Tracechecks: Defining semantic interfaces with temporal logic

Similar documents
MOPBox: A Library Approach to Runtime Verification

Java-MOP: A Monitoring Oriented Programming Environment for Java

A Special-Purpose AOP Framework for Runtime Monitoring

Adding Trace Matching with Free Variables to AspectJ

Adding trace matching to AspectJ

MOP: An Efficient and Generic Runtime Verification Framework

Parametric Trace Slicing and Monitoring

Efficient Trace Monitoring

MOP: An Efficient and Generic Runtime Verification Framework

Nomair A. Naeem. Personal Data. Education. Teaching Experience. Course Instructor/Sessional

XAJ: An Extensible Aspect Oriented Language

An Extensible AOP Framework for Runtime Monitoring

Nu: a Dynamic Aspect-Oriented Intermediate Language Model and Virtual Machine for Flexible Runtime Adaptation

PL Punta Arenas

Optimizing AspectJ with abc

Enforcing Safety Properties in Product Lines

Runtime Verification with the RV System

Instrumentation of Java Bytecode for Runtime Analysis

Specification and Runtime Verification of API Constraints on Interacting Objects

Monitoring Assumptions in Assume-Guarantee Contracts

An Overview of the MOP Runtime Verification Framework

CalFuzzer: An Extensible Active Testing Framework for Concurrent Programs Pallavi Joshi 1, Mayur Naik 2, Chang-Seo Park 1, and Koushik Sen 1

Language support for AOP

Runtime Validation Using Interval Temporal Logic

Klaus Havelund Kestrel Technology NASA Ames Research Center, MS 269/2 Moffett Field, CA U.S.A

Cover Page. The handle holds various files of this Leiden University dissertation

Course 7 25 November Adrian Iftene

A Formal Monitoring-based Framework for Software Development and Analysis

Weaving Rewrite-Based Access Control Policies

COMPOSABILITY, PROVABILITY, REUSABILITY (CPR) FOR SURVIVABILITY

The RV System Tutorial

Unweaving the Impact of Aspect Changes in AspectJ

Aspects and Data Refinement

Optimized Compilation of Around Advice for Aspect Oriented Programs

Aspect-Oriented Generation of the API Documentation for AspectJ

Towards a model of concurrent AOP

Rule-Based Runtime Verification

TS4J: A Fluent Interface for Defining and Computing Typestate Analyses

Dynamic Instantiation-Checking Components

Analysis and Research on the Automated Generation of Unit Test

A Novel Approach to Unit Testing: The Aspect-Oriented Way

Temporal Aspects as Security Automata

A Temporal Logic Language for Context Awareness in Pointcuts

Nu: a dynamic aspect-oriented intermediate language model and virtual machine for flexible runtime adaptation

A DSL to declare aspect execution order

Course 8 3 December Adrian Iftene

Leveraging DTrace for runtime verification

Employing Query Technologies for Crosscutting Concern Comprehension

Static type safety guarantees for the operators of a relational database querying system. Cédric Lavanchy

From Multi-Modal Scenarios to Code: Compiling LSCs into AspectJ

Combining Test Case Generation and Runtime Verification

A Novel Approach for Software Property Validation

On-Demand Materialization of Aspects for Application Development

Bugdel: An Aspect-Oriented Debugging System

Java-MOP: A Monitoring Oriented Programming Environment for Java

Aspect-Oriented Instrumentation with GCC

A model and a tool for Event-based Aspect-Oriented Programming (EAOP)

Using and Extending AspectJ for Separating Concerns in Parallel Java Code

An Instrumentation Technique for Online Analysis of Multithreaded Programs

Checking and Correcting Behaviors of Java Programs at Runtime with Java-MOP 1

Monitoring-Oriented Programming

JML and Aspects: The Benefits of Instrumenting JML Features with AspectJ

A Lightweight and Extensible AspectJ Implementation

Model Checking DSL-Generated C Source Code

A Distributed Dynamic Aspect Machine for Scientific Software Development

Aspect-Oriented Instrumentation with GCC Appears in the Proceedings of the First International Conference on Runtime Verification (RV 2010)

Impact Analysis and Visualization Toolkit for Static Crosscutting in AspectJ

Relational Aspects as Tracematches

EFFICIENT, EXPRESSIVE, AND EFFECTIVE RUNTIME VERIFICATION PATRICK O NEIL MEREDITH DISSERTATION

JML and Aspects: The Benefits of

Typestate Checking for Actionscript 3

Weaving a Debugging Aspect into Domain-Specific Language Grammars

Querypoint Debugging. John J. Barton. Abstract. 1. Introduction. IBM Research Almaden San Jose, CA

A Type System for Functional Traversal-Based Aspects

Relational Aspects as Tracematches

Overview of AspectOPTIMA

A join point for loops in AspectJ

Nu: a Dynamic Aspect-Oriented Intermediate Language Model and Virtual Machine for Flexible Runtime Adaptation

SQL for Deep Dynamic Analysis?

Course 8 27 November Adrian Iftene

Modeling the Evolution of Aspect Configurations using Model Transformations

On the Impact of Aspect-Oriented Programming on Object-Oriented Metrics

Relational Aspects as Tracematches

Retrieving Sequence Diagrams from Aspect-Oriented Systems

A staged static program analysis to improve the performance of runtime monitoring

Runtime Checking for Program Verification Systems

A C-language binding for PSL

Introduction to. Bruno Harbulot. ESNW, the University of Manchester.

Research Interests. Education. Academic Experience. Software engineering, static program analysis, programming language design.

Context-Aware Aspects

Java PathFinder JPF 2 Second Generation of Java Model Checker

Detecting Precedence-Related Advice Interference

What is a Trace? A Runtime Verification Perspective

junit RV Adding Runtime Verification to junit

Comprehension of spacecraft telemetry using hierarchical specifications of behavior

AJDT: Getting started with Aspect-Oriented Programming in Eclipse

Building the abc AspectJ compiler with Polyglot and Soot

4/6/2011. Model Checking. Encoding test specifications. Model Checking. Encoding test specifications. Model Checking CS 4271

Specifying Pointcuts in AspectJ

SMEDL: Combining Synchronous and Asynchronous Monitoring

Transcription:

Tracechecks Defining semantic interfaces with temporal logic Eric Bodden 1 Volker Stolz 2 1 Sable Research Group McGill University, Montréal, Canada 2 MOVES: Software Modeling and Verification RWTH Aachen University, Aachen, Germany Vienna, March 25th, 2006

Outline What do we do? Dynamic verification of interface protocols in Java Problems with static approaches: (see talks on components today) recursion data structures Source code often contains informal requirements specifications. Our contribution: make a formal specification explicit in interfaces automatically instrument base application and check it at runtime

Temporal specifications Temporal specifications in Java today Excerpt from docs of java.util.iterator Method: void remove() Removes from the underlying collection the last element returned by the iterator (optional operation). This method can be called only once per call to next. The behavior of an iterator is unspecified if the underlying collection is modified while the iteration is in progress in any way other than by calling this method. Throws: UnsupportedOperationException - if the remove operation is not supported by this Iterator. IllegalStateException - if the next method has not yet been called, or the remove method has already been called after the last call to the next method.

What we actually want to say Temporal specifications next update 0 1 2 3 create update next

Temporal specifications Temporal specifications in Java today Problems with previous approaches The JDK implements checks for this by a combination of various counters in the iterator and collection classes. Implementation tedious and errorprone Requirement...... only in comments, which can easily be missed.... part of interface, i.e. Iterator Yet, it must be implemented within all implementors. And... not all do!... of crosscutting nature.

Can we do any better? Temporal specifications Prototype tool Java Logical Observer (J-LO): provides a means for specifying temporal assertions, called tracechecks can be attached to interfaces and classes uses Java 5 annotations formalism: extension of Linear Temporal Logic instrumentation through AspectJ

Tracechecks Temporal specifications 1 tracecheck ( C o l l e c t i o n col, I t e r a t o r i t e r ) { 2 3 sym create ( C o l l e c t i o n c, I t e r a t o r i ) a f t e r returning ( i ) : 4 c a l l ( C o l l e c t i o n +. i t e r a t o r ( ) ) && target ( c ) ; 5 sym next ( I t e r a t o r i ) before : 6 c a l l ( Object I t e r a t o r. next ( ) ) && target ( i ) ; 7 sym update ( C o l l e c t i o n c ) a f t e r : 8 update ( ) && target ( c ) ; 9 10 G( create ( col, i t e r ) X G( modify ( c o l ) G(! next ( i t e r ) ) ) ) 11 { 12 //could use "col" and "iter" 13 throw new ConcurrentModificationException ( ) ; 14 } 15 }

Tracechecks Benefits Temporal specifications Provides convenient instance-based reasoning via free variables. Allows for flexible deployment scenarios. As AspectJ language extension (seen before). In the form of Java 5 annotations... Specification right in place - even at interfaces.

Tracechecks Annotation style syntax Temporal specifications 1 public interface It erat or { 2... 3 4 @LTL( " 5 Collection c, thistype i : 6 G( ( 7 e x it ( c a l l ( C o l l e c t i o n +. i t e r a t o r ( ) ) 8 && target ( c ) ) returning i 9 ) ( 10 X(G( 11 ( entry ( 12 ( c a l l ( C o l l e c t i o n +. add (.. ) ) 13 c a l l ( C o l l e c t i o n +. remove (.. ) ) 14 c a l l ( C o l l e c t i o n +. clear ( ) ) 15 ) && target ( c ) 16 ) 17 ) ( 18 G( 19! ( 20 entry ( c a l l ( thismethod ) && target ( i ) ) 21 ) ) ) ) ) ) ) 22 " ) 23 public Object next ( ) ; 24 25 }

Semantic interfaces with J-LO How does it work? Code generation 1 Generate an AspectJ aspect implementing the required checks. 2 Weave this aspect into the base application. 3 The instrumented application checks itself during runtime. Evaluation based on Alternating Automata.

Runtime Verification Dynamic model Code generation s 0 /0 s 1 {p 1,p 2 } s 2 {p 1 } s 3 {p 1 } s 4{p2 } /0 {p 1,p 2 } {p 1 } {p 1 } Path identified by a sequence of sets of propositions 2 P Recognition of cycles impossible Path π = π[0]... π[n 1] finite

Code generation Specification encoded in Alternating automata G(p(x) F q(x)) p(x) p(1) F q(1) p(x) q(1) q(1) tt Σ

Code generation Specification encoded in Alternating automata G(p(x) F q(x)) p(x) p(1) p(2) p(x) F q(1) F q(2) q(1) q(1) q(2) q(2) tt tt Σ Σ

Implementation Example Code generation {{G(p(x) F q(x))}} {p(1),p(2)} {{G(p(x) F q(x)),f q(1),f q(2)}} {q(1)} {{G(p(x) F q(x)),f q(2)}} {q(2)} {{G(p(x) F q(x))}} G(p F q) p p F q q q tt Σ

Code generation Code generation Compiler Codegen Weaving Specification G( p )... Java bytecode G( p )... AFA in AspectJ aspect F1 {... Java bytecode if(!p) {... J-LO Tools we used: BAT2XML (TU Darmstadt) Extracts spec from Java annotations AspectBench Compiler ( abc, Oxford/McGill University) Code generations (AST rewrites) Instrumentation ( weaving )

Benchmarks Code generation Verification of temporal assertions for data structures: HashSets G( add ( set, c o l ) X G( modify ( c ) X( remove ( set, c o l ) R! contains ( set, c o l ) ) ) ) Stacks G( push ( s ) R! pop ( s ) ) Iterators / Enumerations tested with JHotDraw Lock order reversal problem tested with JigSaw (did actually find warnings!)

Related work Related work Future work Mainly on the fields of Aspect-oriented programming Program Query Languages Component Based Design Runtime Verification

Related work AOP/PQL/CBD Related work Future work Event based AOP (Douence et al.) [DFS04] Tracecuts (Walker et al.) [WV04] Tracematches (Allan et al.) [AAS + 04] Gamma (Ostermann et al.) [KO05] PQL (Martin et al.) [MLL05] PTQL (Goldsmith et al.) [GOA05] Südholt and Farias (Components with explicit behavioral protocols) [FS02]

Related work Runtime Verification Related work Future work Havelund et al. (NASA AMES) EAGLE [HBS03], Java PathExplorer [HR04] HAWK [dh05]: based on AspectJ/EAGLE, only subset of LTL Java MAC [KVK + 04] Temporal Rover manual instrumentation only

Future Work Related work Future work Future work: Tight integration with abc (in particular: Tracematches) Lowering the evaluation cost at runtime (JVM support?) Static dataflow analysis approximating results of Model Checking Performance optimizations

Related work Future work Tracechecks: Specification language for runtime-checking temporal assertions based on: AspectJ pointcuts, for generating a path model at runtime Linear temporal logic (LTL) to express temporal conditions over such paths Implementation using alternating automata and dynamic bindings in the Java Logical Observer - J-LO

Related work Future work Thank you for your attention Try it out: http://www-i2.informatik.rwth-aachen.de/jlo/

Appendix Program execution Thread t1 Lock l1 Aspect lock() lock(a=t1,x=l1) lock(a=t1,y=l1) props.add("lock(a,x)",[a=t1,x=l1]) Variables: Thread a, Lock x, Lock y props.add("lock(a,y)",[a=t1,y=l1]) lock configuration.transition(props) props= emptyset Propositions: lock(a,x), lock(a,y) lock

Appendix Bibliography I C. Allan, P. Avgustinov, A.S. Simon, L. Hendren, S. Kuzins, O. Lhoták, O. de Moor, D. Sereni, G. Sittamplan, and J. Tibble. Adding trace matching to AspectJ (submitted to OOPSLA 05). abc Technical Report abc-2005-01, McGill University, 2004. Rémi Douence, Pascal Fradet, and Mario Südholt. Composition, reuse and interaction analysis of stateful aspects. In AOSD 04: Proceedings of the 3rd international conference on Aspect-oriented software development, pages 141 150. ACM Press, 2004. Marcelo d Amorim and Klaus Havelund. Event-based runtime verification of java programs. In WODA 05: Proceedings of the third international workshop on Dynamic analysis, pages 1 7, New York, NY, USA, 2005. ACM Press. Andrés Farías and Mario Südholt. On components with explicit protocols satisfying a notion of correctness by construction. In In International Symposium on Distributed Objects and Applications (DOA). LNCS, 2002. Simon Goldsmith, Robert O Callahan, and Alex Aiken. Relational queries over program traces. In Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages and Applications, pages 385 402, 2005. K. Havelund H. Barringer, A. Goldberg and K. Sen. EAGLE does space efficient LTL monitoring. Pre-Print CSPP-25, Department of Computer Science, University of Manchester, October 2003.

Appendix Bibliography II K. Havelund and G. Roşu. An Overview of the Runtime Verification Tool Java PathExplorer. Formal Methods in System Design, 24(2):189 215, 2004. K. Klose and K. Ostermann. Back to the future: Pointcuts as predicates over traces. In Foundations of Aspect-Oriented Languages workshop (FOAL 05), Chicago, USA, 2005. M. Kim, M. Viswanathan, S. Kannan, I. Lee, and O.V. Sokolsky. Java-MaC: A Run-time Assurance Approach for Java Programs. Formal Methods in System Design, 24(2):129 155, 2004. Michael Martin, Benjamin Livshits, and Monica S. Lam. Finding application errors using PQL: a program query language. In Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages and Applications, pages 365 383, 2005. Robert J. Walker and Kevin Viggers. Implementing protocols via declarative event patterns. In SIGSOFT FSE, pages 159 169, 2004.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback