The RV System Tutorial
|
|
- Carmel Manning
- 5 years ago
- Views:
Transcription
1 The RV System Tutorial Patrick Meredith and Grigore Rosu joint work with Feng Chen, Dongyun Jin, Dennis Griffith, Michael Ilseman Runtime Verification, Inc. University of Illinois
2 The RV System!"#$%&'(%)!"#*)+,'-(!9&('/+ $%&'(%)'&<1 7&8()9/+&(3('%&!3-+14+(+-('%& *3)3/+()'- ;2'-'&<1 *)+,'-('%&1 =%<<'&<1.86+-( =%<<'&< :398321;2'-'&<.(%/'-'(01 "'%23('%&1 4+(+-('%& *)+,'-('%&1 $%&'(%)1='>)3)0 5+&+)'-1*)%6+)(0 4+(+-('%& New Version of JavaMOP Fig. 1. System Overview New Version of jpredictor Combines Runtime Monitoring and Predictive Analysis 2
3 Overview Monitoring RV-Monitor Demo RV-Monitor Techniques and Implementation Monitor Synthesis Parametric Monitoring Optimizations Prediction RV-Predict Demo RV-Predict Techniques and Implementation Sliced Causality Pipeline Race Prediction
4 Why Monitoring Monitoring is well-adopted in many engineering disciplines Fuses, watchdogs, fire-alarms, etc. Monitoring adds redundancy Increases reliability, robustness and confidence in correct behavior, reduces risk Provably correct systems can fail, too Unexpected environment, wrong/strong assumptions, hardware or OS errors, etc.
5 Applications of Monitoring Debugging Development Error messages Testing Development Error messages Security/Reliability/Robustness/ Production Recovery mechanisms Programming Paradigm Production General actions
6 Runtime Monitoring Systems (a few of them) 2001 MAC (UPenn), PAX (NASA), TimeRover (commercial) HAWK/Eagle (NASA), MOP (UIUC), POTA (UTA) 2005: PQL (Stanford) Tracematches (Oxford) PTQL (Berkeley/Stanford/Novell) Pal (UPenn) RuleR (Manchester) many others
7 FailFast Iterator Following code throws exception in Java (FailFast): Vector v = new Vector(); Iterator i = v.iterator(); v.add(new Integer(2)); while (i.hasnext()) FailFast: if the underlying vector is changed when an iterator is used for enumerating elements, the iterator fails. However
8 MOP Example: Safe Enumeration No exception raised if one uses Enumeration instead of Iterator Java language decision, showing that SafeEnum(Vector v, Enumeration+ e) { event create after(vector v) returning(enumeration e):... event updatesource after(vector v) :... event next before(enumeration e) :... ere : create next* updatesource+ { System.out.println( Failed Enumeration!"); } } > 250 AspectJ LOC generated
9 Complexity of SafeEnum Tricky to check SafeEnum manually Two counters needed, one in the vector (the current timestamp) and the other in the enumeration (the vector s timestamp when creating the enumeration). Accesses to vector / enumerator can be scattered all over the code, both in program and in libraries Accesses to vector s counter must be synchronized Every implementation of the Enumeration interface should repeat the above work
10 Example of Unsafe Enumeration Bug found in jhotdraw Main Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); Task Thread: v.remove(0); The underlying vector should not be changed when one of its enumerations is being used!
11 Example of Unsafe Enumeration Bug found in jhotdraw May cause unexpected behaviors, e.g., a NoSuchElement Exception or some errors later. Main Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); Task Thread: v.remove(0); The underlying vector should not be changed when one of its enumerations is being used!
12 RV-Monitor (Based on Monitoring Oriented Programming - MOP) A generic runtime verification framework - proposed in 2003 RV 03, ICFEM 04, RV 05, CAV 05, TACAS 05, CAV 06, CAV 07, OOPSLA 07, ASE 08, RTSS 08, AOSD 08,TACAS 09,
13 What RV-Monitor Supports Observe a run of a system Requires instrumentation Can be offline or online Check it against desired properties Specified using patterns or in a logical formalism React/Report (if needed) Error messages Recovery mechanisms General code
14 RV-Monitor Model Program Execution
15 RV-Monitor Model Program Execution Observation/Abstraction Abstract Trace
16 RV-Monitor Model Program Execution Observation/Abstraction Abstract Trace Monitors Verification M 1 M 2 M 3
17 RV-Monitor Model Program Execution Observation/Abstraction Action Abstract Trace Monitors Verification M 1 M 2 M 3 Action
18 RV-Monitor Model Program Execution Observation/Abstraction Action Abstract Trace Monitors Verification M 1 M 2 M 3 Action Monitors verify abstract traces against desired properties; can be dynamically created or destroyed
19 Overview Monitoring RV-Monitor Demo RV-Monitor Techniques and Implementation Monitor Synthesis Parametric Monitoring Optimizations Prediction RV-Predict Demo RV-Predict Techniques and Implementation Sliced Causality Pipeline Race Prediction
20 Overview Monitoring RV-Monitor Demo RV-Monitor Techniques and Implementation Monitor Synthesis Parametric Monitoring Optimizations Prediction RV-Predict Demo RV-Predict Techniques and Implementation Sliced Causality Pipeline Race Prediction
21 Monitor Synthesis Program Execution Observation/Abstraction Action Abstract Trace Monitors Verification M 1 M 2 M 3 Action
22 Monitor Synthesis Program Execution Observation/Abstraction Action Abstract Trace Monitors Verification M 1 M 2 M 3 Action How do we generate efficient monitors?
