Article
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Runtime verification (RV) provides essential mechanisms to enhance software robustness and prevent malfunction. However, RV often entails complex and formal processes that could be avoided in scenarios in which only invariants or simple safety properties are verified, for example, when verifying input data in Graphical User Interfaces (GUIs). This paper describes S-DAVER, a lightweight framework aimed at supporting separate data verification in GUIs. All the verification processes are encapsulated in an independent layer and then transparently integrated into an application. The verification rules are specified in separate files and written in interpreted languages to be changed/reloaded at runtime without recompilation. Superimposed visual feedback is used to assist developers during the testing stage and to improve the experience of users during execution. S-DAVER provides a lightweight, easy-to-integrate and dynamic verification framework for GUI data. It is an integral part of the development, testing and execution stages. An implementation of S-DAVER was successfully integrated into existing open-source applications, with promising results. Copyright © 2015 John Wiley & Sons, Ltd.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Although their relationship with software cybernetics has not been explicitly determined, these researches have already benefited from the use of the concepts in software cybernetics. For example, in Navarro et al. (2015), superimposed visual feedback is used to help complete the verification; in the thought of incremental verification, the former results would affect the following process, which is an idea of control mechanism. These researches have provided a basis for our work to apply software cybernetics to software verification. ...
Article
Software cybernetics aims at improving the reliability of software by introducing the control theory into software engineering domain systematically. A key issue in software verification is to improve the reliability of software by inspecting whether the software can achieve its expected behaviors. In this paper, the thought of software cybernetics is applied in the process of verification to address this issue and a nested control system is established. The proposed method verifies functional requirements in a dynamic environment with constantly changing user requirements, in which the program serves as a controlled object, and the verification strategy determined by software behavioral model (SBM) serves as a controller. The main contribution of this paper includes: 1) SBM is established in software design phase, and a concern-based construction approach is proposed, which starts from obtaining the software expected functionality extracted from a requirement text; 2) Program abstract-relationship model (PARM) is constructed basing on a process of gradual abstract to be a controlled object; 3) Feedback in a form of intermediate code is generated in the process of verification. The proposed method is validated by our case study.
Article
Full-text available
CODVerif is an approach that aims to verify the data being inserted in a data store continuously. CODVerif leverages the combination of ontology and workflow technologies in order to define workflows that are specific to the domain of “monitoring data insertion.” These domain-specific workflows are constrained on two dimensions: (1) They use a set of workflow elements that are specific to the “monitoring data insertion” domain. (2) The logic that these workflows support is predefined by relying on a set of common data insertion scenarios. Nevertheless, CODVerif is flexible enough to allow users to define continuous data verification workflows with higher complexity logic thanks to workflow operators that can be applied on the “monitoring data insertion domain”-specific workflows. To illustrate the applicability of CODVerif, the authors deploy it in a customer relationship management (CRM) application and show how CODVerif is used to support users to verify the data they populate in the CRM. They have also evaluated the CODVerif approach.
Article
GUI testing is essential to provide validity and quality of system response, but applying it to a development is not straightforward: it is time consuming, requires specialized personnel, and involves complex activities that sometimes are implemented manually. GUI testing tools help supporting these processes. However, integrating them into software projects may be troublesome, mainly due to the diversity of GUI platforms and operating systems in use. This work presents the design and implementation of Open HMI Tester (OHT), an application framework for the automation of testing processes based on GUI introspection. It is cross-platform, and provides an adaptable design aimed at supporting major event-based GUI platforms. It can also be integrated into ongoing and legacy developments using dynamic library preloading. OHT provides a robust and extensible basis to implement GUI testing tools. A capture and replay approach has been implemented as proof of concept. Introspection is used to capture essential GUI and interaction data. It is used also to simulate real human interaction in order to increase robustness and tolerance to changes between testing iterations. OHT is being actively developed by the Open-source Community and, as shown in this paper, it is ready to be used in current software projects.
Article
Prototypes are described as a successful mechanism to incorporate user-experience design (UX) into Agile developments, but their integration into such developments is not exempt from difficulties. Prototypes and final applications are often developed using different tools, which hinders the collaboration between designers and developers and also complicates reuse. Moreover, integrating stakeholders such as clients and users into the Agile process of designing, evaluating, and refining a prototype is not straightforward mainly because of its iterative nature. In an attempt to tackle these problems, this work presents the design and implementation of a new framework in which scripting languages are used to code prototyped behaviors. Prototyping is then treated as a separate aspect that coexists and runs together with final functionality. Using this framework communication is enhanced because designers and developers work in parallel on the same software artifact. Prototypes are fully reused and iteratively added with final functionality while prototyped behaviors are removed. They can be also modified on the fly to implement participatory design techniques.
