Presentation is loading. Please wait.

Presentation is loading. Please wait.

Semantics & Verification Research Group Department of Computer Science University of Malta 2008 Runtime Verification of Contracts for Java Programs Christian.

Published byKirsten Dawkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Semantics & Verification Research Group Department of Computer Science University of Malta 2008 Runtime Verification of Contracts for Java Programs Christian."— Presentation transcript:

1 Semantics & Verification Research Group Department of Computer Science University of Malta 2008 Runtime Verification of Contracts for Java Programs Christian Colombo Gordon J. Pace Gerardo Schneider FLACOS - November 2008

2 Semantics & Verification Research Group Department of Computer Science University of Malta 2 2008 RV & Contracts  In SOA we are concerned with security and trust.  Model checking is not scalable.  Testing lacks coverage.  Particular behaviour only emerges during normal use of service composition.  Runtime verification monitors the behaviour during runtime, scales up.  Real-time properties / overheads.  Contracts may have conflicts.

3 Semantics & Verification Research Group Department of Computer Science University of Malta 3 2008 Runtime Verification -------------- -------------- Specification-------------- --------------

4 Semantics & Verification Research Group Department of Computer Science University of Malta 4 2008 Runtime Verification -------------- -------------- Contracts-------------- --------------

5 Semantics & Verification Research Group Department of Computer Science University of Malta 5 2008 Runtime Verification -------------- Deontic Contracts -------------- -------------- Deontic Contracts --------------

6 Semantics & Verification Research Group Department of Computer Science University of Malta 6 2008 Dynamic Automata with Timers & Events (DATE)  Communicating symbolic automata enriched with events and timers.  Automata are automatically replicated according to context: hence dynamic.  Supports:  Conditions and actions on transitions  Real-time  Communication between automata

7 Semantics & Verification Research Group Department of Computer Science University of Malta 7 2008 An Example (1)

8 Semantics & Verification Research Group Department of Computer Science University of Malta 8 2008 An Example (2)

9 Semantics & Verification Research Group Department of Computer Science University of Malta 9 2008 LARVA - Architecture AspectJ Matching method names AspectJ Matching method names USER

10 Semantics & Verification Research Group Department of Computer Science University of Malta 10 2008 Contract Language Example

11 Semantics & Verification Research Group Department of Computer Science University of Malta 11 2008 Contract Language to Automata

12 Semantics & Verification Research Group Department of Computer Science University of Malta 12 2008 Contract Language to LARVA EVENTS { login = {*.login()} logout= {*.logout()} request= {*.requestItem()} } PROPERTY clcontract { STATES { BAD { V } NORMAL { S1 S2 } STARTING { Init } } TRANSITIONS { Init -> S1 [login] Init -> V [request] Init -> S2 [logout] S1 -> S1 [login] S1 -> S1 [request] S1 -> S2 [logout] S2 -> S2 [logout] S2 -> V [request] S2 -> S1 [login] }

13 Semantics & Verification Research Group Department of Computer Science University of Malta 13 2008 Contradictions in Contracts O(request) request Contradiction Detected!

14 Semantics & Verification Research Group Department of Computer Science University of Malta 14 2008 Ongoing Work  Working closely with industry  Guarantees on the effect of monitoring – memory and time  Identifying better notations  Investigating compensable actions

15 Semantics & Verification Research Group Department of Computer Science University of Malta 15 2008 Conclusions  Mathematical framework – DATE  Implemented useable tool – LARVA  Highly expressive (incl. real-time)  Evolving theory with practical guarantees  Can monitor contracts  Find contradictions in contracts  Future prospects of collaboration and improvement of current framework

16 Semantics & Verification Research Group Department of Computer Science University of Malta 16 2008 Questions ??

17 Semantics & Verification Research Group Department of Computer Science University of Malta 17 2008

18 Semantics & Verification Research Group Department of Computer Science University of Malta 18 2008 A Scenario – Dynamic Triggers  Imagine we need to check login/logout for each user.  We have to trigger an automaton for every user, to keep track whether each user is logged in or not.  Use method parameters to get context.

19 Semantics & Verification Research Group Department of Computer Science University of Malta 19 2008 Specifying Properties  Intuitive, clear and succinct logic.  Understandable and useable by developers.  Includes all the required expressive power.  Automatically instrumentable in the target system.  Low overheads (eg. Determinism)

20 Semantics & Verification Research Group Department of Computer Science University of Malta 20 2008 Simple Examples  Ensuring that only authorised users access reserved areas in the system.  Checking that a train gate which started closing has indeed closed after a number of seconds.  Monitoring the life-cycle of an object (such as a transaction), ensuring it goes through its stages properly.

21 Semantics & Verification Research Group Department of Computer Science University of Malta 21 2008 Specifying Context  Actions and conditions on transitions can access the context (User).  A context can be nested to have a more specific context within it:  Eg: Check login for each site of each individual user.

22 Semantics & Verification Research Group Department of Computer Science University of Malta 22 2008 LARVA - Architecture LARVA --------------- ---- EVENTS & PROPERTIES --------------- ---- LARVA --------------- ---- EVENTS & PROPERTIES --------------- ---- USER

23 Semantics & Verification Research Group Department of Computer Science University of Malta 23 2008 LARVA - Architecture (2) LARVA ---------------- --- EVENTS & PROPERTIES ---------------- --- LARVA ---------------- --- EVENTS & PROPERTIES ---------------- --- AspectJ Matching method names AspectJ Matching method names COMPILER

24 Semantics & Verification Research Group Department of Computer Science University of Malta 24 2008 Recall Scenario Load Site Prompt for PW Good Login PressOK \ checkUserName() PressOK \ checkPassword() \ Goodlogin ! Trigger new automaton FOREACH user PressOK Logged in Logged out Bad logins Logged out ChGoodlogin? Badlogin

25 Semantics & Verification Research Group Department of Computer Science University of Malta 25 2008 LARVA – Script GLOBAL { FOREACH (User u) { VARIABLES { Channel gl; } EVENTS { goodlogin() = {gl.receive(User u1)} where {u = u1;} pressOK() = {*.pressedOK(u1)} where {u = u1;} badlogin() = {*.loginTry(u1)} where {u = u1;} } PROPERTY one { STATES { BAD { badlogins } NORMAL { loggedout2 loggedout3 loggedin } STARTING { loggedout1 } } TRANSITIONS { loggedout1 -> loggedin [goodlogin] loggedout2 -> loggedin [goodlogin] loggedout3 -> loggedin [goodlogin] loggedout1 -> loggedout2 [badlogin] loggedout2 -> loggedout3 [badlogin] loggedout3 -> badlogins [badlogin] } PROPERTY two { STATES { NORMAL { promptPW goodlogin } STARTING { loadsite } } TRANSITIONS { loadsite -> promptPW [PressOK\checkUserName()] promptPW -> goodlogin [PressOK\checkPassword()\gl.send(u);] promptPW -> loadsite [PressOK] } METHODS { boolean checkUserName(){return true;} boolean checkPassword(){return true;} }

26 Semantics & Verification Research Group Department of Computer Science University of Malta 26 2008 LARVA - Compilation into Java  AOP to capture events.  A hierarchy of classes: one for each context.  Each class has a reference to its parent context. (E.g. The account context, have access to the user context.)  A hashmap to keep track of the distinct objects which we are checking.

27 Semantics & Verification Research Group Department of Computer Science University of Malta 27 2008 Case-Study (2): Properties  Logging of credit card numbers – no risk of exposing sensitive information.  Execution of transactions – correct progress through states.  Authorisation transaction – transaction consistency.  Backlog – retries in case of failure.

28 Semantics & Verification Research Group Department of Computer Science University of Malta 28 2008 Case-Study (3): - Experience  A lot of interesting properties are relatively simple.  Intuitive definition of properties.  Identified shortcomings of Larva and it was extended.  RV helps in clearly identifying requirements.  Integration in system life cycle.

29 Semantics & Verification Research Group Department of Computer Science University of Malta 29 2008 Benchmark – Expressivity

30 Semantics & Verification Research Group Department of Computer Science University of Malta 30 2008 Benchmark – Performance  Dummy transaction processing system (4 properties – 2 real-time)  Memory and time required is considerable but linear to the number of objects being monitored (replication of automata).  Compares well with Java-MOP which is the most similar work available for usage.

31 Semantics & Verification Research Group Department of Computer Science University of Malta 31 2008

32 Semantics & Verification Research Group Department of Computer Science University of Malta 32 2008 AOP  Automatic code weaving using pointcuts and advises.  Pointcut: call(* *.*(..))  d.bark(b) && target(d) && args(b)  Advise: before, after, around  before (Dog d, Bark b): pointcut(d,b){ spotACat(); }

33 Semantics & Verification Research Group Department of Computer Science University of Malta 33 2008 Other Events  Upon return: upon the return of a method (rather than the entry of the method).  Upon exception thrown: rather than simple method call, we can trigger the automaton upon an exception throw.

34 Semantics & Verification Research Group Department of Computer Science University of Malta 34 2008 Other Events (2)  Upon exception handling: rather than simple method call, we can trigger the automaton upon the start of a catch block.  Clocks: trigger the automaton upon the elapse of an amount of time.  Channels: an automaton can trigger another automaton.

35 Semantics & Verification Research Group Department of Computer Science University of Malta 35 2008 Object Equality  What if an object does not implement an equals method?  The user can specify which attributes of the object constitute the context.  E.g. A transaction is the same as long as it has the same id.

36 Semantics & Verification Research Group Department of Computer Science University of Malta 36 2008 Invariants  What if some attributes of an object should not change?  The user can specify these attributes.  E.g. A transaction should remain with the same amount once the amount is set.

37 Semantics & Verification Research Group Department of Computer Science University of Malta 37 2008 Chained Transitions  Should we allow transitions to trigger other transitions?  This could lead to an infinite loop!  So we disable aspects within the aspect code itself.  But we allow the user to take the risk with channels...

38 Semantics & Verification Research Group Department of Computer Science University of Malta 38 2008 Determinism  For easier execution of the automaton, we opted for determinism.  The user specifies the order of transitions as they are written down in the script file.

39 Semantics & Verification Research Group Department of Computer Science University of Malta 39 2008 Overhead of Verification (1)  Depends on a number of factors:  The actions the user puts on transitions.  The statements in the where clauses.  The amount of objects that the user keeps context of.  Very difficult to give an upper-bound because of the amount of freedom we give the user.

40 Semantics & Verification Research Group Department of Computer Science University of Malta 40 2008 Overhead of Verification (2)  But we can guarantee the maximum memory overhead of our system…  …given that the user does not add other method calls on transitions.  We use Lustre so that the memory can be calculated at compile-time.

41 Semantics & Verification Research Group Department of Computer Science University of Malta 41 2008 Real-Time Issues  Because of the Java Garbage Collection there is a limit to accuracy that we can give.  Using Java wait method is quite good within a certain number of milliseconds.

42 Semantics & Verification Research Group Department of Computer Science University of Malta 42 2008 Real-Time Issues (2)  Consider a system which satisfies all its properties.  Will the properties still hold if we introduce the monitoring?  We provide a fragment of Duration Calculus which is “slow-down invariant”.

43 Semantics & Verification Research Group Department of Computer Science University of Malta 43 2008 Compiler  The Compiler and Parser Manual are available at:  www.cs.um.edu.mt/~svrg/Tools/LARVA/  christiancolombo.com/academic-masters-tools.html  Feel free to use it and give us feedback.

44 Semantics & Verification Research Group Department of Computer Science University of Malta 44 2008 Nesting – Context within Context  FOREACH (User u){ ...  FOREACH (Site s)  {  EVENTS{  Login() = {User u1.login(Site s1)}  where {u = u1; s=s1;}  } ...  }

45 Semantics & Verification Research Group Department of Computer Science University of Malta 45 2008 Events  System Events – method call, method return, exception throw, exception handling.  Channel Communication.  Clock Timeouts.

Download ppt "Semantics & Verification Research Group Department of Computer Science University of Malta 2008 Runtime Verification of Contracts for Java Programs Christian."

Similar presentations

A Survey of Runtime Verification Jonathan Amir 2004.

A Survey of Runtime Verification Jonathan Amir 2004.
Programming Paradigms and languages

Programming Paradigms and languages
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Pontus Boström and Marina Waldén Åbo Akademi University/ TUCS Development of Fault Tolerant Grid Applications Using Distributed B.

Pontus Boström and Marina Waldén Åbo Akademi University/ TUCS Development of Fault Tolerant Grid Applications Using Distributed B.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
Formal Modelling of Reactive Agents as an aggregation of Simple Behaviours P.Kefalas Dept. of Computer Science 13 Tsimiski Str. 546 24 Thessaloniki Greece.

Formal Modelling of Reactive Agents as an aggregation of Simple Behaviours P.Kefalas Dept. of Computer Science 13 Tsimiski Str Thessaloniki Greece.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.

SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
Gerardo Schneider Department of Informatics University of Oslo 2009 Heisenberg-Effect-Free Runtime Verification of Real-Time Properties Gerardo Schneider.

Gerardo Schneider Department of Informatics University of Oslo 2009 Heisenberg-Effect-Free Runtime Verification of Real-Time Properties Gerardo Schneider.
Timed Automata.

Timed Automata.
1 JAC : Aspect Oriented Programming in Java An article review by Yuval Nir and Limor Lahiani.

1 JAC : Aspect Oriented Programming in Java An article review by Yuval Nir and Limor Lahiani.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 32 Slide 1 Aspect-oriented Software Development.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 32 Slide 1 Aspect-oriented Software Development.
/ PSWLAB Efficient Decentralized Monitoring of Safety in Distributed System K Sen, A Vardhan, G Agha, G Rosu 20 th July 2007 Presented by.

/ PSWLAB Efficient Decentralized Monitoring of Safety in Distributed System K Sen, A Vardhan, G Agha, G Rosu 20 th July 2007 Presented by.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Www.ics.mq.edu.au/ppdp ITEC200 Week02 Program Correctness and Efficiency.

ITEC200 Week02 Program Correctness and Efficiency.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
University of Kansas Construction & Integration of Distributed Systems Jerry James Oct. 30, 2000.

University of Kansas Construction & Integration of Distributed Systems Jerry James Oct. 30, 2000.
Categories of Aspects Shmuel Katz Computer Science Department The Technion Haifa, Israel.

Categories of Aspects Shmuel Katz Computer Science Department The Technion Haifa, Israel.
EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.

OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.

Similar presentations

Ads by Google