23 MOP: Extensible Logic Framework Generic in specification formalisms Logic plugin: plugable monitor synthesis components for different logics Already provides plugins for many logics FSM (Finite State Machine), ERE (extended regular expressions), PTLTL (Past-time LTL), FTLTL (Future-time LTL), ATL (Allen temporal logic), JML (Java modeling language), PtCaRet (Past-time Call/Return), CFG (Context-free grammars), The desired property can be arbitrarily complex: Raw specifications
24 FSM Plugin Finite State Machine Easy to use, yet powerful Many approaches/users encode important properties directly in finite state machines, e.g., Typestates Monitoring FSM Direct translation from an FSM specification to a monitor
25 ERE Plugin Extended Regular Expressions Regular expressions Widely used in programming, easy to master for ordinary programmers Existing monitor synthesis algorithm Extended regular expressions Extend regular exps with complement (negation) Specify properties non-elementarily more compactly More complicated to monitor
26 LTL Plugins Linear Temporal Logic MOP includes both a past-time plugin (PTLTL) and an over-all LTL plugin for LTL PTLTL uses a dynamic programming algorithm, low resources, suitable for hardware LTL uses a translation through alternating automata. Semantics of past is different than PTLTL
27 CFG Plugins Context-Free Grammar Most systems support finite state monitors Regular languages Linear temporal logics These cannot monitor structured properties: 21
28 CFG Plugins Context-Free Grammar Most systems support finite state monitors Regular languages Linear temporal logics These cannot monitor structured properties: 21
29 GLR Parsing Yields CFG Monitors Reads input Left to right, produces Rightmost derivation; table driven Bottom-up parsing keeps stack with the current, and previous states Efficient Handles all context-free grammars, even those with ambiguity Makes it a good candidate for CFG monitor synthesis! 22
30 Overview Monitoring RV-Monitor Demo RV-Monitor Techniques and Implementation Monitor Synthesis Parametric Monitoring Optimizations Prediction RV-Predict Demo RV-Predict Techniques and Implementation Sliced Causality Pipeline Race Prediction
31 MOP Monitoring Model Program Execution Observation/Abstraction Action Abstract Trace Monitors Verification M 1 M 2 M 3 Action Monitors can be dynamically created or destroyed Parametric monitoring
32 Parametric Properties Needed, but hard to monitor efficiently Parameters SafeEnum(Vector v, Enumeration+ e) { event create after(vector v) returning(enumeration e):... event updatesource after(vector v) :... event next before(enumeration e) :... } ere : create next* updatesource+ { System.out.println( Failed Enumeration!"); }
33 Safe Enumeration as Parametric Property Usage pattern (using regular expressions) of three events updatesource(v) : change vector v create(v,e) : create enumeration e from vector v next(e) : use enumeration e Monitor next updatesource 0 create updatesource 1 2 next 3 Violation state
34 Monitoring Safe Enum Main Thread: Task Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); v.remove(0); next updatesource 0 create updatesource 1 2 next 3
35 Monitoring Safe Enum Main Thread: Task Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); v.remove(0); next updatesource 0 create updatesource 1 2 next 3
36 Monitoring Safe Enum Main Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); Task Thread: v.remove(0); create next updatesource 0 create updatesource 1 2 next 3
37 Monitoring Safe Enum Main Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); Task Thread: v.remove(0); create next updatesource 0 create updatesource 1 2 next 3
38 Monitoring Safe Enum Main Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); Task Thread: v.remove(0); create next updatesource 0 create updatesource 1 2 next 3
39 Monitoring Safe Enum Main Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); Task Thread: v.remove(0); create updatesource next updatesource 0 create updatesource 1 2 next 3
40 Monitoring Safe Enum Main Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); Task Thread: v.remove(0); create updatesource next updatesource 0 create updatesource 1 2 next 3
41 Monitoring Safe Enum Main Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); Task Thread: v.remove(0); create updatesource next next updatesource 0 create updatesource 1 2 next 3
42 Monitoring Safe Enum Main Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); Task Thread: v.remove(0); create updatesource next next updatesource 0 create updatesource 1 2 next 3
43 Lack of Parameters Leads to False Alarms Main Thread: Task Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); v.remove(0);
44 Lack of Parameters Leads to False Alarms Main Thread: Task Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); v.remove(0); v2.remove(0);
45 Lack of Parameters Leads to False Alarms Main Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); Task Thread: v.remove(0); v2.remove(0); create updatesource next
46 Lack of Parameters Leads to False Alarms Main Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); Task Thread: v.remove(0); v2.remove(0); create updatesource next Appear to be a violation but it is not; false alarm!
47 Adding Parameters to Events Main Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); Task Thread: v2.remove(0);
48 Adding Parameters to Events Main Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); Task Thread: v2.remove(0); create(v, e) update(v2) next(e)
49 Adding Parameters to Events Main Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); Task Thread: v.remove(0); v2.remove(0); create(v, e) update(v2) update(v) next(e)
50 Adding Parameters to Events Main Thread: Vector v = //initialization; Enumeration e = v.elements(); Object obj = e.nextelement(); Task Thread: v.remove(0); v2.remove(0); create(v, e) update(v2) update(v) next(e) Parametric traces: traces containing events with parameters; Abundant in practice, especially in object-oriented programs
51 Checking Parametric Traces
52 Checking Parametric Traces parametric trace updatesource(v1) create (v1,e1) updatesource(v2) next(e1) create(v1,e2) updatesource(v1) next(e1)
53 Checking Parametric Traces parametric trace updatesource(v1) non-parametric monitor create (v1,e1) updatesource(v2) next(e1) create(v1,e2) updatesource(v1) 0 3 next create 1 updatesource next 2 updatesource next(e1)
54 Checking Parametric Traces parametric trace updatesource(v1) non-parametric monitor create (v1,e1) updatesource(v2) next(e1) create(v1,e2) updatesource(v1) 0 3 next create 1 updatesource next 2 updatesource next(e1)
55 Checking Parametric Traces parametric trace updatesource(v1) parametric monitor create (v1,e1) updatesource(v2) next(e1) create(v1,e2) updatesource(v1) 0 3 next create 1 updatesource next 2 updatesource next(e1)
56 Parametric Monitors Other approaches: Monolithic (centralized) monitors Tracematches [Oxford], Program Query Language (PQL) [Stanford], Eagle [NASA], etc. Bound to specific formalisms/checking mechanisms Limited expressiveness, specific to application domains Our solution: decentralized monitors Formalism-independent, works with any formalism More expressive, adaptive to different domains Facilitates optimization (separation of concerns) Evaluation shows better performance
57 Parametric Trace Slicing updatesource(v1) create create (v1,e1) updatesource(v2) next(e1) create(v1,e2) updatesource(v1) next(e1) For given parameters (v, e)
58 Parametric Trace Slicing v1, e1 v1, e2 v2, e1 v2, e2 updatesource(v1) create create (v1,e1) updatesource(v2) next(e1) create(v1,e2) updatesource(v1) next(e1) For given parameters (v, e)
59 Parametric Trace Slicing v1, e1 v1, e2 v2, e1 updatesource(v1) create create (v1,e1) updatesource(v2) next(e1) create(v1,e2) updatesource(v1) next(e1) For given parameters (v, e)
60 Parametric Trace Slicing v1, e1 v1, e2 v2, e1 updatesource(v1) updatesource create (v1,e1) create updatesource(v2) next(e1) next create(v1,e2) updatesource(v1) updatesource next(e1) next For given parameters (v, e)
61 Parametric Trace Slicing v1, e1 v1, e2 v2, e1 updatesource(v1) updatesource create (v1,e1) updatesource(v2) next(e1) create trace slice next create(v1,e2) updatesource(v1) updatesource next(e1) next For given parameters (v, e)
62 Parametric Trace Slicing v1, e1 v1, e2 v2, e1 updatesource(v1) updatesource updatesource create (v1,e1) create updatesource(v2) next(e1) trace slice next updatesource next create(v1,e2) create updatesource(v1) updatesource next(e1) next next For given parameters (v, e)
63 Naive monitoring of Parametric Traces Every parametric trace contains multiple nonparametric trace slices, each corresponding to a particular parameter binding next updatesource 0 create updatesource 1 2 next 3 next updatesource 0 create updatesource 1 2 next 3
64 Naive monitoring of Parametric Traces Every parametric trace contains multiple nonparametric trace slices, each corresponding to a particular parameter binding next updatesource v1, e1 0 create updatesource 1 2 next 3 next updatesource v1, e2 0 create updatesource 1 2 next 3
65 Parametric Trace Slicing - Challenges v1, e1 v1, e2 v2, e1 update(v1) update update createenum(v1,e1) createenum update(v2) update useenum(e1) useenum useenum createenum(v1,e2) createenum update(v1) update useenum(e1) useenum useenum For given parameters (v, e)
66 Parametric Trace Slicing - Challenges v1, e1 v1, e2 v2, e1 update(v1) update update createenum(v1,e1) How createenum to do it efficiently? update(v2) update useenum(e1) useenum useenum createenum(v1,e2) createenum update(v1) update useenum(e1) useenum useenum For given parameters (v, e)
67 Parametric Trace Slicing - Challenges v1, e1 v1, e2 v2, e1 update(v1) update update createenum(v1,e1) How createenum to do it efficiently? update(v2) update useenum(e1) createenum(v1,e2) useenum createenum useenum What if the trace is not complete? update(v1) update useenum(e1) useenum useenum For given parameters (v, e)
68 Online Parametric Trace Slicing Online: process events as receiving them and do not look back for the previous events Efficient Scan the trace once Events discarded immediately after being processed What information should be kept for the unknown future?
