0, 0) An example of a compressed message is 0x932e ac71, which decompresses to give the output 0x0000 0002 0002 0013 0000 0003 001a 0038. Executing the code costs 66 UDVM cycles. 2.11. INPUT-HUFFMAN This section gives assembly code to test the INPUT-HUFFMAN instruction. The code is designed to test that the following boundary cases have been correctly implemented: 1. The INPUT-HUFFMAN instruction changes between any of the four possible bit orderings defined by the input_bit_order register. 2. The INPUT-HUFFMAN instruction inputs 0 bits. 3. The INPUT-HUFFMAN instruction requests data that lies beyond the end of the compressed message. at (64) :byte_copy_left pad (2) :byte_copy_right pad (2) :input_bit_order pad (2) :result pad (2) at (128) :start INPUT-HUFFMAN (result, end_of_message, 2, $input_bit_order, 0, $input_bit_order, $input_bit_order, $input_bit_order, 0, 65535, 0) OUTPUT (result, 2) ADD ($input_bit_order, 1) REMAINDER ($input_bit_order, 7) ADD ($input_bit_order, 1) JUMP (start) :end_of_message END-MESSAGE (0, 0, 0, 0, 0, 0, 0) An example of a compressed message is 0x932e ac71 66d8 6f, which decompresses to give the output 0x0000 0003 0008 04d7 0002 0003 0399 30fe. Executing the code costs 84 UDVM cycles. As the code is run, the input_bit_order changes through all possible values to check usage of the H and P bits. The number of bits to input each time is taken from the value of input_bit_order. The sequence is the following: Input_bit_order (bin) Total bits input by Huffman Value 000 0 0 010 2 3 100 4 8 110 12 1239 001 P-bit changed, throw away 6 bits 001 1 2 011 3 3 101 10 921 111 14 12542 010 P-bit changed, throw away 4 bits 010 0 - not enough bits so terminate 2.12. INPUT-BYTES This section gives assembly code to test the INPUT-BYTES instruction. The code is designed to test that the following boundary cases have been correctly implemented: 1. The INPUT-BYTES instruction inputs 0 bytes. 2. The INPUT-BYTES instruction requests data that lies beyond the end of the compressed message. 3. The INPUT-BYTES instruction is used after part of a byte has been input (e.g., by the INPUT-BITS instruction). at (64) :byte_copy_left pad (2) :byte_copy_right pad (2) :input_bit_order pad (2) :result pad (2) :output_start pad (4) :output_end at (128) LOAD (byte_copy_left, output_start) LOAD (byte_copy_right, output_end) :start INPUT-BITS ($input_bit_order, result, end_of_message) OUTPUT (result, 2) ADD ($input_bit_order, 2) REMAINDER ($input_bit_order, 7) INPUT-BYTES ($input_bit_order, output_start, end_of_message) OUTPUT (output_start, $input_bit_order) ADD ($input_bit_order, 1) JUMP (start) :end_of_message END-MESSAGE (0, 0, 0, 0, 0, 0, 0) An example of a compressed message is 0x932e ac71 66d8 6fb1 592b dc9a 9734 d847 a733 874e 1bcb cd51 b5dc 9659 9d6a, which decompresses to give the output 0x0000 932e 0001 b166 d86f b100 1a2b 0003 9a97 34d8 0007 0001 3387 4e00 08dc 9651 b5dc 9600 599d 6a. Executing the code costs 130 UDVM cycles. As the code is run, the input_bit_order changes through all possible values to check usage of the F and P bits. The number of bits or bytes to input each time is taken from the value of input_bit_order. For each INPUT-BYTES instruction, the remaining bits of the byte are thrown away. The P-bit always changes on the byte boundary so no bits are thrown away. The sequence is the following: Input_bit_order (bin) Input bits Input bytes Output 000 0 0x0000 010 2 0x932e 011 3 0x0001 101 5 0xb166 d866 b1 110 6 0x001a 001 1 0x2b 010 2 0x0003 100 4 0x9a97 34d8 101 5 0x0007 000 0 001 1 0x0001 011 3 0x3384 4e 100 4 0x0008 110 6 0xdc96 51b5 dc96 111 7 0x0059 010 2 0x9d6a 011 3 - no bits left so terminate 2.13. Stack Manipulation This section gives assembly code to test the PUSH, POP, CALL, and RETURN instructions. The code is designed to test that the following boundary cases have been correctly implemented: 1. The stack manipulation instructions overwrite the UDVM register stack_location. 2. The CALL instruction specifies a reference operand rather than an absolute value. 3. The PUSH instruction pushes the value contained in stack_fill onto the stack. 4. The stack_location register contains an odd integer. at (64) :byte_copy_left pad (2) :byte_copy_right pad (2) :input_bit_order pad (2) :stack_location pad (2) :next_address pad (2) at (128) LOAD (stack_location, 64) PUSH (2) PUSH ($64) PUSH (66) ; Stack now contains 2, 1, 66 ; so $stack_location = 66 OUTPUT (64, 8) ; Output 0x0003 0002 0001 0042 POP (64) ; Pop value 66 from address 70 to address 64 POP ($stack_location) ; Pop value 1 from address 68 to address 66 ; so stack_fill is overwritten to be 1 POP (stack_location) ; Pop value 1 from address 68 to address 70 OUTPUT (64, 8) ; Output 0x0042 0000 0001 0001 JUMP (address_a) at (192) :address_a LOAD (stack_location, 32) LOAD (next_address, address_c) SUBTRACT ($next_address, address_b) ; next_address = 64 CALL (address_b) ; push 204 on stack at (256) :address_b CALL ($next_address) ; push 256 on stack at (320) :address_c LOAD (stack_location, 383) LOAD (383, 26) ; overwrite $stack_location with 26 MULTILOAD (432, 3, 1, 49153, 32768) ; write bytes so that 433 and 434 ; contain 0x01c0 = 448 and ; 435 and 436 contain 0x0180 = 384 RETURN ; pop 383 from the stack and jump ; there = 384, which is lsb of ; stack_fill, which now contains 25, ; which is UDVM instruction RETURN ; pop 448 from the stack and jump ; there at (448) END-MESSAGE (0, 0, 0, 0, 0, 0, 0) The output of the code is 0x0003 0002 0001 0042 0042 0000 0001 0001, and a total of 40 UDVM cycles are used. 2.14. Program Flow This section gives assembly code to test the JUMP, COMPARE, and SWITCH instructions. The code is designed to test that the following boundary cases have been correctly implemented: 1. The address operands are specified as references to memory addresses rather than as absolute values. at (64) :next_address pad (2) :counter pad (1) :counter_lsb pad (1) :switch_counter pad (2) at (128) LOAD (switch_counter, 4) :address_a LOAD (next_address, address_c) SUBTRACT ($next_address, address_b) ; address_c - address_b OUTPUT (counter_lsb, 1) :address_b JUMP ($next_address) ; Jump to address_c :address_c ADD ($counter, 1) LOAD (next_address, address_a) SUBTRACT ($next_address, address_d) ; address_a - address_d OUTPUT (counter_lsb, 1) :address_d COMPARE ($counter, 6, $next_address, address_c, address_e) ; counter < 6, $next_address gives ; jump to address_a :address_e SUBTRACT ($switch_counter, 1) ; switch_counter = 3 LOAD (next_address, address_a) SUBTRACT ($next_address, address_f) ; address_a - address_f OUTPUT (counter_lsb, 1) :address_f SWITCH (4, $switch_counter, address_g, $next_address, address_c, address_e) ; when $switch_counter = 1, ; $next_address gives jump to ; address_a :address_g END-MESSAGE (0, 0, 0, 0, 0, 0, 0) The output of the code is 0x0001 0102 0203 0304 0405 0506 0707 0708 0808 0909, and a total of 131 UDVM cycles are used. 2.15. State Creation This section gives assembly code to test the STATE-CREATE and STATE- FREE instructions. The code is designed to test that the following boundary cases have been correctly implemented: 1. An item of state is created that duplicates an existing state item. 2. An item of state is freed when the state has not been created. 3. An item of state is created and then freed by the same message. 4. The STATE-FREE instruction frees a state item by sending fewer bytes of the state_identifier than the minimum_access_length. 