Reasoning about Safety Critical Java

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Reasoning about Safety Critical Java"

Transcription

1 Reasoning about Safety Critical Java Chris Marriott 27 th January 2011

2 Motivation Safety critical systems are becoming part of everyday life Failure can potentially lead to serious consequences Verification and certification for safety-critical systems [1] Formal methods are only practical with tool support [2] [1] John Knight Safety Critical Systems: Challenges and Directions. [2] Corin Gurr Supporting Formal Reasoning for Safety Critical Systems. 2

3 Motivation (2) Java has widespread use Large scale programs require high productivity Java has a large sustained community Java verification exists [3] SCJ Community already exists Industry interested [3] Bart Jacobs, Joseph Kiniry & Martijn Wariner Java Program Verification Challenges. 3

4 Java 4

5 Reasoning Techniques - Java Java PathFinder (JPF) Perfect Developer Java Modeling Language (JML) Extended Static Checking (ESC/Java) Java Applet Correctness Kit (Jack) Java Interactive Verification Env. (Jive) Krakatoa KeY System 5

6 Java PathFinder [4] Translates Java into Promela SPIN model checker Based on assertions Subset of Java Dynamic object creation Inheritance Threads Synchronisation Exceptions Thread Interrupts [4] Klaus Havelund & Thomas Pressburger Model checking Java programs using Java PathFinder. 6

7 Java PathFinder (2) Used with real-world NASA examples Difficult in large-scale systems Error reporting through print statements Is the translation optimal? Is Promela actually needed? 7

8 Perfect Developer [5,6] Produces Java, C++ or Ada code from a specification Can provide an implementation manually Proof obligations created automatically Proofs discharged automatically Over 90% success rate for a correct program [5] Gareth Carter, Rosemary Monahan & Joseph Morris Software Refinement with Perfect Developer. [6] David Crocker Perfect Developer: A tool for Object-Oriented Formal Specification and Refinement. 8

9 Perfect Developer (2) Has been applied to a government IT system [7] Verifier not strong enough Code change / additional assertions No documentation for the PD architecture Specifications for the verifier rather than the program Does not support concurrency [7] David Crocker & Judith Carlton A High Productivity Tool for Formally Verified Software Development. 9

10 JML [8,9,10] Behavioural interface specification language Code annotations Pre / post conditions Loop invariants Tools JML Checker Runtime assertion checking (jmlc & jmlunit) Extended Static Checker (ESC/Java & ESC/Java2) LOOP PVS / Isabelle [8] Gary Leavens, Albert Baker & Clyde Ruby JML: a Java Modeling Language. [9] Gary Leavens et al JML: notations and tools supporting detailed design in Java. [10] Lilian Burdy et al An overview of JML tools and applications. 10

11 Extended Static Checking for Java [11] Compile time checking Inbetween static checking and formal proofs Very successful and popular [12] Focused on development Neither sound nor complete The tool is considered successful if it finds enough errors to repay the cost of running it [11] Cormac Flanagan et al Extended Static Checking for Java. [12] Joseph Kiniry, Patrice Chalin, and Clement Hurlin Integrating static checking and interactive verification: Supporting multiple theories and provers in verification. 11

12 Other Tools Jack [13] Proof obligations for Atelier B, Simplify, and PVS Verification conditions generated per path through code Focused on JavaCARD Similar to LOOP Jive [14] JML annotations (although not necessary) Interactive theorem prover based on Hoare logic Exceptions not handled [13] Lilian Burdy & Antoine Requet JACK: Java Applet Correctness Kit. [14] Jorg Meyer & Arnd Poetzsch-Heffter An Architecture for Interactive Program Provers. 12

13 Other Tools (2) Krakatoa [15] Part of the Why software verification platform Does not prove termination of recursive calls Low level of automation for discharging proof obligations KeY [16] First order dynamic logic Programs allowed in pre/post-conditions All Java constructs allowed in the description of states (loops / recursion) Focused on JavaCARD [15] C Marché et al The Krakatoa tool for certification of Java/JavaCARD programs annotated in JML. [16] Wolfgang Ahrendt et al The key tool. 13

14 RTSJ 14

15 RTSJ [17] Subset of Java Designed for real-time systems Differences Schedulable objects & pre-emptive priority based scheduling Synchronisation & resource sharing Time values & clock Memory management Asynchronous transfer of control [17] Andy Wellings & Marisol Garcia Valls. Real-Time Java. 15

16 Reasoning Techniques - RTSJ KeY [18] JML annotations Translates to dynamic logic Static checking of memory properties Benchmarks (CD x ) [19] Java, RTSJ, SCJ Exceptions Type analysis Memory analysis Blocking analysis Loop bound analysis [18] Christian Engel. Deductive Verification of RTSJ Programs. [19] Tomas Kalibera et al Challenge Benchmarks for Verification of Real-time Programs. 16

17 SCJ 17

18 Safety Critical Java [20] A subset of RTSJ Programming based on missions and event handlers Different memory model No heap Immortal memory Scoped memory Compliance levels Level 0 Cyclic executive program Level 1 Periodic and aperiodic event handlers Level 2 Real-time no-heap threads Current work on reasoning at levels 0 and 1 [20] The Open Group Safety Critical Specification for Java 18