69 Overview Monitoring RV-Monitor Demo RV-Monitor Techniques and Implementation Monitor Synthesis Parametric Monitoring Optimizations Prediction RV-Predict Demo RV-Predict Techniques and Implementation Sliced Causality Pipeline Race Prediction
70 Slicing Example For given parameters (v, e)
71 Slicing Example v1 update(v1) update For given parameters (v, e)
72 Slicing Example v1 v1, e1 update(v1) update createenum(v1,e1) For given parameters (v, e)
73 Slicing Example v1 v1, e1 update(v1) update update createenum(v1,e1) For given parameters (v, e)
74 Slicing Example v1 v1, e1 update(v1) update update createenum(v1,e1) createenum For given parameters (v, e)
75 Slicing Example v1 v1, e1 v2 update(v1) update update createenum(v1,e1) createenum update(v2) update For given parameters (v, e)
76 Slicing Example v1 v1, e1 v2 e1 update(v1) update update createenum(v1,e1) createenum update(v2) update useenum(e1) useenum For given parameters (v, e)
77 Slicing Example v1 v1, e1 v2 e1 update(v1) update update createenum(v1,e1) createenum update(v2) update useenum(e1) useenum useenum For given parameters (v, e)
78 Slicing Example v1 v1, e1 v2 e1 v2, e1 update(v1) update update createenum(v1,e1) createenum update(v2) update useenum(e1) useenum useenum For given parameters (v, e)
79 Slicing Example v1 v1, e1 v2 e1 v2, e1 update(v1) update update createenum(v1,e1) createenum update(v2) update update useenum(e1) useenum useenum useenum For given parameters (v, e)
80 Slicing Example v1 v1, e1 v2 e1 v2, e1 v1, e2 update(v1) update update update createenum(v1,e1) createenum update(v2) update update useenum(e1) useenum useenum useenum createenum(v1,e2) createenum For given parameters (v, e)
81 Slicing Example v1 v1, e1 v2 e1 v2, e1 v1, e2 update(v1) update update update createenum(v1,e1) createenum update(v2) update update useenum(e1) useenum useenum useenum createenum(v1,e2) createenum For given parameters (v, e)
82 Slicing Example v1 v1, e1 v2 e1 v2, e1 v1, e2 update(v1) update update update createenum(v1,e1) Optimization: based on static property analysis, generate createenum specialized slicing code for the given specification update(v2) update update useenum(e1) useenum useenum useenum createenum(v1,e2) createenum For given parameters (v, e)
83 Slicing Example v1 v1, e1 v2 v1, e2 update(v1) update update update createenum(v1,e1) Optimization: based on static property analysis, generate createenum specialized slicing code for the given specification update(v2) update useenum(e1) useenum createenum(v1,e2) createenum For given parameters (v, e)
84 RV-Monitor Performance HasNext UnsafeIter Unsafe- MapIter Unsafe- SyncColl Unsafe- SyncMap Comparison of Tracematches (TM), JavaMOP (MOP), and RV: Average percent runtime overhead All Prop TM MOP RV TM MOP RV TM MOP RV TM MOP RV TM MOP RV RV antlr bloat OOM chart eclipse fop hsqldb jython luindex lusearch pmd OOM xalan g. 6. Comparison of Tracematches (TM), JavaMOP (MOP), and RV: 38
85 Overview Monitoring RV-Monitor Demo RV-Monitor Techniques and Implementation Monitor Synthesis Parametric Monitoring Optimizations Prediction RV-Predict Demo RV-Predict Techniques and Implementation Sliced Causality Pipeline Race Prediction
86 Why Prediction Concurrent programs are hard to analyze Model checking: number of interleavings is prohibitively large Testing: interleavings depend on environment Combine dynamic and static methods to find bad behaviors near correct executions 40
87 Our Solution Sliced Causality General purpose technique to predict (bad) behaviors from correct runs Sound: No false alarms RV-Predict Tool implementing Sliced Causality Allows for prediction of any property for which an algorithm exists Better than tools specialized simply for data race or atomicity violations 41
88 Prediction Example Property: authenticate before access Main Thread: Task Thread: s 1 : resource.authenticate(); s 2 : flag.value = true; Observed execution: s 1 s 2 s 3 s 4 s 3 : if while (! (! flag.value) Thread.yield() ; s 4 : resource.access(); 42
89 Prediction Example Property: authenticate before access Main Thread: Task Thread: s 1 : resource.authenticate(); s 2 : flag.value = true; s 3 : if (! flag.value) Observed execution: s 1 s 2 s 3 s 4 Thread.yield() ; s 4 : resource.access(); Buggy: s can be executed before s Buggy S4 can be executed before S1 Low possibility to hit error in testing 43
90 Prediction Example Property: authenticate before access Main Thread: Task Thread: s 1 : resource.authenticate(); s 2 : flag.value = true; s 3 : if (! flag.value) Thread.yield() ; s 4 : resource.access(); execution is observed? Yes! Observed But not execution: in the traditional s 1 s 2 s 3 s 4 way Can we predict the error even when the above Buggy: s can be executed before s Buggy S4 can be executed before S1 Low possibility to hit error in testing 43
91 Special Case: Data Races Our techniques work for any behavioral property One of the simplest properties is race detection Two accesses to a shared variable can take place concurrently At least one of the accesses is a write 44
92 Overview Monitoring RV-Monitor Demo RV-Monitor Techniques and Implementation Monitor Synthesis Parametric Monitoring Optimizations Prediction RV-Predict Demo RV-Predict Techniques and Implementation Sliced Causality Pipeline Race Prediction
93 Overview Monitoring RV-Monitor Demo RV-Monitor Techniques and Implementation Monitor Synthesis Parametric Monitoring Optimizations Prediction RV-Predict Demo RV-Predict Techniques and Implementation Sliced Causality Pipeline Race Prediction
94 Predictive Runtime Analysis Predictive Runtime Analysis Search space 47
95 Predictive Runtime Analysis Search space Observed execution 48
96 Predictive Runtime Analysis Search space Observed execution Causal model 49
97 Predictive Runtime Analysis Search space Observed execution Causal model Inferred executions Bug 50
98 Predictive Runtime Analysis Search space Observed execution Causal model Inferred executions Bug More relaxed causal model yields more inferred executions 50
99 Originally for distributed systems [Lamport-78] Applied to shared memory systems by several authors Causal model = non-permutable pairs of events a Traditional Predictive Runtime Analysis: Happens-Before = {intra-thread total orders} U {causal dependencies} Causal dependency: if two events access the same location and one writes it, then their execution order matters Inferred executions = extending the causal model 51