5. The STATE-FREE instruction has partial_identifier_length operand shorter than 6 or longer than 20. 6. The STATE-FREE instruction specifies a partial_identifier that matches with two state items in the compartment. 7. The bytes of the identifier are written to the position specified in the STATE-FREE instruction after the STATE-FREE instruction has been run (and before END-MESSAGE). at (64) :byte_copy_left pad (2) :byte_copy_right pad (2) :states pad (1) :states_lsb pad (1) :min_len pad (1) :min_len_lsb pad (1) :state_identifier pad (20) set (state_length, 10) at (127) :decompression_failure at (128) INPUT-BYTES (1, states_lsb, decompression_failure) :test_one LSHIFT ($states, 11) COMPARE ($states, 32768, test_two, create_state_a2, create_state_a2) :create_state_a2 STATE-CREATE (state_length, state_address2, 0, 20, 0) :test_two LSHIFT ($states, 1) COMPARE ($states, 32768, test_three, create_state_a, create_state_a) :create_state_a STATE-CREATE (state_length, state_address, 0, 20, 0) :test_three LSHIFT ($states, 1) COMPARE ($states, 32768, test_four, free_state, free_state) :free_state INPUT-BYTES (1, min_len_lsb, decompression_failure) STATE-FREE (state_identifier, $min_len) COPY (identifier1, $min_len, state_identifier) :test_four LSHIFT ($states, 1) COMPARE ($states, 32768, test_five, free_state2, free_state2) :free_state2 STATE-FREE (identifier1, 6) :test_five LSHIFT ($states, 1) COMPARE ($states, 32768, end, create_state_b, create_state_b) :create_state_b END-MESSAGE (0, 0, state_length, state_address, 0, 20, 0) :end END-MESSAGE (0, 0, 0, 0, 0, 0, 0) :identifier1 byte (67, 122, 232, 10, 15, 220, 30, 106, 135, 193, 182, 42, 118, 118, 185, 115, 49, 140, 14, 245) at (256) :state_address byte (192, 204, 63, 238, 121, 188, 252, 143, 209, 8) :state_address2 byte (101, 232, 3, 82, 238, 41, 119, 23, 223, 87) Upon reaching the END-MESSAGE instruction, the UDVM does not output any decompressed data, but instead may make one or more state creation or state free requests to the state handler. Assuming that the application does not veto the state creation request (and that sufficient state memory is available) the code results in 0, 1, or 2 state items being present in the compartment. The following table lists ten different compressed messages, the states created and freed by each, the number of states left after each message, and the number of UDVM cycles used. There are 3 state creation instructions: create state_a, which has hash identifier1 create state_b (in END-MESSAGE), which is identical to state_a create state_a2, which has a different identifier, but the first 6 bytes are the same as those of identifier1. Message: Effect: # state items: #cycles: 0x01 create state_b 1 23 0x02 free (id1, 6) = state_b 0 14 0x03 free (id1, 6) = state_b; create state_b 1 24 0x0405 free (id1, 5) Decompression failure 0x0415 free (id1, 21) Decompression failure 0x0406 free (id1, 6) = state_b 0 23 0x09 create state_a; create state_b 1 34 0x1e06 create state_a2; create state_a; free (id1, 6) = matches both so no free; free (id1, 6) = matches both so no free; 2 46 0x1e07 create state_a2; create state_a; free (id1, 7) = state_a; free (id1, 6) = state_a2 0 47 0x1e14 create state_a2; create state_a; free (id1, 20) = state_a; free (id1, 6) = state_a2 0 60 2.16. STATE-ACCESS This section gives assembly code to test the STATE-ACCESS instruction. The code is designed to test that the following boundary cases have been correctly implemented: 1. A subset of the bytes contained in a state item is copied to the UDVM memory. 2. Bytes are copied from beyond the end of the state value. 3. The state_instruction operand is set to 0. 4. The state cannot be accessed because the partial state identifier is too short. 5. The state identifier is overwritten by the state item being accessed. The following bytecode needs to be run first to set up the state for the rest of the test. at (128) END-MESSAGE (0, 0, state_length, state_start, 0, 20, 0) ; The bytes between state_start and state_end are derived from ; translation of the following mnemonic code: ; ; at (512) ; OUTPUT (data, 4) ; END-MESSAGE (0,0,0,0,0,0,0) ; :data ; byte (116, 101, 115, 116) at (512) :state_start byte (34, 162, 12,4, 35, 0, 0, 0, 0, 0, 0, 0, 116, 101, 115, 116) :state_end set (state_length, (state_end - state_start)) This is the bytecode for the rest of the test. at (64) :byte_copy_left pad (2) :byte_copy_right pad (2) :type pad (1) :type_lsb pad (1) :state_value pad (4) at (127) :decompression_failure at (128) INPUT-BYTES (1, type_lsb, decompression_failure) COMPARE ($type, 1, execute_state, extract_state, error_conditions) :execute_state STATE-ACCESS (state_identifier, 20, 0, 0, 0, 512) :extract_state STATE-ACCESS (state_identifier, 20, 12, 4, state_value, 0) OUTPUT (state_value, 4) JUMP (end) :error_conditions COMPARE ($type, 3, state_not_found, id_too_short, state_too_short) :state_not_found STATE-ACCESS (128, 20, 0, 0, 0, 0) JUMP (end) :id_too_short STATE-ACCESS (state_identifier, 19, 6, 4, state_value, 0) JUMP (end) :state_too_short STATE-ACCESS (state_identifier, 20, 12, 5, state_value, 0) JUMP (end) at (484) :end END-MESSAGE (0, 0, 0, 0, 0, 0, 0) at (512) :state_identifier byte (0x5d, 0xf8, 0xbc, 0x3e, 0x20, 0x93, 0xb5, 0xab, 0xe1, 0xf1, 0x70, 0x13, 0x42, 0x4c, 0xe7, 0xfe, 0x05, 0xe0, 0x69, 0x39) If the compressed message is 0x00, then the output of the code is 0x7465 7374, and a total of 26 UDVM cycles are used. If the compressed message is 0x01, then the output of the code is also 0x7465 7374 but in this case using a total of 15 UDVM cycles. If the compressed message is 0x02, 0x03, or 0x04, then decompression failure occurs. 3. Torture Tests for Dispatcher The following sections give code to test the various functions of the SigComp dispatcher. 3.1. Useful Values This section gives assembly code to test that the SigComp "Useful Values" are correctly initialized in the UDVM memory. It also tests that the UDVM is correctly terminated if the bytecode uses too many UDVM cycles or tries to write beyond the end of the available memory. The code tests that the following boundary cases have been correctly implemented: 1. The bytecode uses exactly as many UDVM cycles as are available (in which case no problems should arise) or one cycle too many (in which case decompression failure should occur). A liberal implementation could allow more cycles to be used than are strictly available, in which case decompression failure will not occur. This is an implementation choice. If this choice is made, the implementer must be sure that the cycles are checked eventually and that decompression failure does occur when bytecode uses an excessive number of cycles. This is tested in Section 3.2. 