Modular Model Checking of Dynamically Adaptive Programs

Increasingly, software must dynamically adapt its behavior in response to changes in its runtime environment and user requirements in order to upgrade services, to harden security, or to improve performance. In order for adaptive software to be used in safety critical systems, they must be trusted. In this paper, we introduce a sound approach for modularly verifying whether an adaptive program satisfies its requirements specified in temporal logics (LTL and A-LTL). Compared to existing model checking approaches for adaptive programs, our approach reduces the time/space complexity of verifying an adaptive program by a factor of n, where n is the number of steady-state programs encompassed by the adaptive program. Our approach is orthogonal to many other modular model checking approaches in that it can work in conjunction with other approaches to reduce the overall model checking cost of adaptive programs. We illustrate our technique on the specification and verification of an adaptive mobile computing application.

[1]  Lori A. Clarke,et al.  Flow Analysis for Verifying Specifications of Concurrent and Distributed Software , 1999 .

[2]  David Garlan,et al.  Specifying and Analyzing Dynamic Software Architectures , 1998, FASE.

[3]  David Harel,et al.  Process Logic: Expressiveness, Decidability, Completeness , 1980, FOCS.

[4]  Amir Pnueli,et al.  A Choppy Logic , 1986, LICS.

[5]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[6]  Kathi Fisler,et al.  Verifying aspect advice modularly , 2004, SIGSOFT '04/FSE-12.

[7]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[8]  Grigore Rosu,et al.  Monitoring Java Programs with Java PathExplorer , 2001, RV@CAV.

[9]  Pierre Wolper,et al.  Reasoning About Infinite Computations , 1994, Inf. Comput..

[10]  Bengt Jonsson,et al.  Assumption/Guarantee Specifications in Linear-Time Temporal Logic , 1996, Theor. Comput. Sci..

[11]  Sandeep S. Kulkarni,et al.  Correctness of Component-Based Adaptation , 2004, CBSE.

[12]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[13]  Matthew B. Dwyer,et al.  Bandera: extracting finite-state models from Java source code , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[14]  Betty H. C. Cheng,et al.  Model-based development of dynamically adaptive software , 2006, ICSE.

[15]  Pierre Wolper,et al.  Reasoning about infinite computation paths , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[16]  A. Jefferson Offutt,et al.  A software metric system for module coupling , 1993, J. Syst. Softw..

[17]  Kathi Fisler,et al.  Modular verification of collaboration-based software designs , 2001, ESEC/FSE-9.

[18]  Ji Zhang,et al.  Optimizing the Java Piped I/O Stream Library for Performance , 2002, LCPC.

[19]  B. Cheng,et al.  Specifying adaptation semantics , 2005, WADS@ICSE.

[20]  J. Magree,et al.  Behavioral analysis of software architectures using LTSA , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[21]  Matti A. Hiltunen,et al.  Constructing adaptive software in distributed systems , 2001, Proceedings 21st International Conference on Distributed Computing Systems.

[22]  Pierre Wolper,et al.  Memory-efficient algorithms for the verification of temporal properties , 1990, Formal Methods Syst. Des..

[23]  Jeff Magee,et al.  Analysing dynamic change in software architectures: a case study , 1998, Proceedings. Fourth International Conference on Configurable Distributed Systems (Cat. No.98EX159).

[24]  Seyed Masoud Sadjadi,et al.  Composing adaptive software , 2004, Computer.

[25]  George S. Avrunin,et al.  Breaking up is hard to do: an investigation of decomposition for assume-guarantee reasoning , 2006, ISSTA '06.

[26]  Betty H. C. Cheng,et al.  Adding Safeness to Dynamic Adaptation Techniques , 2004 .

[27]  Dilma Da Silva,et al.  Enabling autonomic behavior in systems software with hot swapping , 2003, IBM Syst. J..

[28]  Pierre Wolper,et al.  An Automata-Theoretic Approach to Automatic Program Verification (Preliminary Report) , 1986, LICS.

[29]  Pierre Wolper,et al.  Simple on-the-fly automatic verification of linear temporal logic , 1995, PSTV.

[30]  Ji Zhang,et al.  Using temporal logic to specify adaptive program semantics , 2006, J. Syst. Softw..

[31]  Orna Kupferman,et al.  Modular Model Checking , 1997, COMPOS.

[32]  Cormac Flanagan,et al.  Thread-Modular Model Checking , 2003, SPIN.

[33]  Rajeev Alur,et al.  Model checking of hierarchical state machines , 1998, TOPL.

[34]  Thomas Wilke,et al.  Classifying Discrete Temporal Properties , 1999, STACS.

[35]  Philip K. McKinley,et al.  Improving multipath reliability in topology-aware overlay networks , 2005, 25th IEEE International Conference on Distributed Computing Systems Workshops.

[36]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[37]  Jeff Magee,et al.  The Evolving Philosophers Problem: Dynamic Change Management , 1990, IEEE Trans. Software Eng..

[38]  Howard Bowman,et al.  A Tableau Method for Interval Temporal Logic with Projection , 1998, TABLEAUX.

[39]  Ji Zhang,et al.  Enabling Safe Dynamic Component-Based Software Adaptation , 2004, WADS.

[40]  Shin Nakajima,et al.  The SPIN Model Checker : Primer and Reference Manual , 2004 .

[41]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[42]  Kathi Fisler,et al.  Verifying cross-cutting features as open systems , 2002, SIGSOFT '02/FSE-10.