Verifying data- and control-oriented properties combining static and runtime verification: theory and tools

@article{Ahrendt2017VerifyingDA,
  title={Verifying data- and control-oriented properties combining static and runtime verification: theory and tools},
  author={Wolfgang Ahrendt and Jes{\'u}s Mauricio Chimento and Gordon J. Pace and Gerardo Schneider},
  journal={Formal Methods in System Design},
  year={2017},
  volume={51},
  pages={200-265}
}
Static verification techniques are used to analyse and prove properties about programs before they are executed. Many of these techniques work directly on the source code and are used to verify data-oriented properties over all possible executions. The analysis is necessarily an over-approximation as the real executions of the program are not available at analysis time. In contrast, runtime verification techniques have been extensively used for control-oriented properties, analysing the current… 

Combined Static and Dynamic Verification of Object Oriented Software Through Partial Proofs

The work presented in this thesis addresses this issue by introducing some manners to combine static and dynamic verification, where partial proofs are used as a means to accomplish the combination.

Practical Abstractions for Automated Verification of Message Passing Concurrency

A novel verification technique that combines the strengths of deductive and algorithmic verification to reason elegantly about message passing concurrent programs, thereby reducing their limitations.

Control-Flow Residual Analysis for Symbolic Automata

This paper generalises existing work which uses control-flow static analysis to optimise properties specified as automata, and proves how similar analysis can be applied to more expressive symbolic automata - enabling reduction of monitoring instrumentation in the system, and also monitoring logic.

Can determinism and compositionality coexist in RML? (extended version)

This paper interprets the basic operators of the RML trace calculus as operations on sets of instantiated event traces and proves that such an interpretation is equivalent to the operational semantics of the calculus.

Can determinism and compositionality coexist in RML?

This paper interprets the basic operators of the RML trace calculus as operations on sets of instantiated event traces and proves that such an interpretation is equivalent to the operational semantics of the calculus.

A Deterministic Event Calculus for Effective Runtime Verification

An event calculus is presented which provides a basis for the semantics and the implementation of RML, a domain specific language (DSL) for RV, which allows concise specifications of non context-free properties, and their efficient verification at runtime.

Testing Meets Static and Runtime Verification

The proposed development methodology features the benefits of TDD and model-based testing, enhanced with, for instance, early detection of bugs which may be missed by TDD, and the validation of the overall system with respect to the model, regarding the control aspects.

Using Dependence Graphs to Assist Verification and Testing of Information-Flow Properties

It is shown how each security violation reported by an SDG-based approach can be used to create a simplified program that can be handled with a second approach to prove or disprove the reported violation.

Efficient Tracing Methodology Using Automata Processor

The idea of high-level system-on-chip monitoring using automata processors using timed automata (TA)-based requirements is promoted and the TA model converted for Automata Processor to monitor system, correctness, and safety properties achieved 100% failure detection rate in the experiment.

Who is to Blame? Runtime Verification of Distributed Objects with Active Monitors

A practical solution for powerful and flexible runtime verification of distributed, object-oriented applications, via a combination of the runtime verification tool Larva and the active object framework ProActive, and the Larva front-end StaRVOOrS.

References

SHOWING 1-10 OF 41 REFERENCES

A Specification Language for Static and Runtime Verification of Data and Control Properties

This paper presents a novel approach in which data-centric and control-oriented properties may be stated in a single formalism, amenable to both static and dynamic verification techniques, and applies the approach to Mondex, an electronic purse application.

Runtime Checking for Program Verification

This paper describes the preliminary experience with incorporating run-time checking into the Jahob verification system and discusses some lessons learned in this process.

Dynamic Event-Based Runtime Monitoring of Real-Time and Contextual Properties

This work presents dynamic communicating automata with timers and events to describe properties of systems, implemented in Larva, an event-based runtime verification tool for monitoring temporal and contextual properties of Java programs.

A Unified Approach for Static and Runtime Verification: Framework and Applications

This paper proposes a framework to combine static analysis techniques and runtime verification with the aim of getting the best of both techniques, and discusses an instantiation of the framework for the deductive theorem prover KeY, and the runtime verification tool Larva.

Combined Static and Dynamic Analysis

Dafny: An Automatic Program Verifier for Functional Correctness

A tour of the language and verifier Dafny, which has been used to verify the functional correctness of a number of challenging pointer-based programs, is given and the full functional specification of the Schorr-Waite algorithm is shown.

StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java

The tool StaRVOOrs combines the deductive theorem prover KeY and the RV tool LARVA, and uses properties written using the ppDATE specification language which combines the control-flow property language DATE used in LARVA with Hoare triples assigned to states.

A system for compositional verification of asynchronous objects

StaRVOOrS - Episode II - Strengthen and Distribute the Force

Two future research directions to strengthen the power, and broaden the scope, of combined static and runtime verification are discussed: to use static analysis techniques to further optimise the runtime monitor, and to extend the framework to the distributed case.