2. The bytecode writes to the highest memory address available (in which case no problems should arise) or to the memory address immediately following the highest available address (in which case decompression failure must occur). :udvm_memory_size pad (2) :cycles_per_bit pad (2) :sigcomp_version pad (2) :partial_state_id_length pad (2) :state_length pad (2) at (64) :byte_copy_left pad (2) :byte_copy_right pad (2) :remaining_cycles pad (2) :check_memory pad (1) :check_memory_lsb pad (1) :check_cycles pad (1) :check_cycles_lsb pad (1) at (127) :decompression_failure at (128) ; Set up a 1-byte buffer LOAD (byte_copy_left, 32) LOAD (byte_copy_right, 33) :test_version ; Input a byte containing the version of SigComp being run INPUT-BYTES (1, check_memory_lsb, decompression_failure) COMPARE ($sigcomp_version, $check_memory, decompression_failure, test_state_access, decompression_failure) :test_state_access COMPARE ($partial_state_id_length, 0, decompression_failure, test_length_equals_zero, test_state_length) :test_length_equals_zero ; No state was accessed so state_length ; should be zero (first message) COMPARE ($state_length, 0, decompression_failure, end, decompression_failure) :test_state_length ; State was accessed so state_length ; should be 960 COMPARE ($state_length, 960, decompression_failure, test_udvm_memory, decompression_failure) :test_udvm_memory ; Copy one byte to ; udvm_memory_size + input - 1 ; Succeed when input byte is 0x00 ; Fail when input byte is 0x01 INPUT-BYTES (1, check_memory_lsb, decompression_failure) ADD ($check_memory, $udvm_memory_size) SUBTRACT ($check_memory, 1) COPY (32, 1, $check_memory) :test_udvm_cycles INPUT-BYTES (1, check_cycles_lsb, decompression_failure) ; Work out the total number of cycles available to the UDVM ; total_UDVM_cycles = cycles_per_bit * (8 * message_size + 1000) ; ; = cycles_per_bit * (8 * (partial_state_id_length + 3) + 1000) LOAD (remaining_cycles, $partial_state_id_length) ADD ($remaining_cycles, 3) MULTIPLY ($remaining_cycles, 8) ADD ($remaining_cycles, 1000) MULTIPLY ($remaining_cycles, $cycles_per_bit) ADD ($remaining_cycles, $check_cycles) set (cycles_used_by_bytecode, 856) SUBTRACT ($remaining_cycles, cycles_used_by_bytecode) COPY (32, $remaining_cycles, 32) ; Copy to use up all cycles available + input byte ; Succeeds when input byte = 0x00 ; Fail when input byte = 0x01 :end ; Create 960 bytes of state for future ; reference END-MESSAGE (0, 0, 960, 64, 128, 6, 0) The bytecode must be executed a total of four times in order to fully test the SigComp Useful Values. In the first case, the bytecode is uploaded as part of the SigComp message with a 1-byte compressed message corresponding to the version of SigComp being run. This causes the UDVM to request creation of a new state item and uses a total of 968 UDVM cycles. Subsequent tests access this state by uploading the state identifier as part of the SigComp message. Note that the SigComp message should not contain a returned feedback item (as this would cause the bytecode to calculate the total number of available UDVM cycles incorrectly). A 3-byte compressed message is required for the second and subsequent cases, the first byte of which is the version of SigComp in use, 0xnn. If the message is 0xnn0000, then the UDVM should successfully terminate using exactly the number of available UDVM cycles. However, if the message is 0xnn0001, then the UDVM should use too many cycles and hence terminate with decompression failure. Furthermore, if the message is 0xnn0100, then decompression failure must occur because the UDVM attempts to write beyond its available memory. 3.2. Cycles Checking As discussed in Section 3.1, it is possible to write an implementation that takes a liberal approach to checking the cycles used and allows some extra cycles. The implementer must be sure that decompression failure does not occur too early and that in the case of excessive use of cycles, decompression failure does eventually occur. This test checks that: 1. Decompression failure occurs eventually when there is an infinite loop. at (64) :byte_copy_left pad (2) :byte_copy_right pad (2) :value pad (2) :copy_next pad (2) at(128) MULTILOAD (byte_copy_left, 4, 32, 41, 0, 34) ; Set up a 10-byte buffer ; Set the value to copy ; Copy it 100 times, ; output the value, ; increment the counter :loop COPY (value, 2, $byte_copy_left) COPY-OFFSET (2, 100, $copy_next) OUTPUT (value, 2) ADD ($value, 1) JUMP (loop) If the cycles are counted exactly and cycles per bit (cpb) = 16, then decompression failure will occur at COPY-OFFSET when value = 180 = 0xB4. If cpb = 32, then decompression failure will occur when value = 361 = 0x0169. If they are not counted exactly, then decompression failure MUST occur eventually. 3.3. Message-based Transport This section provides a set of messages to test the SigComp header over a message-based transport such as UDP. The messages test that the following boundary cases have been correctly implemented: 1. The UDVM bytecode is copied to different areas of the UDVM memory. 2. The decompression memory size is set to an incorrect value. 3. The SigComp message is too short. 4. The destination address is invalid. The basic version of the code used in the test is given below. Note that the code is designed to calculate the decompression memory size based on the Useful Values provided to the UDVM: :udvm_memory_size pad (2) :cycles_per_bit pad (2) :sigcomp_version pad (2) :partial_state_id_length pad (2) :state_length pad (2) at (128) :code_start ; udvm_memory_size for message-based transport ; = DMS - total_message_size ADD ($udvm_memory_size, total_message_size) OUTPUT (udvm_memory_size, 2) END-MESSAGE (0, 0, 0, 0, 0, 0, 1) :code_end set (header_size, 3) set (code_size, (code_end - code_start)) set (total_message_size, (header_size + code_size)) A number of complete SigComp messages are given below, each containing some or all of the above code. In each case, it is indicated whether the message will successfully output the decompression memory size or whether it will cause a decompression failure to occur (together with the reason for the failure): SigComp message: Effect: 0xf8 Fails (message too short) 0xf800 Fails (message too short) 0xf800 e106 0011 2200 0223 Outputs the decompression_memory_size 0x0000 0000 0000 01 0xf800 f106 0011 2200 0223 Fails (message too short) 0x0000 0000 0000 01 0xf800 e006 0011 2200 0223 Fails (invalid destination address) 0x0000 0000 0000 01 0xf800 ee06 0011 2200 0223 Outputs the decompression_memory_size 0x0000 0000 0000 01 The messages should be decompressed in the order given to check that an error in one message does not interfere with the successful decompression of subsequent messages. The two messages that successfully decompress each use a total of 5 UDVM cycles. 3.4. Stream-based Transport This section provides a byte stream to test the SigComp header and delimiters over a stream-based transport such as TCP. The byte stream tests all of the boundary cases covered in Section 3.2, as well as the following cases specific to stream-based transports: 1. Quoted bytes are used by the record marking scheme. 2. Multiple delimiters are used between the same pair of messages. 