19 Reasoning Techniques - SCJ Static Checking of Annotations Exhaustive Testing SafeJML 19

20 Static Checking of Annotations [21] SCJ annotations Level compliance Behavioural compliance May allocate May self suspend Memory safety Define scope Runs-in scope Tool checks implementation against specification Are annotations completely necessary? [21] Daniel Tang, Ales Plsek & Jan Vitek Static Checking of Safety Critical Java Annotations. 20

21 Exhaustive Testing of SCJ [22] JPF extension (R SJ ) Level 0 and 1 support (no APEHs) Memory assignment errors (no need for annotations) Race conditions Priority ceiling emulation violations Dereferencing of null pointers Invalid library calls Array bound violations Divisions by zero Failed assertions State explosion when considering APEHs Bug-hunting tool for real-time Java [22] Tomas Kalibera et al Exhaustive Testing of Safety Critical Java. 21

22 SafeJML [23] First publically available extension to JML for real-time systems Behavioural and timing properties Focused on WCET analysis Behaviour properties not considered Currently the only specification language for SCJ [23] Thaith Haddad, Faraz Hussain & Gary Leavens The Design of SafeJML, a Specification Language for SCJ with Support for WCET Specification. 22

23 Evaluation Tool Language Functional behaviour Memory properties Timing properties JPF Java Yes Yes No Perfect Developer Java Yes Yes No ESC/Java Java Yes Yes No LOOP Java Yes Yes No JACK Java Yes Yes No Jive Java Yes Yes No Krakatoa Java Yes Yes No KeY RTSJ No Yes No SCJ Annotation Checker SCJ No No No R SJ SCJ Yes Yes No SafeJML SCJ No No Yes 23

24 Conclusion Lots of tools/techniques for Java Less for RTSJ and SCJ Currently no way to verify functional behaviour for SCJ level 1 Model checking can lead to state explosion Theorem proving is difficult to automate 24

25 Open Questions Can we apply existing tools and techniques to SCJ? Can we extend these techniques? Are SCJ annotations necessary and sufficient? 25

Safety Critical Java. University of York. 15 November, 2011

Safety Critical Java. University of York. 15 November, 2011 Safety Critical Java University of York 15 November, 2011 Safety Critical Java Background Introduction to SCJ The Expert Group Key components of the Specification Current status 2-22 Background Success

More information

Extended Static Checking for Java

Extended Static Checking for Java Lukas TU München - Seminar Verification 14. Juli 2011 Outline 1 Motivation 2 ESC/Java example 3 ESC/JAVA architecture VC generator Simplify 4 JML + ESC/Java annotation language JML What ESC/Java checks

More information

Department of Computing Science and Mathematics University of Stirling

Department of Computing Science and Mathematics University of Stirling Department of Computing Science and Mathematics University of Stirling Push-Button Tools for Application Developers, Full Formal Verification for Component Vendors Thomas Wilson, Savi Maharaj, Robert G.

More information

Rigorous Software Development CSCI-GA 3033-009

Rigorous Software Development CSCI-GA 3033-009 Rigorous Software Development CSCI-GA 3033-009 Instructor: Thomas Wies Spring 2013 Lecture 5 Disclaimer. These notes are derived from notes originally developed by Joseph Kiniry, Gary Leavens, Erik Poll,

More information

Fundamentals of Software Engineering

Fundamentals of Software Engineering Fundamentals of Software Engineering Java Modeling Language - Part I Ina Schaefer Institute for Software Systems Engineering TU Braunschweig, Germany Slides by Wolfgang Ahrendt, Richard Bubel, Reiner Hähnle

More information

Unified Static and Runtime Verification of Object-Oriented Software

Unified Static and Runtime Verification of Object-Oriented Software Unified Static and Runtime Verification of Object-Oriented Software Wolfgang Ahrendt 1, Mauricio Chimento 1, Gerardo Schneider 2, Gordon J. Pace 3 1 Chalmers University of Technology, Gothenburg, Sweden

More information

Exhaustive Testing of Safety Critical Java

Exhaustive Testing of Safety Critical Java Exhaustive Testing of Safety Critical Java Tomas Kalibera Pavel Parizek Michal Malohlava Charles University Martin Schoeberl Technical University of Denmark Exhaustive Testing with Java PathFinder (JPF)

More information

StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java

StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java Jesús Mauricio Chimento 1, Wolfgang Ahrendt 1, Gordon J. Pace 2, and Gerardo Schneider 3 1 Chalmers University of Technology, Sweden.

