11,048 research outputs found
Practical Run-time Checking via Unobtrusive Property Caching
The use of annotations, referred to as assertions or contracts, to describe
program properties for which run-time tests are to be generated, has become
frequent in dynamic programing languages. However, the frameworks proposed to
support such run-time testing generally incur high time and/or space overheads
over standard program execution. We present an approach for reducing this
overhead that is based on the use of memoization to cache intermediate results
of check evaluation, avoiding repeated checking of previously verified
properties. Compared to approaches that reduce checking frequency, our proposal
has the advantage of being exhaustive (i.e., all tests are checked at all
points) while still being much more efficient than standard run-time checking.
Compared to the limited previous work on memoization, it performs the task
without requiring modifications to data structure representation or checking
code. While the approach is general and system-independent, we present it for
concreteness in the context of the Ciao run-time checking framework, which
allows us to provide an operational semantics with checks and caching. We also
report on a prototype implementation and provide some experimental results that
support that using a relatively small cache leads to significant decreases in
run-time checking overhead.Comment: 30 pages, 1 table, 170 figures; added appendix with plots; To appear
in Theory and Practice of Logic Programming (TPLP), Proceedings of ICLP 201
Modular Verification of Interrupt-Driven Software
Interrupts have been widely used in safety-critical computer systems to
handle outside stimuli and interact with the hardware, but reasoning about
interrupt-driven software remains a difficult task. Although a number of static
verification techniques have been proposed for interrupt-driven software, they
often rely on constructing a monolithic verification model. Furthermore, they
do not precisely capture the complete execution semantics of interrupts such as
nested invocations of interrupt handlers. To overcome these limitations, we
propose an abstract interpretation framework for static verification of
interrupt-driven software that first analyzes each interrupt handler in
isolation as if it were a sequential program, and then propagates the result to
other interrupt handlers. This iterative process continues until results from
all interrupt handlers reach a fixed point. Since our method never constructs
the global model, it avoids the up-front blowup in model construction that
hampers existing, non-modular, verification techniques. We have evaluated our
method on 35 interrupt-driven applications with a total of 22,541 lines of
code. Our results show the method is able to quickly and more accurately
analyze the behavior of interrupts.Comment: preprint of the ASE 2017 pape
An Approach to Static Performance Guarantees for Programs with Run-time Checks
Instrumenting programs for performing run-time checking of properties, such
as regular shapes, is a common and useful technique that helps programmers
detect incorrect program behaviors. This is specially true in dynamic languages
such as Prolog. However, such run-time checks inevitably introduce run-time
overhead (in execution time, memory, energy, etc.). Several approaches have
been proposed for reducing such overhead, such as eliminating the checks that
can statically be proved to always succeed, and/or optimizing the way in which
the (remaining) checks are performed. However, there are cases in which it is
not possible to remove all checks statically (e.g., open libraries which must
check their interfaces, complex properties, unknown code, etc.) and in which,
even after optimizations, these remaining checks still may introduce an
unacceptable level of overhead. It is thus important for programmers to be able
to determine the additional cost due to the run-time checks and compare it to
some notion of admissible cost. The common practice used for estimating
run-time checking overhead is profiling, which is not exhaustive by nature.
Instead, we propose a method that uses static analysis to estimate such
overhead, with the advantage that the estimations are functions parameterized
by input data sizes. Unlike profiling, this approach can provide guarantees for
all possible execution traces, and allows assessing how the overhead grows as
the size of the input grows. Our method also extends an existing assertion
verification framework to express "admissible" overheads, and statically and
automatically checks whether the instrumented program conforms with such
specifications. Finally, we present an experimental evaluation of our approach
that suggests that our method is feasible and promising.Comment: 15 pages, 3 tables; submitted to ICLP'18, accepted as technical
communicatio
Formal certification and compliance for run-time service environments
With the increased awareness of security and safety of services in on-demand distributed service provisioning (such
as the recent adoption of Cloud infrastructures), certification and compliance checking of services is becoming a key element for service engineering. Existing certification techniques tend to support mainly design-time checking of service properties and tend not to support the run-time monitoring and progressive certification in the service execution environment. In this paper we discuss an approach which provides both design-time and runtime behavioural compliance checking for a services architecture, through enabling a progressive event-driven model-checking technique. Providing an integrated approach to certification and compliance is a challenge however using analysis and monitoring techniques we present such an approach for on-going compliance checking
OpenJML: Software verification for Java 7 using JML, OpenJDK, and Eclipse
OpenJML is a tool for checking code and specifications of Java programs. We
describe our experience building the tool on the foundation of JML, OpenJDK and
Eclipse, as well as on many advances in specification-based software
verification. The implementation demonstrates the value of integrating
specification tools directly in the software development IDE and in automating
as many tasks as possible. The tool, though still in progress, has now been
used for several college-level courses on software specification and
verification and for small-scale studies on existing Java programs.Comment: In Proceedings F-IDE 2014, arXiv:1404.578
Exploiting Term Hiding to Reduce Run-time Checking Overhead
One of the most attractive features of untyped languages is the flexibility
in term creation and manipulation. However, with such power comes the
responsibility of ensuring the correctness of these operations. A solution is
adding run-time checks to the program via assertions, but this can introduce
overheads that are in many cases impractical. While static analysis can greatly
reduce such overheads, the gains depend strongly on the quality of the
information inferred. Reusable libraries, i.e., library modules that are
pre-compiled independently of the client, pose special challenges in this
context. We propose a technique which takes advantage of module systems which
can hide a selected set of functor symbols to significantly enrich the shape
information that can be inferred for reusable libraries, as well as an improved
run-time checking approach that leverages the proposed mechanisms to achieve
large reductions in overhead, closer to those of static languages, even in the
reusable-library context. While the approach is general and system-independent,
we present it for concreteness in the context of the Ciao assertion language
and combined static/dynamic checking framework. Our method maintains the full
expressiveness of the assertion language in this context. In contrast to other
approaches it does not introduce the need to switch the language to a (static)
type system, which is known to change the semantics in languages like Prolog.
We also study the approach experimentally and evaluate the overhead reduction
achieved in the run-time checks.Comment: 26 pages, 10 figures, 2 tables; an extension of the paper version
accepted to PADL'18 (includes proofs, extra figures and examples omitted due
to space reasons
A Dual-Engine for Early Analysis of Critical Systems
This paper presents a framework for modeling, simulating, and checking
properties of critical systems based on the Alloy language -- a declarative,
first-order, relational logic with a built-in transitive closure operator. The
paper introduces a new dual-analysis engine that is capable of providing both
counterexamples and proofs. Counterexamples are found fully automatically using
an SMT solver, which provides a better support for numerical expressions than
the existing Alloy Analyzer. Proofs, however, cannot always be found
automatically since the Alloy language is undecidable. Our engine offers an
economical approach by first trying to prove properties using a
fully-automatic, SMT-based analysis, and switches to an interactive theorem
prover only if the first attempt fails. This paper also reports on applying our
framework to Microsoft's COM standard and the mark-and-sweep garbage collection
algorithm.Comment: Workshop on Dependable Software for Critical Infrastructures (DSCI),
Berlin 201
Push-Button Tools for Application Developers, Full Formal Verification for Component Vendors
Software developers have varying abilities and develop software with differing reliability requirements. Sometimes reliability is critical and the developers have the mathematical capabilities to perform interactive theorem proving but this is not usually the case. We believe that most software developers need easy to use tools such as run-time assertion checkers and extended static checkers that can help them produce more reliable application-specific code cheaply. However, these lightweight approaches are not sufficient to allow the safe reuse of software components. To safely reuse software components we need comprehensive descriptions and assurances of correctness. These requirements can be provided for by full formal verification with the additional costs justified by the economies of scale. Our Omnibus verification tool provides integrated support for all these different types of verification. This paper illustrates these concepts through a sorting implementation
- …