100 Happens-Before Works... If Lucky Property: authenticate before access Main Thread: Task Thread: s 3 : if (! flag.value) Thread.yield() ; s 1 : resource.authenticate() s 2 : flag.value = true; s 4 : resource.access(); Observed execution: s 3 s 1 s 2 s 4 52
101 Happens-Before Works... If Lucky Property: authenticate before access Main Thread: Task Thread: s 3 : if (! flag.value) Thread.yield() ; s 1 : resource.authenticate() s 2 : flag.value = true; s 4 : resource.access(); Observed execution: s 3 s 1 s 2 s 4 Causal dependency: s 3 < s 2 Bad execution inferred: s 3 s 4 s 1 s 2. Bug detected! Chances of observing this execution are very low 53
102 Happens-Before Limitations Property: authenticate before access Main Thread: s 1 : resource.authenticate() s 2 : flag.value = true; Task Thread: s 3 : if (! flag.value) Thread.yield() ; s 4 : resource.access(); Observed execution: s 1 s 2 s 3 s 4 Causal dependency: s 2 < s 3. No bug found Too constrained: access will be performed regardless of the flag 54
103 Sliced Causality Relaxes the Happens-Before causal model Formally proved in [chen-rosu-07] How? Focus on the property Use static information about the program Remove events and causalities irrelevant to the property Smaller and more relaxed causal model (Exponentially) more inferred executions Better predictive capability 55
104 Sliced Causality Start with those events relevant to the property Add events on which they are control dependent (transitively, intrathread) Add events on which they are data dependent (transitively, interthread) 56
105 Static Information: Control Scope S2 is in the control scope of S1 if its execution depends on a choice at S1 s 1 : if (flag) { s 2 :... } else { s 3 :... } s 4 :... s 0 : i=0; s 1 : while (i<3) { s 2 :... s 3 : } s 4 :... i++ s 1 : while (!flag) { s 2 :... } s 3 :... Extends to other control statements break/continue, return, exceptions 57
106 Static Information: Control Scope S2 is in the control scope of S1 if its execution depends on a choice at S1 s if 1 : if (flag) { s 2 :... } else { s 3 :... } s 4 :... s 0 : i=0; s 1 : while (i<3) { s 2 :... s 3 : } s 4 :... i++ s 1 : while (!flag) { s 2 :... } s 3 :... Extends to other control statements break/continue, return, exceptions 57
107 Static Information: Control Scope S2 is in the control scope of S1 if its execution depends on a choice at S1 s if 1 : if (flag) { s 2 :... } else { s 3 :... } s 4 :... s 0 : i=0; s 1 : while (i<3) { s 2 :... s 3 : i++ } s 4 :... s 1 : while (!flag) { s 2 :... } s 3 :... Extends to other control statements break/continue, return, exceptions 57
108 Static Information: Control Scope S2 is in the control scope of S1 if its execution depends on a choice at S1 s if 1 : if (flag) { s 2 :... } else { s 3 :... } s 4 :... s 0 : i=0; s 1 : while (i<3) { s 2 :... s 3 : i++ } s 4 :... s { 1 : while (!flag) { s... 2 :... } 3... s 3 :... Extends to other control statements break/continue, return, exceptions 57
109 Slice Causality Works! Property: authenticate before access Main Thread: s 1 : resource.authenticate() s 2 : flag.value = true; Task Thread: s 3 : if (! flag.value) Thread.yield() ; s 4 : resource.access(); Observed execution: s 1 s 2 s 3 s 4 Only s 1 and s 4 directly relevant to the property 58
110 Slice Causality Works! Property: authenticate before access Main Thread: s 1 : resource.authenticate() s 2 : flag.value = true; Task Thread: s 3 : if (! flag.value) Thread.yield() ; s 4 : resource.access(); Observed execution: s 1 s 2 s 3 s 4 Only s 1 and s 4 directly relevant to the property Execution of s 4 not dependent of s 3 ; ignore the causal dependency s 2 < s 3 Sliced causality: s 1 <> s 4 ; s 4 s 1 is a potential execution. Bug detected! 59
111 No False Alarms Property: authenticate before access Main Thread: s 1 : resource.authenticate() s 2 : flag.value = true; Task Thread: s 3 : while (! flag.value) Thread.yield(); s 4 : resource.access(); Observed execution: s 1 s 2 s 3 s 4 60
112 No False Alarms Property: authenticate before access Main Thread: s 1 : resource.authenticate() s 2 : flag.value = true; Task Thread: s 3 : while (! flag.value) Thread.yield(); s 4 : resource.access(); Observed execution: s 1 s 2 s 3 s 4 Execution of s 4 depends on flag.value being true at s 3 causal dependency s 2 < s 3 matters Sliced causality: s 1 <s 2 < s 3 < s 4, no false alarm! 61
113 Overview Monitoring RV-Monitor Demo RV-Monitor Techniques and Implementation Monitor Synthesis Parametric Monitoring Optimizations Prediction RV-Predict Demo RV-Predict Techniques and Implementation Sliced Causality Pipeline Race Prediction
114 RV-Predict Pipeline jpredictor: Filling the box Original Program Property Predicted Violations: Counter-Examples 63
115 RV-Predict Pipeline jpredictor: Filling the box Original Program Static Analyzer Property Predicted Violations: Counter-Examples 64
116 RV-Predict Pipeline jpredictor: Filling the box Original Program Instrumented Program Static Analyzer Structural Information Property Predicted Violations: Counter-Examples 65
117 RV-Predict Pipeline jpredictor: Filling the box Original Program Instrumented Program Static Analyzer Recorded Trace Complete Trace JVM Preprocessor Structural Information Property Predicted Violations: Counter-Examples 66
118 RV-Predict Pipeline jpredictor: Filling the box Original Program Instrumented Program Static Analyzer Recorded Trace Complete Trace JVM Preprocessor Trace Slicer Structural Information Sliced Trace Property Predicted Violations: Counter-Examples 67
119 RV-Predict Pipeline jpredictor: Filling the box Original Program Instrumented Program Static Analyzer Recorded Trace Complete Trace JVM Preprocessor Trace Slicer Structural Information Sliced Trace Property Vector Clock Calculator Causal Model Predicted Violations: Counter-Examples 68
120 RV-Predict Pipeline jpredictor: Filling the box Original Program Instrumented Program Static Analyzer Recorded Trace Complete Trace JVM Preprocessor Trace Slicer Structural Information Sliced Trace Property Vector Clock Calculator Causal Model Property Checker Predicted Violations: Counter-Examples 69
121 Overview Monitoring RV-Monitor Demo RV-Monitor Techniques and Implementation Monitor Synthesis Parametric Monitoring Optimizations Prediction RV-Predict Demo RV-Predict Techniques and Implementation Sliced Causality Pipeline Race Prediction
122 Data Race Prediction Consider all pairs of accesses in the trace We actually do something smarter Check if either access is a write We are not worried about read-read races Check if they have incomparable VCs Incomparable VCs means accesses could be reordered If they have different lock sets then race found 71
