A Case Study in Using ACL2 for Feature-Oriented Verification



Similar documents
Safe Generation in Feature-Oriented Software Development Sven Apel

Quick-Start Guide

Using Rackspace Webmail

Formale Techniken in der Software-Entwicklung

Using etoken for Securing s Using Outlook and Outlook Express

Engineering Process Software Qualities Software Architectural Design

Prerequisite. Getting Started. Signing and Encryption using Microsoft outlook 2007

Management Solutions. Spamfinder. MailDepot. MailSealer. 100% spam protection for your business. Compliant, permanent archiving

Prerequisite. Getting Started. Signing and Encryption using Microsoft outlook 2010

GlobalSign Solutions. Using a GlobalSign PersonalSign Certificate to Apply Digital Signatures in Microsoft Office Documents

Sterling Integrator. PGP Server Manager 5.1

Nokia for Business. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

User manual VU-Mail Webmail Outlook Web App februari 2010

Invoice Validation Process Provider Communication Guide

CipherMail Gateway Quick Setup Guide

Using Your New Webmail

Texas Medicaid & Healthcare Partnership (TMHP)

GroupWise to Outlook: How Do I?

Electronic Mail

Product Overview. DSL Xpert Advantages. Flexible Configuration Options. User-Friendly PC-Controlled GUI. Testing of ADSL, ADSL2 and ADSL2+

How To Call The State Government From A Cell Phone

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

MessageGuard 3.0 User Guide

User Guide May Using Certificates in Outlook Express

Automated Theorem Proving - summary of lecture 1

Accessing your using a web browser

POP3 Connector for Exchange - Configuration

Using Entrust certificates with Microsoft Office and Windows

Using Your New Webmail

Assurance Cases and Test Design Analysis

Avira AntiVir MailGate 3.2 Release Notes

PaperClip. em4 Cloud Client. Manual Setup Guide

How to use PGP Encryption with iscribe

Domains Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc.

I really like Exclaimer: they do well-written, stable software. Robert Pearman, Microsoft MVP.

WEBMAIL USER MANUAL AN INTRODUCTION TO WLINK WEBMAIL. Table of content:

Connecting to UNSW Exchange & zmail using MS Outlook Introduction

Chapter 37. Secure Networks

Spotting ID Theft Red Flags A Guide for FACTA Compliance. An IDology, Inc. Whitepaper

ESA FAQ. Self Administration Frequently Asked Questions

Architectural Design Structured Design. Xin Feng

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

Review Guide: Exclaimer Mail Utilities Disclaim, Brand, Sign & Protect

TCS-CA. Outlook Express Configuration [VERSION 1.0] U S E R G U I D E

Wharf T&T bmail 2010 bmail End User Guide Version 1.0

COMMUTATIVE RINGS. Definition: A domain is a commutative ring R that satisfies the cancellation law for multiplication:

Feature and Technical

An Introduction to Secure . Presented by: Addam Schroll IT Security & Privacy Analyst

Administration User Guide

Open-Xchange Guard Major Release v Feature Overview V1.4

V o i c e Processing S y s t e m

Call Billing and Call Traffic Management System

Plesk for Windows Copyright Notice

WildFire Cloud File Analysis

Parallels Plesk Control Panel

Encrypting with KMail, Mozilla Thunderbird, and Evolution LOCK AND KEY BY FRAUKE OSTER

OmniTouch 8400 Instant Communications Suite. My Instant Communicator for Microsoft Outlook User guide. Release 6.7

I. Configuring Digital signature certificate in Microsoft Outlook 2003:

Page 1 of 5. How to unblock automatic picture downloads in messages you receive

User Guide. Version 3.0 April 2006

The Lean Theorem Prover

VM8000 In-Mail User Guide

Forging Digital Signatures

USING OUTLOOK WEB ACCESS

IT Security Automation Conference Endpoint Data Protection (EDP) In The Cloud

Turn on or off the Out of Office Assistant

Rigorous Methods for Software Engineering (F21RS1) High Integrity Software Development

Top 40 Marketing Terms You Should Know

Encryption. How do I send my encryption key?

Computer Simulation of Denial of Service attack in Military Information Network using OPNET

HMRC Secure Electronic Transfer (SET)

Patented hosting technology protected by U.S.Patents 7,0909,948; 7,076,633. Patents pending in the U.S.

VU University Amsterdam

What browsers can I use to view my mail?