3. Unnecessary delimiters are included at the start of the stream. The basic version of the code used in the test is given below. Note that the code is designed to calculate the decompression memory size based on the Useful Values provided to the UDVM: :udvm_memory_size pad (2) :cycles_per_bit pad (2) :sigcomp_version pad (2) :partial_state_id_length pad (2) :state_length pad (2) at (128) ; udvm_memory_size for stream based transport = DMS / 2 MULTIPLY ($udvm_memory_size, 2) OUTPUT (udvm_memory_size, 2) OUTPUT (test_record_marking, 5) END-MESSAGE (0, 0, 0, 0, 0, 0, 0) :test_record_marking byte (255, 255, 255, 255, 255) The above assembly code has been compiled and used to generate the following byte stream: 0xffff f801 7108 0002 2200 0222 a092 0523 0000 0000 0000 00ff 00ff 0x03ff ffff ffff ffff f801 7e08 0002 2200 0222 a3d2 0523 0000 0000 0x0000 00ff 04ff ffff ffff ffff ffff ff Note that this byte stream can be divided into five distinct portions (two SigComp messages and three sets of delimiters) as illustrated below: Portion of byte stream: Meaning: 0xffff Delimiter 0xf801 7108 0002 2200 0222 a092 0523 First message 0x0000 0000 0000 00ff 00ff 03ff ffff 0xffff ffff Delimiter 0xf801 7e08 0002 2200 0222 a3d2 0523 Second message 0x0000 0000 0000 00ff 04ff ffff ff 0xffff ffff ffff Delimiter When the complete byte stream is supplied to the decompressor dispatcher, the record marking scheme must use the delimiters to partition the stream into two distinct SigComp messages. Both of these messages successfully output the decompression memory size (as a 2-byte value), followed by 5 consecutive 0xff bytes to test that the record marking scheme is working correctly. A total of 11 UDVM cycles are used in each case. It must also be checked that the dispatcher can handle the same error cases as covered in Section 3.2. Each of the following byte streams should cause a decompression failure to occur for the reason stated: Byte stream: Reason for failure: 0xf8ff ff Message too short 0xf800 ffff Message too short 0xf801 8108 0002 2200 0222 a092 0523 ffff Message too short 0x0000 0000 0000 00ff 00ff 03ff ffff 0xf801 7008 0002 2200 0222 a092 0523 ffff Invalid destination 0x0000 0000 0000 00ff 04ff ffff ff 3.5. Input Past the End of a Message This section gives assembly code to test that the implementation correctly handles input past the end of a SigComp message. The code is designed to test that the following boundary cases have been correctly implemented: 1. An INPUT instruction requests data that lies beyond the end of the message. In this case, the dispatcher should not return any data to the UDVM. Moreover, the message bytes held by the dispatcher should still be available for retrieval by subsequent INPUT instructions. 2. The INPUT-BYTES instruction is used after part of a byte has been input (e.g., by the INPUT-BITS instruction). In this case, the remaining partial byte must be discarded, even if the INPUT-BYTES instruction requests data that lies beyond the end of the message. at (64) :byte_copy_left pad (2) :byte_copy_right pad (2) :input_bit_order pad (2) :result pad (1) :result_lsb pad (6) :right at (128) LOAD (byte_copy_left, result) LOAD (byte_copy_right, right) :start ; Input bits to ensure that the remaining message is not byte aligned INPUT-BITS (9, result, decompression_failure1) ; Input 0x1FF (9 bits) ; Attempt to read 7 bytes INPUT-BYTES (7, result, next_bytes) ; This should fail, throw away ; 7 bits with value Ox7a and ; jump to next_bytes :decompression_failure1 DECOMPRESSION-FAILURE ; This instruction is never ; executed but is used to ; separate success and failure ; to input bytes. :next_bytes ; Read 7 bits - this removes the byte alignment of the message ; If the bits have not been thrown away where they should be, then ; the message will be 1 byte longer than necessary and the output ; will be incorrect. INPUT-BITS (7, result, decompression_failure1) ; Input 0x00 (7 bits) ; Read 2 bytes INPUT-BYTES (2, result, decompression_failure1) ; Throw away 1 bit value 0 ; Input 0x6869 OUTPUT (result, 2) ; Output 0x6869 ; Attempt to read more bits than INPUT-BITS (16, result, bits) ; there are to ensure they ; remain available :decompression_failure2 DECOMPRESSION-FAILURE ; This instruction is never ; executed but is used to ; separate success and failure ; to input bits. :bits ; Read 8 bits INPUT-BITS (8, result, decompression_failure2) ; Input 0x21 or fail OUTPUT (result_lsb, 1) ; Output 0x21 :end_message END-MESSAGE (0, 0, 0, 0, 0, 0, 0) If the compressed message is 0xfffa 0068 6921, then the code terminates successfully with the output 0x6869 21, and a total of 23 UDVM cycles are used. However, if the compressed message is 0xfffa 0068 69, then decompression failure occurs (at the final INPUT-BITS). 4. Torture Tests for State Handler The following sections give code to test the various functions of the SigComp state handler. 4.1. SigComp Feedback Mechanism This section gives assembly code to test the SigComp feedback mechanism. The code is designed to test that the following boundary cases have been correctly implemented: 1. Both the short and the long versions of the SigComp feedback item are used. 2. The chain of returned SigComp parameters is terminated by a non- zero value. at (64) :type pad (1) :type_lsb pad (1) :requested_feedback_location pad (1) :requested_feedback_length pad (1) :requested_feedback_bytes pad (127) :returned_parameters_location pad (2) :length_of_partial_state_id_a pad (1) :partial_state_identifier_a pad (6) :length_of_partial_state_id_b pad (1) :partial_state_identifier_b pad (12) :length_of_partial_state_id_c pad (1) :partial_state_identifier_c pad (20) :terminate_returned_parameters pad (1) align (128) set (q_bit, 1) set (s_bit, 0) set (i_bit, 0) set (flags, (((4 * q_bit) + (2 * s_bit)) + i_bit)) INPUT-BYTES (1, type_lsb, decompression_failure) COMPARE ($type, 1, short_feedback_item, long_feedback_item, decompression_failure) :short_feedback_item set (requested_feedback_data, 127) set (short_feedback_value, ((flags * 256) + requested_feedback_data)) LOAD (requested_feedback_location, short_feedback_value) JUMP (return_sigcomp_parameters) :long_feedback_item set (requested_feedback_field, 255) set (long_feedback_value, ((flags * 256) + requested_feedback_field)) LOAD (requested_feedback_location, long_feedback_value) MEMSET (requested_feedback_bytes, 127, 1, 1) :return_sigcomp_parameters set (cpb, 0) set (dms, 1) set (sms, 0) set (sigcomp_version, 1) set (parameters_msb, (((64 * cpb) + (8 * dms)) + sms)) set (sigcomp_parameters, ((256 * parameters_msb) + sigcomp_version)) LOAD (returned_parameters_location, sigcomp_parameters) LOAD (length_of_partial_state_id_a, 1536) ; length 6 first byte 0 LOAD (length_of_partial_state_id_b, 3072) ; length 12 first byte 0 LOAD (length_of_partial_state_id_c, 5120) ; length 20 first byte 0 LOAD (terminate_returned_parameters, 5376) ; length 21 ; used to terminate the ; returned parameters MEMSET (partial_state_identifier_a, 6, 0, 1) MEMSET (partial_state_identifier_b, 12, 0, 1) MEMSET (partial_state_identifier_c, 20, 0, 1) END-MESSAGE (requested_feedback_location, returned_parameters_location, 0, 0, 0, 0, 0) :decompression_failure DECOMPRESSION-FAILURE When the above code is executed, it supplies a requested feedback item to the state handler. If the compressed message is 0x00, then the short (1-byte) version of the feedback is used. Executing the bytecode in this case costs a total of 52 UDVM cycles. Assuming that the feedback request is successful, the feedback item should be returned in the first SigComp message to be sent in the reverse direction. The SigComp message returning the feedback should begin as follows: +---+---+---+---+---+---+---+---+ | 1 1 1 1 1 1 | X | first header byte +---+---+---+---+---+---+---+---+ | 0 | 127 | returned feedback field +---+---+---+---+---+---+---+---+ So the first 2 bytes of the returning SigComp message should be 0xfn7f where n = c, d, e, or f (the choice of n is determined by the compressor generating the returning SigComp message, which is not under the control of the above code). If the compressed message is 0x01, then the long version of the feedback item is used. Executing the bytecode in this case costs a total of 179 UDVM cycles and the SigComp message returning the feedback should begin as follows: +---+---+---+---+---+---+---+---+ | 1 1 1 1 1 1 | X | first header byte +---+---+---+---+---+---+---+---+ | 1 | 127 | returned feedback length +---+---+---+---+---+---+---+---+ | 1 | ^ +---+---+---+---+---+---+---+---+ | | 2 | | +---+---+---+---+---+---+---+---+ | 3 | returned feedback field +---+---+---+---+---+---+---+---+ So the first 129 bytes of the SigComp message should be 0xfnff 0102 0304 ... 7e7f where n = c, d, e, or f as above. As well as testing the requested and returned feedback items, the above code also announces values for each of the SigComp parameters. The supplied version of the code announces only the minimum possible values for the cycles_per_bit, decompression_memory_size, state_memory_size, and SigComp_version (although this can easily be adjusted to test different values for these parameters). The code should also announce the availability of state items with the following partial state identifiers: 0x0001 0203 0405 0x0001 0203 0405 0607 0809 0a0b 0x0001 0203 0405 0607 0809 0a0b 0c0d 0e0f 1011 1213 Note that different implementations may make use of the announcement information in different ways. It is a valid implementation choice to simply ignore all of the announcement data and use only the minimum resources that are guaranteed to be available to all endpoints. However, the above code is useful for checking that an endpoint interprets the announcement data correctly (in particular ensuring that it does not mistakenly use resources that have not in fact been announced). 4.2. State Memory Management The following section gives assembly code to test the memory management features of the state handler. The code checks that the correct states are retained by the state handler when insufficient memory is available to store all of the requested states. The code is designed to test that the following boundary cases have been correctly implemented: 1. A state item is created that exceeds the total state_memory_size for the compartment. 2. States are created with a non-zero state_retention_priority. 3. A new state item is created that has a lower state_retention_priority than existing state items in the compartment. For the duration of this test, it is assumed that all states will be saved in a single compartment with a state_memory_size of 2048 bytes. at (64) :byte_copy_left pad (2) :byte_copy_right pad (2) :order pad (2) :type pad (1) :type_lsb pad (1) :state_length pad (2) :state_retention_priority pad (2) at(127) :decompression_failure at (128) MULTILOAD (byte_copy_left, 2, state_start, order_data) INPUT-BYTES (1, type_lsb, decompression_failure) COMPARE ($type, 5, general_test, large_state, verify_state) :general_test COMPARE ($type, 3, start, state_present, state_not_present) :start MULTIPLY ($type, 6) ADD ($type, order_data) LOAD (order, $type) ADD ($type, 6) ; Finish with the value (order_data + 6*n) in order where ; n is the input value 0x00, 0x01, or 0x02 ; type = order + 6 ; These values are used to index into the 'order_data' ; that is used to work out state retention priorities and lengths :loop COPY ($order, 2, state_retention_priority) COMPARE ($order, $type, continue, end, decompression_failure) :continue ; Set up a state creation each time through the loop LOAD (state_length, $state_retention_priority) MULTIPLY ($state_length, 256) STATE-CREATE ($state_length, state_start, 0, 6, $state_retention_priority) ADD ($order, 2) JUMP (loop) :state_present ; Access the states that should be present STATE-ACCESS (state_identifier_a, 6, 0, 0, 0, 0) STATE-ACCESS (state_identifier_b, 6, 0, 0, 0, 0) STATE-ACCESS (state_identifier_c, 6, 0, 0, 0, 0) STATE-ACCESS (state_identifier_e, 6, 0, 0, 0, 0) JUMP (end) :state_not_present ; Check that the state that shouldn't be present is not present. STATE-ACCESS (state_identifier_d, 6, 0, 0, 0, 0) JUMP (end) :large_state STATE-CREATE (2048, state_start, 0, 6, 0) JUMP (end) :verify_state STATE-ACCESS (large_state_identifier, 6, 0, 0, 0, 0) JUMP (end) :end END-MESSAGE (0, 0, 0, 0, 0, 0, 0) at (512) :state_start byte (116, 101, 115, 116) :order_data ; This data is used to generate the retention priority ; and state length of each state creation. word (0, 1, 2, 3, 4, 3, 2, 1, 0) :state_identifier_a byte (142, 234, 75, 67, 167, 135) :state_identifier_b byte (249, 1, 14, 239, 86, 123) :state_identifier_c byte (35, 154, 52, 107, 21, 166) :state_identifier_d byte (180, 15, 192, 228, 77, 44) :state_identifier_e byte (212, 162, 33, 71, 230, 10) :large_state_identifier byte (239, 242, 188, 15, 182, 175) The above code must be executed a total of 7 times in order to complete the test. Each time the code is executed, a 1-byte compressed message should be provided as below. The effects of the messages are given below. States are described in the form (name, x, y) where name corresponds to the name of the identifier in the mnemonic code, x is the length of the state, and y is the retention priority of the state. Message: Effect: #cycles: 0x00 create states: 811 (a,0,0), (b,256,1), (c,512,2) 0x01 create states: 2603 (d,768,3), (e,1024,4) - deleting a, b, c 0x02 create states: 811 (c,512,2), - deleting d (b,256,1), (a,0,0) 0x03 access states a,b,c,e 1805 0x04 access state d - not present so decompression failure 0x05 create states: 2057 (large, 2048,0) - deleting a, b, c, e 0x06 access large state 1993 Note that as new states are created, some of the existing states will be pushed out of the compartment due to lack of memory. 4.3. Multiple Compartments This section gives assembly code to test the interaction between multiple SigComp compartments. The code is designed to test that the following boundary cases have been correctly implemented: 1. The same state item is saved in more than one compartment. 2. A state item stored in multiple compartments has the same state identifier but a different state_retention_priority in each case. 3. A state item is deleted from one compartment but still belongs to a different compartment. 4. A state item belonging to multiple compartments is deleted from every compartment to which it belongs. The test requires a total of three compartments to be available, which will be referred to as Compartment 0, Compartment 1, and Compartment 2. Each of the three compartments should have a state_memory_size of 2048 bytes. The assembly code for the test is given below: at (64) :byte_copy_left pad (2) :byte_copy_right pad (2) :type pad (1) :type_lsb pad (1) at (127) :decompression_failure at (128) MULTILOAD (byte_copy_left, 2, state_start, state_end) INPUT-BYTES (1, type_lsb, decompression_failure) COMPARE ($type, 3, create_state, overwrite_state, temp) :temp COMPARE ($type, 5, overwrite_state, access_state, error_conditions) :create_state ; starting byte identified by $type according to input: ; Input 0x00 0x01 0x02 ; $type 512 513 514 ADD ($type, state_start) STATE-CREATE (448, $type, 0, 6, 0) ; create state again, beginning in different place in buffer ; starting byte identified by $type according to input: ; Input 0x00 0x01 0x02 ; $type 515 516 517 ADD ($type, 3) STATE-CREATE (448, $type, 0, 6, 0) ; create a third time beginning in different place again ; starting byte identified by $type according to input: ; Input 0x00 0x01 0x02 ; $type 516 517 515 SUBTRACT ($type, temp_one) REMAINDER ($type, 3) ADD ($type, temp_two) STATE-CREATE (448, $type, 0, 6, 0) :common_state STATE-CREATE (448, temp_three, 0, 6, $type) JUMP (end) :overwrite_state STATE-CREATE (1984, 32, 0, 6, 0) JUMP (end) :access_state STATE-ACCESS (state_identifier_c, 6, 0, 0, 0, 0) STATE-ACCESS (state_identifier_d, 6, 0, 0, 0, 0) STATE-ACCESS (state_identifier_f, 6, 0, 0, 0, 0) STATE-ACCESS (state_identifier_g, 6, 0, 0, 0, 0) :end END-MESSAGE (0, 0, 0, 0, 0, 0, 0) :error_conditions COMPARE ($type, 7, access_a, access_b, access_e) :access_a STATE-ACCESS (state_identifier_a, 6, 0, 0, 0, 0) JUMP (end) :access_b STATE-ACCESS (state_identifier_b, 6, 0, 0, 0, 0) JUMP (end) :access_e STATE-ACCESS (state_identifier_e, 6, 0, 0, 0, 0) JUMP (end) at (512) :state_start byte (0, 1, 2, 3, 4, 5, 6) :state_end set (temp_one, (state_start + 2)) ; = 514 set (temp_two, (state_start + 3)) ; = 515 set (temp_three, (state_end - 1)) ; = 518 :state_identifier_a ; start state at 512 byte (172, 166, 11, 142, 178, 131) :state_identifier_b ; start state at 513 byte (157, 191, 175, 198, 61, 210) :state_identifier_c ; start state at 514 byte (52, 197, 217, 29, 83, 97) :state_identifier_d ; start state at 515 byte (189, 214, 186, 42, 198, 90) :state_identifier_e ; start state at 516 byte (71, 194, 24, 20, 238, 7) :state_identifier_f ; start state at 517 byte (194, 117, 148, 29, 215, 161) :state_identifier_g ; start state at 518 byte (72, 135, 156, 141, 233, 14) The above code must be executed a total of 9 times in order to complete the test. Each time the code is executed, a 1-byte compressed message N should be provided, taking the values 0x00 to 0x08 in ascending order (so the compressed message should be 0x00 the first time the code is run, 0x01 the second, and so on). If the code makes a state creation request, then the state must be saved in Compartment (N modulo 3). When the compressed message is 0x00, 0x01, or 0x02, the code makes four state creation requests in compartments 0, 1, and 2, respectively. This creates a total of seven distinct state items referred to as State a through State g. The states should be distributed among the three compartments as illustrated in Figure 1 (note that some states belong to more than one compartment). When the compressed message is 0x03 or 0x04, the code overwrites all of the states in Compartments 0 and 1, respectively. This means that States a, b, and e will be unavailable because they are no longer present in any of the three compartments. When the compressed message is 0x05, the code checks that the States c, d, f, and g are still available. Decompression should terminate successfully in this case. When the compressed message is 0x06, 0x07, or 0x08, the code attempts to access States a, b, and e, respectively. Decompression failure should occur in this case because the relevant states are no longer available. The cost in UDVM cycles for each compressed message is given below (except for messages 0x06, 0x07, and 0x08 where decompression failure should to occur): Compressed message: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08 Cost in UDVM cycles: 1809 1809 1809 1993 1994 1804 N/A N/A N/A +-----------------------------+ | Compartment 0 | | | | | | State a | | | | +-------------------+---------+ | | | | | | | | | | State d | | | | | | | | | | +---------+---------+---------+ | | | | | | | | | | | | | | | | State e | State g | | State c | | | | | | | | | | | | | | +---------+---------+---------+ | | | | | | | | | | State b | State f | | | | | | | | | Compartment 2 | | +---------+-------------------+ | | | | | | | | | Compartment 1 | +-----------------------------+ Figure 1: States created in the three compartments 4.4. Accessing RFC 3485 State This section gives assembly code to test accessing SIP-SDP static dictionary state [3]. The code first accesses the state and then outputs the result. at (32) :input pad (1) :input2 pad (1) :input3 pad (1) at (128) STATE-ACCESS (sip_dictionary, 20, 0xcfe, 1, input, 0) STATE-ACCESS (sip_dictionary, 6, 0xcff, 1, input2, 0) STATE-ACCESS (sip_dictionary, 12, 0xd00, 1, input3, 0) OUTPUT (input, 3) END-MESSAGE (0, 0, 0, 0, 0, 0, 0) :sip_dictionary byte (0xfb, 0xe5, 0x07, 0xdf, 0xe5, 0xe6) byte (0xaa, 0x5a, 0xf2, 0xab, 0xb9, 0x14) byte (0xce, 0xaa, 0x05, 0xf9, 0x9c, 0xe6) byte (0x1b, 0xa5) The output of the code is 0x5349 50, and the cost is 11 UDVM cycles. 4.5. Bytecode State Creation This section gives assembly code to test storing bytecode using END-MESSAGE and later loading the bytecode using a partial state identifier within the SigComp header. The assembly code is designed to test the following cases: 1. The bytes to be saved are changed after the state create request has been made. 2. The uploaded bytecode is modified before execution. 3. The bytecode is loaded using the partial state identifier and is modified before execution. 4. The bytecode is loaded to an address lower than 128, using the partial state identifier. 5. The bytecode is loaded using the partial state identifier. Part of the loaded memory is reserved area, which is overwritten after loading the bytecode. 6. The loading of the bytecode fails because the partial state identifier is too short. at (30) :save_area1 set (saved_instr1, (save_area1 + (code_start2 - start_saved))) ; = 33 at (80) :save_area2 set (saved_instr2, (save_area2 + (code_start2 - start_saved))) ; = 83 at (128) :code_start COPY (start_saved, saved_len, save_area1) ; copy 'ok2', OUTPUT (save_area2,3) END-MESSAGE ; to position 30 and create as state STATE-CREATE (saved_len, save_area1, saved_instr1, 6, 10) set (modify1, (save_area1 + 5)) ; = 35 LOAD (modify1, 0x1e03) ; modify save_area2 to be save_area1 in the ; created state COPY (start_saved, saved_len, save_area2) STATE-CREATE (saved_len, save_area2, saved_instr2, 20, 10) STATE-CREATE (saved_len, save_area2, saved_instr2, 12, 10) ; copy 'ok2', OUTPUT (save_area2,3) END-MESSAGE ; to position 80 and create as state twice with ; min access len 20 and 12 JUMP (modify) :ok1 byte (0x4f, 0x4b, 0x31) set (after_output_minus1, (after_output - 1)) :modify INPUT-BYTES (1, after_output_minus1, decompression_failure) ; Input overwrites the next instruction OUTPUT (ok1, 3) ; Now is OUTPUT (ok1, 2) so output is 0x4f4b :after_output ; Save from ok1 to the opcode of END-MESSAGE set (modify_len, ((after_output + 1) - ok1)) ; = 13 END-MESSAGE (0, 0, modify_len, ok1, modify, 6, 10) ; Save 'ok1', INPUT-BYTES, OUTPUT as state set (saved_len, (end_saved - start_saved)) ; = 8 :start_saved byte (0x4f, 0x4b, 0x32) :code_start2 ; Translated bytecode for OUTPUT (save_area2, 3) byte (0x22, 0xa0, 0x50, 0x03) ; Translated bytecode for END-MESSAGE (0, 0, 0, 0, 0, 0, 0) ; The zeros do not need to be sent because UDVM is initialised to 0 byte (0x23) :end_saved :decompression_failure The outputs and cycle usages are: Message Output Cycles 1 0x4f4b 66 2 0x4f4b 31 7 3 0x4f4b 32 5 4 0x0000 32 5 5 None Decompression failure First message: mnemonic code annotated above 0xf804 6112 a0be 081e 2008 1e21 060a 0e23 be03 12a0 be08 a050 2008 0xa050 a053 140a 2008 a050 a053 0c0a 1606 004f 4b31 1c01 a0b3 fc22 0xa0a8 0323 0000 0da0 a8a0 ab06 0a4f 4b32 22a0 5003 2302 Second message: access and run last state saved by previous message - 'ok1', INPUT-BYTES, OUTPUT, END-MESSAGE. 0xf905 b88c e72c 9103 Third message: access and run state from save_area2 with 12 bytes of state identifier - 'ok2', INPUT-BYTES, OUTPUT, END-MESSAGE. 0xfb24 63cd ff5c f8c7 6df6 a289 ff Fourth message: access and run state from save_area1. The state is 'ok2', INPUT-BYTES, OUTPUT, END-MESSAGE but the first two bytes should be overwritten when initialising UDVM memory. 