More information

The Safety-Critical Java Memory Model A Formal Account

The Safety-Critical Java Memory Model A Formal Account The Safety-Critical Java Memory Model A Formal Account Ana Cavalcanti Andy Wellings Jim Woodcock University of York IFIP WG 2.3, September 2011 1 / 24 Outline Safety-Critical Java (SCJ) Unifying theories

More information

An overview of JML tools and applications

An overview of JML tools and applications Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) An overview of JML tools and applications Lilian Burdy 1, Yoonsik Cheon 2, David R. Cok 3, Michael D. Ernst 4, Joseph

More information

Antonio Kung, Trialog. HIJA technical coordinator. Scott Hansen, The Open Group. HIJA coordinator

Antonio Kung, Trialog. HIJA technical coordinator. Scott Hansen, The Open Group. HIJA coordinator HIJA Antonio Kung, Trialog HIJA technical coordinator Scott Hansen, The Open Group HIJA coordinator 1 Presentation Outline HIJA project ANRTS platforms Requirements for ANRTS platforms Profiles based on

More information

An overview of JML tools and applications

An overview of JML tools and applications This article appears in Software Tools for Technology Transfer. The original version is available at www.springerlink.com An overview of JML tools and applications Lilian Burdy 1, Yoonsik Cheon 2, David

More information

Frama-C Training Session Introduction to ACSL and its GUI

Frama-C Training Session Introduction to ACSL and its GUI Frama-C Training Session Introduction to ACSL and its GUI Virgile Prevosto CEA List October 21 st, 2010 outline Presentation ACSL Specifications Function contracts First-order logic Loops Assertions Deductive

More information

Safe Object-Oriented Software: The Verified Design-By-Contract Paradigm

Safe Object-Oriented Software: The Verified Design-By-Contract Paradigm Safe Object-Oriented Software: The Verified Design-By-Contract Paradigm David Crocker Escher Technologies Ltd. Aldershot, United Kingdom dcrocker@eschertech.com Abstract. In recent years, large sectors

More information

Rigorous Software Engineering Hoare Logic and Design by Contracts

Rigorous Software Engineering Hoare Logic and Design by Contracts Rigorous Software Engineering Hoare Logic and Design by Contracts Simão Melo de Sousa RELEASE (UBI), LIACC (Porto) Computer Science Department University of Beira Interior, Portugal 2010-2011 S. Melo de

More information

Integrated Development of Distributed Real-Time Applications with Asynchronous Communication

Integrated Development of Distributed Real-Time Applications with Asynchronous Communication Integrated Development of Distributed Real-Time Applications with Asynchronous Communication Marc Schanne International Workshop on Java Technologies for Real-time and Embedded Systems (JTRES) 26-28 September

More information

Advances in Programming Languages

Advances in Programming Languages Advances in Programming Languages Lecture 13: Certifying Correctness Ian Stark School of Informatics The University of Edinburgh Tuesday 4 November 2014 Semester 1 Week 8 http://www.inf.ed.ac.uk/teaching/courses/apl

More information

An overview of JML tools and applications

An overview of JML tools and applications Electronic Notes in Theoretical Computer Science 66 No. 2 (2003) URL: http://www.elsevier.nl/locate/entcs/volume66.html An overview of JML tools and applications www.jmlspecs.org Lilian Burdy a, Yoonsik

More information

Real-Time Java. Martin Schöberl

Real-Time Java. Martin Schöberl Real-Time Java Martin Schöberl Overview What are real-time systems Real-time specification for Java RTSJ issues, subset Real-time profile Open question - GC Real Time Java 2 History of (Real-Time) Java

More information

Safety Critical Java. 27 September Doug Locke Locke Consulting LLC for. The Open Group

Safety Critical Java. 27 September Doug Locke Locke Consulting LLC  for. The Open Group Safety Critical Java 27 September 2007 Doug Locke Locke Consulting LLC www.douglocke.com doug@douglocke.com for The Open Group doug.locke@opengroup.org 1 Safety Critical Java Let s discuss Safety-Critical

More information

Java in sicherheits-kritischen Systemen: Das HIJA-Profil

Java in sicherheits-kritischen Systemen: Das HIJA-Profil Java in sicherheits-kritischen Systemen: Das HIJA-Profil... Korrektheitsnachweis für (echtzeit-) Java Anwendungen Dr. Fridtjof Siebert Director of Development, aicas GmbH Java Forum, Stuttgart, 7. Juli

More information

Fundamentals of Software Engineering

Fundamentals of Software Engineering Fundamentals of Software Engineering Java Modeling Language - Part II Ina Schaefer Institute for Software Systems Engineering TU Braunschweig, Germany Slides by Wolfgang Ahrendt, Richard Bubel, Reiner

More information

Effectively Using JML

Effectively Using JML Effectively Using JML Software Engineering Processes incorporating Formal Specification Joseph Kiniry University College Dublin Software Engineering Processes old-school processes CRC and state-chart based

More information

Program Correctness I

Program Correctness I 22c:111 Programming Language Concepts Fall 2008 Program Correctness I Copyright 2007-08, The McGraw-Hill Company and Cesare Tinelli. These notes were originally developed by Allen Tucker, Robert Noonan

More information

Rigorous. Development. Software. Program Verification. & Springer. An Introduction to. Jorge Sousa Pinto. Jose Bacelar Almeida Maria Joao Frade