Article
Prototypes are described as a successful mechanism to incorporate user-experience design (UX) into Agile developments, but their integration into such developments is not exempt from difficulties. Prototypes and final applications are often developed using different tools, which hinders the collaboration between designers and developers and also complicates reuse. Moreover, integrating stakeholders such as clients and users into the Agile process of designing, evaluating, and refining a prototype is not straightforward mainly because of its iterative nature. In an attempt to tackle these problems, this work presents the design and implementation of a new framework in which scripting languages are used to code prototyped behaviors. Prototyping is then treated as a separate aspect that coexists and runs together with final functionality. Using this framework communication is enhanced because designers and developers work in parallel on the same software artifact. Prototypes are fully reused and iteratively added with final functionality while prototyped behaviors are removed. They can be also modified on the fly to implement participatory design techniques.
Article
Full-text available
Software testing is usually used to report and/or assure about the quality, reliability and robustness of a software in the given context or scenario where it is intended to work. This is specially true in the case of user interfaces, where the testing phase is critical before the software can be accepted by the final user and put in execution mode. This paper presents the design, and the later implementation as a contribution to the open-source community, of a Human-Machine Interface (HMI) testing architecture, named OpenHMI-Tester. The current design is aimed to support major event-based and open-source windowing systems, thus providing generality, besides some other features such as scalability and tolerance to modifications in the HMI design process. The proposed architecture has been also integrated as part of a complex industrial scenario, which helped to identify a set of realistic requirements of the testing architecture, as well as to test it with real HMI developers.
Article
Full-text available
The MaC system has been developed to provide assurance that a target program is running correctly with respect to formal requirements specification. This is achieved by monitoring and checking the execution of the target program at run-time. MaC bridges the gap between formal verification, which ensures the correctness of a design rather than an implementation, and testing, which only partially validates an implementation. One weakness of the MaC system is that it can detect property violations but cannot provide any feedback to the running system. To remedy this weakness, the MaC system has been extended with a feedback capability. The resulting system is called MaCS (Monitoring and Checking with Steering). The feedback component uses the information collected during monitoring and checking to steer the application back to a safe state after an error occurs. We present a case study where MaCS is used in a control system that keeps an inverted pendulum upright. MaCS detects faults in controllers and performs dynamic reconfiguration of the control system using steering.
Article
Full-text available
Specifications that are used in detailed design and in the doc-umentation of existing code are primarily written and read by program-mers. However, most formal specification languages either make heavy use of symbolic mathematical operators, which discourages use by pro-grammers, or limit assertions to expressions of the underlying program-ming language, which makes it difficult to write complete specifications. Moreover, using assertions that are expressions in the underlying pro-gramming language can cause problems both in runtime assertion check-ing and in formal verification, because such expressions can potentially contain side effects. The Java Modeling Language, JML, avoids these problems. It uses a side-effect free subset of Java's expressions to which are added a few mathematical operators (such as the quantifiers \forall and \exists). JML also hides mathematical abstractions, such as sets and sequences, within a library of Java classes. The goal is to allow JML to serve as a common notation for both formal verification and runtime assertion checking; this gives users the benefit of several tools without the cost of changing notations.
Article
Full-text available
Testing is, for most, a necessary evil in the software life cycle. One very important form of testing is the evaluation of software products according to mandated criteria or guidelines such as those that specify level of accessibility. Such evaluations can be quite tedious, especially if they must be done manually and applied consistently to each and every component of an application. The use of assistive technologies like screen readers to demonstrate the compliance of a software product to a set of regulations is time-consuming, error-prone, and expensive. Validation tools that can perform such evaluations are becoming more popular as integrated development environments become more sophisticated but, in the area of accessibility validation, they are sorely lacking if not nonexistent. This paper introduces the IBM Rule-based Accessibility Validation Environment, an Eclipse-based tool for inspecting and validating Java rich-client GUIs for accessibility using non-invasive, semi-to fully-automatic, rule-based validation and inspection.
Article
Full-text available
Runtime verification as a field faces several challenges. One key challenge is how to keep the overheads associated with its application low. This is especially important in real-time critical embedded applications, where memory and CPU resources are limited. Another challenge is that of devising expressive and yet user-friendly specification languages that can attract software engineers. In this paper, it is shown that for many systems, in-place logging provides a satisfactory basis for postmortem "runtime" verification of logs, where the overhead is already included in system design. Although this approach prevents an online reaction to detected errors, possible with traditional runtime verification, it provides a powerful tool for test automation and debugging—in this case, analysis of spacecraft telemetry by ground operations teams at NASA's Jet Propulsion Laboratory. The second challenge is addressed in the presented work through a temporal specification language, designed in collaboration with Jet Propulsion Laboratory test engineers. The specification language allows for descriptions of relationships between data-rich events (records) common in logs, and is translated into a form of automata supporting data-parameterized states. The automaton language is inspired by the rule-based language of the RULER runtime verification system.A case study is presented illustrating the use of our LOGSCOPE tool by software test engineers for the 2011 Mars Science Laboratory mission.
Article
Full-text available
This article gives an overview of the, monitoring oriented programming framework (MOP). In MOP, runtime monitoring is supported and encouraged as a fundamental principle for building reliable systems. Monitors are automatically synthesized from specified properties and are used in conjunction with the original system to check its dynamic behaviors. When a specification is violated or validated at runtime, user-defined actions will be triggered, which can be any code, such as information logging or runtime recovery. Two instances of MOP are presented: JavaMOP (for Java programs) and BusMOP (for monitoring PCI bus traffic). The architecture of MOP is discussed, and an explanation of parametric trace monitoring and its implementation is given. A comprehensive evaluation of JavaMOP attests to its efficiency, especially in comparison with similar systems. The implementation of BusMOP is discussed in detail. In general, BusMOP imposes no runtime overhead on the system it is monitoring. KeywordsRuntime verification–Monitoring–Testing–Real time systems
Conference Paper
Full-text available
We present a rule-based framework for defining and implementing finite trace monitoring logics, including future and past time temporal logic, extended regular expressions, real-time logics, interval logics, forms of quantified temporal logics, and so on. Our logic, Eagle, is implemented as a Java library and involves novel techniques for rule definition, manipulation and execution. Monitoring is done on a state-by-state basis, without storing the execution trace.
Article
Full-text available
Asynchronous JavaScript and XML (Ajax) is a collection of technologies used to develop rich and interactive Web applications. A typical Ajax client runs locally in the user's Web browser and refreshes its interface on the fly in response to user input. Using this method with the AWS-ECS let us automatically generate test sequences and detect two deviations of their service implementation with respect to the online documentation provided, in less than three minutes of testing. We also provided a framework that allows the runtime monitoring of both client and server contract constraints with minimal modification to an existing Ajax application code. Experiments with the Amazon E-Commerce Service demonstrate the advantages of using a model-based approach for the runtime testing and monitoring of Web applications.
Conference Paper
Full-text available
Although aspect-oriented programming (AOP) aims to improve software maintainability, developers can unwittingly introduce code smells in their programs. A code smell is any symptom in the source code that possibly indicates a deeper maintainability problem. Even though a few code smells for AOP have been reported in the literature, there is no evidence if and how they occur in evolving software projects. There is also little knowledge on their actual impact on maintenance effort, such as required refactorings or corrective changes in later software releases. This paper presents an exploratory analysis of code smells recurrently observed in a set of evolving aspect-oriented systems. We analyzed instances of code smells previously reported in the literature and newly-revealed ones. Our study involved in total 18 releases of 3 evolving aspect-oriented systems from different domains. The outcome of our evaluation suggests that previously-documented AOP smells might not occur as often as claimed. Our analysis also revealed that: (1) newly-discovered code smells might occur more often than well-known ones, and (2) the former ones seemed to be consistently associated with non-trivial refactorings and corrective changes.
Conference Paper
Full-text available
Summary Eagle was introduced in (2) as a general purpose rule- based temporal logic for specifying run-time monitors. A novel and relatively efficient interpretative trace- checking scheme via stepwise transformation of an Ea- gle monitoring formula was defined and implemented. However, application in real-world examples has shown efficiency weaknesses, especially those associated with large-scale symbolic formula manipulation. For this presentation, first we reflect briefly on the strengths and weaknesses of Eagle and then we introduce RuleR, a primitive conditional rule-based system, which can be more efficiently implemented for run-time checking, and into which one can compile various temporal logics used for run-time verification.
