A Specification Language for Static and Runtime Verification of Data and Control Properties

Static verification techniques can verify properties across all executions of a program, but powerful judgements are hard to achieve automatically. In contrast, runtime verification enjoys full automation, but cannot judge future and alternative runs. In this paper we present a novel approach in which data-centric and control-oriented properties may be stated in a single formalism, amenable to both static and dynamic verification techniques. We develop and formalise a specification notation, ppDATE, extending the control-flow property language used in the runtime verification tool Larva with pre/post-conditions and show how specifications written in this notation can be analysed both using the deductive theorem prover KeY and the runtime verification tool Larva. Verification is performed in two steps: KeY first partially proves the data-oriented part of the specification, simplifying the specification which is then passed on to Larva to check at runtime for the remaining parts of the specification including the control-centric aspects. We apply the approach to Mondex, an electronic purse application.

[1]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[2]  Heike Wehrheim,et al.  Zero Overhead Runtime Monitoring , 2013, SEFM.

[3]  Gordon J. Pace,et al.  A Unified Approach for Static and Runtime Verification: Framework and Applications , 2012, ISoLA.

[4]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[5]  C. Csallner,et al.  Check 'n' crash: combining static checking and testing , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[6]  Peter H. Schmitt,et al.  Verifying the Mondex Case Study , 2007, Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007).

[7]  Ondrej Lhoták,et al.  A Staged Static Program Analysis to Improve the Performance of Runtime Monitoring , 2007, ECOOP.

[8]  Bernhard Beckert,et al.  Verification of Object-Oriented Software. The KeY Approach - Foreword by K. Rustan M. Leino , 2007, The KeY Approach.

[9]  Armin Biere,et al.  Combined Static and Dynamic Analysis , 2005, AIOOL@VMCAI.

[10]  Peter Müller,et al.  Collaborative Verification and Testing with Explicit Assumptions , 2012, FM.

[11]  Viktor Kuncak,et al.  Runtime Checking for Program Verification , 2007, RV.

[12]  Nikolai Tillmann,et al.  DyTa: dynamic symbolic execution guided with static verification results , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[13]  Gordon J. Pace,et al.  Dynamic Event-Based Runtime Monitoring of Real-Time and Contextual Properties , 2009, FMICS.

[14]  John Barnes,et al.  Spark: The Proven Approach to High Integrity Software , 2012 .

[15]  Nikolai Tillmann,et al.  Pex-White Box Test Generation for .NET , 2008, TAP.

[16]  Jim Woodcock,et al.  An Electronic Purse: Specification, Refinement and Proof , 2000 .

[17]  Jim Woodcock,et al.  First Steps in the Verified Software Grand Challenge , 2006, Computer.

[18]  Gordon J. Pace,et al.  Combining Testing and Runtime Verification Techniques , 2012, MOMPES.

[19]  K. Rustan M. Leino,et al.  The Spec# Programming System , 2012 .

[20]  Isabel Tonin,et al.  Verifying the Mondex Case Study The KeY Approach , 2007 .