Constraint-Based Behavioral Consistency of Evolving Software Systems

Any complex software system exhibits a tension between the technical perspective required for its realization and the user-level perspective. We term this the “how-what gap”, represented by the questions “how is a system implemented” vs. “what is its functionality/usage”. The normative, anticipated behavior of a software system as envisaged during its development and the de facto, observed behavior emerging after its continued operation tends to drift apart, resulting in behavioral inconsistency. We discuss how behavioral consistency in software systems can be captured in technical and formal terms, we sketch a possible tool chain that could support it, and we describe some of the research challenges that must be solved. Our main idea is to combine software analysis approaches represented by various forms of static analysis and formal verification with runtime verification, monitoring, and automata learning in order to optimally leverage the de facto observed behaviour of the deployed systems.

[1]  Tiziana Margaria,et al.  Incremental Formalization: A Key to Industrial Success , 1996, Softw. Concepts Tools.

[2]  Bernhard Steffen,et al.  Risk-based testing via active continuous quality control , 2014, International Journal on Software Tools for Technology Transfer.

[3]  Bernhard Steffen,et al.  Learning register automata: from languages to program structures , 2014, Machine Learning.

[4]  Bengt Jonsson,et al.  Inferring Canonical Register Automata , 2012, VMCAI.

[5]  Christoph Scheben,et al.  Information Flow Analysis , 2016, Deductive Software Verification.

[6]  Malte Isberner,et al.  Foundations of active automata learning: an algorithmic perspective , 2015 .

[7]  Reiner Hähnle,et al.  KeY-ABS: A Deductive Verification Tool for the Concurrent Modelling Language ABS , 2015, CADE.

[8]  Tiziana Margaria,et al.  Next Generation LearnLib , 2011, TACAS.

[9]  Dana Angluin,et al.  Learning Regular Sets from Queries and Counterexamples , 1987, Inf. Comput..

[10]  Roberto Bruttomesso,et al.  The 2012 SMT Competition , 2013, SMT@IJCAR.

[11]  Laura Kovács,et al.  Symbolic Computation and Automated Reasoning for Program Analysis , 2016, IFM.

[12]  Josef Urban,et al.  The CADE-25 Automated Theorem Proving system competition - CASC-25 , 2016, AI Commun..

[13]  Gordon J. Pace,et al.  Verifying data- and control-oriented properties combining static and runtime verification: theory and tools , 2017, Formal Methods Syst. Des..

[14]  Frank S. de Boer,et al.  Formal modeling and analysis of resource management for cloud architectures: an industrial case study using Real-Time ABS , 2014, Service Oriented Computing and Applications.

[15]  Frits W. Vaandrager,et al.  Automata Learning through Counterexample Guided Abstraction Refinement , 2012, FM.

[16]  Reiner Hähnle,et al.  A formal verification framework for static analysis , 2015, Software & Systems Modeling.

[17]  Reiner Hähnle,et al.  Uniform Modeling of Railway Operations , 2016, FTSCS.

[18]  Reiner Hähnle,et al.  Generating Unit Tests from Formal Proofs , 2007, TAP.

[19]  Reiner Hähnle,et al.  Analysis of Executable Software Models , 2014, SFM.

[20]  Philipp Rümmer,et al.  Sequential, Parallel, and Quantified Updates of First-Order Structures , 2006, LPAR.

[21]  Reiner Hähnle,et al.  The Abstract Behavioral Specification Language: A Tutorial Introduction , 2012, FMCO.

[22]  Elvira Albert,et al.  The ABS tool suite: modelling, executing and analysing distributed adaptable object-oriented systems , 2012, International Journal on Software Tools for Technology Transfer.

[23]  Tiziana Margaria,et al.  Business Process Modeling in the jABC , 2009, Handbook of Research on Business Process Modeling.

[24]  Reiner Hähnle,et al.  Symbolic Execution Debugger (SED) , 2014, RV.

[25]  Reiner Hähnle,et al.  ABS: A Core Language for Abstract Behavioral Specification , 2010, FMCO.

[26]  Hardi Hungar,et al.  Model Generation by Moderated Regular Extrapolation , 2002, FASE.

[27]  Nathan Wasser Generating Specifications for Recursive Methods by Abstracting Program States , 2015, SETTA.

[28]  Bernhard Steffen,et al.  Active continuous quality control , 2013, CBSE '13.

[29]  Ramtin Jabbari,et al.  What is DevOps?: A Systematic Mapping Study on Definitions and Practices , 2016, XP Workshops.

[30]  Bernhard Steffen,et al.  The Open-Source LearnLib - A Framework for Active Automata Learning , 2015, CAV.

[31]  Bernhard Steffen,et al.  Unifying Models , 1997, STACS.

[32]  Bernhard Steffen,et al.  Active Automata Learning in Practice - An Annotated Bibliography of the Years 2011 to 2016 , 2018, Machine Learning for Dynamic Software Analysis.

[33]  Tiziana Margaria,et al.  Model-Driven Development with the jABC , 2006, Haifa Verification Conference.

[34]  Michael Felderer,et al.  A multiple case study on risk-based testing in industry , 2014, International Journal on Software Tools for Technology Transfer.

[35]  Elvira Albert,et al.  SYCO: a systematic testing tool for concurrent objects , 2016, CC.

[36]  Reiner Hähnle,et al.  Exploit Generation for Information Flow Leaks in Object-Oriented Programs , 2015, SEC.

[37]  Elvira Albert,et al.  SACO: Static Analyzer for Concurrent Objects , 2014, TACAS.

[38]  Bengt Jonsson,et al.  Generating models of infinite-state communication protocols using regular inference with abstraction , 2015, Formal Methods Syst. Des..

[39]  Bengt Jonsson,et al.  Learning of Automata Models Extended with Data , 2011, SFM.

[40]  Antonello Calabrò,et al.  Never-stop Learning: Continuous Validation of Learned Models for Evolving Systems through Monitoring , 2012, ERCIM News.

[41]  Armand Maurer,et al.  Ockham's Razor and Dialectical Reasoning , 1996 .

[42]  Bernhard Steffen,et al.  Inferring Automata with State-Local Alphabet Abstractions , 2013, NASA Formal Methods.

[43]  Bernhard Steffen,et al.  Automata Learning with Automated Alphabet Abstraction Refinement , 2011, VMCAI.

[44]  Bernhard Beckert,et al.  Dynamic Logic for Java , 2016, Deductive Software Verification.

[45]  Bernhard Steffen,et al.  The TTT Algorithm: A Redundancy-Free Approach to Active Automata Learning , 2014, RV.

[46]  Bengt Jonsson,et al.  Learning Extended Finite State Machines , 2014, SEFM.

[47]  Giuliano Casale,et al.  Towards a DevOps Approach for Software Quality Engineering , 2015, WOSP '15.

[48]  Reiner Hähnle,et al.  Program Transformation Based on Symbolic Execution and Deduction , 2013, SEFM.

[49]  Bernhard Steffen,et al.  Quality Engineering: Leveraging Heterogeneous Information - (Invited Talk) , 2011, VMCAI.

[50]  Wolfgang Ahrendt,et al.  Proof-based Test Case Generation , 2016, Deductive Software Verification.

[51]  Bernhard Steffen,et al.  From ZULU to RERS - Lessons Learned in the ZULU Challenge , 2010, ISoLA.

[52]  Bernhard Steffen,et al.  An Abstract Framework for Counterexample Analysis in Active Automata Learning , 2014, ICGI.

[53]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[54]  Frank S. de Boer,et al.  OpenJDK's Java.utils.Collection.sort() Is Broken: The Good, the Bad and the Worst Case , 2015, CAV.

[55]  Gordon J. Pace,et al.  StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java , 2015, RV.

[56]  Bengt Jonsson,et al.  Extending Automata Learning to Extended Finite State Machines , 2018, Machine Learning for Dynamic Software Analysis.

[57]  Bernhard Beckert,et al.  Deductive Software Verification – The KeY Book , 2016, Lecture Notes in Computer Science.

[58]  Tiziana Margaria,et al.  Service-Orientation: Conquering Complexity with XMDD , 2012, Conquering Complexity.

[59]  Cosimo Laneve,et al.  A framework for deadlock detection in core ABS , 2015, Software & Systems Modeling.