Runtime verification using Larva

Larva, which has been in use and continuous development for almost a decade, has been extended in several ways and used in a wide range of scenarios, from industrial deployment to educational ones. In this paper we give an overview of Larva and give an overview of its extensions and uses.peer-reviewe

VOCAL – A Verified OCAml Library

ML Family Workshop 2017▼AbstractLibraries are the basic building blocks of any realistic programming project. It is thus of utmost interest for a programmer to build her software on top of bug-free libraries. We present the ongoing VOCAL project, which aims at building a mechanically verified library of general-purpose data structures and algorithms, written in the OCaml language

Platinum: Reusing Constraint Solutions in Bounded Analysis of Relational Logic

Alloy is a light weight specification language based on relational logic, with an analysis engine that relies on SAT solvers to automate bounded verifica- tion of specifications. In spite of its strengths, the reliance of the Alloy Analyzer on computationally heavy solvers means that it can take a significant amount of time to verify software properties, even within limited bounds. This challenge is exacerbated by the ever-evolving nature of complex software systems. This paper presents PLATINUM, a technique for efficient analysis of evolving Alloy specifications, that recognizes opportunities for constraint reduction and reuse of previously identified constraint solutions. The insight behind PLATINUM is that formula constraints recur often during the analysis of a single specification and across its revisions, and constraint solutions can be reused over sequences of anal- yses performed on evolving specifications. Our empirical results show that PLAT- INUM substantially reduces (by 66.4% on average) the analysis time required on specifications extracted from real-world software systems

Réutilisation de résultats d'analyse de risques en vie privée par raffinements

International audienceThe objective of this paper is to improve the cost effectiveness of privacy impact assessments through (1) a more systematic approach , (2) a better integration with privacy by design and (3) enhanced reusability. We present a three-tier process including a generic privacy risk analysis depending on the specifications of the system and two refinements based on the architecture and the deployment context respectively. We illustrate our approach with the design of a biometric access control system

Choreographies and Cost Semantics for Reliable Communicating Systems

Communicating systems have become ubiquitous in today\u27s society.Unfortunately, the complexity of their interactions makes themparticularly prone to failures such as deadlocked states causedby misbehaving components, or memory exhaustion due to a surge inmessage traffic (malicious or not). These vulnerabilitiesconstitute a real risk to users, with consequences ranging fromminor inconveniences to the possibility of loss of life andcapital. This thesis presents two results that aim to increasethe reliability of communicating systems. First, we implement achoreography language which by construction can only describesystems that are deadlock-free. Second, we develop a costsemantics to prove programs free of out-of-memory errors. Both ofthese results are formalized in the HOL4 theorem prover andintegrated with the CakeML verified stack

A Risk-based Approach to Privacy by Design (Extended Version)

The objective of the work described in this report is to help designers to select suitable architectures based on an incremental privacy risk analysis. We present a three-tier process including a generic privacy risk analysis depending on the specifications of the system and two refinements based on the architecture and the context respectively. We illustrate our approach with the design of a biometric access control system.L’objectif du travail décrit dans ce rapport de recherche est d’aider les concepteurs à sélectionner une architecture à partir d’une analyse des risques d’atteinte à la vie privée. Nous présentons un processus en trois phases incluant une analyse de risques générique dépendant uniquement des spécifications du système et deux étapes de raffinement prenant en compte respectivement l’architecture et le contexte. Nous illustrons la démarche proposée avec la conception d’un système de contrôle d’accès biométrique

RML: Runtime Monitoring Language

Runtime verification is a relatively new software verification technique that aims to prove the correctness of a specific run of a program, rather than statically verify the code. The program is instrumented in order to collect all the relevant information, and the resulting trace of events is inspected by a monitor that verifies its compliance with respect to a specification of the expected properties of the system under scrutiny. Many languages exist that can be used to formally express the expected behavior of a system, with different design choices and degrees of expressivity. This thesis presents RML, a specification language designed for runtime verification, with the goal of being completely modular and independent from the instrumentation and the kind of system being monitored. RML is highly expressive, and allows one to express complex, parametric, non-context-free properties concisely. RML is compiled down to TC, a lower level calculus, which is fully formalized with a deterministic, rewriting-based semantics. In order to evaluate the approach, an open source implementation has been developed, and several examples with Node.js programs have been tested. Benchmarks show the ability of the monitors automatically generated from RML specifications to effectively and efficiently verify complex properties

Choreographies and Cost Semantics for Reliable Communicating Systems

Communicating systems have become ubiquitous in today\u27s society.Unfortunately, the complexity of their interactions makesthem particularly prone to failures such as deadlocked statescaused by misbehaving components, or memory exhaustion due to a surgein message traffic (malicious or not).These vulnerabilities constitute a real risk to users, withconsequences ranging from minor inconveniences to the possibility ofloss of life and capital.This thesis presents results that aim to increase the reliability of communicating systems.First, we implement a choreography language that can, by construction, only describe deadlock-free systems.Second, we develop a cost semantics to prove programs free of out-of-memory errors.Lastly, we improve both results by using novel semantic approaches that strengthen key theorems and facilitate further proof development.All of these results are formalized in the HOL4 theorem prover and integrated with the CakeML verified stack

Fundamental Approaches to Software Engineering

This open access book constitutes the proceedings of the 23rd International Conference on Fundamental Approaches to Software Engineering, FASE 2020, which took place in Dublin, Ireland, in April 2020, and was held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2020. The 23 full papers, 1 tool paper and 6 testing competition papers presented in this volume were carefully reviewed and selected from 81 submissions. The papers cover topics such as requirements engineering, software architectures, specification, software quality, validation, verification of functional and non-functional properties, model-driven development and model transformation, software processes, security and software evolution