Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FTfJP 2017

FTfJP 2017

Parametric Trace Expressions for Runtime
Verification of Java-Like Programs

Luca Franceschini

May 20, 2017
Tweet

More Decks by Luca Franceschini

Other Decks in Research

Transcript

  1. Parametric Trace Expressions for Runtime Verification of Java-Like Programs D.

    Ancona A. Ferrando L. Franceschini V. Mascardi Department of Informatics, Bioengineering, Robotics and Systems Engineering University of Genoa, Italy Formal Techniques for Java-Like Programs 20 May 2017, Barcelona, Spain
  2. Runtime Verification How does it work? 1. Specify correct behavior(s)

    through some formalism 2. Generate a monitor 3. Attach a monitor to the software system and check its execution at runtime
  3. Runtime Verification Advantages Quite expressive specification formalisms can be used

    Monitors can often be automatically generated Constant monitoring after deployment and error recovery
  4. Trace Expressions A bit of history Trace expressions were initially

    devised for monitoring agents interactions in multi-agent systems (Ancona, Drossopoulou, and Mascardi 2012), influenced by gloabl and multiparty session types. . . but they are actually very general! (Ancona, Ferrando, and Mascardi 2016)
  5. Trace Expressions Terminology Event e ∈ E: anything happening in

    our program during execution that is related to the specification
  6. Trace Expressions Terminology Event e ∈ E: anything happening in

    our program during execution that is related to the specification Event type ϑ ⊆ E: a set of events
  7. Trace Expressions Terminology Event e ∈ E: anything happening in

    our program during execution that is related to the specification Event type ϑ ⊆ E: a set of events Event trace e ∈ E∞: a (possibly infinite) sequence of events encoding the execution flow
  8. Trace Expressions Terminology Event e ∈ E: anything happening in

    our program during execution that is related to the specification Event type ϑ ⊆ E: a set of events Event trace e ∈ E∞: a (possibly infinite) sequence of events encoding the execution flow Trace expression τ: specification of a (possibly infinite) set of correct event traces
  9. Trace Expressions Terminology Event e ∈ E: anything happening in

    our program during execution that is related to the specification Event type ϑ ⊆ E: a set of events Event trace e ∈ E∞: a (possibly infinite) sequence of events encoding the execution flow Trace expression τ: specification of a (possibly infinite) set of correct event traces Possible events Function and method invocation, open/read/write/close on files, I/O operations over a network, acquire and release of locks in a multi-threaded environment. . .
  10. Trace Expressions Syntax Trace expressions are coinductively defined as regular

    terms built on top of: ε (empty) ϑ:τ (prefix) τ1 · τ2 (concatenation)
  11. Trace Expressions Syntax Trace expressions are coinductively defined as regular

    terms built on top of: ε (empty) ϑ:τ (prefix) τ1 · τ2 (concatenation) τ1 ∨ τ2 (union)
  12. Trace Expressions Syntax Trace expressions are coinductively defined as regular

    terms built on top of: ε (empty) ϑ:τ (prefix) τ1 · τ2 (concatenation) τ1 ∨ τ2 (union) τ1 ∧ τ2 (intersection)
  13. Trace Expressions Syntax Trace expressions are coinductively defined as regular

    terms built on top of: ε (empty) ϑ:τ (prefix) τ1 · τ2 (concatenation) τ1 ∨ τ2 (union) τ1 ∧ τ2 (intersection) τ1 | τ2 (shuffle, a.k.a. interleaving)
  14. Trace Expressions Examples: Writing Files Events = {new, write, close}

    F = ε ∨ new:O O = write:O ∨ close:ε Recursion: trace expressions are regular terms, defined by syntactic equations (no explicit µ)
  15. Trace Expressions Examples: Writing Files Events = {new, write, close}

    F = ε ∨ new:O O = write:O ∨ close:ε Recursion: trace expressions are regular terms, defined by syntactic equations (no explicit µ) Some accepted traces ε new write close new write write . . .
  16. Trace Expressions Examples: Writing Files Events = {new, write, close}

    F = ε ∨ new:O O = write:O ∨ close:ε Recursion: trace expressions are regular terms, defined by syntactic equations (no explicit µ) Some accepted traces ε new write close new write write . . . Some refuted traces new write write . . .
  17. Parametric Runtime Verification for OOP In the object-oriented world, methods

    are invoked on specific objects: only monitoring which methods are invoked is not enough. Parametric trace expressions (Ancona, Ferrando, and Mascardi 2017) are needed.
  18. Parametric Runtime Verification for OOP In the object-oriented world, methods

    are invoked on specific objects: only monitoring which methods are invoked is not enough. Parametric trace expressions (Ancona, Ferrando, and Mascardi 2017) are needed. Binder A new operator is introduced: <x; τ>
  19. Parametric Runtime Verification for OOP In the object-oriented world, methods

    are invoked on specific objects: only monitoring which methods are invoked is not enough. Parametric trace expressions (Ancona, Ferrando, and Mascardi 2017) are needed. Binder A new operator is introduced: <x; τ> Event types We assume a function match: match(e, ϑ) = σ iff event e matches event type ϑ with computed substitution σ.
  20. Parametric Trace Expressions Back to files... Events = {new o()

    | o object}∪{o.write() | o object}∪{o.close() | o object} Events are method invocations, o is object identifier.
  21. Parametric Trace Expressions Back to files... Events = {new o()

