Mop: an efficient and generic runtime verification framework

Monitoring-Oriented Programming (MOP1) [21, 18, 22, 19] is a formal framework for software development and analysis, in which the developer specifies desired properties using definable specification formalisms, along with code to execute when properties are violated or validated. The MOP framework automatically generates monitors from the specified properties and then integrates them together with the user-defined code into the original system. The previous design of MOP only allowed specifications without parameters, so it could not be used to state and monitor safety properties referring to two or more related objects. In this paper we propose a parametric specification formalism-independent extension of MOP, together with an implementation of JavaMOP that supports parameters. In our current implementation, parametric specifications are translated into AspectJ code and then weaved into the application using off-the-shelf AspectJ compilers; hence, MOP specifications can be seen as formal or logical aspects. Our JavaMOP implementation was extensively evaluated on two benchmarks, Dacapo [14] and Tracematches [8], showing that runtime verification in general and MOP in particular are feasible. In some of the examples, millions of monitor instances are generated, each observing a set of related objects. To keep the runtime overhead of monitoring and event observation low, we devised and implemented a decentralized indexing optimization. Less than 8% of the experiments showed more than 10% runtime overhead; in most cases our tool generates monitoring code as efficient as the hand-optimized code. Despite its genericity, JavaMOP is empirically shown to be more efficient than runtime verification systems specialized and optimized for particular specification formalisms. Many property violations were detected during our experiments; some of them are benign, others indicate defects in programs. Many of these are subtle and hard to find by ordinary testing.

[1]  Eric Bodden,et al.  Flow-sensitive static optimizations for runtime monitors , 2007 .

[2]  Gregor Kiczales,et al.  Aspect-oriented programming , 2001, ESEC/FSE-9.

[3]  Daniel G. Bobrow,et al.  Book review: The Art of the MetaObject Protocol By Gregor Kiczales, Jim des Rivieres, Daniel G. and Bobrow(MIT Press, 1991) , 1991, SGAR.

[4]  Ondrej Lhoták,et al.  Aspects for Trace Monitoring , 2006, FATES/RV.

[5]  Martin Rinard,et al.  Acceptability-oriented computing , 2003, SIGP.

[6]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[7]  Ondrej Lhoták,et al.  Efficient trace monitoring , 2006, OOPSLA '06.

[8]  Grigore Rosu,et al.  Java-MOP: A Monitoring Oriented Programming Environment for Java , 2005, TACAS.

[9]  Bertrand Meyer,et al.  Object-Oriented Software Construction, 2nd Edition , 1997 .

[10]  Bart Jacobs,et al.  JML (poster session): notations and tools supporting detailed design in Java , 2000, OOPSLA '00.

[11]  Grigore Rosu,et al.  Towards Monitoring-Oriented Programming: A Paradigm Combining Specification and Implementation , 2003, RV@CAV.

[12]  Mahesh Viswanathan,et al.  Java-MaC: a Run-time Assurance Tool for Java Programs , 2001, RV@CAV.

[13]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[14]  Marcelo d'Amorim,et al.  Event-based runtime verification of java programs , 2005, ACM SIGSOFT Softw. Eng. Notes.

[15]  K. Barraclough Eclipse , 2006, BMJ : British Medical Journal.

[16]  Amer Diwan,et al.  The DaCapo benchmarks: java benchmarking development and analysis , 2006, OOPSLA '06.

[17]  Tzilla Elrad,et al.  Aspect-oriented programming: Introduction , 2001, CACM.

[18]  Benjamin Livshits,et al.  Finding application errors and security flaws using PQL: a program query language , 2005, OOPSLA '05.

[19]  Alexander Aiken,et al.  Relational queries over program traces , 2005, OOPSLA '05.

[20]  Heike Wehrheim,et al.  Jass - Java with Assertions , 2001, RV@CAV.

[21]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[22]  Gary T. Leavens,et al.  JML: notations and tools supporting detailed design in Java , 2000 .

[23]  Grigore Rosu,et al.  Monitoring Java Programs with Java PathExplorer , 2001, RV@CAV.

[24]  Chris Anley,et al.  Advanced SQL Injection In SQL Server Applications , 2002 .

[25]  Marcelo d'Amorim,et al.  A Formal Monitoring-Based Framework for Software Development and Analysis , 2004, ICFEM.

[26]  Ondrej Lhoták,et al.  A Staged Static Program Analysis to Improve the Performance of Runtime Monitoring , 2007, ECOOP.

[27]  Robert E. Filman,et al.  What Is Aspect-Oriented Programming , 2001 .

[28]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[29]  Oege de Moor,et al.  Making trace monitors feasible , 2007, OOPSLA.

[30]  Koushik Sen,et al.  Rule-Based Runtime Verification , 2004, VMCAI.

[31]  Michael R. Lowry,et al.  Experiments with Test Case Generation and Runtime Analysis , 2003, Abstract State Machines.

[32]  Ondrej Lhoták,et al.  abc: an extensible AspectJ compiler , 2005, AOSD '05.

[33]  Bertrand Meyer,et al.  Eiffel: The Language , 1991 .

[34]  Marcelo d'Amorim,et al.  Checking and Correcting Behaviors of Java Programs at Runtime with Java-MOP , 2006, RV@CAV.

[35]  Ondrej Lhoták,et al.  Adding trace matching with free variables to AspectJ , 2005, OOPSLA '05.

[36]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.