Tightening the contract refinements of a system architecture

Contract-based design is an emerging paradigm for correct-by-construction hierarchical systems: components are associated with assumptions and guarantees expressed as formal properties; the architecture is analyzed by verifying that each contract of composite components is correctly refined by the contracts of its subcomponents. The approach is very efficient, because the overall correctness proof is decomposed into proofs local to each component. However, the process for the contract specification and refinement is quite expensive because the requirements are formalized into formal properties, where part of the complexity is delegated to the designer, who has the burden of specifying the contracts. Typical problems include understanding which contracts are necessary, and how they can be simplified without breaking the correctness of the refinement and other refinements in case some subcontracts are shared. In this paper, we tackle these problems by proposing a technique to understand and simplify the contract refinements of a system architecture during the development process for the contract specification and refinement. The technique, called tightening, is based on parameter synthesis. The idea is to generate a set of parametric proof obligations, where each parameter evaluation corresponds to a variant of the original(s) contract refinement(s), and to search for tighter variants of the contracts that still ensure the correctness of the refinement(s). We cast this approach in the OCRA framework, where contracts are expressed with LTL formulas, and we evaluate its performance and effectiveness on a number of benchmarks.Fil: Cimatti, Alessandro. Fondazione Bruno Kessler; ItaliaFil: Demasi, Ramiro Adrian. Fondazione Bruno Kessler; Italia. Universidad Nacional de Córdoba. Facultad de Matemática, Astronomía y Física. Sección Ciencias de la Computación; ArgentinaFil: Tonetta, Stefano. Fondazione Bruno Kessler; Itali

Fostering design by contract by exploiting the relationship between code commentary and contracts.

Embora contratos no estilo de programação por contratos (DBC) tragam precisão para expressar o comportamento do código, desenvolvedores são resistentes ao seu uso. Há várias razões para isto, tais como a dificuldade na produção de contratos ou o trabalho de manter os contratos consistentes com o código em evolução. Por outro lado, Javadoc é uma abordagem comumente usada para documentar programas Java. Mesmo assim, comentários Javadoc não servem para a checagem automática de conformidade devido à ambiguidade inerente à linguagem natural. Neste trabalho, procuramos minimizar a distância entre contratos e Javadoc, estimulando a adoção de DBC a partir de duas contribuições principais; primeiro, propomos uma extensão ao sistema de tags do Javadoc (CONTRACTJ DOC) para possibilitar a integração de contratos na notação de comentários; então, propomos uma abordagem para geração de contratos a partir de comentários em linguagem natural (CONTRACT SUGGESTOR). Nós realizamos três avaliações: primeiro, avaliamos a aplicabilidade e a compreensibilidade de CONTRACTJ DOC. Como resultados, detectamos inconsistências entre a documentação Javadoc e o código fonte. A maioria dos contratos que escrevemos foram checagens de valores limítrofes para parâmetros e repetições de expressões de retorno de métodos. Além disso, a legibilidade dos comentários percebida pelos desenvolvedores não diferiu significativamente entre as abordagens, o que é promissor, dado que contratos são usualmente classificados como difíceis de ler. Segundo, avaliamos a qualidade dos contratos gerados por CONTRACT SUGGESTOR verificando a taxa de falsos positivos gerados. Como resultado, são gerados mais contratos corretos para non-null do que para relational, devido a quantidade de instâncias de comentários para cada propriedade. Por fim, realizamos estudos de caso com JMLOK2 e C ONTRACTOK – CONTRACTOK é uma extensão da abordagem de J MLOK2 para o contexto C#/Code Contracts. Primeiro, usamos JMLOK2 para verificar os contratos gerados automaticamente por CONTRACT SUGGESTOR; depois usamos as ferramentas para verificar 24 sistemas de código aberto (12 para cada ferramenta). As ferramentas detectaram 188 não-conformidades, sendo 72 problemas de pós-condição e 61 de invariante; as causas prováveis mais comuns foram Pré-condição fraca (91) e Erro de código (56). Com isso, objetivamos motivar a adoção de DBC como forma de aprimorar o projeto dos programas, e por consequência, sua qualidade geral.Contracts in Design by Contract style bring about preciseness for expressing the code behavior; however, developers are resistant to their use. There are several likely reasons for this, such as the trouble to conceive good, useful contracts, or the burden of maintaining contracts consistent with the evolving code. On the other hand, Javadoc is a common way of documenting Java programs. Nevertheless, Javadoc comments do not serve to an automated conformance checking due to ambiguity issues inherent to the natural languages. In this work, we try to minimize the distance between contracts and Javadoc, fostering DBC adoption by means of two main contributions; first, we propose an extension to the Javadoc tagging system (C ONTRACTJD OC) for allowing the integration of contracts into the comments notation; then, we propose an approach for automatically generating contracts based on natural language code commentary (CONTRACTSUGGESTOR). We perform three evaluations: first, we evaluate the applicability and comprehensibility of C ONTRACTJD OC. As results, we detected inconsistencies between the documentation available by means of Javadoc comments and the source code. The majority of the contracts we could write from the comments remains between common-case and repetitive with the code. Moreover, developers’ impression about the readability of comments did not differ significantly, which is promising, as contracts are usually regarded as hard to read – one reason for its non-adoption. Then, we evaluate the quality of contracts generated by CONTRACTSUGGESTOR by analyzing the false positives rate. As result, the approach generates more correct contracts for non-null than for relational, due to the number of comment instances for each property. Finally, we perform case studies with J MLOK2 and C ONTRACTOK – C ONTRACTOK is an extension of JMLOK2 for C#/Code Contracts context. First, we used J MLOK2 for conformance checking the contracts automatically generated; then, we run the tools over 24 open-source systems (12 with each tool). The tools detected 188 nonconformances. From those, 72 are postcondition and 61 are invariant problems; with respect to likely causes manually established, Weak precondition (91) and Code error (56) are the most commons. With this, we aim to promote DBC adoption as a way for improving the design of the projects, and consequently, their quality in general.Cape