123 RV-Predict Performance jpredictor RV-Predict Name Input Real Time Disk Usage Real Time Disk Usage account - 0: K 0: K elevator - 5: M 1: K tsp map4 2 4: M 1: K tsp map5 2 8: M 2: K tsp map10 2 > 3 hours > 230M 33: M huge - crash crash 0: M medium - crash crash 0: K small - crash crash 0: K mixedlockshuge - > 2 hours > 250M 0: M mixedlocksbig - 4: M 0: K mixedlocksmedium - 0: M 0: K mixedlockssmall - 0: M 0: K jpredictor vs. RV-Predict 72
124 Conclusion RV-Monitor is a generic yet efficient monitoring system Extensible logic framework: FSM, ERE, PTLTL, FTLTL, LTL, CFG, PTCaRet, RV-Predict provides very efficient causal predict of generic properties Race detection, atomicity violations, monitoring properties
Monitoring-Oriented Programming
Monitoring-Oriented Programming Seyed Mohammad Mehdi Ahmadpanah smahmadpanah@aut.ac.ir ceit.aut.ac.ir/~ahmadpanah Supervisor Dr. Mehran S. Fallah Formal Security Lab. CEIT@AUT Mar. 12, 2017 Outline Introduction
More informationRV: A Run'me Verifica'on Framework for Monitoring, Predic'on and Mining
RV: A Run'me Verifica'on Framework for Monitoring, Predic'on and Mining Patrick Meredith Grigore Rosu University of Illinois at Urbana Champaign (UIUC) Run'me Verifica'on, Inc. (joint work with Dongyun
More informationMOP: An Efficient and Generic Runtime Verification Framework
MOP: An Efficient and Generic Runtime Verification Framework Feng Chen Grigore Roşu University of Illinois at Urbana-Champaign {fengchen,grosu@cs.uiuc.edu Abstract Monitoring-Oriented Programming (MOP
More informationMOP: An Efficient and Generic Runtime Verification Framework
MOP: An Efficient and Generic Runtime Verification Framework Feng Chen Grigore Roşu University of Illinois at Urbana-Champaign {fengchen,grosu@cs.uiuc.edu Abstract Monitoring-Oriented Programming (MOP
More informationCourse 7 25 November Adrian Iftene
Course 7 25 November 2013 Adrian Iftene adiftene@info.uaic.ro 1 Recapitulation course 6 AOP AOP Profiler Tracing Pooling PostSharp Spring Framework Runtime Verification Model Checking MOP Java MOP 2 Concern
More informationJava-MOP: A Monitoring Oriented Programming Environment for Java
Java-MOP: A Monitoring Oriented Programming Environment for Java Feng Chen and Grigore Roşu Department of Computer Science, University of Illinois at Urbana - Champaign, USA {fengchen, grosu}@uiuc.edu
More informationcontext free grammars
context free grammars in JavaMOP CS 119 a property can be seen as a language defined by a grammar 2 http://fsl.cs.uiuc.edu/index.php/special:cfgplugin Instances of MOP MOP JavaMOP BusMOP HardwareMOP languages
More informationAn Overview of the MOP Runtime Verification Framework
Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) An Overview of the MOP Runtime Verification Framework Patrick O Neil Meredith, Dongyun Jin, Dennis Griffith, Feng
More informationRuntime Verification with the RV System
Runtime Verification with the RV System Patrick Meredith and Grigore Roşu 1 Runtime Verification, Inc 2 University of Illinois at Urbana-Champaign 3 {pmeredit, grosu@illinois.edu Abstract. The RV system
More informationjpredictor: A Predictive Runtime Analysis Tool for Java
jpredictor: A Predictive Runtime Analysis Tool for Java Feng Chen CS Department University of Illinois, Urbana fengchen@cs.uiuc.edu Traian Florin Şerbănuţă CS Department University of Illinois, Urbana
More informationEFFICIENT, EXPRESSIVE, AND EFFECTIVE RUNTIME VERIFICATION PATRICK O NEIL MEREDITH DISSERTATION
EFFICIENT, EXPRESSIVE, AND EFFECTIVE RUNTIME VERIFICATION BY PATRICK O NEIL MEREDITH DISSERTATION Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer
More informationEfficient Parametric Runtime Verification with Deterministic String Rewriting
Efficient Parametric Runtime Verification with Deterministic String Rewriting Patrick Meredith University of Illinois at Urbana-Champaign Urbana IL, USA pmeredit@illinois.edu Grigore Roşu University of
More informationLarge-Scale API Protocol Mining for Automated Bug Detection
Large-Scale API Protocol Mining for Automated Bug Detection Michael Pradel Department of Computer Science ETH Zurich 1 Motivation LinkedList pinconnections =...; Iterator i = pinconnections.iterator();
More informationJava-MOP: A Monitoring Oriented Programming Environment for Java
Java-MOP: A Monitoring Oriented Programming Environment for Java Feng Chen and Grigore Roşu Department of Computer Science University of Illinois at Urbana - Champaign, USA {fengchen,grosu@uiuc.edu Abstract.
More informationEfficient Formalism-Independent Monitoring of Parametric Properties
Efficient Formalism-Independent Monitoring of Parametric Properties Feng Chen Patrick O Neil Meredith Dongyun Jin Grigore Roşu University of Illinois at Urbana-Champaign {fengchenpmereditdjin3grosu}@illinoisedu
More informationA Story of Parametric Trace Slicing, Garbage and Static Analysis
A Story of Parametric Trace Slicing, Garbage and Static Analysis Giles Reger School of Computer Science, University of Manchester, UK PrePost 2017 Giles Reger A Story of Parametric Trace Slicing, Garbage
More informationParametric Trace Slicing and Monitoring
Parametric Trace Slicing and Monitoring Feng Chen and Grigore Roşu Department of Computer Science, University of Illinois at Urbana-Champaign {fengchen,grosu}@cs.uiuc.edu Abstract. Analysis of execution
More informationMAKING RUNTIME MONITORING OF PARAMETRIC PROPERTIES PRACTICAL DONGYUN JIN DISSERTATION
MAKING RUNTIME MONITORING OF PARAMETRIC PROPERTIES PRACTICAL BY DONGYUN JIN DISSERTATION Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science
More informationCover Page. The handle holds various files of this Leiden University dissertation
Cover Page The handle http://hdl.handle.net/1887/22891 holds various files of this Leiden University dissertation Author: Gouw, Stijn de Title: Combining monitoring with run-time assertion checking Issue
More informationCourse 8 3 December Adrian Iftene
Course 8 3 December 2011 Adrian Iftene adiftene@info.uaic.ro 1 Recapitulation course 7 Runtime Verification Model Checking MOP Runtime Verification Java MOP Examples Tools: MaC, J-LO SOA Definition Service,
More informationMOPBox: A Library Approach to Runtime Verification
MOPBox: A Library Approach to Runtime Verification (Tool Demonstration) Eric Bodden eric.bodden@cased.de Center for Advanced Security Research Darmstadt Software Technology Group Technische Universität
More informationHow Good Are the Specs?