0xf95b 4b43 d567 83 Fifth message: attempt to access state from save_area2 with fewer than 20 bytes of state identifier. 0xf9de 8126 1199 1f 5. Security Considerations This document describes torture tests for the SigComp protocol RFC 3320 [2]. Consequently, the security considerations for this document match those of SigComp. In addition, the torture tests include tests for a significant number of "boundary and error cases" for execution of the UDVM bytecode. Boundary and error problems are common vectors for security attacks, so ensuring that a UDVM implementation executes this set of torture tests correctly should contribute to the security of the implementation. 6. Acknowledgements Thanks to Richard Price and Pekka Pessi for test contributions and to Pekka Pessi and Cristian Constantin, who served as committed working group document reviewers. 7. Normative References [1] Surtees, A. and M. West, "Signaling Compression (SigComp) Users' Guide", RFC 4464, May 2006. [2] Price, R., Bormann, C., Christoffersson, J., Hannu, H., Liu, Z., and J. Rosenberg, "Signaling Compression (SigComp)", RFC 3320, January 2003. [3] Garcia-Martin, M., Bormann, C., Ott, J., Price, R., and A.B. Roach, "The Session Initiation Protocol (SIP) and Session Description Protocol (SDP) Static Dictionary for Signaling Compression (SigComp)", RFC 3485, February 2003. [4] Roach, A.B., "A Negative Acknowledgement Mechanism for Signaling Compression", RFC 4077, May 2005. Appendix A. UDVM Bytecode for the Torture Tests The following sections list the raw UDVM bytecode generated for each test. The bytecode is presented in the form of a complete SigComp message, including the appropriate header. It is followed by input messages, the output they produce, and where the decompression succeeds the number of cycles used. In some cases, the test is designed to be run several times with different compressed messages appended to the code. In the cases where multiple whole messages are used for a test, e.g., Appendix A.2.3, these are supplied. In the case where decompression failure occurs, the high-level reason for it is given as a reason code defined in NACK [4]. Note that the different assemblers can output different bytecode for the same piece of assembly code, so a valid assembler can produce results different from those presented below. However, the following bytecode should always generate the same results on any UDVM. A.1. Instructions A.1.1. Bit Manipulation 0xf80a 7116 a07f 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x01c0 00ff 8055 5502 202a 0321 0420 0305 21ff 2286 0401 20c0 ff02 0x2060 0320 0421 6005 2061 2286 0423 Input: None Output: 0x0150 0000 febf 0000 Cycles: 22 A.1.2. Arithmetic 0xf80a a11c 01a0 450b 0722 0116 a077 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x06c0 00ff 9941 0720 0108 20a3 e909 20a0 650a 200b 2286 0406 21c0 0xff07 2162 0821 6109 2061 0a21 6222 8604 23 Input: 0x00 Output: 0x0000 0000 0000 0004 Cycles: 25 Input: 0x01 DECOMPRESSION-FAILURE DIV_BY_ZERO Input: 0x02 DECOMPRESSION-FAILURE DIV_BY_ZERO A.1.3. Sorting 0xf80d c10c 8802 170b 8802 1722 a12e 2d23 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0a00 0a00 1100 0700 1600 0300 0300 0300 1300 0100 1000 0e00 0x0800 0200 0d00 1400 1200 1700 0f00 1500 0c00 0600 096e 6720 6975 0x6920 7469 742c 2079 6f75 2720 5346 6f6e 6761 2075 7272 646f 2074 0x6f6e 2e2e 0070 6570 206e 7472 656e 69 Input: None Output: 0x466f 7264 2c20 796f 7527 7265 2074 7572 6e69 6e67 0x2069 6e74 6f20 6120 7065 6e67 7569 6e2e 2053 746f 0x7020 6974 2e Cycles: 371 A.1.4. SHA-1 0xf808 710d a0c3 03a0 4422 a044 140d a0c6 38a0 4422 a044 140e 86a0 0xfe0e a042 a0ff 0da0 fe8e a044 22a0 4414 0e86 a0ff 0ea0 42a1 070d 0xa0ff a280 a0ff 22a0 ff14 2300 0000 0000 0000 6162 6361 6263 6462 0x6364 6563 6465 6664 6566 6765 6667 6866 6768 6967 6869 6a68 696a 0x6b69 6a6b 6c6a 6b6c 6d6b 6c6d 6e6c 6d6e 6f6d 6e6f 706e 6f70 7161 0x3031 3233 3435 3637 Input: None Output: 0xa999 3e36 4706 816a ba3e 2571 7850 c26c 9cd0 d89d 0x8498 3e44 1c3b d26e baae 4aa1 f951 29e5 e546 70f1 0x12ff 347b 4f27 d69e 1f32 8e6f 4b55 73e3 666e 122f 0x4f46 0452 ebb5 6393 4f46 0452 ebb5 6393 4f46 0452 Cycles: 17176 A.1.5. LOAD and MULTILOAD 0xf803 610e 87a0 840e a082 c080 0ec0 80a0 860e c084 c084 2287 081c 0x01a0 4127 0820 0206 203c 0f60 03a0 a2a0 b187 0f60 042a 87c0 80c0 0x8422 8708 23 Input: 0x00 Output: 0x0084 0084 0086 0086 002a 0080 002a 002a Cycles: 36 Input: 0x01 DECOMPRESSION-FAILURE MULTILOAD_OVERWRITTEN Input: 0x02 DECOMPRESSION-FAILURE MULTILOAD_OVERWRITTEN A.1.6. COPY 0xf803 910e 208e 0e86 860e a042 8712 2087 210e 8680 4100 1286 a055 0xa041 2220 a077 0e86 200e a042 3015 2004 a041 0112 2004 3022 3004 0x1230 042e 2220 0223 Input: None Output: 0x4040 4040 4040 4040 4040 4040 4040 4040 4040 4040 0x4040 4040 4040 4040 4040 4040 4141 4141 4141 4141 0x4141 4141 4141 4141 4141 4141 4141 4141 4141 4141 0x4141 4141 4141 4141 4141 4141 4141 4141 4141 4141 0x4141 4141 4141 4141 4141 4141 4141 4141 4141 4141 0x4141 4141 4141 4141 4141 4141 4141 4141 4141 5541 0x4243 4443 44 Cycles: 365 A.1.7. COPY-LITERAL and COPY-OFFSET 0xf806 110e 2080 4100 0e86 860e a042 870e a044 2113 2087 2222 8608 0x0ea0 44a0 9c13 2002 2222 a09c 020e 86a0 480e a042 a052 0ea0 44a0 0x5215 a048 0aa0 4101 1402 0622 0ea0 4606 1463 0422 2261 0a0e a044 0xa050 1404 0422 22a0 4402 1405 0422 22a0 4402 2260 0a23 Input: None Output: 0x4141 4141 0061 4141 4141 494A 4142 4344 494A 4142 0x004A 004E 4748 4845 4647 4748 4546 Cycles: 216 A.1.8. MEMSET 0xf801 810e 8687 0ea0 42a0 8115 86a0 8100 0115 a081 0f86 0f22 8710 0x23 Input: None Output: 0x8040 4f5e 6d7c 8b9a a9b8 c7d6 e5f4 0312 Cycles: 166 A.1.9. CRC 0xf801 8115 a046 1801 0115 a05e 1487 011c 02a0 4413 1b62 a046 2c0e 0x23 Input: 0x62cb Output: None Cycles: 95 Input: 0xabcd DECOMPRESSION FAILURE USER_REQUESTED (CRC mismatch) A.1.10. INPUT-BITS 0xf801 511d 62a0 4614 22a0 4602 0622 010a 2207 0622 0116 ee23 Input: 0x932e ac71 Output: 0x0000 0002 0002 0013 0000 0003 001a 0038 Cycles: 66 A.1.11. INPUT-HUFFMAN 0xf801 d11e a046 1c02 6200 6262 6200 ff00 22a0 4602 0622 010a 2207 0x0622 0116 e623 Input: 0x932e ac71 66d8 6f Output: 0x0000 0003 0008 04d7 0002 0003 0399 30fe Cycles: 84 A.1.12. INPUT-BYTES 0xf802 710e 86a0 480e a042 a04c 1d62 a046 1d22 a046 0206 2202 0a22 0x071c 62a0 480e 22a0 4862 0622 0116 e523 Input: 0x932e ac71 66d8 6fb1 592b dc9a 9734 d847 a733 874e 0x1bcb cd51 b5dc 9659 9d6a Output: 0x0000 932e 0001 b166 d86f b100 1a2b 0003 9a97 34d8 0x0007 0001 3387 4e00 08dc 9651 b5dc 9600 599d 6a Cycles: 130 A.1.13. Stack Manipulation 0xf814 110e a046 8610 0210 6010 a042 2286 0811 8611 6311 a046 2286 0x0816 2800 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 000e a046 200e a048 a140 0724 0x8818 3400 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0018 6400 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 000e a046 a17f 0ea1 7f1a 0fa1 b003 0x0180 c001 8f19 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0023 Input: None Output: 0x0003 0002 0001 0042 0042 0000 0001 0001 Cycles: 40 A.1.14. Program Flow 0xf803 f10e a044 040e 86a0 9207 20a0 9022 a043 0116 6006 2101 0e86 0xa084 0720 a0a1 22a0 4301 1761 0660 f106 0722 010e 86a0 8407 20a0 0xb622 a043 011a 0462 0860 9fdc f123 Input: None Output: 0x0001 0102 0203 0304 0405 0506 0707 0708 0808 0909 Cycles: 131 A.1.15. State Creation 0xf809 411c 01a0 45ff 0422 0b17 628f 0d06 0620 0aa1 0a00 1400 0422 0x0117 628f 0c06 0620 0a88 0014 0004 2201 1762 8f16 0606 