Runtime Assertion Checking and Static Verification: Collaborative Partners

Runtime assertion checking aspires to a similar level of sound and complete checking of software as does static deductive verification. Furthermore, for the same source language and specification language, runtime and static checking should implement as closely as possible the same semantics. We describe here the architecture used by two different systems to achieve this goal. We accompany that with descriptions of novel designs and implementations that add new capabilities to runtime assertion checking, bringing it closer to the feature coverage of static verification.

[1]  David R. Lester,et al.  A Survey of Exact Arithmetic Implementations , 2000, CCA.

[2]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[3]  Patrice Chalin,et al.  A Sound Assertion Semantics for the Dependable Systems Evolution Verifying Compiler , 2007, 29th International Conference on Software Engineering (ICSE'07).

[4]  Bernhard Beckert,et al.  Deductive Software Verification – The KeY Book , 2016, Lecture Notes in Computer Science.

[5]  David R. Cok,et al.  ESC/Java2: Uniting ESC/Java and JML Progress and Issues in Building and Using ESC/Java2, Including a Case Study Involving the Use of the Tool to Verify Portions of an Internet Voting Tally System , 2005 .

[6]  Norbert Th. Müller,et al.  The iRRAM: Exact Arithmetic in C++ , 2000, CCA.

[7]  Nikolai Kosmatov,et al.  Shadow state encoding for efficient monitoring of block-level properties , 2017, ISMM.

[8]  Jean-Christophe Filliâtre,et al.  Why3 - Where Programs Meet Provers , 2013, ESOP.

[9]  Viet-Hoang Le,et al.  Verification Coverage for Combining Test and Proof , 2018, TAP@STAF.

[10]  Viktor Kuncak,et al.  Sound compilation of reals , 2013, POPL.

[11]  Nikolai Kosmatov,et al.  Frama-C - A Software Analysis Perspective , 2012, SEFM.

[12]  K. Rustan M. Leino,et al.  Specification and verification , 2011, Commun. ACM.

[13]  David R. Cok,et al.  OpenJML: JML for Java 7 by Extending OpenJDK , 2011, NASA Formal Methods.

[14]  Nikolai Kosmatov,et al.  E-ACSL, a Runtime Verification Tool for Safety and Security of C Programs (tool paper) , 2017, RV-CuBES.

[15]  Derek Bruening,et al.  AddressSanitizer: A Fast Address Sanity Checker , 2012, USENIX Annual Technical Conference.

[16]  Famantanantsoa Randimbivololona,et al.  Formalise to automate: deployment of a safe and cost-efficient process for avionics software , 2018 .

[17]  Clark W. Barrett,et al.  The SMT-LIB Standard Version 2.0 , 2010 .

[18]  Gary T. Leavens,et al.  Behavioral interface specification languages , 2012, CSUR.

[19]  Daan Leijen,et al.  Integrating a set of contract checking tools into Visual Studio , 2012, 2012 Second International Workshop on Developing Tools as Plug-Ins (TOPI).

[20]  Nikolaï Kosmatov,et al.  Rester statique pour devenir plus rapide, plus précis et plus mince , 2015 .

[21]  Sandrine Blazy,et al.  Structuring Abstract Interpreters Through State and Value Abstractions , 2017, VMCAI.

[22]  Nikolai Kosmatov,et al.  Your Proof Fails? Testing Helps to Find the Reason , 2015, TAP@STAF.

[23]  Patrice Chalin,et al.  Logical foundations of program assertions: what do practitioners want? , 2005, Third IEEE International Conference on Software Engineering and Formal Methods (SEFM'05).

[24]  Daniel Richardson,et al.  Some undecidable problems involving elementary functions of a real variable , 1969, Journal of Symbolic Logic.

[25]  John Barnes,et al.  Spark: The Proven Approach to High Integrity Software , 2012 .

[26]  A. Turing On Computable Numbers, with an Application to the Entscheidungsproblem. , 1937 .

[27]  Stephen J. Garland,et al.  A Guide to LP, The Larch Prover , 1991 .

[28]  David R. Cok,et al.  OpenJML: Software verification for Java 7 using JML, OpenJDK, and Eclipse , 2014, F-IDE.

[29]  Ezio Bartocci,et al.  Introduction to Runtime Verification , 2018, Lectures on Runtime Verification.

[30]  J. R. Abrial,et al.  The B-Book: Programming , 1996 .

[31]  Julien Signoles,et al.  Combining Analyses for C Program Verification , 2012, FMICS.

[32]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[33]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[34]  Nicholas Nethercote,et al.  Using Valgrind to Detect Undefined Value Errors with Bit-Precision , 2005, USENIX Annual Technical Conference, General Track.

[35]  Nikolai Kosmatov,et al.  Common specification language for static and dynamic analysis of C programs , 2013, SAC '13.

[36]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[37]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, Electron. Notes Theor. Comput. Sci..

[38]  David R. Cok,et al.  ESC/Java2: Uniting ESC/Java and JML , 2004, CASSIS.

[39]  J. R. Abrial,et al.  The B-Book: Mathematics , 1996 .

[40]  Nikolai Kosmatov,et al.  Detection of Security Vulnerabilities in C Code Using Runtime Verification: An Experience Report , 2018, TAP@STAF.

[41]  Mariano M. Moscato,et al.  Eliminating Unstable Tests in Floating-Point Programs , 2018, LOPSTR.

[42]  David R. Cok,et al.  Improved usability and performance of SMT solvers for debugging specifications , 2010, International Journal on Software Tools for Technology Transfer.