A Specification Logic for Exceptions and Beyond Cristina David Cristian Gherghina National University of Singapore.

Slides:



Advertisements
Similar presentations
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Advertisements

Module 4: Statements and Exceptions. Overview Introduction to Statements Using Selection Statements Using Iteration Statements Using Jump Statements Handling.
Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Java Software Solutions Foundations of Program Design Sixth Edition by Lewis.
Yoshi
Autonomic Systems Justin Moles, Winter 2006 Enabling autonomic behavior in systems software with hot swapping Paper by: J. Appavoo, et al. Presentation.
Exception Handling Chapter 15 2 What You Will Learn Use try, throw, catch to watch for indicate exceptions handle How to process exceptions and failures.
An Introduction to Java Programming and Object- Oriented Application Development Chapter 8 Exceptions and Assertions.
 2006 Pearson Education, Inc. All rights reserved. Exception Handling in C++ CS-2303, C-Term Exception Handling in C++ CS-2303 System Programming.
 Both System.out and System.err are streams—a sequence of bytes.  System.out (the standard output stream) displays output  System.err (the standard.
1 Copyright © 1998 by Addison Wesley Longman, Inc. Chapter 13 In a language without exception handling: When an exception occurs, control goes to the operating.
COP 2800 Lake Sumter State College Mark Wilson, Instructor.
Understand Error Handling Software Development Fundamentals LESSON 1.4.
1 Lecture 11 Interfaces and Exception Handling from Chapters 9 and 10.
Microsoft VB 2005: Reloaded, Advanced Chapter 5 Input Validation, Error Handling, and Exception Handling.
Debugging Techniques1. 2 Introduction Bugs How to debug Using of debugger provided by the IDE Exception Handling Techniques.
ISBN Chapter 3 Describing Syntax and Semantics.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
CS 355 – Programming Languages
CSI 3120, Exception handling, page 1 Exception and Event Handling Credits Robert W. Sebesta, Concepts of Programming Languages, 8 th ed., 2007 Dr. Nathalie.
Exception Handling. Background The fact that software modules should be robust enough to work under every situation. The exception handling mechanism.
EXCEPTIONS Def: An exception is a run-time error. Examples include: attempting to divide by zero, or manipulate invalid data.
Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?
OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Describing Syntax and Semantics
Chapter 10 Classes Continued
Exception Error handling. Exception 4 n An unusual occurrence during program execution that requires immediate handling n Errors are the most common type.
1 Exception and Event Handling (Based on:Concepts of Programming Languages, 8 th edition, by Robert W. Sebesta, 2007)
Computer Science 340 Software Design & Testing Design By Contract.
PRAGMATIC PARANOIA Steven Hadfield & Anthony Rice.
1 Exception Handling Introduction to Exception Handling Exception Handling in PLs –Ada –C++ –Java Sebesta Chapter 14.
Liang, Introduction to Java Programming, Seventh Edition, (c) 2009 Pearson Education, Inc. All rights reserved Chapter 18 Exception Handling.
Object Oriented Programming
COMPUTER PROGRAMMING 2 Exceptions. What are Exceptions? Unexpected events that happen when the code is executing (during runtime). Exceptions are types.
Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.
Exception Handling Unit-6. Introduction An exception is a problem that arises during the execution of a program. An exception can occur for many different.
Exceptions in Java. Exceptions An exception is an object describing an unusual or erroneous situation Exceptions are thrown by a program, and may be caught.
A Universe-Type-Based Verification Technique for Mutable Static Fields and Methods Alexander J Summers Sophia Drossopoulou Imperial College London Peter.
CS212: Object Oriented Analysis and Design Lecture 20: Exception Handling-II.
1 Exception Analysis for Java Byeong-Mo Chang Sookmyung Women’s Univ., Korea.
CSE 332: C++ Statements C++ Statements In C++ statements are basic units of execution –Each ends with ; (can use expressions to compute values) –Statements.
Exception Handling in Java Topics: Introduction Errors and Error handling Exceptions Types of Exceptions Coding Exceptions Summary.
Exceptions in Java. What is an exception? An exception is an error condition that changes the normal flow of control in a program Exceptions in Java separates.
Exception Handling in C++. Outline What exceptions are and when to use them Using try, catch and throw to detect, handle and indicate exceptions, respectively.
CS212: Object Oriented Analysis and Design Lecture 19: Exception Handling.
SWE 4743 Abstract Data Types Richard Gesick. SWE Abstract Data Types Object-oriented design is based on the theory of abstract data types Domain.
CMSC 202 Computer Science II for Majors. CMSC 202UMBC Topics Exceptions Exception handling.
And other languages…. must remember to check return value OR, must pass label/exception handler to every function Caller Function return status Caller.
Throw, Throws & Try-Catch Statements Explanations and Pictures from: Reference:
Lecture 18B Exception Handling and Richard Gesick.
CSE 332: C++ Exceptions Motivation for C++ Exceptions Void Number:: operator/= (const double denom) { if (denom == 0.0) { // what to do here? } m_value.
Exception Handling in C++
Jim Fawcett CSE687-OnLine – Object Oriented Design Summer 2017
Jim Fawcett CSE687 – Object Oriented Design Spring 2001
Jim Fawcett CSE687 – Object Oriented Design Spring 2015
Reasoning About Exceptions Using Model Checking
Exception Handling and Event Handling
Exception Handling and
Assignments A sample main program for Project 2 phase 2 is contained in: It reads.
Programming Languages 2nd edition Tucker and Noonan
Exception Handling Imran Rashid CTO at ManiWeber Technologies.
Language-based Security
Designing with Java Exception Handling
Exception and Event Handling
Assertions References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 4/25/2019.
Computer Science 340 Software Design & Testing
Exception Handling and Event Handling
Exception Handling.
Programming Languages 2nd edition Tucker and Noonan
Presentation transcript:

A Specification Logic for Exceptions and Beyond Cristina David Cristian Gherghina National University of Singapore

Context (Roy Maxion et al. “Improving software robustness with dependability cases”) Exception failures ◦ Up to 2/3 of system crashes ◦ 50% of system security vulnerabilities Need for ◦ Specifying behavior even in the presence of exceptions ◦ Precisely defined yet flexible exception safety guarantees ◦ Tools to enforce such specifications 2

Contributions A specification logic for all control flow types An improvement of the classical exception safety guarantees A verification system for a Java-like language 3

Specification Logic Current specification logics fail to track control flow types We propose  Explicit tracking of control flow information in the specification logic  An unified view of all control flow types 4

Specification Logic An unified view of the control flow: Unify both normal and abnormal control flows Unify both static and dynamic control flows static flow: break, continue, return dynamic flow: try-catch, raise 5

Unified control flow hierarchy static dynamic 6 dynamic control flows due to exceptions static control flows normal execution can be caught cannot be caught

Specification Logic The specification formulae are enriched separation logic formulae They allow for capturing the states for both normal and exceptional executions 7

Specification Formulae ◦ ¯ captures constraints on flow variables ◦ ¿ captures the current flow ◦ Current flow values can be:  Exact flow types  Subtypes and type differences 8

Exception Safety Guarantees (Stroustrup: Exception Safety: Concepts and Techniques) ◦ No-leak guarantee  Exceptions leave the operands in well-defined states  Every acquired resources is released ◦ Basic guarantee  The class invariants are always maintained  Very forgiving with the programmer ◦ Relaxed strong guarantee  Precise explicit effect  Currently, difficult to specify ◦ Strong guarantee ◦ The operation either succeeds or has no effect if an exception is raised ◦ More difficult to implement ◦ No throw guarantee ◦ Never throw an exception 9

No Throw Guarantee E.g. a swap function The postcondition specifies that no exceptional flow can escape the swap method 10

Strong Guarantee An operation leaves its operands in well-defined states ensures that every acquired resource is released class invariants are maintained succeeds, or has no effects when an exception occurs 11

Relaxed Strong Guarantee An operation leaves its operands in well-defined states ensures that every acquired resource is released eventually class invariants are maintained succeeds, or has a precisely known effect when an exception occurs 12

Verification System Translates Source Language programs into Core Language programs ◦ (C. David et al. ”Translation and optimization for a core calculus with exceptions” PEPM09) Performs forward verification by computing the strongest post condition Proven to be sound 13

Source Language SrcLang Supports constructs challenging from the point of how control flow is transferred finally construct multi-return function call try catch with multiple handlers break and continue statements 14

Core Language As small as a corresponding one without exceptions Supports the translation of challenging constructs from the source language Easier to analyze than the source language 15

Source Lang Core Lang 16 …

Important constructs of the Core Lang Flow and value: ft#v normal flow: norm#v exceptional flow: ty(v)#v Try-catch construct: try e 1 e 2 captures both exceptional and normal control flow 17 control flow variable capturing the control flow type (fv<:c) the thrown value

Verification Example 18 try { if (x>0) compute(x,p) else ret#p brk_l#()

Verification Example if (x>0) compute(x,p); else ret#p {true & flow=norm} {x>0 & flow=norm} {x≤0 & flow = norm} {(x>0 & x’=x-1& p’=p*x & flow=norm) Ç (res::num_exc() & x>0 & p=0 & flow=num_exc)} {x≤0 & res=p & flow = ret} { (x≤0 & res=p & flow = ret) Ç (x>0 & x’=x-1& p’=p*x & flow=norm) Ç (res::num_exc() & x>0 & p=0 & flow=num_exc)} 19

Verification Example try{ … brk_l#() {true & flow=norm} {v::over_exc() & x>0 & p=0 & flow=norm & fv=over_exc} {v::over_exc() & x>0 & p=0 & flow=brk_l & fv=over_exc} {(x≤0 & res=p & flow = ret) Ç (x>0 & x’=x-1& p’=p*x & flow=norm) 9 v,fv ¢ (x>0 & res=3 & v=x& flow=exception & fv=exception)} 20 { (x≤0 & res=p & flow = ret) Ç (x>0 & x’=x-1& p’=p*x & flow=norm) Ç (res::num_exc() & x>0 & p=0 & flow=num_exc)} over_exc <: num_exc

Verification Example try{ … … {v::over_exc() & x>0 & p=0 & flow=brk_l & fv=over_exc} {(x≤0 & res=p & flow = ret) Ç (x>0 & x’=x-1& p’=p*x & flow=norm) Ç 9 v,fv ¢ (v::over_exc() & x>0 & p=0 & flow=brk_l & fv=over_exc) Ç (res::num_exc() & x>0 & p=0 & flow=num_exc – over_exc)} 21 { (x≤0 & res=p & flow = ret) Ç (x>0 & x’=x-1& p’=p*x & flow=norm) Ç (res::num_exc() & x>0 & p=0 & flow=num_exc)} over_exc <: num_exc

Try-catch and “#” Verification Rules 22 the “caught” states the “uncaught” states

Experimental Results Successfully verified test examples from: ◦ KeY project, exercising specific features ◦ SPEC benchmarks, broad range exception handling 23

Related Work SPEC# ◦ K. Rustan et al. “Exception safety for C#” KEY project ◦ B. Beckert et al. “Verification of Object- Oriented Software: The KeY Approach” Type systems ◦ M. Blume et al. “Exception handlers as extensible cases” CSP 24

Thank you! 25

Multi-return function call 26 Explicitly captures the choice of the return point, based on the control flow caught after the evaluation