Rigorous. Development. Software. Program Verification. & Springer. An Introduction to. Jorge Sousa Pinto. Jose Bacelar Almeida Maria Joao Frade Jose Bacelar Almeida Maria Joao Frade Jorge Sousa Pinto Simao Melo de Sousa Rigorous Software Development An Introduction to Program Verification & Springer Contents 1 Introduction 1 1.1 A Formal Approach

More information

Different ways of annotating and proving a quicksort with Jack. Julien Charles

Different ways of annotating and proving a quicksort with Jack. Julien Charles Different ways of annotating and proving a quicksort with Jack Julien Charles Thursday, february the 16th 2006 1 Introduction Goal : verify a quicksort written in Java annotated with JML with Jack Static

More information

Model Checking based Software Verification

Model Checking based Software Verification Model Checking based Software Verification 18.5-2006 Keijo Heljanko Keijo.Heljanko@tkk.fi Department of Computer Science and Engineering Helsinki University of Technology http://www.tcs.tkk.fi/~kepa/ 1/24

More information

Boogie: A Modular Reusable Verifier for Object-Oriented Programs

Boogie: A Modular Reusable Verifier for Object-Oriented Programs Boogie: A Modular Reusable Verifier for Object-Oriented Programs M. Barnett, B.E. Chang, R. DeLine, B. Jacobs, K.R.M. Leino Lorenzo Baesso ETH Zurich Motivation Abstract Domains Modular Architecture Automatic

More information

Model Checking of Software

Model Checking of Software Model Checking of Software Patrice Godefroid Bell Laboratories, Lucent Technologies SpecNCheck Page 1 August 2001 A Brief History of Model Checking Prehistory: transformational programs and theorem proving

More information

The Model Checker SPIN

The Model Checker SPIN The Model Checker SPIN Author: Gerard J. Holzmann Presented By: Maulik Patel Outline Introduction Structure Foundation Algorithms Memory management Example/Demo SPIN-Introduction Introduction SPIN (Simple(

More information

Java and the Java Virtual Machine

Java and the Java Virtual Machine Java and the Java Virtual Machine Robert Stärk, Joachim Schmid, Egon Börger April 4, 2003 The contents of Jbook. This document is not for distribution. The Home-Page of Jbook is http://www.inf.ethz.ch/~jbook/

More information

Safety-Critical Java in Circus

Safety-Critical Java in Circus Safety-Critical Java in Circus 1/30 Safety-Critical Java in Circus Ana Cavalcanti Frank Zeyda, Andy Wellings, Jim Woodcock, Kun Wei University of York, hijac project FME AGM, March 2013 Safety-Critical

More information

Java in Safety Critical Systems

Java in Safety Critical Systems Java in Safety Critical Systems Andy Walter aicas GmbH Haid-und-Neu-Str. 18 76131 Karlsruhe, Germany Dr. James J. Hunt aicas GmbH Haid-und-Neu-Str. 18 76131 Karlsruhe, Germany April 13, 2010 1 Abstract

More information

Automated Theorem Proving - summary of lecture 1

Automated Theorem Proving - summary of lecture 1 Automated Theorem Proving - summary of lecture 1 1 Introduction Automated Theorem Proving (ATP) deals with the development of computer programs that show that some statement is a logical consequence of

More information

Validating Java for Safety-Critical Applications

Validating Java for Safety-Critical Applications Validating Java for Safety-Critical Applications Jean-Marie Dautelle * Raytheon Company, Marlborough, MA, 01752 With the real-time extensions, Java can now be used for safety critical systems. It is therefore

More information

Towards Certification of Java Applications for Safety Critical Projects

Towards Certification of Java Applications for Safety Critical Projects Towards Certification of Java Applications for Safety Critical Projects A.Andy Walter 1 1:aicas GmbH, Haid- und Neu-Straße 18, 76131 Karlsruhe, Germany Abstract: The increasing complexity of embedded systems

More information

Thomas Jefferson High School for Science and Technology Program of Studies Foundations of Computer Science. Unit of Study / Textbook Correlation

Thomas Jefferson High School for Science and Technology Program of Studies Foundations of Computer Science. Unit of Study / Textbook Correlation Thomas Jefferson High School for Science and Technology Program of Studies Foundations of Computer Science updated 03/08/2012 Unit 1: JKarel 8 weeks http://www.fcps.edu/is/pos/documents/hs/compsci.htm

More information

The Course. http://www.cse.unsw.edu.au/~cs3153/

The Course. http://www.cse.unsw.edu.au/~cs3153/ The Course http://www.cse.unsw.edu.au/~cs3153/ Lecturers Dr Peter Höfner NICTA L5 building Prof Rob van Glabbeek NICTA L5 building Dr Ralf Huuck NICTA ATP building 2 Plan/Schedule (1) Where and When Tuesday,

More information

4 PSP DC : An Adaptation of the PSP to Incorporate Verified Design by Contract

4 PSP DC : An Adaptation of the PSP to Incorporate Verified Design by Contract 4 PSP DC : An Adaptation of the PSP to Incorporate Verified Design by Contract Silvana Moreno, Universidad de la República Álvaro Tasistro, Universidad ORT Uruguay Diego Vallespir, Universidad de la República