Tightening a Contract Refinement

Contract-based design is an emerging paradigm for correct-by-construction hierarchical systems: components are associated with assumptions and guarantees expressed as formal properties; the architecture is analyzed by verifying that each contract of composite components is correctly refined by the contracts of its subcomponents. The approach is very efficient, because the overall correctness proof is decomposed into proofs local to each component. However, part of the complexity is delegated to the designer, who has the burden of specifying the contracts. Typical problems include understanding which contracts are necessary, and how they can be simplified without breaking the correctness of the refinement. In this paper, we tackle these problems by proposing a new technique to understand and simplify a contract refinement. The technique, called tightening, is based on parameter synthesis. The idea is to generate a set of parametric proof obligations, where each parameter evaluation corresponds to a variant of the original contract refinement, and to search for tighter variants of the contracts that still ensure the correctness of the refinement. We cast this approach in the OCRA framework, where contracts are expressed with LTL formulas, and we evaluate its performance and effectiveness on a number of benchmarks

Software Engineering and Formal Methods [electronic resource] : 14th International Conference, SEFM 2016, Held as Part of STAF 2016, Vienna, Austria, July 4-8, 2016, Proceedings /

This book constitutes the proceedings of the 14th International Conference on Software Engineering and Formal Methods, SEFM 2016, held as part of STAF 2016, in Vienna, Austria, in July 2016. The 20 full and 5 short papers presented in this volume were carefully reviewed and selected from 88 submissions. They were organized in topical sections named: concurrency and non-interference; program analysis; model checking; verification; interaction and adaptation; and development methods.Invited Papers -- Abstractions, Semantic Models and Analysis Tools for Concurrent Systems: Progress and Open Problems -- Satisfiability Checking: Theory and Applications -- Concurrency and Non-Interference -- Automatic Derivation of Platform Noninterference Properties -- Linearizability and Causality -- Refinement-based verification of Communicating Unstructured Code -- Guided Dynamic Symbolic Execution Using Subgraph Control-Flow Information (short paper) -- Program Analysis -- Correlating Structured Inputs and Outputs in Functional Specifications -- Combining Predicate Abstraction with Fixpoint Approximations -- Finding Boundary Elements in Ordered Sets with Application to Safety and Requirements Analysis -- Combining Abstract Interpretation with Symbolic Execution for a Static Value Range Analysis of Block Diagrams -- Model Checking -- Program Generation using Simulated Annealing and Model Checking -- LTL Parameter Synthesis of Parametric Timed Automata -- Model checking simulation rules for linearizability -- LTL Model Checking under Fairness in ProB (short paper) -- Verification -- Counterexamples from Proof Failures in SPARK -- Proving Termination of Programs with Bitvector Arithmetic by Symbolic Execution -- SMT-based automatic proof of ASM model refinement -- Coq Implementation of OO Verification Framework VeriJ (short paper) -- Towards a Proof Framework for Information Systems with Weak Consistency (short paper) -- Interaction and Adaptation -- A Cognitive Framework based on Rewriting Logic for the Analysis of Interactive Systems -- Incentive Stackelberg Mean-payoff Games -- Stability-based Adaptation of Asynchronously Communicating Software -- Compliance Checking in the Open Payments Ecosystem (short paper) -- Development Methods -- CoCoSpec: A mode aware contract language -- Modularizing Crosscutting Concerns in Component-Based Systems -- Tightening a Contract Refinement -- BMotionWeb: A Tool for Rapid Creation of Formal Prototypes.This book constitutes the proceedings of the 14th International Conference on Software Engineering and Formal Methods, SEFM 2016, held as part of STAF 2016, in Vienna, Austria, in July 2016. The 20 full and 5 short papers presented in this volume were carefully reviewed and selected from 88 submissions. They were organized in topical sections named: concurrency and non-interference; program analysis; model checking; verification; interaction and adaptation; and development methods