13,330 research outputs found
Verifying data- and control-oriented properties combining static and runtime verification : theory and tools
Static verification techniques are used to analyse and prove properties about programs before they are executed. Many of these techniques work directly on the source code
and are used to verify data-oriented properties over all possible executions. The analysis is
necessarily an over-approximation as the real executions of the program are not available
at analysis time. In contrast, runtime verification techniques have been extensively used for
control-oriented properties, analysing the current execution path of the program in a fully
automatic manner. In this article, we present a novel approach in which data-oriented and
control-oriented properties may be stated in a single formalism amenable to both static and
dynamic verification techniques. The specification language we present to achieve this that
of ppDATEs, which enhances the control-oriented property language of DATEs, with data-
oriented pre/postconditions. For runtime verification of ppDATE specifications, the language
is translated into a DATE. We give a formal semantics to ppDATEs, which we use to prove
the correctness of our translation from ppDATEs to DATEs. We show how ppDATE specifi-
cations can be analysed using a combination of the deductive theorem prover KeY and the
runtime verification tool LARVA. Verification is performed in two steps: KeY first partially
proves the data-oriented part of the specification, simplifying the specification which is then
passed on to LARVA to check at runtime for the remaining parts of the specification including
the control-oriented aspects. We show the applicability of our approach on two case studies.peer-reviewe
COST Action IC 1402 ArVI: Runtime Verification Beyond Monitoring -- Activity Report of Working Group 1
This report presents the activities of the first working group of the COST
Action ArVI, Runtime Verification beyond Monitoring. The report aims to provide
an overview of some of the major core aspects involved in Runtime Verification.
Runtime Verification is the field of research dedicated to the analysis of
system executions. It is often seen as a discipline that studies how a system
run satisfies or violates correctness properties. The report exposes a taxonomy
of Runtime Verification (RV) presenting the terminology involved with the main
concepts of the field. The report also develops the concept of instrumentation,
the various ways to instrument systems, and the fundamental role of
instrumentation in designing an RV framework. We also discuss how RV interplays
with other verification techniques such as model-checking, deductive
verification, model learning, testing, and runtime assertion checking. Finally,
we propose challenges in monitoring quantitative and statistical data beyond
detecting property violation
A Story of Parametric Trace Slicing, Garbage and Static Analysis
This paper presents a proposal (story) of how statically detecting
unreachable objects (in Java) could be used to improve a particular runtime
verification approach (for Java), namely parametric trace slicing. Monitoring
algorithms for parametric trace slicing depend on garbage collection to (i)
cleanup data-structures storing monitored objects, ensuring they do not become
unmanageably large, and (ii) anticipate the violation of (non-safety)
properties that cannot be satisfied as a monitored object can no longer appear
later in the trace. The proposal is that both usages can be improved by making
the unreachability of monitored objects explicit in the parametric property and
statically introducing additional instrumentation points generating related
events. The ideas presented in this paper are still exploratory and the
intention is to integrate the described techniques into the MarQ monitoring
tool for quantified event automata.Comment: In Proceedings PrePost 2017, arXiv:1708.0688
Towards the Formal Specification and Verification of Maple Programs
In this paper, we present our ongoing work and initial results on the formal
specification and verification of MiniMaple (a substantial subset of Maple with
slight extensions) programs. The main goal of our work is to find behavioral
errors in such programs w.r.t. their specifications by static analysis. This
task is more complex for widely used computer algebra languages like Maple as
these are fundamentally different from classical languages: they support
non-standard types of objects such as symbols, unevaluated expressions and
polynomials and require abstract computer algebraic concepts and objects such
as rings and orderings etc. As a starting point we have defined and formalized
a syntax, semantics, type system and specification language for MiniMaple
A Historical Perspective on Runtime Assertion Checking in Software Development
This report presents initial results in the area of software testing and analysis produced as part of the Software Engineering Impact Project. The report describes the historical development of runtime assertion checking, including a description of the origins of and significant features associated with assertion checking mechanisms, and initial findings about current industrial use. A future report will provide a more comprehensive assessment of development practice, for which we invite readers of this report to contribute information
Towards security monitoring patterns
Runtime monitoring is performed during system execution to detect whether the system’s behaviour deviates from that described by requirements. To support this activity we have developed a monitoring framework that expresses the requirements to be monitored in event calculus – a formal temporal first order language. Following an investigation of how this framework could be used to monitor security requirements, in this paper we propose patterns for expressing three basic types of such requirements, namely confidentiality, integrity and availability. These patterns aim to ease the task of specifying confidentiality, integrity and availability requirements in monitorable forms by non-expert users. The paper illustrates the use of these patterns using examples of an industrial case study
- …