    | o object}∪{o.write() | o object}∪{o.close() | o object} Events are method invocations, o is object identifier. any(x) is the event type including all operations on object x. any(x) = {new x(), x.write(), x.close()}
  22. Parametric Trace Expressions Back to files... Events = {new o()

    | o object}∪{o.write() | o object}∪{o.close() | o object} Events are method invocations, o is object identifier. any(x) is the event type including all operations on object x. any(x) = {new x(), x.write(), x.close()} F = ε ∨ <o; new o():(O | F)> O = o.close():ε ∨ o.write():O
  23. Parametric Trace Expressions Back to files... Events = {new o()

    | o object}∪{o.write() | o object}∪{o.close() | o object} Events are method invocations, o is object identifier. any(x) is the event type including all operations on object x. any(x) = {new x(), x.write(), x.close()} F = ε ∨ <o; new o():(O | F)> O = o.close():ε ∨ o.write():O A possible correct trace new f1() f1.write() new f2() f2.write() f1.close() f2.close()
  24. Parametric Trace Expressions Back to files... Events = {new o()

    | o object}∪{o.write() | o object}∪{o.close() | o object} Events are method invocations, o is object identifier. any(x) is the event type including all operations on object x. any(x) = {new x(), x.write(), x.close()} F = ε ∨ <o; new o():(O | F)> O = o.close():ε ∨ o.write():O A possible correct trace new f1() f1.write() new f2() f2.write() f1.close() f2.close() A refuted trace new f1() f2.write() f1.close()
  25. Semantics (τ) predicate checking whether termination is allowed τ e

    − → τ labelled transition system τ set of accepted event traces
  26. Termination Predicate Rules ( -empty) (ε) ( -shuffle) (τ1) (τ2)

    (τ1 | τ2) ( -var) (τ) (<x; τ>) ( -or-r) (τ2) (τ1 ∨ τ2) ( -or-l) (τ1) (τ1 ∨ τ2) ( -cat) (τ1) (τ2) (τ1 · τ2) ( -and) (τ1) (τ2) (τ1 ∧ τ2)
  27. Labelled Transition System Transition rules (main) τ e − →

    τ , ∅ τ e − → τ (prefix) ϑ:τ e − → τ, σ σ=match(e,ϑ) (or-l) τ1 e − → τ1 , σ τ1 ∨ τ2 e − → τ1 , σ (or-r) τ2 e − → τ2 , σ τ1 ∨ τ2 e − → τ2 , σ (and) τ1 e − → τ1 , σ1 τ2 e − → τ2 , σ2 τ1 ∧ τ2 e − → τ1 ∧ τ2 , σ σ=σ1∪σ2 (shuffle-l) τ1 e − → τ1 , σ τ1 | τ2 e − → τ1 | τ2, σ (shuffle-r) τ2 e − → τ2 , σ τ1 | τ2 e − → τ1 | τ2 , σ (cat-l) τ1 e − → τ1 , σ τ1 · τ2 e − → τ1 · τ2, σ (cat-r) τ2 e − → τ2 , σ τ1 · τ2 e − → τ2 , σ (τ1) (var-t) τ e − → τ , σ <x; τ> e − → στ , σ\x x∈dom(σ) (var-f) τ e − → τ , σ <x; τ> e − → <x; τ >, σ x∈dom(σ)
  28. Semantics Definition e ∈ τ is coinductively defined as follows:

    either e = ε and (τ) or e = ee and τ e − → τ and e ∈ τ
  29. Equational Theory Properties ε = {ε} ϑ:τ = ϑ ·

    τ τ1 · τ2 = τ1 ω ∪ ( τ1 ∗ · τ2 ) τ1 ∧ τ2 = τ1 ∩ τ2 τ1 ∨ τ2 = τ1 ∪ τ2 τ1 | τ2 = τ1 ω ∪ τ2 ω ∪ ( τ1 | τ2 ) <x; τ> = v {x → v}τ
  30. Equational Theory Properties ε = {ε} ϑ:τ = ϑ ·

    τ τ1 · τ2 = τ1 ω ∪ ( τ1 ∗ · τ2 ) τ1 ∧ τ2 = τ1 ∩ τ2 τ1 ∨ τ2 = τ1 ∪ τ2 τ1 | τ2 = τ1 ω ∪ τ2 ω ∪ ( τ1 | τ2 ) <x; τ> = v {x → v}τ Commutativity, associativity, distributivity, . . .
  31. Conclusion Future work Expressivity: more than CFGs, hardly universal Complexity:

    trace expressions with linear time and space Objects: systematic way to generalize a trace expression from a single object to a community of object
  32. Conclusion Future work Expressivity: more than CFGs, hardly universal Complexity:

    trace expressions with linear time and space Objects: systematic way to generalize a trace expression from a single object to a community of object More examples, more common patterns
  33. Conclusion Future work Expressivity: more than CFGs, hardly universal Complexity:

    trace expressions with linear time and space Objects: systematic way to generalize a trace expression from a single object to a community of object More examples, more common patterns Optimizations: exploit equational theory to implement optimizations
  34. References Ancona, Davide, Sophia Drossopoulou, and Viviana Mascardi (2012). “Automatic

    Generation of Self-monitoring MASs from Multiparty Global Session Types in Jason”. In: DALT 2012. Ancona, Davide, Angelo Ferrando, and Viviana Mascardi (2016). “Comparing Trace Expressions and Linear Temporal Logic for Runtime Verification”. In: Theory and Practice of Formal Methods. – (2017). “Parametric Runtime Verification of Multiagent Systems”. In: AAMAS 2017.