Abstract
Static verification techniques are used to analyse and prove properties about programs before they are executed. Many of these techniques work directly on the source code and are used to verify data-oriented properties over all possible executions. The analysis is necessarily an over-approximation as the real executions of the program are not available at analysis time. In contrast, runtime verification techniques have been extensively used for control-oriented properties, analysing the current execution path of the program in a fully automatic manner. In this article, we present a novel approach in which data-oriented and control-oriented properties may be stated in a single formalism amenable to both static and dynamic verification techniques. The specification language we present to achieve this that of ppDATEs, which enhances the control-oriented property language of DATEs, with data-oriented pre/postconditions. For runtime verification of ppDATE specifications, the language is translated into a DATE. We give a formal semantics to ppDATEs, which we use to prove the correctness of our translation from ppDATEs to DATEs. We show how ppDATE specifications can be analysed using a combination of the deductive theorem prover KeY and the runtime verification tool LARVA. Verification is performed in two steps: KeY first partially proves the data-oriented part of the specification, simplifying the specification which is then passed on to LARVA to check at runtime for the remaining parts of the specification including the control-oriented aspects. We show the applicability of our approach on two case studies.
Highlights
Runtime verification has been touted as a practical verification technique, and it does not provide program analysis before deployment, it can check correct behaviour post-deployment by observing whether actual execution paths at runtime conform to the specification
Dynamic Automata with Timers and Events (DATEs) are an extension of timed automata—they are effectively finite state automata, whose transitions are triggered by system events and timers, but augmented with: (i) A symbolic state which may be used as conditions to guard transitions and can be modified via actions specified on the transition; (ii) replication of automata, through which a new automaton is created for each discovered instance of an object; (iii) communication between automata using standard CCS-like channels with c! acting as a broadcast on channel c and which can be read by another automaton matching on event c? Full details of the formalisation of DATEs can be found in [19]
In this paper we have presented StaRVOOrS, a framework for verifying integrated dataand control-oriented properties for Java programs, using a combination of static and runtime verification
Summary
Runtime verification has been touted as a practical verification technique, and it does not provide program analysis before deployment, it can check correct behaviour post-deployment by observing whether actual execution paths at runtime conform to the specification. In this paper we present an approach to address the issue of runtime overheads through the use of static, deductive verification—an approach which has the benefit of being able to verify parts of the specification a priori for all potential execution paths, leaving only parts which could not be proved before deployment to be checked dynamically. The challenge is to design a specification language which allows the expression of combined data- and control-flow properties in such a manner that they can be effectively decomposed for the application of different verification techniques. The StaRVOOrS framework [5] addresses these issues by identifying a specification notation for such properties and a verification methodology combining static and dynamic analysis to verify combined control- and data-oriented properties.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have