1. No category

Improving Polygonal Hybrid Systems Reachability Analysis through

Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Runtime Verification of
Contracts for Java Programs
Christian Colombo
Gordon J. Pace
Gerardo Schneider
FLACOS - November 2008
2008
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
RV & Contracts
 In SOA we are concerned with security and
trust.
 Model checking is not scalable.
 Testing lacks coverage.
 Particular behaviour only emerges during
normal use of service composition.
 Runtime verification monitors the behaviour
during runtime, scales up.
 Real-time properties / overheads.
 Contracts may have conflicts.
2008
2
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Runtime Verification
--------------------------Specification
---------------------------
2008
3
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Runtime Verification
--------------------------Contracts
---------------------------
2008
4
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Runtime Verification
-------------Deontic
Contracts
--------------
2008
5
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Dynamic Automata with Timers & Events (DATE)
 Communicating symbolic automata
enriched with events and timers.
 Automata are automatically replicated
according to context: hence dynamic.
 Supports:
 Conditions and actions on transitions
 Real-time
 Communication between automata
2008
6
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
An Example (1)
2008
7
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
An Example (2)
2008
8
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
LARVA - Architecture
AspectJ
Matching method
names
USER
2008
9
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Contract Language Example
2008
10
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Contract Language to Automata
2008
11
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Contract Language to LARVA
EVENTS {
login = {*.login()}
logout= {*.logout()}
request= {*.requestItem()}
}
PROPERTY clcontract {
STATES {
BAD { V }
NORMAL { S1 S2 }
STARTING { Init }
}
2008
TRANSITIONS {
Init -> S1 [login]
Init -> V [request]
Init -> S2 [logout]
S1 -> S1 [login]
S1 -> S1 [request]
S1 -> S2 [logout]
S2 -> S2 [logout]
S2 -> V [request]
S2 -> S1 [login]
}
}
12
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Contradictions in Contracts
request
Contradiction
Detected!
O(request)
2008
request
13
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Ongoing Work
 Working closely with industry
 Guarantees on the effect of
monitoring – memory and time
 Identifying better notations
 Investigating compensable actions
2008
14
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Conclusions
Mathematical framework – DATE
Implemented useable tool – LARVA
Highly expressive (incl. real-time)
Evolving theory with practical
guarantees
 Can monitor contracts
 Find contradictions in contracts
 Future prospects of collaboration and
improvement of current framework




2008
15
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Questions
 ?
2008
16
Semantics &
Verification
Research Group
2008
Department of Computer Science
University of Malta
17
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
A Scenario – Dynamic Triggers
 Imagine we need to check
login/logout for each user.
 We have to trigger an automaton for
every user, to keep track whether
each user is logged in or not.
 Use method parameters to get
context.
2008
18
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Specifying Properties
 Intuitive, clear and succinct logic.
 Understandable and useable by
developers.
 Includes all the required expressive
power.
 Automatically instrumentable in the
target system.
 Low overheads (eg. Determinism)
2008
19
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Simple Examples
 Ensuring that only authorised users
access reserved areas in the system.
 Checking that a train gate which started
closing has indeed closed after a number
of seconds.
 Monitoring the life-cycle of an object
(such as a transaction), ensuring it goes
through its stages properly.
2008
20
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Specifying Context
 Actions and conditions on transitions
can access the context (User).
 A context can be nested to have a
more specific context within it:
 Eg: Check login for each site of each
individual user.
2008
21
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
LARVA - Architecture
USER
2008
LARVA
----------------------------------EVENTS
&
PROPERTIES
-----------------22
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
LARVA - Architecture (2)
LARVA
----------------------------------EVENTS
&
PROPERTIES
------------------
2008
AspectJ
Matching method
names
COMPILER
23
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Recall Scenario
Trigger new automaton
FOREACH user
PressOK \ checkUserName()
Load Site
Prompt
for PW
PressOK
Trigger new automaton
FOREACH user
ChGoodlogin?
Logged
out
Badlogin
ChGoodlogin?
Logged
out
Badlogin
Good
Login
Logged
in
ChGoodlogin?
Logged
out
Badlogin
2008
PressOK \ checkPassword()
\ Goodlogin !
Bad
logins
24
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
LARVA – Script
GLOBAL { FOREACH (User u) {
VARIABLES { Channel gl; }
EVENTS {
goodlogin() = {gl.receive(User u1)} where {u = u1;}
pressOK() = {*.pressedOK(u1)} where {u = u1;}
badlogin() = {*.loginTry(u1)} where {u = u1;}
}
PROPERTY one {
STATES {
BAD { badlogins }
NORMAL { loggedout2 loggedout3 loggedin }
STARTING { loggedout1 }
}
TRANSITIONS {
loggedout1 -> loggedin [goodlogin]
loggedout2 -> loggedin [goodlogin]
loggedout3 -> loggedin [goodlogin]
loggedout1 -> loggedout2 [badlogin]
loggedout2 -> loggedout3 [badlogin]
loggedout3 -> badlogins [badlogin]
}
}
2008
PROPERTY two {
STATES {
NORMAL { promptPW goodlogin }
STARTING { loadsite }
}
TRANSITIONS {
loadsite -> promptPW
[PressOK\checkUserName()]
promptPW -> goodlogin
[PressOK\checkPassword()\gl.send(u);]
promptPW -> loadsite [PressOK]
}
}
}}
METHODS {
boolean checkUserName(){return true;}
boolean checkPassword(){return true;}
}
25
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
LARVA - Compilation into Java
 AOP to capture events.
 A hierarchy of classes: one for each
context.
 Each class has a reference to its
parent context. (E.g. The account
context, have access to the user
context.)
 A hashmap to keep track of the
distinct objects which we are checking.
2008
26
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Case-Study (2): Properties
 Logging of credit card numbers – no
risk of exposing sensitive information.
 Execution of transactions – correct
progress through states.
 Authorisation transaction –
transaction consistency.
 Backlog – retries in case of failure.
2008
27
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Case-Study (3): - Experience
 A lot of interesting properties are
relatively simple.
 Intuitive definition of properties.
 Identified shortcomings of Larva and
it was extended.
 RV helps in clearly identifying
requirements.
 Integration in system life cycle.
2008
28
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Benchmark – Expressivity
2008
29
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Benchmark – Performance
 Dummy transaction processing
system (4 properties – 2 real-time)
 Memory and time required is
considerable but linear to the number
of objects being monitored
(replication of automata).
 Compares well with Java-MOP which is
the most similar work available for
usage.
2008
30
Semantics &
Verification
Research Group
2008
Department of Computer Science
University of Malta
31
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
AOP
 Automatic code weaving using
pointcuts and advises.
 Pointcut: call(* *.*(..))
 d.bark(b) && target(d) && args(b)
 Advise: before, after, around
 before (Dog d, Bark b): pointcut(d,b){
spotACat();
}
2008
32
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Other Events
 Upon return: upon the return of a
method (rather than the entry of the
method).
 Upon exception thrown: rather than
simple method call, we can trigger the
automaton upon an exception throw.
2008
33
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Other Events (2)
 Upon exception handling: rather
than simple method call, we can
trigger the automaton upon the start
of a catch block.
 Clocks: trigger the automaton upon
the elapse of an amount of time.
 Channels: an automaton can trigger
another automaton.
2008
34
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Object Equality
 What if an object does not implement
an equals method?
 The user can specify which attributes
of the object constitute the context.
 E.g. A transaction is the same as long
as it has the same id.
2008
35
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Invariants
 What if some attributes of an object
should not change?
 The user can specify these attributes.
 E.g. A transaction should remain with
the same amount once the amount is
set.
2008
36
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Chained Transitions
 Should we allow transitions to trigger
other transitions?
 This could lead to an infinite loop!
 So we disable aspects within the
aspect code itself.
 But we allow the user to take the risk
with channels...
2008
37
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Determinism
 For easier execution of the
automaton, we opted for
determinism.
 The user specifies the order of
transitions as they are written down in
the script file.
2008
38
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Overhead of Verification (1)
 Depends on a number of factors:
 The actions the user puts on transitions.
 The statements in the where clauses.
 The amount of objects that the user
keeps context of.
 Very difficult to give an upper-bound
because of the amount of freedom we
give the user.
2008
39
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Overhead of Verification (2)
 But we can guarantee the maximum
memory overhead of our system…
 …given that the user does not add
other method calls on transitions.
 We use Lustre so that the memory
can be calculated at compile-time.
2008
40
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Real-Time Issues
 Because of the Java Garbage
Collection there is a limit to accuracy
that we can give.
 Using Java wait method is quite good
within a certain number of
milliseconds.
2008
41
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Real-Time Issues (2)
 Consider a system which satisfies all
its properties.
 Will the properties still hold if we
introduce the monitoring?
 We provide a fragment of Duration
Calculus which is “slow-down
invariant”.
2008
42
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Compiler
 The Compiler and Parser Manual are
available at:
 www.cs.um.edu.mt/~svrg/Tools/LARVA/

christiancolombo.com/academic-masters-tools.html
 Feel free to use it and give us
feedback.
2008
43
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Nesting – Context within Context
 FOREACH (User u){
 ...
 FOREACH (Site s)
 {
 EVENTS{

 }
 ...
Login() = {User u1.login(Site s1)}
 where {u = u1; s=s1;}
 }
2008
44
Semantics &
Verification
Research Group
Department of Computer Science
University of Malta
Events
 System Events – method call, method
return, exception throw, exception
handling.
 Channel Communication.
 Clock Timeouts.
2008
45

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz