Unified Static and Runtime Verification of Object-Oriented Software

Similar documents
StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java

Specification and Analysis of Contracts Lecture 1 Introduction

A Classification of Model Checking-based Verification Approaches for Software Models

Runtime Verification - Monitor-oriented Programming - Monitor-based Runtime Reflection

The Model Checker SPIN

Datavetenskapligt Program (kandidat) Computer Science Programme (master)

Static Program Transformations for Efficient Software Model Checking

Fundamentals of Software Engineering

Boogie: A Modular Reusable Verifier for Object-Oriented Programs

The C Programming Language course syllabus associate level

Compiling Object Oriented Languages. What is an Object-Oriented Programming Language? Implementation: Dynamic Binding

A Scala DSL for Rete-based Runtime Verification

Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification

Adversary Modelling 1

Dsc+Mock: A Test Case + Mock Class Generator in Support of Coding Against Interfaces

Introducing Formal Methods. Software Engineering and Formal Methods

Scoping (Readings 7.1,7.4,7.6) Parameter passing methods (7.5) Building symbol tables (7.6)

Automated Theorem Proving - summary of lecture 1

Rigorous Software Engineering Hoare Logic and Design by Contracts

INF5140: Specification and Verification of Parallel Systems

Applications of formal verification for secure Cloud environments at CEA LIST

From Object Oriented Conceptual Modeling to Automated Programming in Java

TECH. Requirements. Why are requirements important? The Requirements Process REQUIREMENTS ELICITATION AND ANALYSIS. Requirements vs.

Fully Abstract Operation Contracts

Intrusion Detection via Static Analysis

Software Engineering using Formal Methods

Software Engineering Techniques

Software Development Methodologies

Wildcard and SAN: Understanding Multi-Use SSL Certificates

Compilers. Introduction to Compilers. Lecture 1. Spring term. Mick O Donnell: michael.odonnell@uam.es Alfonso Ortega: alfonso.ortega@uam.

Programming Languages CIS 443

The ProB Animator and Model Checker for B

SMock A Test Platform for the Evaluation of Monitoring Tools

Formal Specification and Verification of Avionics Software

Programming and Software Development CTAG Alignments

Databases Model the Real World. The Entity- Relationship Model. Conceptual Design. Steps in Database Design. ER Model Basics. ER Model Basics (Contd.

UML BASED MODELING OF ECDSA FOR SECURED AND SMART E-GOVERNANCE SYSTEM

Computer Programming I

Monitoring the Execution of Space Craft Flight Software

Semantic Analysis: Types and Type Checking

SOFTWARE TESTING TRAINING COURSES CONTENTS

Embedded/Real-Time Software Development with PathMATE and IBM Rational Systems Developer

Software Engineering Reference Framework

Complexities of Simulating a Hybrid Agent-Landscape Model Using Multi-Formalism

Model Checking: An Introduction

Integration of Application Business Logic and Business Rules with DSL and AOP

UML for the C programming language.

Realizing Enterprise Integration Patterns in WebSphere

An Automated Development Process for Interlocking Software that. Cuts Costs and Provides Improved Methods for Checking Quality.

Integrated Error-Detection Techniques: Find More Bugs in Java Applications

Writing a Project Report: Style Matters

Object-Oriented Design Lecture 4 CSU 370 Fall 2007 (Pucella) Tuesday, Sep 18, 2007

Change Impact Analysis

INF5140: Specification and Verification of Parallel Systems

Probabilistic Assertions

Model Checking of Software

Introduction to Formal Methods. Các Phương Pháp Hình Thức Cho Phát Triển Phần Mềm

Q. Consider a dynamic instruction execution (an execution trace, in other words) that consists of repeats of code in this pattern:

Certification Authorities Software Team (CAST) Position Paper CAST-13

Chapter 7: Functional Programming Languages

ZQL. a cryptographic compiler for processing private data. George Danezis. Joint work with Cédric Fournet, Markulf Kohlweiss, Zhengqin Luo

1 A New Look at Formal Methods for Software Construction

Java Programming. Binnur Kurt Istanbul Technical University Computer Engineering Department. Java Programming. Version 0.0.

Web Development using PHP (WD_PHP) Duration 1.5 months

Moving from CS 61A Scheme to CS 61B Java

State of the World - Statically Verifying API Usage Rule

Graduate Assessment Test (Sample)

CS193j, Stanford Handout #10 OOP 3

Semester Review. CSC 301, Fall 2015

Verification of Imperative Programs in Theorema

The Role of Automation Systems in Management of Change

Formal Software Testing. Terri Grenda, CSTE IV&V Testing Solutions, LLC

Fabio Massacci Ida Siahaan

Software Engineering Tools and Methods

e ag u g an L g ter lvin v E ram Neal G g ro va P Ja

Wildcard and SAN: Understanding multi-use SSL Certificates

How To Program In Scheme (Prolog)

Formal verification of contracts for synchronous software components using NuSMV

The Course.

Today s Agenda. Automata and Logic. Quiz 4 Temporal Logic. Introduction Buchi Automata Linear Time Logic Summary

Replication on Virtual Machines

Transcription:

Unified Static and Runtime Verification of Object-Oriented Software Wolfgang Ahrendt 1, Mauricio Chimento 1, Gerardo Schneider 2, Gordon J. Pace 3 1 Chalmers University of Technology, Gothenburg, Sweden 2 University of Gothenburg, Sweden 3 University of Malta Tallinn, August 2014

Static Verification vs. Runtime Verification Static verification High precision Use abstractions for increased automation but Powerful judgements hard to achieve automatically Often losing aspects of concrete system Runtime verification Full precision (including real deployment) Full automation but Cannot judge future runs Computational overhead of monitoring the running system

Project on Unified Static and Runtime Verification Unified Static and Runtime Verification of Object-Oriented SW Members: Wolfgang Ahrendt, Chalmers University of Technology Mauricio Chimento, Chalmers University of Technology Gerardo Schneider, University of Gothenburg External collaborator: Gordon J. Pace, University of Malta

Project on Unified Static and Runtime Verification Unified Static and Runtime Verification of Object-Oriented SW Members: Wolfgang Ahrendt, Chalmers University of Technology Mauricio Chimento, Chalmers University of Technology Gerardo Schneider, University of Gothenburg External collaborator: Gordon J. Pace, University of Malta

Framework for Unified Static and Runtime Verification Combine static and runtime verification Combine data centric and control centric properties Unified specification for both Use (partial) static verification results for partial evaluation of properties Runtime verification of resulting properties Increase safety and efficiency

Larva: A Runtime Verification Tool for Java Larva Logical Automata for Runtime Verification and Analysis targets Java applications checks control oriented properties (untimed and real-time), specified in DATE (Dynamic Automata with Timers and Events) Lustre duration calculus

DATE Automaton Example start conndrop \c == 5\unreliable! conndrop \c < 5\c ++

DATE Automaton Example start conndrop \c == 5\unreliable! conndrop \c < 5\c ++ foreach transfer : start (transfer)\\ unreliable?\\ receive \\ start bad end (transfer)\\ receive \\

DATE Automaton Example start conndrop \c == 5\unreliable! conndrop \c < 5\c ++ foreach transfer : start (transfer)\\ unreliable?\\ receive \\ start bad In general: end (transfer)\\ receive \\ communicating automata, event-triggered transitions, timers events: method entry/exit, timer events, synchronising events

Larva Functionality Larva input DATE automaton (or alternative format) application code

Larva Functionality Larva input DATE automaton (or alternative format) application code Larva output monitor instrumented application code, with triggers for monotor

KeY KeY is an approach and tool for the Formal specification of foremost functional properties Deductive verification, i.e., using theorem proving of OO software, foremost Java and ABS

KeY Dynamic logic (generalisation of Hoare logic) as program logic Verification = symbolic execution + induction/invariants Sequent calculus Prover is automated + interactive most elaborate KeY instance KeY-Java Java as target language Supports specification language JML

Specification Language for Data and Control ppdate: Extending DATE with pre/post-conditions, associated to the automata s states: q event cond act q τ(q) = {..., {pre} method {post},... } Transition enabled if cond holds

Violating Traces ppdate trace w (Σ Θ) is violating prefix if either

Violating Traces ppdate trace w (Σ Θ) is violating prefix if either (q 0, v 0 ) w = (q, v) and q BadStates

Violating Traces ppdate trace w (Σ Θ) is violating prefix if either (q 0, v 0 ) w = (q, v) and q BadStates w = w 1 + (m id, θ 1) + w 2 + (m id, θ 2) such that: 1. (q 0, v 0 ) w1 = (q, v) 2. τ(q) {pre} m {post} 3. θ 1 = pre 4. θ 2 = post

Violating Traces ppdate trace w (Σ Θ) is violating prefix if either (q 0, v 0 ) w = (q, v) and q BadStates w = w 1 + (m id, θ 1) + w 2 + (m id, θ 2) such that: 1. (q 0, v 0 ) = w1 (q, v) 2. τ(q) {pre} m {post} 3. θ 1 = pre 4. θ 2 = post A violating trace has a violating prefix

High-level description of the framework

Case study: Login Example Scenario: At login, new users are added to set users Assume users is implemented using hashing with open addressing Adding implemented by users.add(u,key)

Case study: Login Example add(o,key) users.contains(o,key) = true q q τ(q) = { {users.size < users.capacity} add {post} } post ( int i; i 0 && i < users.capacity ; users.h[i] = o ; )

Case study: Login Example - Static Analysis Translation of Hoare triple to JML class HashTable {... /*@ public normal_behavior @ requires size < capacity; @ ensures (\exists int i; @ i>= 0 && i < capacity; @ h[i] == o); @ assignable size, h[*];... @*/ public void add (Object o, int key) {} }

Case study: Login Example - Static Analysis public void add (Object o, int key) {... int i = hash(key); if (h[i] == null) { h[i] = o; size++; } else { while... \\ store at next free slot...} }

Case study: Login Example - Static Analysis KeY tries to prove: size < capacity add(o, key) i. h[i] = o KeY will produce branches:..., h[key%capacity] = null... and..., h[key%capacity] = null... first branch closes automatically, the second doesn t

Case study: Login Example - Partial Specification Evaluation First, for τ(q) replace {pre} add {post} by

Case study: Login Example - Partial Specification Evaluation First, for τ(q) replace {pre} add {post} by {pre users.h[key%capacity] = null} add {post} and {pre users.h[key%capacity] = null} add {true}

Case study: Login Example - Partial Specification Evaluation Second, new argument is added to distinguish different calls

Case study: Login Example - Partial Specification Evaluation Second, new argument is added to distinguish different calls public void add (Object o, int key) { addaux(fid.getnewid(),o,key); } public void addaux (Integer id, Object o, int key) { //same code as add had before. } {pre users.h[key%capacity] = null} addaux {post} and {pre users.h[key%capacity] = null} addaux {true}

Case study: Login Example - Model Transformation q addaux id pre s id! q s id? addaux id users.oppost() start ok addaux id users.oppost() bad

Case study: Login Example - Model Transformation q addaux id users.contains(o, key) =true if pre then s id! q s id? addaux id users.oppost() start ok addaux id users.oppost() bad addaux id (users.contains(o, key) = true) (pre users.h[key%capacity] = null) s id! q

Case study: Login Example - Monitor Generation Finally, Larva generates the monitors which will control the partially verified property.

Reference Wolfgang Ahrendt, Gordon J. Pace, Gerardo Schneider A Unified Approach for Static and Runtime Verification: Framework and Applications ISoLA 2012 Springer, LNCS 7609

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information