Microsoft Outlook 2013 Part 1: Introduction to Outlook

HQBN USMC HENDERSON HALL Telephone System Call Pilot Voice Messaging

Client Server Registration Protocol

Filter NEW IN FIRSTCLASS CLIENT WHAT S NEW IN FIRSTCLASS 9.0. New Look. Login screen. List View Sort Order. Filtering Containers.

Parallels Plesk Panel

TEK 1 Applications V TEKVOX, Inc San Antonio, TX 78232

RING CYCLES ADMINISTRATIVE LINE FEATURES. AUTO DIAL Electronic Sets: 1. To program, press AUTO DIAL key 2. Dial number to be stored

INFORMATION TECHNOLOGY CONTROLS

4.4 Customer Relations Management Tools

Using Your PGP Tool to Update Your Address Settings for Encrypted Messaging

RPost Outlook Quick Start Guide

Basic Exchange Setup Guide

Instructions for Microsoft Outlook 2003

Desktop Computing in Skillport Finding Approved Folders and Printing Certificates of Completion

Message Authentication Signature Standards (MASS) BOF. Jim Fenton Nathaniel Borenstein

Exim4U. Server Solution For Unix And Linux Systems

NICCA User Guide for digitally signing Using Digital Signature Certificate (DSC) in Outlook Express

Transcription:

A Case Study in Using ACL2 for Feature-Oriented Verification Kathi Fisler and Brian Roberts WPI Computer Science Configurations of Features verify signature mailhost addressbook filter remail decrypt signing [Hall, 2000] auto-respond forward Feature-Oriented Design Feature-Rich Systems F e a t u r e s Modules encapsulate features, not objects auto-reply ion Command loop set-msg msg, set-key, User Pref Database response key Components Incoming check/send reply check ed Outgoing message Telecommunications industry NASA s s next-generation software base Symbian Aspects Still greatly lacking in verification tools 1

Verification Challenges Exponential number of possible products! verify individual features once verify compositions cheaply Feature interactions does voice mail always engage after 4 rings? Features can share data The Case Study Model an email system with four features Host/postmaster (report unknown users) Auto-response (aka( vacation) Encryption Decryption Determine lemmas to modularly prove properties of individual features confirm properties and detect interactions A Basic Email System Modeling Features simulate-network (hostenv, userenv, actions) do-actions ( ) do-mail auto-reply ion Command loop set-msg msg, set-key, User Pref Database response key Incoming check/send reply check ed Outgoing message One function for each extension to the system add new actions add user info add processing on incoming messages add processing on outgoing messages 2

A Basic Email System simulate-network (hostenv, userenv, actions) do-actions ( ) do-mail do-init do-command do-send do-deliver email-auto-init email-auto-incoming host-incoming Customizing Products (defconst *features-present* '(auto )) (defund do-init (user) (let-seq user (email- -init user) user) decrypt (email-decrypt decrypt-init user) user) auto (email-auto auto-init user) user) user)) Verifying Features If user has auto-response d and sender not in prev-recip recip list, send message Needs init and -incoming functions Verify against product containing base system and auto-response feature theorem refers to simulate-network not really modular Lightweight Product Verification Add host to product with auto-response: prove auto-response property still holds build (new) product including host feature prove simulate-network theorem again Lightweight means proof shouldn t require unanticipated lemmas Ideally warn of likely feature interactions 3

Detecting Feature Interactions Sample interaction: Auto-reply message sent to postmaster Often violates no properties of features Incompleteness makes more difficult Capture interaction as theorem, determine lemmas needed to confirm Hope: failure to prove under lemmas indicates likely interaction Supporting Modular Verification Lemmas about individual features crucial make product verification lightweight help detect feature interactions Four kinds of lemmas helpful type/format of inputs and outputs environment info that might/won t t change conditions characterizing changes lifting lemmas through call-graph hierarchy Ideally automate lemma creation Why Modularity? Reviewer: modularity irrelevant for ACL2 We disagree modularity key part of design process features provide new form of modularity Research goal goes beyond ACL2 Reflections on ACL2 Procedural-style natural match for features features capture functional/behavioral information First-order limitation inhibits plug-and and-play Implementations use higher-order functions/classes Macros crucial generate products and standard lemmas Books too restrictive for some feature lemmas Hands-off and disable hints simulate modular environment 4

Questions for Experts Better way to achieve plug-and and-play? Way to use books for all feature lemmas? Results on lemma generation that we should know about? 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information