More information

VDM vs. Programming Language Extensions or their Integration

VDM vs. Programming Language Extensions or their Integration VDM vs. Programming Language Extensions or their Integration Alexander A. Koptelov and Alexander K. Petrenko Institute for System Programming of Russian Academy of Sciences (ISPRAS), B. Communisticheskaya,

More information

Industrial Use of THE B METHOD

Industrial Use of THE B METHOD Industrial Use of THE B METHOD introducing B n a formal method Ë specification method based on a mathematical formalism to build models n with refinement Ë to structure a model step by step from abstract

More information

Tutorial: Getting Started

Tutorial: Getting Started 9 Tutorial: Getting Started INFRASTRUCTURE A MAKEFILE PLAIN HELLO WORLD APERIODIC HELLO WORLD PERIODIC HELLO WORLD WATCH THOSE REAL-TIME PRIORITIES THEY ARE SERIOUS SUMMARY Getting started with a new platform

More information

Real Time Programming: Concepts

Real Time Programming: Concepts Real Time Programming: Concepts Radek Pelánek Plan at first we will study basic concepts related to real time programming then we will have a look at specific programming languages and study how they realize

More information

Predictable response times in event-driven real-time systems

Predictable response times in event-driven real-time systems Predictable response times in event-driven real-time systems Automotive 2006 - Security and Reliability in Automotive Systems Stuttgart, October 2006. Presented by: Michael González Harbour mgh@unican.es

More information

Real-Time Embedded Systems in Java

Real-Time Embedded Systems in Java Master Thesis Real-Time Embedded Systems in Java Author: Kristian Kolding Foged-Ladefoged Supervisor: Bent Thomsen June 10, 2014 Aalborg University Department of Computer Science Selma Lagerlöfs Vej 300

More information

Spec #: An Overview. Mohamed Aly, BSc(Eng)

Spec #: An Overview. Mohamed Aly, BSc(Eng) Spec #: An Overview Mohamed Aly, BSc(Eng) Outline Motivation Overview Usage Language Examples References Outline Motivation Overview Usage Language Examples References Motivation - History Software development

More information

Secure Software Programming and Vulnerability Analysis

Secure Software Programming and Vulnerability Analysis Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Testing and Source Code Auditing Secure Software Programming 2 Overview

More information

Construct by Contract: Construct by Contract: An Approach for Developing Reliable Software

Construct by Contract: Construct by Contract: An Approach for Developing Reliable Software Construct by Contract: Construct by Contract: An Approach for Developing Reliable Software Juan Jose Mendoza Santana Dissertation 2013 Erasmus Mundus MSc in Dependable Software Systems Department of Computer

More information

Static Analysis. Find the Bug! 15-654: Analysis of Software Artifacts. Jonathan Aldrich. disable interrupts. ERROR: returning with interrupts disabled

Static Analysis. Find the Bug! 15-654: Analysis of Software Artifacts. Jonathan Aldrich. disable interrupts. ERROR: returning with interrupts disabled Static Analysis 15-654: Analysis of Software Artifacts Jonathan Aldrich 1 Find the Bug! Source: Engler et al., Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions, OSDI

More information

Abstract Interpretation-based Static Analysis Tools:

Abstract Interpretation-based Static Analysis Tools: Abstract Interpretation-based Static Analysis Tools: Proving the Absence of Runtime Errors and Safe Upper Bounds on the Worst-Case Execution Time and Safe Upper Bounds on the Stack Usage Christian Ferdinand

More information

Juhan Ernits Inst. of Cybernetics / Dept. of Comp Sci. Tallinn University of Technology Tallinn, Estonia

Juhan Ernits Inst. of Cybernetics / Dept. of Comp Sci. Tallinn University of Technology Tallinn, Estonia Model Based Testing with NModel Juhan Ernits Inst. of Cybernetics / Dept. of Comp Sci. Tallinn University of Technology Tallinn, Estonia Who is this guy? Occupation: a researcher at the Institute of Cybernetics

More information

Introduction of Virtualization Technology to Multi-Process Model Checking

Introduction of Virtualization Technology to Multi-Process Model Checking Introduction of Virtualization Technology to Multi-Process Model Checking Watcharin Leungwattanakit watcharin@is.s.u-tokyo.ac.jp Masami Hagiya hagiya@is.s.u-tokyo.ac.jp Mitsuharu Yamamoto Chiba University

More information

The Eighth International Conference INCOSE_IL 2015. Formal Methods Security Tools in the Service of Cyber Security

The Eighth International Conference INCOSE_IL 2015. Formal Methods Security Tools in the Service of Cyber Security The Eighth International Conference INCOSE_IL 2015 כלים ובדיקות Formal Methods Security Tools in the Service of Cyber Security Dr. Michael J. May Kinneret College on the Sea of Galilee 1 כלים ובדיקות /

More information

Worst Case Execution Time Prediction

Worst Case Execution Time Prediction Worst Case Execution Time Prediction 2 Hard Real-Time Systems Controllers in planes, cars, plants, are expected to finish their tasks within reliable time bounds. 3 Timing Validation Schedulability analysis

More information

CSCI E 98: Managed Environments for the Execution of Programs

CSCI E 98: Managed Environments for the Execution of Programs CSCI E 98: Managed Environments for the Execution of Programs Draft Syllabus Instructor Phil McGachey, PhD Class Time: Mondays beginning Sept. 8, 5:30-7:30 pm Location: 1 Story Street, Room 304. Office

More information

DEFINING CONTRACTS WITH DIFFERENT TOOLS IN SOFTWARE DEVELOPMENT

DEFINING CONTRACTS WITH DIFFERENT TOOLS IN SOFTWARE DEVELOPMENT Annales Univ. Sci. Budapest., Sect. Comp. 36 (2012) 323 339 DEFINING CONTRACTS WITH DIFFERENT TOOLS IN SOFTWARE DEVELOPMENT György Orbán and László Kozma (Budapest, Hungary) Communicated by Zoltán Horváth

More information

Memory Management for Safety-Critical Java

Memory Management for Safety-Critical Java Memory Management for Safety-Critical Java Martin Schoeberl Department of Informatics and Mathematical Modeling Technical University of Denmark masca@imm.dtu.dk ABSTRACT Safety-Critical Java (SCJ) is based

More information

HVM TP : A Time Predictable and Portable Java Virtual Machine for Hard Real-Time Embedded Systems JTRES 2014

HVM TP : A Time Predictable and Portable Java Virtual Machine for Hard Real-Time Embedded Systems JTRES 2014 : A Time Predictable and Portable Java Virtual Machine for Hard Real-Time Embedded Systems JTRES 2014 Kasper Søe Luckow 1 Bent Thomsen 1 Stephan Erbs Korsholm 2 1 Department of Computer Science Aalborg

More information

Vérification de bytecode et ses applications

Vérification de bytecode et ses applications Thèse de Doctorat Préparée pour obtenir le titre de Docteur en Sciences de l Université de Nice Sophia Antipolis Discipline : Informatique Préparée à l Institut National de Recherche en Informatique et

More information

Stack Allocation. Run-Time Data Structures. Static Structures

Stack Allocation. Run-Time Data Structures. Static Structures Run-Time Data Structures Stack Allocation Static Structures For static structures, a fixed address is used throughout execution. This is the oldest and simplest memory organization. In current compilers,

More information

Specification and verification of selected parts of the Java Collections Framework using JML* and KeY

Specification and verification of selected parts of the Java Collections Framework using JML* and KeY Specification and verification of selected parts of the Java Collections Framework using JML* and KeY Jelmer ter Wal Master s Thesis Department of Computer Science University of Twente Graduation Committee:

More information

Exhaustive Testing of Safety Critical Java

Exhaustive Testing of Safety Critical Java Exhaustive Testing of Safety Critical Java Tomas Kalibera, Pavel Parizek, Michal Malohlava Department of Distributed and Dependable Systems Charles University {kalibera,parizek,malohlava}@d3s.mff.cuni.cz

More information

Automated Program Behavior Analysis

Automated Program Behavior Analysis Automated Program Behavior Analysis Stacy Prowell sprowell@cs.utk.edu March 2005 SQRL / SEI Motivation: Semantics Development: Most engineering designs are subjected to extensive analysis; software is

More information

Software Engineering Reference Framework

Software Engineering Reference Framework Software Engineering Reference Framework Michel Chaudron, Jan Friso Groote, Kees van Hee, Kees Hemerik, Lou Somers, Tom Verhoeff. Department of Mathematics and Computer Science Eindhoven University of

More information

Cost Enforcement and Deadline Monitoring in the Real-Time Specification for Java

Cost Enforcement and Deadline Monitoring in the Real-Time Specification for Java Cost Enforcement and Deadline Monitoring in the Real-Time Specification for Java Andy Wellings, University of York, U.K. {andy@cs.york.ac.uk} Greg Bollella, Sun MicroSystems {greg.bollella@sun.com} Peter

More information

Cloud Computing. Up until now

Cloud Computing. Up until now Cloud Computing Lecture 11 Virtualization 2011-2012 Up until now Introduction. Definition of Cloud Computing Grid Computing Content Distribution Networks Map Reduce Cycle-Sharing 1 Process Virtual Machines

More information

A Formally Verified Calculus for Full Java Card

A Formally Verified Calculus for Full Java Card A Formally Verified Calculus for Full Java Card Kurt Stenzel Lehrstuhl für Softwaretechnik und Programmiersprachen Institut für Informatik, Universität Augsburg 86135 Augsburg Germany email: stenzel@informatik.uni-augsburg.de

More information

Towards practical reactive security audit using extended static checkers 1

Towards practical reactive security audit using extended static checkers 1 Towards practical reactive security audit using extended static checkers 1 Julien Vanegue 1 Shuvendu K. Lahiri 2 1 Bloomberg LP, New York 2 Microsoft Research, Redmond May 20, 2013 1 The work was conducted

More information

Transforming Event B Models into Verified C# Implementations

Transforming Event B Models into Verified C# Implementations Transforming Event B Models into Verified C# Implementations Dominique Méry (Université de Lorraine, France) Rosemary Monahan (NUI Maynooth, Ireland ) presented by Geoff Hamilton (DCU, Ireland) First International

More information

HOL-Boogie An Interactive Prover for the Boogie Program-Verifier

HOL-Boogie An Interactive Prover for the Boogie Program-Verifier HOL-Boogie An Interactive Prover for the Boogie Program-Verifier Sascha Böhme 1, K. Rustan M. Leino 2 and Burkhart Wolff 3 1 Technische Universität München, 2 Microsoft Research, 3 Université Paris-Sud

More information

Refinement of Security Protocol Data Types to Java

Refinement of Security Protocol Data Types to Java Refinement of Security Protocol Data Types to Java Holger Grandy, Kurt Stenzel, Wolfgang Reif E-Mail: {grandy, stenzel, reif}@informatik.uni-augsburg.de Abstract. In this paper we illustrate the mapping

More information

Run-Time Monitoring of Goal-Oriented Requirements Specifications

Run-Time Monitoring of Goal-Oriented Requirements Specifications Department of Computer Science University College London University of London Run-Time Monitoring of Goal-Oriented Requirements Specifications Andrew Ross Dingwall-Smith Submitted for the degree of Doctor

More information

Benjamin San Souci & Maude Lemaire

Benjamin San Souci & Maude Lemaire Benjamin San Souci & Maude Lemaire introduction What is Node.js anyway? a complete software platform for scalable server-side and networking applications open-source under the MIT license comes bundled

More information

Programming real-time systems with C/C++ and POSIX

Programming real-time systems with C/C++ and POSIX Programming real-time systems with C/C++ and POSIX Michael González Harbour 1. Introduction The C language [1], developed in 1972 by Dennis Ritchie at the Bell Telephone Laboratories, is the most widely

More information

Software testing. Objectives

Software testing. Objectives Software testing cmsc435-1 Objectives To discuss the distinctions between validation testing and defect testing To describe the principles of system and component testing To describe strategies for generating

More information

Formal Specification and Verification of Avionics Software

Formal Specification and Verification of Avionics Software Formal Specification and Verification of Avionics Software June 7th, 2006 Outline 1 Introduction Software in the avionics domain Certification requirements Object-oriented technologies 2 Specification

More information

Lecture 9 verifying temporal logic

Lecture 9 verifying temporal logic Basics of advanced software systems Lecture 9 verifying temporal logic formulae with SPIN 21/01/2013 1 Outline for today 1. Introduction: motivations for formal methods, use in industry 2. Developing models

More information

Intro DNS, security problems SPARK IRONSIDES Experimental results (previous, new) Lessons in humility Hitting the sweet spot Conclusions, future work

Intro DNS, security problems SPARK IRONSIDES Experimental results (previous, new) Lessons in humility Hitting the sweet spot Conclusions, future work Intro DNS, security problems SPARK IRONSIDES Experimental results (previous, new) Lessons in humility Hitting the sweet spot Conclusions, future work DNS (internet Domain Name System) is the protocol for

More information

Implementing AUTOSAR Scheduling and Resource Management on an Embedded SMT Processor

Implementing AUTOSAR Scheduling and Resource Management on an Embedded SMT Processor Implementing AUTOSAR Scheduling and Resource Management on an Embedded SMT Processor Florian Kluge, Chenglong Yu, Jörg Mische, Sascha Uhrig, Theo Ungerer University of Augsburg 12th International Workshop

More information

Building Confidence in the Quality and Reliability of Critical Software

Building Confidence in the Quality and Reliability of Critical Software Building Confidence in the Quality and Reliability of Critical Software Jay Abraham, MathWorks Jon Friedman, MathWorks Abstract. Software in critical civilian and military aerospace applications, including

More information

The ProB Animator and Model Checker for B

The ProB Animator and Model Checker for B The ProB Animator and Model Checker for B A Tool Description Michael Leuschel and Michael Butler Department of Electronics and Computer Science University of Southampton Highfield, Southampton, SO17 1BJ,

More information

Software safety - DEF-STAN 00-55

Software safety - DEF-STAN 00-55 Software safety - DEF-STAN 00-55 Where safety is dependent on the safety related software (SRS) fully meeting its requirements, demonstrating safety is equivalent to demonstrating correctness with respect

More information

Java and the JVM. Martin Schöberl

Java and the JVM. Martin Schöberl Java and the JVM Martin Schöberl Overview History and Java features Java technology The Java language A first look into the JVM Disassembling of.class files Java and the JVM 2 History of a Young Java 1992

More information

MPI-Checker Static Analysis for MPI

MPI-Checker Static Analysis for MPI MPI-Checker Static Analysis for MPI Alexander Droste, Michael Kuhn, Thomas Ludwig November 15, 2015 Motivation 2 / 39 Why is runtime analysis in HPC challenging? Large amount of resources are used State

More information

Mobile Application Languages XML, Java, J2ME and JavaCard Lesson 04 Java

Mobile Application Languages XML, Java, J2ME and JavaCard Lesson 04 Java Mobile Application Languages XML, Java, J2ME and JavaCard Lesson 04 Java Oxford University Press 2007. All rights reserved. 1 C and C++ C and C++ with in-line-assembly, Visual Basic, and Visual C++ the