How Good Are the Specs? A Study of the Bug-Finding Effectiveness of Existing Java API Specifications Owolabi Legunsen, Wajih Ul Hassan, Xinyue Xu Grigore Rosu and Darko Marinov ASE 2016 Singapore, Singapore
More informationTracechecks: Defining semantic interfaces with temporal logic
Tracechecks Defining semantic interfaces with temporal logic Eric Bodden 1 Volker Stolz 2 1 Sable Research Group McGill University, Montréal, Canada 2 MOVES: Software Modeling and Verification RWTH Aachen
More informationCourse 8 27 November Adrian Iftene
Course 8 27 November 2017 Adrian Iftene adiftene@info.uaic.ro 1 Recapitulation course 7 Runtime Verification Model Checking MOP Runtime Verification Java MOP Examples Tools: MaC, J-LO SOA Definition Service,
More informationLu Fang, University of California, Irvine Liang Dou, East China Normal University Harry Xu, University of California, Irvine
Lu Fang, University of California, Irvine Liang Dou, East China Normal University Harry Xu, University of California, Irvine 2015-07-09 Inefficient code regions [G. Jin et al. PLDI 2012] Inefficient code
More informationJava PathFinder JPF 2 Second Generation of Java Model Checker
Java PathFinder JPF 2 Second Generation of Java Model Checker Guenther Brand Mat. Nr. 9430535 27. 06. 2003 Abstract This essay is based on the papers Java PathFinder, Second Generation of Java Model Checker
More informationA Formal Monitoring-based Framework for Software Development and Analysis
A Formal Monitoring-based Framework for Software Development and Analysis Feng Chen, Marcelo D Amorim, and Grigore Roşu Department of Computer Science University of Illinois at Urbana - Champaign, USA
More informationProbabilistic Calling Context
Probabilistic Calling Context Michael D. Bond Kathryn S. McKinley University of Texas at Austin Why Context Sensitivity? Static program location not enough at com.mckoi.db.jdbcserver.jdbcinterface.execquery():213
More informationSymbolic Execution, Dynamic Analysis
Symbolic Execution, Dynamic Analysis http://d3s.mff.cuni.cz Pavel Parízek CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics Symbolic execution Pavel Parízek Symbolic Execution, Dynamic Analysis
More information1 Runtime Verification using JavaMOP
1 Runtime Verification using JavaMOP Venkatesh Vinayakarao, IIIT Delhi. Monitor Oriented Programming (MOP) 1 is a framework for runtime verification using the concept of monitors. JavaMop 2 is a Java implementation
More informationThe Java Memory Model
Jeremy Manson 1, William Pugh 1, and Sarita Adve 2 1 University of Maryland 2 University of Illinois at Urbana-Champaign Presented by John Fisher-Ogden November 22, 2005 Outline Introduction Sequential
More informationApplications of Program analysis in Model-Based Design
Applications of Program analysis in Model-Based Design Prahlad Sampath (Prahlad.Sampath@mathworks.com) 2018 by The MathWorks, Inc., MATLAB, Simulink, Stateflow, are registered trademarks of The MathWorks,
More informationStatic Analysis of Embedded C
Static Analysis of Embedded C John Regehr University of Utah Joint work with Nathan Cooprider Motivating Platform: TinyOS Embedded software for wireless sensor network nodes Has lots of SW components for
More informationGrigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois
https://runtimeverification.com Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois Runtime Verification Company Licensed by University of Illinois at Urbana-Champaign
More informationComputation Abstractions. Processes vs. Threads. So, What Is a Thread? CMSC 433 Programming Language Technologies and Paradigms Spring 2007
CMSC 433 Programming Language Technologies and Paradigms Spring 2007 Threads and Synchronization May 8, 2007 Computation Abstractions t1 t1 t4 t2 t1 t2 t5 t3 p1 p2 p3 p4 CPU 1 CPU 2 A computer Processes
More informationChecking and Correcting Behaviors of Java Programs at Runtime with Java-MOP 1
Checking and Correcting Behaviors of Java Programs at Runtime with Java-MOP 1 Feng Chen and Marcelo d Amorim and Grigore Roşu Department of Computer Science University of Illinois at Urbana-Champaign,
More informationVerifying Concurrent Programs
Verifying Concurrent Programs Daniel Kroening 8 May 1 June 01 Outline Shared-Variable Concurrency Predicate Abstraction for Concurrent Programs Boolean Programs with Bounded Replication Boolean Programs
More informationA Tutorial on Runtime Verification and Assurance. Ankush Desai EECS 219C
A Tutorial on Runtime Verification and Assurance Ankush Desai EECS 219C Outline 1. Background on Runtime Verification 2. Challenges in Programming Robotics System Drona). 3. Solution 1: Combining Model
More informationLeveraging Test Generation and Specification Mining for Automated Bug Detection without False Positives
Leveraging Test Generation and Specification Mining for Automated Bug Detection without False Positives Michael Pradel and Thomas R. Gross Department of Computer Science ETH Zurich 1 Motivation API usage
More informationAn Instrumentation Technique for Online Analysis of Multithreaded Programs
An Instrumentation Technique for Online Analysis of Multithreaded Programs Grigore Roşu and Koushik Sen Department of Computer Science, University of Illinois at Urbana-Champaign, USA Email: {grosu,ksen}@uiuc.edu
More informationProving liveness. Alexey Gotsman IMDEA Software Institute
Proving liveness Alexey Gotsman IMDEA Software Institute Safety properties Ensure bad things don t happen: - the program will not commit a memory safety fault - it will not release a lock it does not hold
More informationRuntime Atomicity Analysis of Multi-threaded Programs
Runtime Atomicity Analysis of Multi-threaded Programs Focus is on the paper: Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs by C. Flanagan and S. Freund presented by Sebastian Burckhardt
More informationSynchronization SPL/2010 SPL/20 1
Synchronization 1 Overview synchronization mechanisms in modern RTEs concurrency issues places where synchronization is needed structural ways (design patterns) for exclusive access 2 Overview synchronization
More informationPromela and SPIN. Mads Dam Dept. Microelectronics and Information Technology Royal Institute of Technology, KTH. Promela and SPIN
Promela and SPIN Mads Dam Dept. Microelectronics and Information Technology Royal Institute of Technology, KTH Promela and SPIN Promela (Protocol Meta Language): Language for modelling discrete, event-driven
More informationModels of concurrency & synchronization algorithms
Models of concurrency & synchronization algorithms Lecture 3 of TDA383/DIT390 (Concurrent Programming) Carlo A. Furia Chalmers University of Technology University of Gothenburg SP3 2016/2017 Today s menu
More informationStatic Analysis of Embedded C Code
Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider Relevant features of C code for MCUs Interrupt-driven concurrency Direct hardware access Whole program
More informationCSE 153 Design of Operating Systems
CSE 153 Design of Operating Systems Winter 19 Lecture 7/8: Synchronization (1) Administrivia How is Lab going? Be prepared with questions for this weeks Lab My impression from TAs is that you are on track
More informationStatic and Dynamic Program Analysis: Synergies and Applications
Static and Dynamic Program Analysis: Synergies and Applications Mayur Naik Intel Labs, Berkeley CS 243, Stanford University March 9, 2011 Today s Computing Platforms Trends: parallel cloud mobile Traits:
More informationMonitoring Interfaces for Faults
Monitoring Interfaces for Faults Aleksandr Zaks RV 05 - Fifth Workshop on Runtime Verification Joint work with: Amir Pnueli, Lenore Zuck Motivation Motivation Consider two components interacting with each
More informationProgram Calling Context. Motivation
Program alling ontext Motivation alling context enhances program understanding and dynamic analyses by providing a rich representation of program location ollecting calling context can be expensive The
More informationCooperari A tool for cooperative testing of multithreaded Java programs
Cooperari A tool for cooperative testing of multithreaded Java programs Eduardo R. B. Marques, Francisco Martins, Miguel Simões! LASIGE/Departamento de Informática Faculdade de Ciências da Universidade
More informationParametric Real Time System Feasibility Analysis Using Parametric Timed Automata
Parametric Real Time System Feasibility Analysis Using Parametric Timed Automata PhD Dissertation Yusi Ramadian Advisor : Luigi Palopoli Co advisor : Alessandro Cimatti 1 Real Time System Applications
More informationModel-checking with the TimeLine formalism
Model-checking with the TimeLine formalism Andrea Zaccara University of Antwerp Andrea.Zaccara@student.uantwerpen.be Abstract A logical model checker can be an effective tool for verification of software
More information4/6/2011. Model Checking. Encoding test specifications. Model Checking. Encoding test specifications. Model Checking CS 4271
Mel Checking LTL Property System Mel Mel Checking CS 4271 Mel Checking OR Abhik Roychoudhury http://www.comp.nus.edu.sg/~abhik Yes No, with Counter-example trace 2 Recap: Mel Checking for mel-based testing
More informationAdaptive Multi-Level Compilation in a Trace-based Java JIT Compiler
Adaptive Multi-Level Compilation in a Trace-based Java JIT Compiler Hiroshi Inoue, Hiroshige Hayashizaki, Peng Wu and Toshio Nakatani IBM Research Tokyo IBM Research T.J. Watson Research Center October
More informationMapping ACL to JavaMOP: A Feasibility Study
Mapping ACL to JavaMOP: A Feasibility Study by Joshua Beltramin A thesis submitted to the Faculty of Graduate and Postdoctoral Affairs in partial fulfillment of the requirements for the degree of Master
More informationPredictive Runtime Analysis of Multithreaded Programs
Predictive Runtime Analysis of Multithreaded Programs Feng Chen and Grigore Roşu Department of Computer Science University of Illinois at Urbana - Champaign, USA {fengchen,grosu@uiuc.edu Abstract. We present
More informationSoftware Vulnerability
Software Vulnerability Refers to a weakness in a system allowing an attacker to violate the integrity, confidentiality, access control, availability, consistency or audit mechanism of the system or the
More informationTyped Assembly Language for Implementing OS Kernels in SMP/Multi-Core Environments with Interrupts
Typed Assembly Language for Implementing OS Kernels in SMP/Multi-Core Environments with Interrupts Toshiyuki Maeda and Akinori Yonezawa University of Tokyo Quiz [Environment] CPU: Intel Xeon X5570 (2.93GHz)
More informationComputing Approximate Happens-Before Order with Static and Dynamic Analysis
Department of Distributed and Dependable Systems Technical report no. D3S-TR-2013-06 May 7, 2018 Computing Approximate Happens-Before Order with Static and Dynamic Analysis Pavel Parízek, Pavel Jančík
More informationNon-blocking Array-based Algorithms for Stacks and Queues. Niloufar Shafiei
Non-blocking Array-based Algorithms for Stacks and Queues Niloufar Shafiei Outline Introduction Concurrent stacks and queues Contributions New algorithms New algorithms using bounded counter values Correctness
More informationDuet: Static Analysis for Unbounded Parallelism
Duet: Static Analysis for Unbounded Parallelism Azadeh Farzan and Zachary Kincaid University of Toronto Abstract. Duet is a static analysis tool for concurrent programs in which the number of executing
More informationNew Algorithms for Static Analysis via Dyck Reachability
New Algorithms for Static Analysis via Dyck Reachability Andreas Pavlogiannis 4th Inria/EPFL Workshop February 15, 2018 A. Pavlogiannis New Algorithms for Static Analysis via Dyck Reachability 2 A. Pavlogiannis
More informationAlgorithmic Verification. Algorithmic Verification. Model checking. Algorithmic verification. The software crisis (and hardware as well)
Algorithmic Verification The software crisis (and hardware as well) Algorithmic Verification Comp4151 Lecture 1-B Ansgar Fehnker Computer become more powerful (Moore s law) The quality of programs cannot
More informationCS/ECE 5780/6780: Embedded System Design
CS/ECE 5780/6780: Embedded System Design John Regehr Lecture 18: Introduction to Verification What is verification? Verification: A process that determines if the design conforms to the specification.
More informationThread Safety. Review. Today o Confinement o Threadsafe datatypes Required reading. Concurrency Wrapper Collections
Thread Safety Today o Confinement o Threadsafe datatypes Required reading Concurrency Wrapper Collections Optional reading The material in this lecture and the next lecture is inspired by an excellent
More informationNDSeq: Runtime Checking for Nondeterministic Sequential Specs of Parallel Correctness
EECS Electrical Engineering and Computer Sciences P A R A L L E L C O M P U T I N G L A B O R A T O R Y NDSeq: Runtime Checking for Nondeterministic Sequential Specs of Parallel Correctness Jacob Burnim,
More informationAdministrivia. ECE/CS 5780/6780: Embedded System Design. Acknowledgements. What is verification?
Administrivia ECE/CS 5780/6780: Embedded System Design Scott R. Little Lab 8 status report. Set SCIBD = 52; (The Mclk rate is 16 MHz.) Lecture 18: Introduction to Hardware Verification Scott R. Little
More informationXuandong Li. BACH: Path-oriented Reachability Checker of Linear Hybrid Automata
BACH: Path-oriented Reachability Checker of Linear Hybrid Automata Xuandong Li Department of Computer Science and Technology, Nanjing University, P.R.China Outline Preliminary Knowledge Path-oriented Reachability
More informationSingle-Path Programming on a Chip-Multiprocessor System
Single-Path Programming on a Chip-Multiprocessor System Martin Schoeberl, Peter Puschner, and Raimund Kirner Vienna University of Technology, Austria mschoebe@mail.tuwien.ac.at, {peter,raimund}@vmars.tuwien.ac.at
More informationSuggesting Edits to Explain Failing Traces
Suggesting Edits to Explain Failing Traces Giles Reger University of Manchester, UK Abstract. Runtime verification involves checking whether an execution trace produced by a running system satisfies a
More informationAtomChase: Directed Search Towards Atomicity Violations
AtomChase: Directed Search Towards Atomicity Violations Mahdi Eslamimehr, Mohsen Lesani Viewpoints Research Institute, 1025 Westwood Blvd 2nd flr, Los Angeles, CA 90024 t: (310) 208-0524 AtomChase: Directed
More informationCOS 320. Compiling Techniques
Topic 5: Types COS 320 Compiling Techniques Princeton University Spring 2016 Lennart Beringer 1 Types: potential benefits (I) 2 For programmers: help to eliminate common programming mistakes, particularly
More informationAdvanced Programming Methods. Introduction in program analysis
Advanced Programming Methods Introduction in program analysis What is Program Analysis? Very broad topic, but generally speaking, automated analysis of program behavior Program analysis is about developing
More informationHonours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui
Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui Projects 1 Information flow analysis for mobile applications 2 2 Machine-learning-guide typestate analysis for UAF vulnerabilities 3 3 Preventing
More informationProgramming Assignment
Programming Assignment Multi-core nested depth-first search in Java Introduction In this assignment, you will implement a multi-core nested depth-first search algorithm (MC-NDFS). Sequential NDFS is a
More informationSystem Correctness. EEC 421/521: Software Engineering. System Correctness. The Problem at Hand. A system is correct when it meets its requirements
System Correctness EEC 421/521: Software Engineering A Whirlwind Intro to Software Model Checking A system is correct when it meets its requirements a design without requirements cannot be right or wrong,
More informationProcess groups and message ordering
Process groups and message ordering If processes belong to groups, certain algorithms can be used that depend on group properties membership create ( name ), kill ( name ) join ( name, process ), leave
More informationThe SPIN Model Checker
The SPIN Model Checker Metodi di Verifica del Software Andrea Corradini Lezione 1 2013 Slides liberamente adattate da Logic Model Checking, per gentile concessione di Gerard J. Holzmann http://spinroot.com/spin/doc/course/
More informationSMEDL: Combining Synchronous and Asynchronous Monitoring
University of Pennsylvania ScholarlyCommons Departmental Papers (CIS) Department of Computer & Information Science 9-2016 SMEDL: Combining Synchronous and Asynchronous Monitoring Teng Zhang University
More informationA Tutorial Introduction 1
Preface From the Old to the New Acknowledgments xv xvii xxi 1 Verilog A Tutorial Introduction 1 Getting Started A Structural Description Simulating the binarytoeseg Driver Creating Ports For the Module
More informationSeminar in Software Engineering Presented by Dima Pavlov, November 2010
Seminar in Software Engineering-236800 Presented by Dima Pavlov, November 2010 1. Introduction 2. Overview CBMC and SAT 3. CBMC Loop Unwinding 4. Running CBMC 5. Lets Compare 6. How does it work? 7. Conclusions
More informationInstrumentation of Java Bytecode for Runtime Analysis
Instrumentation of Java Bytecode for Runtime Analysis Allen Goldberg and Klaus Havelund Kestrel Technology, NASA Ames Research Center Moffett Field, MS 269-3, California USA Phone: 650-604-4858, Email:
More informationMaximal Causality Reduction for TSO and PSO. Shiyou Huang Jeff Huang Parasol Lab, Texas A&M University
Maximal Causality Reduction for TSO and PSO Shiyou Huang Jeff Huang huangsy@tamu.edu Parasol Lab, Texas A&M University 1 A Real PSO Bug $12 million loss of equipment curpos = new Point(1,2); class Point
More informationCalFuzzer: An Extensible Active Testing Framework for Concurrent Programs Pallavi Joshi 1, Mayur Naik 2, Chang-Seo Park 1, and Koushik Sen 1
CalFuzzer: An Extensible Active Testing Framework for Concurrent Programs Pallavi Joshi 1, Mayur Naik 2, Chang-Seo Park 1, and Koushik Sen 1 1 University of California, Berkeley, USA {pallavi,parkcs,ksen}@eecs.berkeley.edu
More informationFastTrack: Efficient and Precise Dynamic Race Detection (+ identifying destructive races)
FastTrack: Efficient and Precise Dynamic Race Detection (+ identifying destructive races) Cormac Flanagan UC Santa Cruz Stephen Freund Williams College Multithreading and Multicore! Multithreaded programming
More informationMulti-threaded programming in Java
Multi-threaded programming in Java Java allows program to specify multiple threads of execution Provides instructions to ensure mutual exclusion, and selective blocking/unblocking of threads What is a
More informationA Gentle Introduction to Program Analysis
A Gentle Introduction to Program Analysis Işıl Dillig University of Texas, Austin January 21, 2014 Programming Languages Mentoring Workshop 1 / 24 What is Program Analysis? Very broad topic, but generally
More informationA Small Survey of Java Specification Languages *
Proceedings of the 8 th International Conference on Applied Informatics Eger, Hungary, January 27 30, 2010. Vol. 2. pp. 409 416. A Small Survey of Java Specification Languages * Gábor Kusper a, Gergely
More informationLeveraging DTrace for runtime verification
Leveraging DTrace for runtime verification Carl Martin Rosenberg June 7th, 2016 Department of Informatics, University of Oslo Context: Runtime verification Desired properties System Every request gets
More informationCrafting a Compiler with C (II) Compiler V. S. Interpreter
Crafting a Compiler with C (II) 資科系 林偉川 Compiler V S Interpreter Compilation - Translate high-level program to machine code Lexical Analyzer, Syntax Analyzer, Intermediate code generator(semantics Analyzer),
More informationOperating Systems Design Fall 2010 Exam 1 Review. Paul Krzyzanowski
Operating Systems Design Fall 2010 Exam 1 Review Paul Krzyzanowski pxk@cs.rutgers.edu 1 Question 1 To a programmer, a system call looks just like a function call. Explain the difference in the underlying
More informationSoftware Architecture and Engineering: Part II
Software Architecture and Engineering: Part II ETH Zurich, Spring 2016 Prof. http://www.srl.inf.ethz.ch/ Framework SMT solver Alias Analysis Relational Analysis Assertions Second Project Static Analysis
More informationSafety Checks and Semantic Understanding via Program Analysis Techniques
Safety Checks and Semantic Understanding via Program Analysis Techniques Nurit Dor Joint Work: EranYahav, Inbal Ronen, Sara Porat Goal Find properties of a program Anti-patterns that indicate potential
More informationSoftware Model Checking. From Programs to Kripke Structures
Software Model Checking (in (in C or or Java) Java) Model Model Extraction 1: int x = 2; int y = 2; 2: while (y
More informationM. De Wulf, L. Doyen,J.-F. Raskin Université Libre de Bruxelles Centre Fédéré en Vérification
Systematic Implementation of Real-Time Models M. De Wulf, L. Doyen,J.-F. Raskin Université Libre de Bruxelles Centre Fédéré en Vérification Model-based Development for Controllers Make a model of the environment
More informationModel Checking of Statecharts using Automatic White Box Test Generation
Abstract Model Checking of Statecharts using Automatic White Box Test Generation Doron Drusinsky Time Rover, Inc., 11425 Charsan Lane, Cupertino, CA, 95014 www.time-rover.com This paper describes a model
More informationW4118: concurrency error. Instructor: Junfeng Yang
W4118: concurrency error Instructor: Junfeng Yang Goals Identify patterns of concurrency errors (so you can avoid them in your code) Learn techniques to detect concurrency errors (so you can apply these
More informationA Dynamic Evaluation of the Precision of Static Heap Abstractions
A Dynamic Evaluation of the Precision of Static Heap Abstractions OOSPLA - Reno, NV October 20, 2010 Percy Liang Omer Tripp Mayur Naik Mooly Sagiv UC Berkeley Tel-Aviv Univ. Intel Labs Berkeley Tel-Aviv
More informationDataCollider: Effective Data-Race Detection for the Kernel
DataCollider: Effective Data-Race Detection for the Kernel John Erickson, Madanlal Musuvathi, Sebastian Burckhardt, Kirk Olynyk Microsoft Windows and Microsoft Research {jerick, madanm, sburckha, kirko}@microsoft.com
More information