1c01 a047 0x9fd2 21a0 4863 12a0 e363 a048 0422 0117 628f 0a06 0621 a0e3 0604 0x2201 1762 8f0e 0606 2300 000a 8800 1400 2300 0000 0000 0000 437a 0xe80a 0fdc 1e6a 87c1 b62a 7676 b973 318c 0ef5 0000 0000 0000 0000 0x00c0 cc3f ee79 bcfc 8fd1 0865 e803 52ee 2977 17df 57 Input: 0x01 Output: None Cycles: 23 Input: 0x02 Output: None Cycles: 14 Input: 0x03 Output: None Cycles: 24 Input: 0x0405 DECOMPRESSION-FAILURE INVALID_STATE_ID_LENGTH Input: 0x0415 DECOMPRESSION-FAILURE INVALID_STATE_ID_LENGTH Input: 0x0406 Output: None Cycles: 23 Input: 0x09 Output: None Cycles: 34 Input: 0x1e06 Output: None Cycles: 46 Input: 0x1e07 Output: None Cycles: 47 Input: 0x1e14 Output: None Cycles: 60 A.1.16. STATE-ACCESS Set up bytecode: 0xf819 0123 0000 1089 0014 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0022 a20c 0x0423 0000 0000 0000 0074 6573 74 Input: None 0xf819 411c 01a0 45ff 1762 0106 0d1c 1f89 1400 0000 891f 8914 0c04 0xa046 0022 a046 0416 a146 1762 0306 101b 1f87 1400 0000 0016 a136 0x1f89 1306 04a0 4600 16a1 2b1f 8914 0c05 a046 0016 a120 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0023 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 005d f8bc 0x3e20 93b5 abe1 f170 1342 4ce7 fe05 e069 39 Input: 0x00 Output: 0x7465 7374 Cycles: 26 Input: 0x01 Output: 0x7465 7374 Cycles: 15 Input: 0x02 DECOMPRESSION-FAILURE STATE_NOT_FOUND Input: 0x03 DECOMPRESSION-FAILURE STATE_NOT_FOUND (len < min_acc_len) Input: 0x04 DECOMPRESSION-FAILURE STATE_TOO_SHORT A.2. Dispatcher Tests A.2.1. Useful Values 0xf805 f10e 8620 0ea0 4221 1c01 a047 f817 4263 f306 f317 4300 ed06 0x0c17 4400 e73f e717 44a3 c0e1 07e1 1c01 a047 9fda 0623 4007 2301 0x1220 0163 1c01 a049 9fca 0ea0 4443 0622 0308 2208 0622 a3e8 0822 0x4106 2264 0722 a358 1220 6220 2300 00a3 c086 8706 Input: 1 byte of SigComp version Output: None Cycles: 968 0xf93a db1d 3d20 aa Input: 1 byte of SigComp version then 0x0000 Output: None Cycles: cycles_per_bit * 1080 Input: 1 byte of SigComp version then 0x0001 DECOMPRESSION-FAILURE CYCLES_EXHAUSTED Input: 1 byte of SigComp version then 0x0100 DECOMPRESSION-FAILURE SEGFAULT A.2.2. Cycles Checking 0xf801 a10f 8604 2029 0022 12a0 4402 6014 02a0 6423 22a0 4402 0622 0x0116 ef Input: None DECOMPRESSION-FAILURE CYCLES_EXHAUSTED A.2.3. Message-based Transport 0xf8 Input: None DECOMPRESSION-FAILURE MESSAGE_TOO_SHORT 0xf800 Input: None DECOMPRESSION-FAILURE MESSAGE_TOO_SHORT 0xf800 e106 0011 2200 0223 0000 0000 0000 01 Input: None Output: decompression_memory_size Cycles: 5 0xf800 f106 0011 2200 0223 0000 0000 0000 01 Input: None DECOMPRESSION-FAILURE MESSAGE_TOO_SHORT 0xf800 e006 0011 2200 0223 0000 0000 0000 01 Input: None DECOMPRESSION-FAILURE INVALID_CODE_LOCATION 0xf800 ee06 0011 2200 0223 0000 0000 0000 01 Input: None Output: decompression_memory_size Cycles: 5 A.2.4. Stream-based Transport 0xffff f801 7108 0002 2200 0222 a092 0523 0000 0000 0000 00ff 00ff 0x03ff ffff ffff ffff f801 7e08 0002 2200 0222 a3d2 0523 0000 0000 0x0000 00ff 04ff ffff ffff ffff ffff ff The above stream contains two messages: Output: decompression_memory_size Cycles: 11 Output: decompression_memory_size Cycles: 11 0xf8ff ff Input: None DECOMPRESSION-FAILURE MESSAGE_TOO_SHORT 0xf800 ffff Input: None DECOMPRESSION-FAILURE MESSAGE_TOO_SHORT 0xf801 8108 0002 2200 0222 a092 0523 ffff 0000 0000 0000 00ff 00ff 0x03ff ffff Input: None DECOMPRESSION-FAILURE MESSAGE_TOO_SHORT 0xf801 7008 0002 2200 0222 a092 0523 ffff 0000 0000 0000 00ff 04ff 0xffff ff Input: None DECOMPRESSION-FAILURE INVALID_CODE_LOCATION A.2.5. Input Past the End of a Message 0xf803 210e 86a0 460e a042 a04d 1d09 a046 0a1c 07a0 4606 001d 07a0 0x46ff 1c02 a046 fa22 a046 021d 10a0 4606 001d 08a0 46ff 22a0 4701 0x23 Input: 0xfffa 0068 6921 Output: 0x6869 21 Cycles: 23 Input: 0xfffa 0068 69 DECOMPRESSION-FAILURE USER_REQUESTED (not enough bits) A.3. State Handler Tests A.3.1. SigComp Feedback Mechanism 0xf805 031c 01a0 41a0 5517 6001 070e a04f 0ea0 42a4 7f16 0e0e a042 0xa4ff 15a0 44a0 7f01 010e a0c3 a801 0ea0 c5a6 000e a0cc ac00 0ea0 0xd9b4 000e a0ee b500 15a0 c606 0001 15a0 cd0c 0001 15a0 da14 0001 0x23a0 42a0 c3 Input: 0x00 Output: None Cycles: 52 Input: 0x01 Output: None Cycles: 179 A.3.2. State Memory Management 0xf81b a10f 8602 89a2 041c 01a0 47f9 1763 0508 a068 a070 1763 0307 0x34a0 5608 2306 0623 a204 0ea0 4463 0623 0612 6202 a04a 1762 6308 0xa058 9fd2 0ea0 4865 0824 8820 6489 0006 6506 2202 16e3 1fa2 1606 0x0000 0000 1fa2 1c06 0000 0000 1fa2 2206 0000 0000 1fa2 2e06 0000 0x0000 161e 1fa2 2806 0000 0000 1614 208b 8900 0600 160c 1fa2 3406 0x0000 0000 1602 2300 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0074 6573 0x7400 0000 0100 0200 0300 0400 0300 0200 0100 008e ea4b 43a7 87f9 0x010e ef56 7b23 9a34 6b15 a6b4 0fc0 e44d 2cd4 a221 47e6 0aef f2bc 0x0fb6 af Input: 0x00 Output: None Cycles: 811 Input: 0x01 Output: None Cycles: 2603 Input: 0x02 Output: None Cycles: 811 Input: 0x03 Output: None Cycles: 1805 Input: 0x04 DECOMPRESSION-FAILURE STATE_NOT_FOUND Input: 0x05 Output: None Cycles: 2057 Input: 0x06 Output: None Cycles: 1993 A.3.3. Multiple Compartments 0xf81b 110f 8602 89a2 071c 01a0 45f9 1762 030d 3d06 1762 0537 86a0 0x6806 2289 20a1 c062 0006 0006 2203 20a1 c062 0006 0007 22a2 020a 0x2203 0622 a203 20a1 c062 0006 0020 a1c0 a206 0006 6216 2b20 a7c0 0x2000 0600 1622 1fa2 1306 0000 0000 1fa2 1906 0000 0000 1fa2 2506 0x0000 0000 1fa2 2b06 0000 0000 2300 0000 0000 0000 1762 0706 101a 0x1fa2 0706 0000 0000 16ea 1fa2 0d06 0000 0000 16e0 1fa2 1f06 0000 0x0000 169f d600 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0x0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0102 0x0304 0506 aca6 0b8e b283 9dbf afc6 3dd2 34c5 d91d 5361 bdd6 ba2a 0xc65a 47c2 1814 ee07 c275 941d d7a1 4887 9c8d e90e Input: 0x00 Output: None Cycles: 1809 Input: 0x01 Output: None Cycles: 1809 Input: 0x02 Output: None Cycles: 1809 Input: 0x03 Output: None Cycles: 1993 Input: 0x04 Output: None Cycles: 1994 Input: 0x05 Output: None Cycles: 1804 Input: 0x06 DECOMPRESSION-FAILURE STATE_NOT_FOUND Input: 0x07 DECOMPRESSION-FAILURE STATE_NOT_FOUND Input: 0x08 DECOMPRESSION-FAILURE STATE_NOT_FOUND A.3.4. Accessing RFC 3485 State 0xf803 a11f a0a6 14ac fe01 2000 1fa0 a606 acff 0121 001f a0a6 0cad 0x0001 2200 2220 0323 0000 0000 0000 00fb e507 dfe5 e6aa 5af2 abb9 0x14ce aa05 f99c e61b a5 Input: None Output: 0x5349 50 Cycles: 11 A.3.5. Bytecode State Creation 0xf804 6112 a0be 081e 2008 1e21 060a 0e23 be03 12a0 be08 a050 2008 0xa050 a053 140a 2008 a050 a053 0c0a 1606 004f 4b31 1c01 a0b3 fc22 0xa0a8 0323 0000 0da0 a8a0 ab06 0a4f 4b32 22a0 5003 2302 Input: None Output: 0x4f4b Cycles: 66 0xf905 b88c e72c 9103 Input: None Output: 0x4f4b 31 Cycles: 7 0xfb24 63cd ff5c f8c7 6df6 a289 ff Input: None Output: 0x4f4b 32 Cycles: 5 0xf95b 4b43 d567 83 Input: None Output: 0x0000 32 Cycles: 5 0xf9de 8126 1199 1f Input: None DECOMPRESSION-FAILURE STATE_NOT_FOUND Authors' Addresses Abigail Surtees Siemens/Roke Manor Research Roke Manor Research Ltd. Romsey, Hants SO51 0ZN UK Phone: +44 (0)1794 833131 EMail: abigail.surtees@roke.co.uk URI: http://www.roke.co.uk Mark A. West Siemens/Roke Manor Research Roke Manor Research Ltd. Romsey, Hants SO51 0ZN UK Phone: +44 (0)1794 833311 EMail: mark.a.west@roke.co.uk URI: http://www.roke.co.uk Full Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgement Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). User Contributions:
|
Comment about this RFC, ask questions, or add new information about this topic: