Formal Methods in System Design

, Volume 24, Issue 2, pp 189–215 | Cite as

An Overview of the Runtime Verification Tool Java PathExplorer

  • Klaus Havelund
  • Grigore Roşu

Abstract

We present an overview of the Java PathExplorer runtime verification tool, in short referred to as JPAX. JPAX can monitor the execution of a Java program and check that it conforms with a set of user provided properties formulated in temporal logic. JPAX can in addition analyze the program for concurrency errors such as deadlocks and data races. The concurrency analysis requires no user provided specification. The tool facilitates automated instrumentation of a program's bytecode, which when executed will emit an event stream, the execution trace, to an observer. The observer dispatches the incoming event stream to a set of observer processes, each performing a specialized analysis, such as the temporal logic verification, the deadlock analysis and the data race analysis. Temporal logic specifications can be formulated by the user in the Maude rewriting logic, where Maude is a high-speed rewriting system for equational logic, but here extended with executable temporal logic. The Maude rewriting engine is then activated as an event driven monitoring process. Alternatively, temporal specifications can be translated into automata or algorithms that can efficiently check the event stream. JPAX can be used during program testing to gain increased information about program executions, and can potentially furthermore be applied during operation to survey safety critical systems.

runtime verification trace analysis temporal logic rewriting logic Maude automata dynamic programming program instrumentation deadlocks data races Java 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    C. Artho, D. Drusinsky, A. Goldberg, K. Havelund, M. Lowry, C. Pasareanu, G. Ro?u, and W. Visser, “Experiments with test case generation and runtime analysis,” in E. Börger, A. Gargantini, and E. Riccobene (Eds.), Abstract State Machines 2003, LNCS 2589, Taormina, Italy. Springer, 2003a, pp. 87–107. Invited paper.Google Scholar
  2. 2.
    C. Artho, K. Havelund, and A. Biere, “High-level data races,” in VVEIS'03, The First International Workshop on Verification and Validation of Enterprise Information Systems, Angers, France, 2003b.Google Scholar
  3. 3.
    T. Ball, A. Podelski, and S. Rajamani, “Boolean and cartesian abstractions for model checking C programs,” in Proceedings of TACAS'01: Tools and Algorithms for the Construction and Analysis of Systems, Genova, Italy, 2001.Google Scholar
  4. 4.
    S. Bensalem and K. Havelund, “Deadlock analysis of multi-threaded Java programs.” Submitted for publication, 2003.Google Scholar
  5. 5.
    G. Brat, D. Giannakopoulou, A. Goldberg, K. Havelund, M. Lowry, C. Pasareanu, A. Venet, and W. Visser, “Experimental evaluation of verification and validation tools on martian rover software,” in Proceedings of Software Model Checking Workshop. Carnegie Mellon Software Engineering Institute, 2003.Google Scholar
  6. 6.
    R.E. Bryant, “Graph-based algorithms for Boolean function manipulation,” IEEE Transactions on Computers, Vol. C-35, No. 8, pp. 677–691, 1986.Google Scholar
  7. 7.
    M. Clavel, F.J. Durán, S. Eker, P. Lincoln, N. Martí-Oliet, J. Meseguer, and J.F. Quesada, “Maude: Specification and programming in rewriting logic,” Maude System documentation at http://maude.csl.sri.com/papers, 1999a.Google Scholar
  8. 8.
    M. Clavel, F.J. Durán, S. Eker, P. Lincoln, N. Martí-Oliet, J. Meseguer, and J.F. Quesada, “The Maude System,” in Proceedings of the 10th International Conference on Rewriting Techniques and Applications (RTA-99), Vol. 1631 of LNCS. Springer-Verlag. Trento, Italy, pp. 240–243, 1999b, System description.Google Scholar
  9. 9.
    M. Clavel, F.J. Durán, S. Eker, P. Lincoln, N. Martí-Oliet, J. Meseguer, and J.F. Quesada, “A Maude tutorial,” Manuscript at http://maude.csl.sri.com/papers, 2000.Google Scholar
  10. 10.
    S. Cohen, “Jtrek.” Compaq, http://www.compaq.com/java/download/jtrek, 2000.Google Scholar
  11. 11.
    J. Corbett, M.B. Dwyer, J. Hatcliff, C.S. Pasareanu, Robby, S. Laubach, and H. Zheng, “Bandera: Extracting finite-state models from Java source code,” in Proceedings of the 22nd International Conference on Software Engineering. ACM Press, Limerich, Ireland, 2000.Google Scholar
  12. 12.
    D. Drusinsky, “The temporal rover and the ATG rover,” in SPIN Model Checking and Software Verification, Vol. 1885 of LNCS. Springer, pp. 323–330, 2000.Google Scholar
  13. 13.
    B. Finkbeiner, S. Sankaranarayanan, and H. Sipma, “Collecting statistics over runtime executions,” in K. Havelund and G. Ro?u (Eds.), Proceedings of Runtime Verification (RV'02), Vol. 70, No. 4. of Electronic Notes in Theoretical Computer Science, Elsevier Science, 2002.Google Scholar
  14. 14.
    B. Finkbeiner and H. Sipma, “Checking finite traces using alternating automata,” in K. Havelund and G. Ro?u (Eds.), Proceedings of Runtime Verification (RV'01), Vol. 55, No. 2, of Electronic Notes in Theoretical Computer Science. Elsevier Science, 2001.Google Scholar
  15. 15.
    D. Giannakopoulou and K. Havelund “Automata-based verification of temporal properties on running programs,” in Proceedings, International Conference on Automated Software Engineering (ASE'01). Institute of Electrical and Electronics Engineers, Coronado Island, California, 2001, pp. 412–416.Google Scholar
  16. 16.
    P. Godefroid, “Model checking for programming languages using veriSoft,” in Proceedings of the 24th ACM Symposium on Principles of Programming Languages, Paris, France, 1997, pp. 174-186.Google Scholar
  17. 17.
    J. Harrow, “Runtime checking of multithreaded applications with visual threads,” in SPIN Model Checking and Software Verification, Vol. 1885 of LNCS. Springer, 2000, pp. 331–342.Google Scholar
  18. 18.
    K. Havelund, “Using runtime analysis to guide model checking of Java programs,” in SPIN Model Checking and Software Verification, Vol. 1885 of LNCS. Springer, 2000, pp. 245–264.Google Scholar
  19. 19.
    K. Havelund, S. Johnson, and G. Ro?u, “Specification and error pattern based program monitoring,” in Proceedings of the European Space Agency workshop on On-Board Autonomy. Noordwijk, The Netherlands, 2001.Google Scholar
  20. 20.
    K. Havelund and T. Pressburger, “Model checking Java programs using Java pathfinder.” International Journal on Software Tools for Technology Transfer Vol. 2, No. 4, pp. 366–381. Special issue of STTT containing selected submissions to the 4th SPIN Workshop, Paris, France, 1998, 2000.Google Scholar
  21. 21.
    K. Havelund and G. Ro?u, “Testing linear temporal logic formulae on finite execution traces.” RIACS Technical report, 2000 http://ase.arc.nasa.gov/pax.Google Scholar
  22. 22.
    K. Havelund and G. Ro?u (Eds.), 1st CAV Workshop on Runtime Verification (RV'01), Vol. 55, No. 2 of Electronic Notes in Theoretical Computer Science. Elsevier Science, 2001a.Google Scholar
  23. 23.
    K. Havelund and G. Ro?u, “Java pathexplorer-A runtime verification tool,” in Proceedings of the 6th International Symposium on Artificial Intelligence, Robotics and Automation in Space (i-SAIRAS'01). Montreal, Canada, 2001b.Google Scholar
  24. 24.
    K. Havelund and G. Ro?u, “Monitoring Java programs with Java pathExplorer,” in K. Havelund and G. Ro?u (Eds.), Proceedings of Runtime Verification (RV'01), Vol. 55 of Electronic Notes in Theoretical Computer Science. Elsevier Science, 2001c.Google Scholar
  25. 25.
    K. Havelund and G. Ro?u, “Monitoring programs using rewriting,” in Proceedings, International Conference on Automated Software Engineering (ASE'01). Institute of Electrical and Electronics Engineers, Coronado Island, California, 2001d, pp. 135–143.Google Scholar
  26. 26.
    K. Havelund and G. Ro?u (Eds.), 2nd CAV Workshop on Runtime Verification (RV'02), Vol. 70, No. 4 of Electronic Notes in Theoretical Computer Science. Elsevier Science, 2002.Google Scholar
  27. 27.
    K. Havelund and G. Ro?u, “Synthesizing monitors for safety properties,” in Tools and Algorithms for Construction and Analysis of Systems (TACAS'02), Vol. 2280 of Lecture Notes in Computer Science. Springer, 2002b, pp. 342-356. EASST best paper award at ETAPS'02.Google Scholar
  28. 28.
    G.J. Holzmann and M.H. Smith, “A practical method for verifying event-driven software,” in Proceedings of ICSE'99, International Conference on Software Engineering. Los Angeles, California, USA, IEEE/ACM, 1999.Google Scholar
  29. 29.
    J. Hsiang, “Refutational theorem proving using term rewriting systems,” Ph.D. thesis, University of Illinois at Champaign-Urbana, 1981.Google Scholar
  30. 30.
    I. Lee, S. Kannan, M. Kim, O. Sokolsky, and M. Viswanathan, “Runtime assurance based on formal specifications,” in Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications, 1999.Google Scholar
  31. 31.
    Z. Manna and A. Pnueli, The Temporal Logic of Reactive and Concurrent Systems, Springer, New York, 1992.Google Scholar
  32. 32.
    Z. Manna and A. Pnueli, Temporal Verification of Reactive Systems: Safety. Springer, New York, 1995.Google Scholar
  33. 33.
    J. Meseguer, “Conditional rewriting logic as a unified model of concurrency,” Theoretical Computer Science, pp. 73-155, 1992.Google Scholar
  34. 34.
    J. Meseguer, “Membership algebra as a logical framework for equational specification,” in Proceedings, WADT'97, Vol. 1376 of LNCS. Springer, 1998, pp. 18–61.Google Scholar
  35. 35.
    G. Ro?u and K. Havelund, “Synthesizing dynamic programming algorithms from linear temporal logic formulae,” RIACS Technical Report, 2001. http://ase.arc.nasa.gov/pax.Google Scholar
  36. 36.
    G. Ro?u and K. Havelund, “Rewriting-based techniques for runtime verification.” To appear in the Journal of Automated Engineering. Kluwer Academic Publishers, 2003.Google Scholar
  37. 37.
    G. Ro?u, and M. Viswanathan, “Testing extended regular language membership incrementally by rewriting,” in Rewriting Techniques and Applications (RTA'03). Springer-Verlag, 2003.Google Scholar
  38. 38.
    S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson, “Eraser: A dynamic data race detector for multithreaded programs,” ACM Transactions on Computer Systems, Vol. 15, No. 4, pp. 391–411, 1997.Google Scholar
  39. 39.
    Sitraka, “JProbe.” http://java.quest.com/jprobe/threadalyzer.shtml, 2001.Google Scholar
  40. 40.
    S.D. Stoller, “Model-checking multi-threaded distributed Java programs,” in SPIN Model Checking and Software Verification, Vol. 1885 of LNCS. Springer, 2000, pp. 224–244.Google Scholar
  41. 41.
    W. Visser, K. Havelund, G. Brat, and S. Park, “Model checking programs,” in Proceedings of ASE'2000: The 15th IEEE International Conference on Automated Software Engineering. IEEE CS Press, 2000.Google Scholar
  42. 42.
    W. Visser, K. Havelund, G. Brat, S. Park, and F. Lerda, “Model checking programs,” Automated Software Engineering, Vol. 10, pp. 203–232, 2003.Google Scholar

Copyright information

© Kluwer Academic Publishers 2004

Authors and Affiliations

  • Klaus Havelund
    • 1
  • Grigore Roşu
    • 2
  1. 1.Kestrel TechnologyNASA Ames Research CenterCaliforniaUSA
  2. 2.Department of Computer ScienceUniversity of Illinois at Urbana-ChampaignIllinoisUSA

Personalised recommendations