Pulse: Plural To EVMDD-SMC

Similar documents
The Model Checker SPIN

Model Checking: An Introduction

Chapter 6, The Operating System Machine Level

Formal Verification by Model Checking

Using Eclipse CDT/PTP for Static Analysis

Java SE 7 Programming

Java SE 7 Programming

An Easier Way for Cross-Platform Data Acquisition Application Development

SHARED HASH TABLES IN PARALLEL MODEL CHECKING

T Reactive Systems: Introduction and Finite State Automata

Java SE 7 Programming

Last Class: OS and Computer Architecture. Last Class: OS and Computer Architecture

CACHÉ: FLEXIBLE, HIGH-PERFORMANCE PERSISTENCE FOR JAVA APPLICATIONS

Thomas Jefferson High School for Science and Technology Program of Studies Foundations of Computer Science. Unit of Study / Textbook Correlation

Thesis Proposal: Improving the Performance of Synchronization in Concurrent Haskell

Estimate Performance and Capacity Requirements for Workflow in SharePoint Server 2010

Software Verification: Infinite-State Model Checking and Static Program

Umple: An Open-Source Tool for Easy-To-Use Modeling, Analysis, and Code Generation

Virtual Machines.

Ontology Model-based Static Analysis on Java Programs

Software and the Concurrency Revolution

ORACLE INSTANCE ARCHITECTURE

Combining Software and Hardware Verification Techniques

Using the Intel Inspector XE

AUTOMATED TEST GENERATION FOR SOFTWARE COMPONENTS

From Workflow Design Patterns to Logical Specifications

Object-Oriented Databases Course Review

Replication on Virtual Machines

A Classification of Model Checking-based Verification Approaches for Software Models

A staged static program analysis to improve the performance of runtime monitoring

Introduction to SPIN. Acknowledgments. Parts of the slides are based on an earlier lecture by Radu Iosif, Verimag. Ralf Huuck. Features PROMELA/SPIN

University of Twente. A simulation of the Java Virtual Machine using graph grammars

Software Engineering Techniques

Bell & LaPadula Model Security Policy Bell & LaPadula Model Types of Access Permission Matrix

logic language, static/dynamic models SAT solvers Verified Software Systems 1 How can we model check of a program or system?

Advanced compiler construction. General course information. Teacher & assistant. Course goals. Evaluation. Grading scheme. Michel Schinz

Java Coding Practices for Improved Application Performance

CompuScholar, Inc. Alignment to Utah's Computer Programming II Standards

State of the World - Statically Verifying API Usage Rule

Model Checking II Temporal Logic Model Checking

Java EE Web Development Course Program

Model Checking based Software Verification

System requirements for ICS Skills ATS

Best Practices for Verification, Validation, and Test in Model- Based Design

How to Choose your Red Hat Enterprise Linux Filesystem

Topics. Introduction. Java History CS 146. Introduction to Programming and Algorithms Module 1. Module Objectives

Rigorous Software Development CSCI-GA

Lecture 1 Introduction to Android

InfiniteGraph: The Distributed Graph Database

Concurrent programming in Java

Software: Systems and. Application Software. Software and Hardware. Types of Software. Software can represent 75% or more of the total cost of an IS.

Storage Backup and Disaster Recovery: Using New Technology to Develop Best Practices

Monitoring, Tracing, Debugging (Under Construction)

All Your Code Belongs To Us Dismantling Android Secrets With CodeInspect. Steven Arzt Secure Software Engineering Group Steven Arzt 1

Software Verification for Space Applications Part 2. Autonomous Systems. G. Brat USRA/RIACS

Resurrecting Ada s Rendez-Vous in Java

Load Balancing MPI Algorithm for High Throughput Applications

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Effective Java Programming. efficient software development

KITES TECHNOLOGY COURSE MODULE (C, C++, DS)

Design Patterns in C++

Software Quality Exercise 1

Lecture 6: Introduction to Monitors and Semaphores

Introduction to Automated Testing

Secure Software Programming and Vulnerability Analysis

Development Environment and Tools for Java. Brian Hughes IBM

Model Checking of Software

EMC Documentum Composer

SimWebLink.NET Remote Control and Monitoring in the Simulink

Component visualization methods for large legacy software in C/C++

Projectory A Framework for teaching Object Oriented Design and Object Oriented Programming

Software Development In the Cloud Cloud management and ALM

Comprehensive Static Analysis Using Polyspace Products. A Solution to Today s Embedded Software Verification Challenges WHITE PAPER

Smart Shopping- An Android Based Shopping Application

Module 8. Industrial Embedded and Communication Systems. Version 2 EE IIT, Kharagpur 1

Main Reference : Hall, James A Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications

Chapter 6: Programming Languages

An Open Source Wide-Area Distributed File System. Jeffrey Eric Altman jaltman *at* secure-endpoints *dot* com

CS Standards Crosswalk: CSTA K-12 Computer Science Standards and Oracle Java Programming (2014)

On the Ubiquity of Logging in Distributed File Systems

Frysk The Systems Monitoring and Debugging Tool. Andrew Cagney

02 B The Java Virtual Machine

Performance Testing Process A Whitepaper

Introduction to Programming System Design. CSCI 455x (4 Units)

CSCI E 98: Managed Environments for the Execution of Programs

Petascale Software Challenges. Piyush Chaudhary High Performance Computing

Transcription:

Pulse: Plural To EVMDD-SMC Automated Verification of Specifications with Typestates and Access Permissions Ijaz Ahmed 1 Néstor Cataño 1 Radu I. Siminiceanu 2 1 Carnegie Mellon University - Portugal, The University of Madeira 2 National Institute of Aerospace, Virginia, USA November 9, 2011

1 Background Model Checking Plural and EVMDD-SMC Access Permissions and TypeStates 2 Abstract Models of Plural Specification States Space and Relations Translation Algorithm Structure of Generated Model 3 Pulse Working MTTS Case Study Results 4 Planned Extensions

Model Checking Plural and EVMDD-SMC Access Permissions and TypeStates Model Checking Automatic technique to verify correctness of a FSM Two Basic Phases Construction of model M of the system Test whether the model M verifies a given property P Popular for counter examples and traces Used to verify both hardware and software system Can be used to verify specification (The focus of our work)

Model Checking Plural and EVMDD-SMC Access Permissions and TypeStates Plural and EVMDD-SMC Plural A lightweight verification tool of Java programs by CMU Verify access permissions and typestates An Eclipse plug-in based on static analysis EVMDD-SMC A symbolic model checking tool by NIA Considered faster than well-known model checkers like SAL Less syntactic sugar and edge value decision diagrams

Model Checking Plural and EVMDD-SMC Access Permissions and TypeStates Access Permissions and TypeStates Access Permission Is a read or write capability of a reference to a an object Keep track of the various references to an object Can be used to reason (do) parallelism TypeStates Compiler checkable abstraction of the states of an object Provides a way to safe operation over an object Can be used to reason implementation

Model Checking Plural and EVMDD-SMC Access Permissions and TypeStates Simultaneous Access Permissions Taxonomy This reference Permission Other references Unique read/write Full read/write Pure Share read/write Share, Pure Pure read-only Full, Share, Pure, Immutable Immutable read-only Pure, Immutable

Abstract Models of Plural Specification States Space and Relations Translation Algorithm Structure of Generated Model Pulse Translates Plural specifications into EVMDD-SMC model Why Verification of an industrial application with Plural Tool 1 Plural has some limitations notably, Reachability Analysis Model checkers are good to do Reachability Analysis Uses the Antlr parser generator Works as an Eclipse plug-in 1 FMICS 2011, Italy

Abstract Models of Plural Specification States Space and Relations Translation Algorithm Structure of Generated Model Pulse Features (1) Do an exhaustive and tractable analysis of specifications (2) Check the deadlocked (sink) states (typestates) (3) Check the unreachable states (4) Check the unreachable methods (5) Check the possible concurrent methods (6) Reason program implementation (7) Check correct useage of the access permission

Abstract Models of Plural Specification States Space and Relations Translation Algorithm Structure of Generated Model Abstract Models of Plural Specification Access Permissions associated to object reference r j i : ap j i AP = {, Unique, Full, Pure, Immutable, Share} Typestate associated to object referencer j i : ts i T S i = { } {ti 1,..., th i i } Program Counter associated to method m i : (pc j i ) PC i = {Exe, notexe} ( { } {Mi 1,... Mm i i } )

Abstract Models of Plural Specification States Space and Relations Translation Algorithm Structure of Generated Model States Space and Relations Set of potential global states S: c S = { }, ti 1,..., t h i i i=1 K (PC i AP) j=0 Transition relation between states: R S S.

Abstract Models of Plural Specification States Space and Relations Translation Algorithm Structure of Generated Model Translation Algorithm @Perm(requires= full(this) in StateA, ensures= full(this) in StateB ) public void m(){... } StartMethod( s:globalstate, t:globaltypestate, r j i :Reference, m:method i, :Triple Triple ) guard s[i][j].ap s[i][j].pc = (notexe, ) t[i 0 ] = ts j 0 i0 compatible (s[i 0 ][j 0 ].ap, ap 0 ) compatible (s[i 1 ][j 1 ].ap, ap 1 ) update s [i][j].pc = (Exe, m) ChangePermission (s[i 0 ][j 0 ], ap 0 ) return guard update (( r j 0 i0, ts k 0 i 0, ap 0 ), ( r j 1 i1, ts k 1 i 1, ap 1 ))

Abstract Models of Plural Specification States Space and Relations Translation Algorithm Structure of Generated Model Translation Algorithm (Co.) EndMethod( s: GlobalState, t: GlobalTypestate, r j i : Reference, m : Method i, (( r j 0 i0, ts k ) ( 0, ap i 0, r j 1 0 i1, ts k )) 1, ap i 1 :Triple Triple ) 1 guard s[i][j].pc = (Exe, m) update t [i 1 ] = ts k 1 s [i i 1 ][j 1 ].ap = ap 1 s [i][j].pc = (notexe, m) 1 m) changepermission (s[i 1 ][j 1 ].ap, ap 1 ) return guard update

Abstract Models of Plural Specification States Space and Relations Translation Algorithm Structure of Generated Model Structure of Generated Model Variables Declaration (Initilisation) Section Transitions Relation Section Aliasing Section Properties Section (Properties of Interest based on CTL)

Abstract Models of Plural Specification States Space and Relations Translation Algorithm Structure of Generated Model Properties of Interest Sink States (Deadlock) deadlock : EX(true) Typesates Transition Matrix(Graph) adjacent i (t 1, t 2 ) : state i = t 1 EX(state i = t 2 ) Concurrency concurrent ( i (m 1, m 2 ) : ) EF pc j 1 i = (m 1, Exe) pc j 2 i = (m 2, Exe) Methods Reachability ( ) method j i : EX pc j i = (m i, Exe)

Pulse Working Background Pulse Working MTTS Case Study Results

Pulse Working MTTS Case Study Results An example @ClassStates({ @State(name = Empty ), @State(name = Filled ) }) public class MttsTaskDataX { @Perm (ensures= Unique(this) in Empty ) MttsTaskDataX() { } @Perm(requires= Full(this) in Empty ) Missing Ensures Clause??? i.e ensures= Full (this) in Filled public void settaskdata() { } } @ClassStates({ @State(name= Created ), @State(name= Ready ), @State(name= Complete), @State(name= Destroyed ) }) public class MttsTask { private MttsTaskDataX data; @Perm (ensures= Unique(this) in Created ) MttsTask() {... } @Perm(requires= Full(this) in Created * Pure(d) in Filled, ensures= Full(this) in Ready ) public void setdata(mttstaskdatax d) {... } @Perm(requires= Full(this) in Ready, ensures= Full(this) in Complete ) public void execute() {... } @Perm(requires= Full(this) in Complete, ensures= Full(this) in Destroyed ) public void delete() {... } }

Method Reachability Test Pulse Working MTTS Case Study Results Number of states satisfying Reachability of MttsTaskDataX MttsTaskDataX: 3 Number of states satisfying Reachability of MttsTaskDataX settaskdata: 3 Number of states satisfying Reachability of MttsTask MttsTask: 5 Number of states satisfying Reachability of MttsTask setdata: 0 Number of states satisfying Reachability of MttsTask execute: 0 Number of states satisfying Reachability of MttsTask delete: 0

State Reachability Test Pulse Working MTTS Case Study Results MttsTaskDataX Filled Empty MttsTask Created Ready Complete Destroyed

State Reachability Test (Co) Pulse Working MTTS Case Study Results MttsTask Created Ready MttsTaskDataX Empty Complete Filled Destroyed

State Reachability Test (Co) Pulse Working MTTS Case Study Results IMutexImpl FS FS_MUTEX_NOT_ACQUIRED FS_NESTED_MUTEX_ACQUIRED FS_MUTEX_ACQUIRED FS_NOT_NESTED_MUTEX_ACQUIRED MUTEX_ACQUIRED MUTEX_NOT_ACQUIRED Figure: State Transition Graph of the class IMutexImpl

Pulse Working MTTS Case Study Results Multi-Task Threaded Server (MTTS) MTTS Task organization and distribution server Used in financial sector and is written by Novabase Organizes through queues and schedules through threads MTTS Implementation Three packages mtts-api, il(intelligent lock) and server mtts-api defines tasks and queues il implements a re-entrant mutex algorithm server package organizes and distributes tasks We wrote 546 lines of Plural specifications

Results Background Pulse Working MTTS Case Study Results Packages Classes Methods State #Properties Runtime (s) Violations Space SS MR STM SS MR STM SS MR STM library 8 39 1 10 8 1 39 6 0.07 0.30 0.04 0 0 1 il 13 61 7 10 9 1 61 96 0.10 0.18 0.09 0 0 9 mtts 19 166 2 10 16 1 166 98 0.11 0.33 0.17 0 44 26 il, library 21 100 1 10 18 1 100 102 0.08 0.25 0.15 0 0 27 il, library, mtts 40 266 2 10 34 1 266 200 0.43 0.89 0.44 0 44 37 il, library, mtts, server 55 368 8 10 52 1 368 280 24.34 152.39 2824.47 0 58 60

Planned Extensions Planned Extensions E1- First Extension Class fields and inheritance E2- Second Extension Typestate invariants E3- Third Extension Nested method calls

Planned Extensions Conclusion New window to evaluate Plural specifications Enhances existing strengths of Plural Approach is scalable Practically useful evaluated through MTTS Find numerous error Typesate and method reachability

Thanks Background Planned Extensions Questions and Suggestions

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information