Verifying data- and control-oriented properties combining static and runtime verification: theory and tools

Static verification techniques are used to analyse and prove properties about programs before they are executed. Many of these techniques work directly on the source code and are used to verify data-oriented properties over all possible executions. The analysis is necessarily an over-approximation as the real executions of the program are not available at analysis time. In contrast, runtime verification techniques have been extensively used for control-oriented properties, analysing the current execution path of the program in a fully automatic manner. In this article, we present a novel approach in which data-oriented and control-oriented properties may be stated in a single formalism amenable to both static and dynamic verification techniques. The specification language we present to achieve this that of ppDATEs, which enhances the control-oriented property language of DATEs, with data-oriented pre/postconditions. For runtime verification of ppDATE specifications, the language is translated into a DATE. We give a formal semantics to ppDATEs, which we use to prove the correctness of our translation from ppDATEs to DATEs. We show how ppDATE specifications can be analysed using a combination of the deductive theorem prover KeY and the runtime verification tool LARVA. Verification is performed in two steps: KeY first partially proves the data-oriented part of the specification, simplifying the specification which is then passed on to LARVA to check at runtime for the remaining parts of the specification including the control-oriented aspects. We show the applicability of our approach on two case studies.

[1]  David Gries,et al.  The Science of Programming , 1981, Text and Monographs in Computer Science.

[2]  Hasan Sözer,et al.  Integrated static code analysis and runtime verification , 2015, Softw. Pract. Exp..

[3]  Grigore Rosu,et al.  Java-MOP: A Monitoring Oriented Programming Environment for Java , 2005, TACAS.

[4]  Koushik Sen,et al.  Rule-Based Runtime Verification , 2004, VMCAI.

[5]  Eric Bodden,et al.  Clara: Partially Evaluating Runtime Monitors at Compile Time - Tutorial Supplement , 2010, RV.

[6]  Frank Piessens,et al.  VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java , 2011, NASA Formal Methods.

[7]  Martin Leucker,et al.  jUnitRV-Adding Runtime Verification to jUnit , 2013, NASA Formal Methods.

[8]  Jim Woodcock,et al.  First Steps in the Verified Software Grand Challenge , 2006, Computer.

[9]  Gordon J. Pace,et al.  Combining Testing and Runtime Verification Techniques , 2012, MOMPES.

[10]  Wolfgang Ahrendt,et al.  A system for compositional verification of asynchronous objects , 2012, Sci. Comput. Program..

[11]  Ondrej Lhoták,et al.  A Staged Static Program Analysis to Improve the Performance of Runtime Monitoring , 2007, ECOOP.

[12]  Jim Woodcock,et al.  An Electronic Purse: Specification, Refinement and Proof , 2000 .

[13]  Florence Maraninchi,et al.  Running-modes of real-time systems: a case-study with mode-automata , 2000, Proceedings 12th Euromicro Conference on Real-Time Systems. Euromicro RTS 2000.

[14]  Gordon J. Pace,et al.  A Specification Language for Static and Runtime Verification of Data and Control Properties , 2015, FM.

[15]  Armin Biere,et al.  Combined Static and Dynamic Analysis , 2005, AIOOL@VMCAI.

[16]  Gordon J. Pace,et al.  StaRVOOrS - Episode II - Strengthen and Distribute the Force , 2016, ISoLA.

[17]  Nikolai Tillmann,et al.  Pex-White Box Test Generation for .NET , 2008, TAP.

[18]  Michael R. Lowry,et al.  Combining test case generation and runtime verification , 2005, Theor. Comput. Sci..

[19]  Frank S. de Boer,et al.  Run-time checking of data- and protocol-oriented properties of Java programs: an industrial case study , 2013, SAC '13.

[20]  Giles Reger,et al.  An Overview of MarQ , 2016, RV.

[21]  Heike Wehrheim,et al.  Zero Overhead Runtime Monitoring , 2013, SEFM.

[22]  Peter Müller,et al.  Collaborative Verification and Testing with Explicit Assumptions , 2012, FM.

[23]  Nikolai Tillmann,et al.  DyTa: dynamic symbolic execution guided with static verification results , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[24]  Gordon J. Pace,et al.  Dynamic Event-Based Runtime Monitoring of Real-Time and Contextual Properties , 2009, FMICS.

[25]  Gidon Ernst,et al.  KIV: overview and VerifyThis competition , 2014, International Journal on Software Tools for Technology Transfer.

[26]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[27]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[28]  John Barnes,et al.  Spark: The Proven Approach to High Integrity Software , 2012 .

[29]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[30]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, Electron. Notes Theor. Comput. Sci..

[31]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[32]  Isabel Tonin,et al.  Verifying the Mondex Case Study The KeY Approach , 2007 .

[33]  Peter H. Schmitt,et al.  Verifying the Mondex Case Study , 2007, Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007).

[34]  Gordon J. Pace,et al.  StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java , 2015, RV.

[35]  Viktor Kuncak,et al.  Runtime Checking for Program Verification , 2007, RV.

[36]  Bernhard Beckert,et al.  Deductive Software Verification – The KeY Book , 2016, Lecture Notes in Computer Science.

[37]  Gordon J. Pace,et al.  A Unified Approach for Static and Runtime Verification: Framework and Applications , 2012, ISoLA.

[38]  Yannis Smaragdakis,et al.  Check 'n' crash: combining static checking and testing , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..