Runtime verification using Valour

In this paper we give an overview of Valour, a runtime verification tool which has been developed in the context of a project to act as a backend verification tool for financial transaction software. A Valour script is written by the user and is then compiled into a verification system. Although, developed as part of a project, the tool has been designed as a stand-alone general-purpose verification engine with a particular emphasis on event consumption. The strong points of Valour when compared to other runtime verification tools is its focus on scalability and robustness.peer-reviewe

Control-flow residual analysis for symbolic automata

This research has received funding from the European Union’s Horizon 2020 research and innovation programme under grant number 666363.Where full static analysis of systems fails to scale up due to system size, dynamic monitoring has been increasingly used to ensure system correctness. The downside is, however, runtime overheads which are induced by the additional monitoring code instrumented. To address this issue, various approaches have been proposed in the literature to use static analysis in order to reduce monitoring overhead. In this paper we generalise existing work which uses control-flow static analysis to optimise properties specified as automata, and prove how similar analysis can be applied to more expressive symbolic automata - enabling reduction of monitoring instrumentation in the system, and also monitoring logic. We also present empirical evidence of the effectiveness of this approach through an analysis of the effect of monitoring overheads in a financial transaction system.peer-reviewe

A foundation for runtime monitoring

Runtime Verification is a lightweight technique that complements other verification methods in an effort to ensure software correctness. The technique poses novel questions to software engineers: it is not easy to identify which specifications are amenable to runtime monitor-ing, nor is it clear which monitors effect the required runtime analysis correctly. This exposition targets a foundational understanding of these questions. Particularly, it considers an expressive specification logic (a syntactic variant of the modal μ-calculus) that is agnostic of the verification method used, together with an elemental framework providing an operational semantics for the runtime analysis performed by monitors. The correspondence between the property satisfactions in the logic on the one hand, and the verdicts reached by the monitors performing the analysis on the other, is a central theme of the study. Such a correspondence underpins the concept of monitorability, used to identify the subsets of the logic that can be adequately monitored for by RV. Another theme of the study is that of understanding what should be expected of a monitor in order for the verification process to be correct. We show how the monitor framework considered can constitute a basis whereby various notions of monitor correctness may be defined and investigated.peer-reviewe

Software Engineering and Formal Methods [electronic resource] : 14th International Conference, SEFM 2016, Held as Part of STAF 2016, Vienna, Austria, July 4-8, 2016, Proceedings /

This book constitutes the proceedings of the 14th International Conference on Software Engineering and Formal Methods, SEFM 2016, held as part of STAF 2016, in Vienna, Austria, in July 2016. The 20 full and 5 short papers presented in this volume were carefully reviewed and selected from 88 submissions. They were organized in topical sections named: concurrency and non-interference; program analysis; model checking; verification; interaction and adaptation; and development methods.Invited Papers -- Abstractions, Semantic Models and Analysis Tools for Concurrent Systems: Progress and Open Problems -- Satisfiability Checking: Theory and Applications -- Concurrency and Non-Interference -- Automatic Derivation of Platform Noninterference Properties -- Linearizability and Causality -- Refinement-based verification of Communicating Unstructured Code -- Guided Dynamic Symbolic Execution Using Subgraph Control-Flow Information (short paper) -- Program Analysis -- Correlating Structured Inputs and Outputs in Functional Specifications -- Combining Predicate Abstraction with Fixpoint Approximations -- Finding Boundary Elements in Ordered Sets with Application to Safety and Requirements Analysis -- Combining Abstract Interpretation with Symbolic Execution for a Static Value Range Analysis of Block Diagrams -- Model Checking -- Program Generation using Simulated Annealing and Model Checking -- LTL Parameter Synthesis of Parametric Timed Automata -- Model checking simulation rules for linearizability -- LTL Model Checking under Fairness in ProB (short paper) -- Verification -- Counterexamples from Proof Failures in SPARK -- Proving Termination of Programs with Bitvector Arithmetic by Symbolic Execution -- SMT-based automatic proof of ASM model refinement -- Coq Implementation of OO Verification Framework VeriJ (short paper) -- Towards a Proof Framework for Information Systems with Weak Consistency (short paper) -- Interaction and Adaptation -- A Cognitive Framework based on Rewriting Logic for the Analysis of Interactive Systems -- Incentive Stackelberg Mean-payoff Games -- Stability-based Adaptation of Asynchronously Communicating Software -- Compliance Checking in the Open Payments Ecosystem (short paper) -- Development Methods -- CoCoSpec: A mode aware contract language -- Modularizing Crosscutting Concerns in Component-Based Systems -- Tightening a Contract Refinement -- BMotionWeb: A Tool for Rapid Creation of Formal Prototypes.This book constitutes the proceedings of the 14th International Conference on Software Engineering and Formal Methods, SEFM 2016, held as part of STAF 2016, in Vienna, Austria, in July 2016. The 20 full and 5 short papers presented in this volume were carefully reviewed and selected from 88 submissions. They were organized in topical sections named: concurrency and non-interference; program analysis; model checking; verification; interaction and adaptation; and development methods