More information

Applications of formal verification for secure Cloud environments at CEA LIST

Applications of formal verification for secure Cloud environments at CEA LIST Applications of formal verification for secure Cloud environments at CEA LIST Nikolai Kosmatov joint work with A.Blanchard, F.Bobot, M.Lemerre,... SEC2, Lille, June 30 th, 2015 N. Kosmatov (CEA LIST) Formal

More information

Formal Verification of Software

Formal Verification of Software Formal Verification of Software Sabine Broda Department of Computer Science/FCUP 12 de Novembro de 2014 Sabine Broda (DCC-FCUP) Formal Verification of Software 12 de Novembro de 2014 1 / 26 Formal Verification

More information

Towards Support for Non-null Types and Non-null-bydefault

Towards Support for Non-null Types and Non-null-bydefault Towards Support for Non-null Types and Non-null-bydefault in Java Patrice Chalin Dept. of Computer Science and Software Engineering, Dependable Software Research Group, Concordia University Montréal, Québec,

More information

Applying Model Checking in Java Verification

Applying Model Checking in Java Verification Applying Model Checking in Java Verification Klaus Havelund 1 and Jens Ulrik Skakkebæk 2 1 NASA Ames Research Center, Recom Technologies, Moffett Field, CA, USA havelund@ptolemy.arc.nasa.gov, http://ase.arc.nasa.gov/havelund

More information

Interactive Software Verification

Interactive Software Verification Interactive Software Verification Spring Term 2013 Holger Gast gasth@in.tum.de 25.6.2013 1 H.Gast gasth@in.tum.de Interactive Software Verification, 25.6.2013 Today Manipulating lists on the heap Ghost

More information

Testing by Contract - Combining Unit Testing and Design by Contract

Testing by Contract - Combining Unit Testing and Design by Contract Testing by Contract - Combining Unit Testing and Design by Contract Per Madsen (madsen@cs.auc.dk) Institute of Computer Science, Aalborg University Fredrik Bajers Vej 7, DK-9220 Aalborg, Denmark Abstract

More information

Dual Pivot Quicksort: Verification and Proof using KeY

Dual Pivot Quicksort: Verification and Proof using KeY Dual Pivot Quicksort: Verification and Proof using KeY Jonas Schiffl Karlsruher Institut für Technologie July 27th, 2016 Introduction Introduction Why verify Dual Pivot Quicksort? Introduction Why verify

More information

Software Engineering using Formal Methods

Software Engineering using Formal Methods Software Engineering using Formal Methods Model Checking with Temporal Logic Wolfgang Ahrendt 24th September 2013 SEFM: Model Checking with Temporal Logic /GU 130924 1 / 33 Model Checking with Spin model

More information

Issues and Guidelines of Software Design for Safety Critical Applications

Issues and Guidelines of Software Design for Safety Critical Applications Issues and Guidelines of Software Design for Safety Critical Applications Jeffrey M. Fornoff US Army RDECOM-ARDEC Picatinny Arsenal, NJ 07806-5000 (973) 724-3014 1 Outline A Brief Overview - What is Software?

More information

What Is an RTOS and Why U se Use One? May, May 2013

What Is an RTOS and Why U se Use One? May, May 2013 What Is an RTOS and Why Use One? May, 2013 What is an Embedded System? Dedicated to a specific purpose Components: Microprocessor Application program Real-Time Operating System (RTOS) RTOS and application

More information

Introducing Formal Methods. Software Engineering and Formal Methods

Introducing Formal Methods. Software Engineering and Formal Methods Introducing Formal Methods Formal Methods for Software Specification and Analysis: An Overview 1 Software Engineering and Formal Methods Every Software engineering methodology is based on a recommended

More information

Using JML to protect Java code against SQL injection. Johan Janssen 0213888 jjanssen@sci.ru.nl June 26, 2007

Using JML to protect Java code against SQL injection. Johan Janssen 0213888 jjanssen@sci.ru.nl June 26, 2007 Using JML to protect Java code against SQL injection Johan Janssen 0213888 jjanssen@sci.ru.nl June 26, 2007 1 Abstract There are a lot of potential solutions against SQL injection. The problem is that

More information

https://runtimeverification.com Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois

https://runtimeverification.com Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois https://runtimeverification.com Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois Runtime Verification, Inc. (RV): startup company aimed at bringing the best

More information

(From Glenford Myers: The Art of Software Testing)

(From Glenford Myers: The Art of Software Testing) A Testing Exercise: (From Glenford Myers: The Art of Software Testing) A program reads three integer values from a card. The three values are interpreted as representing the lengths of the sides of a triangle.

More information

JOURNAL OF OBJECT TECHNOLOGY

JOURNAL OF OBJECT TECHNOLOGY JOURNAL OF OBJECT TECHNOLOGY Online at www.jot.fm. Published by ETH Zurich, Chair of Software Engineering JOT, 2002 Vol. 1, No. 3 Special issue: TOOLS USA 2002 proceedings Evaluation of Assertion Support

More information