An LLM Agent for Functional Bug Detection in Network Protocols
Journal:
arXiv
Published Date:
May 31, 2025
Abstract
Functional correctness is critical for ensuring the reliability and security
of network protocol implementations. Functional bugs, instances where
implementations diverge from behaviors specified in RFC documents, can lead to
severe consequences, including faulty routing, authentication bypasses, and
service disruptions. Detecting these bugs requires deep semantic analysis
across specification documents and source code, a task beyond the capabilities
of traditional static analysis tools. This paper introduces RFCScan, an
autonomous agent that leverages large language models (LLMs) to detect
functional bugs by checking conformance between network protocol
implementations and their RFC specifications. Inspired by the human auditing
procedure, RFCScan comprises two key components: an indexing agent and a
detection agent. The former hierarchically summarizes protocol code semantics,
generating semantic indexes that enable the detection agent to narrow down the
scanning scope. The latter employs demand-driven retrieval to iteratively
collect additional relevant data structures and functions, eventually
identifying potential inconsistencies with the RFC specifications effectively.
We evaluate RFCScan across six real-world network protocol implementations.
RFCScan identifies 47 functional bugs with 81.9% precision, of which 20 bugs
have been confirmed or fixed by developers.
