Abstract
Static verification techniques can verify properties across all executions of a program, but powerful judgements are hard to achieve automatically. In contrast, runtime verification enjoys full automation, but cannot judge future and alternative runs. In this paper we present a novel approach in which data-centric and control-oriented properties may be stated in a single formalism, amenable to both static and dynamic verification techniques. We develop and formalise a specification notation, ppDATE, extending the control-flow property language used in the runtime verification tool Larva with pre/post-conditions and show how specifications written in this notation can be analysed both using the deductive theorem prover KeY and the runtime verification tool Larva. Verification is performed in two steps: KeY first partially proves the data-oriented part of the specification, simplifying the specification which is then passed on to Larva to check at runtime for the remaining parts of the specification including the control-centric aspects. We apply the approach to Mondex, an electronic purse application.
Keywords
- Smart Card
- Code Unit
- Path Condition
- Proof Obligation
- Monitor Variable
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, access via your institution.
Buying options
Preview
Unable to display preview. Download preview PDF.
References
MasterCard International Inc. Mondex, http://www.mondexusa.com/
StaRVOOrS, http://www.cse.chalmers.se/~chimento/starvoors/files.html
Ahrendt, W., Pace, G., Schneider, G.: A Unified Approach for Static and Runtime Verification: Framework and Applications. In: Margaria, T., Steffen, B. (eds.) ISoLA 2012, Part I. LNCS, vol. 7609, pp. 312–326. Springer, Heidelberg (2012)
Artho, C., Biere, A.: Combined static and dynamic analysis. In: AIOOL 2005. ENTCS, vol. 131, pp. 3–14 (2005)
Barnes, J.: SPARK: The Proven Approach to High Integrity Software. Altran Praxis, UK (2012), http://www.altran.co.uk
Barnett, M., Leino, K.R.M., Schulte, W.: The Spec# programming system: An overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 49–69. Springer, Heidelberg (2005)
Beckert, B., Hähnle, R., Schmitt, P.H. (eds.): Verification of Object-Oriented Software. LNCS, vol. 4334. Springer, Heidelberg (2007)
Bodden, E., Hendren, L., Lhoták, O.: A staged static program analysis to improve the performance of runtime monitoring. In: Ernst, E. (ed.) ECOOP 2007. LNCS, vol. 4609, pp. 525–549. Springer, Heidelberg (2007)
Christakis, M., Müller, P., Wüstholz, V.: Collaborative verification and testing with explicit assumptions. In: Proceedings of the FM2012: Formal Methods - 18th International Symposium, Paris, France, August 27-31, pp. 132–146 (2012)
Colombo, C., Pace, G.J., Schneider, G.: Dynamic Event-Based Runtime Monitoring of Real-Time and Contextual Properties. In: Cofer, D., Fantechi, A. (eds.) FMICS 2008. LNCS, vol. 5596, pp. 135–149. Springer, Heidelberg (2009)
Colombo, C., Pace, G.J., Schneider, G.: LARVA - A Tool for Runtime Monitoring of Java Programs. In: SEFM 2009, pp. 33–37. IEEE Computer Society (2009)
Csallner, C., Smaragdakis, Y.: Check ’n’ crash: combining static checking and testing. In: 27th International Conference on Software Engineering, ICSE 2005, May 15-21, St. Louis, Missouri, USA, pp. 422–431 (2005)
Falzon, K., Pace, G.: Combining testing and runtime verification techniques. In: Machado, R.J., Maciel, R.S.P., Rubin, J., Botterweck, G. (eds.) MOMPES 2012. LNCS, vol. 7706, pp. 38–57. Springer, Heidelberg (2013)
Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended Static Checking for Java. In: Knoop, J., Hendren, L.J. (eds.) PLDI 2002, pp. 234–245. ACM (2002)
Ge, X., Taneja, K., Xie, T., Tillmann, N.: Dyta: dynamic symbolic execution guided with static verification results. In: Proceedings of the 33rd International Conference on Software Engineering, ICSE 2011, Waikiki, Honolulu, HI, USA, May 21-28, pp. 992–994 (2011)
Leavens, G.T., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D., Müller, P., Kiniry, J., Chalin, P.: JML Reference Manual. Draft 1.200 (2007)
Stepney, S., Cooper, D., Woodcock, J.: An Electronic Purse: Specification, Refinement and Proof. Technical monograph PRG-126, Oxford University Computing Laboratory (2000)
Tillmann, N., de Halleux, J.: Pex-White Box Test Generation for.NET.. In: Beckert, B. (ed.) TAP. LNCS, vol. 4966, pp. 134–153. Springer, Heidelberg (2008)
Tonin, I.: Verifying the Mondex case study. The KeY approach. Technical Report 2007-4, Universität Karlsruhe (2007)
Wonisch, D., Schremmer, A., Wehrheim, H.: Zero Overhead Runtime Monitoring. In: Hierons, R.M., Merayo, M.G., Bravetti, M. (eds.) SEFM 2013. LNCS, vol. 8137, pp. 244–258. Springer, Heidelberg (2013)
Woodcock, J.: First Steps in the Verified Software Grand Challenge. In: SEW 2006, pp. 203–206. IEEE Computer Society (2006)
Zee, K., Kuncak, V., Taylor, M., Rinard, M.C.: Runtime Checking for Program Verification.. In: Sokolsky, O., Taşıran, S. (eds.) RV 2007. LNCS, vol. 4839, pp. 202–213. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Ahrendt, W., Chimento, J.M., Pace, G.J., Schneider, G. (2015). A Specification Language for Static and Runtime Verification of Data and Control Properties. In: Bjørner, N., de Boer, F. (eds) FM 2015: Formal Methods. FM 2015. Lecture Notes in Computer Science(), vol 9109. Springer, Cham. https://doi.org/10.1007/978-3-319-19249-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-19249-9_8
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19248-2
Online ISBN: 978-3-319-19249-9
eBook Packages: Computer ScienceComputer Science (R0)