Conference Paper
Full-text available
The process of verifying that a program conforms to its specification is often hampered by errors in both the program and the specification. A runtime checker that can evaluate formal specifications can be useful for quickly identifying such errors. This paper describes our preliminary experience with incorporating run-time checking into the Jahob verification system and discusses some lessons we learned in this process. One of the challenges in building a runtime checker for a program verification system is that the language of invariants and assertions is designed for simplicity of semantics and tractability of proofs, and not for run-time checking. Some of the more challenging constructs include existential and universal quantification, set comprehension, specification variables, and formulas that refer to past program states. In this paper, we describe how we handle these constructs in our runtime checker, and describe directions for future work.
Article
Full-text available
We introduce the temporal logic HAWK and its supporting tool for runtime verification of Java programs. A monitor for a HAWK formula checks if a finite trace of program events satisfies the formula. HAWK is a programming-oriented extension of the rule-based EAGLE logic that has been shown capable of defining and implementing a range of finite trace monitoring logics, including future and past time temporal logic, metric (real-time) temporal logics, interval logics, forms of quantified temporal logics, extended regular expressions, state machines, and others. Monitoring is achieved on a state-by-state basis avoiding any need to store the input trace. HAWK extends EAGLE with constructs for capturing parameterized program events such as method calls and method returns. Parameters can be executing thread, the objects that methods are called upon, arguments to methods, and return values. HAWK allows one to refer to these in formulae. The tool synthesizes monitors from formulae and automates program instrumentation.
Article
Full-text available
Perfect pre-deployment test coverage is notoriously difficult to achieve for large applications. With enough end users, many more test cases will be encountered during an application’s deployment than during testing. The use of runtime verification after deployment would enable developers to detect and report on unexpected situations. Unfortunately, the prohibitive performance cost of runtime monitors prevents their use in deployed code. In this work we study the feasibility of collaborative runtime verification, a verification approach which distributes the burden of runtime verification onto multiple users. Each user executes a partially instrumented program and therefore suffers only a fraction of the instrumentation overhead. We focus on runtime verification using tracematches. Tracematches are a specification formalism that allows users to specify runtime verification properties via regular expressions with free variables over the dynamic execution trace. We propose two techniques for soundly partitioning the instrumentation required for tracematches: spatial partitioning, where different copies of a program monitor different program points for violations, and temporal partitioning, where monitoring is switched on and off over time. We evaluate the relative impact of partitioning on a user’s runtime overhead by applying each partitioning technique to a collection of benchmarks that would otherwise incur significant instrumentation overhead. Our results show that spatial partitioning almost completely eliminates runtime overhead (for any particular benchmark copy) on many of our test cases, and that temporal partitioning scales well and provides runtime verification on a “pay as you go” basis.
Article
Full-text available
This paper presents a new approach to automatically generate GUI test cases and validation points from a set of annotated use cases. This technique helps to reduce the effort required in GUI modeling and test coverage analysis during the software testing process. The test case generation process described in this paper is initially guided by use cases describing the GUI behavior, recorded as a set of interactions with the GUI elements (e.g., widgets being clicked, data input, etc.). These use cases (modeled as a set of initial test cases) are annotated by the tester to indicate interesting variations in widget values (ranges, valid or invalid values) and validation rules with expected results. Once the use cases are annotated, this approach uses the new defined values and validation rules to automatically generate new test cases and validation points, easily expanding the test coverage. Also, the process allows narrowing the GUI model testing to precisely identify the set of GUI elements, interactions, and values the tester is interested in.
Article
Full-text available
One of the goals of program verification is to show that a program conforms to a specification written in a formal logic. Oftentimes, this process is hampered by errors in both the program and the spec- ification. The time spent in identifying and eliminating these errors can even dominate the final verification effort. A runtime checker that can evaluate formal specifications can be extremely useful for quickly identifying such errors. Such a checker also enables verifi- cation approaches that combine static and dynamic program analy- ses. Finally, the underlying techniques are also useful for executing expressive high-level declarative languages. This paper describes the run-time checker we are developing in the context of the Jahob verification system. One of the challenges in building a runtime checker for a program verification system is that the language of invariants and assertions is designed for sim- plicity of semantics and tractability of proofs, and not for run-time checking. Some of the more challenging constructs include existen- tial and universal quantification, set comprehension, specification variables, and formulas that refer to past program states. In this pa- per, we describe how we handle these constructs in our runtime checker, and describe several directions for future work.
Conference Paper
Full-text available
The underlying property, its definition and representation play a major role when monitoring a system. Having a suitable and convenient framework to express properties is thus a concern for runtime analysis. It is desirable to delineate in this framework the spaces of properties for which runtime verification approaches can be applied to. This paper presents a unified view of runtime verification and enforcement of properties in the safety-progress classification. Firstly, we characterize the set of properties which can be verified (monitorable properties) and enforced (enforceable properties) at runtime. We propose in particular an alternative definition of “property monitoring” to the one classically used in this context. Secondly, for the delineated spaces of properties, we obtain specialized verification and enforcement monitors.
Article
Full-text available
We present a rule-based framework for defining and implementing finite trace monitoring logics, including future and past time temporal logic, extended regular expressions, real-time logics, interval logics, forms of quantified temporal logics, and so on. Our logic, EAGLE, is implemented as a Java library and involves novel techniques for rule definition, manipulation and execution.
Conference Paper
Runtime verification monitors the execution of a program to determine if it satisfies (typically specified) correctness properties. But what happens when the program violates the correctness properties? The standard view is that continued execution may be unsafe, so the execution must be terminated. We present a variety of intervention techniques that enable software systems to exhibit remarkable flexibility and resilience in the face of errors and faults. These techniques can deliver safe continued execution that offers significant benefits over termination. We also present techniques that build on this malleability to purposefully modify the computation to adapt to changing needs, delivering benefits such as improved performance and reduced power consumption. These results place the advantages of runtime intervention and adaptation clearly on display. They also point the way to a future in which developers produce not the final version of the program which the system blindly executes, but instead a starting point for further modification and evolution as the system adapts to dynamically observed events and conditions.
Article
This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java programs with dynamically allocated data structures. Developers write Jahob specifications in classical higher-order logic (HOL); Jahob reduces the verification problem to deciding the validity of HOL formulas. I present a new method for proving HOL formulas by combining automated reasoning techniques. My method consists of 1) splitting formulas into individual HOL conjuncts, 2) soundly approximating each HOL conjunct with a formula in a more tractable fragment and 3) proving the resulting approximation using a decision procedure or a theorem prover. I present three concrete logics; for each logic I show how to use it to approximate HOL formulas, and how to decide the validity of formulas in this logic. First, I present an approximation of HOL based on a translation to first-order logic, which enables the use of existing resolution-based theorem provers. Second, I present an approximation of HOL based on field constraint analysis, a new technique that enables decision procedures for special classes of graphs (such as monadic second-order logic over trees) to be applied to arbitrary graphs.
Article
Runtime monitoring is a technique usable in all phases of the software development cycle, from initial testing, to debugging, to actually maintaining proper function in production code. Of particular importance are parametric monitoring systems, which allow the specification of properties that relate objects in a program, rather than only global properties. In the past decade, a number of parametric runtime monitoring systems have been developed. Here we give a demonstration of our system, JavaMOP. It is the only parametric monitoring system that allows multiple differing logical formalisms. It is also the most efficient in terms of runtime overhead, and very competitive with respect to memory usage.
Conference Paper
In this work we propose MOPBox, a library-based approach to runtime verification. MOPBox is a Java library for defining and evaluating parametric runtime monitors. A user can define monitors through a simple set of API calls. Once a monitor is defined, it is ready to accept events. Events can originate from AspectJ aspects or from other sources, and they can be parametric, i.e., can contain variable bindings that bind abstract specification variables to concrete program values. When a monitor reaches an error state for a binding v=o\vec{v}=\vec{o}, MOPBox notifies clients of a match for v=o\vec{v}=\vec{o} through a call-back interface. To map variable bindings to monitors, MOPBox uses re-implementations of efficient indexing algorithms that Chen et al. developed for JavaMOP. We took care to keep MOPBox as generic as possible. States, transitions and variable bindings can be labeled not just with strings but with general Java Objects whose types are checked through Java Generics. This allows for simple integration into existing tools. For instance, we present ongoing work on integrating MOPBox with a Java debugger. In this work, transitions are labeled with breakpoints. MOPBox is also a great tool for teaching: its implementations of monitor indexing algorithms are much easier to understand than the code generated by tools such as JavaMOP. Indexing algorithms use the Strategy Design Pattern, which makes them easily exchangeable. Hence, MOPBox is also the perfect tool to explore and test new algorithms for monitor indexing without bothering about the complex intricacies of code generation. In the future, we further plan to integrate MOPBox with the Clara framework for statically evaluating runtime monitors ahead of time.
Article
We describe Java-MaC, a prototype implementation of the Monitoring and Checking (MaC) architecture for Java programs. The MaC architecture provides assurance that the target program is running correctly with respect to a formal requirements specification by monitoring and checking the execution of the target program at run-time. MaC bridges the gap between formal verification, which ensures the correctness of a design rather than an implementation, and testing, which does not provide formal guarantees about the correctness of the system. Use of formal requirement specifications in run-time monitoring and checking is the salient aspect of the MaC architecture. MaC is a lightweight formal method solution which works as a viable complement to the current heavyweight formal methods. In addition, analysis processes of the architecture including instrumentation of the target program, monitoring, and checking are performed fully automatically without human direction, which increases the accuracy of the analysis. Another important feature of the architecture is the clear separation between monitoring implementation-dependent low-level behaviors and checking high-level behaviors, which allows the reuse of a high-level requirement specification even when the target program implementation changes. Furthermore, this separation makes the architecture modular and allows the flexibility of incorporating third party tools into the architecture. The paper presents an overview of the MaC architecture and a prototype implementation Java-MaC.
Article
Aspect-oriented programming (AOP) is an exciting new development in the field of software engineering. The open-source AspectJ® project has taken a leading role in defining what an aspect-oriented programming language should look like and in building tools that enable aspect-oriented techniques to be employed in the development of large-scale commercial software. IBM both contributes to the development of AspectJ and uses it internally with its accompanying IDE (integrated development environment) support, AspectJ Development Tools (AJDT). This paper provides an introduction to aspect-oriented programming using AspectJ and AJDT. We also discuss the role that open source (and being an open-source project) has played in the ongoing development of AspectJ, and how this has facilitated a level of collaboration and exploitation that would not have been possible otherwise.
Conference Paper
Runtime verification is a special form of runtime testing, employing formal methods and languages. In this work, we utilize next-time free linear-time temporal logic (LTL\textbackslash X) as formal framework. The discipline serves the purpose of asserting certain design-time assumptions about object-oriented (OO) entities such as objects, methods, and so forth. In this paper we propose a linear-time logic over joinpoints \citeLaddad03AspectJ, and introduce a lightweight runtime veri\-fication tool based on this logic, J2SE 5 metadata \citeJSR175 and an AspectJ-based \citeAspectJ runtime backend. Implementations have been proposed so far for imperative and functional languages \citeHuchStolz04a. To our knowledge our approach is the first to allow addressing of entire sets of states, also over subclass boundaries, thus exploiting the OO nature.
Conference Paper
Specifications that are used in detailed design and in the documentation of existing code are primarily written and read by programmers. However, most formal specification languages either make heavy use of symbolic mathematical operators, which discourages use by programmers, or limit assertions to expressions of the underlying programming language, which makes it difficult to write exact specifications. Moreover, using assertions that are expressions in the underlying programming language can cause problems both in runtime assertion checking and in formal verification, because such expressions can potentially contain side effects. The Java Modeling Language, JML, avoids these problems. It uses a side-effect free subset of Java’s expressions to which are added a few mathematical operators (such as the quantifiers ⧹forall and ⧹exists). JML also hides mathematical abstractions, such as sets and sequences, within a library of Java classes. The goal is to allow JML to serve as a common notation for both formal verification and runtime assertion checking; this gives users the benefit of several tools without the cost of changing notations.
Article
This research addresses the problem of statically analyzing input command syntax as defined in interface and requirements specifications and then generating test cases for dynamic input validation testing. The IVAT (Input Validation Analysis and Testing) technique has been developed, a proof-of-concept tool (MICASA) has been implemented, and a case study validation has been performed. Empirical validation on large-scale industrial software (from the Tomahawk Cruise Missile) shows that as compared with senior, experienced analysts and testers, MICASA found more syntactic requirement specification defects, generated test cases with higher syntactic coverage, and found additional defects. The experienced analysts found more semantic defects than MICASA, and the experienced testers' cases found 7.4 defects per test case as opposed to an average of 4.6 defects found by MICASA test cases. Additionally, the MICASA tool performed at less cost.
Conference Paper
We consider the enforcement powers of program monitors, which intercept security-sensitive actions of a target application at run time and take remedial steps whenever the target attempts to execute a potentially dangerous action. A common belief in the security commu- nity is that program monitors, regardless of the remedial steps available to them when detecting violations, can only enforce safety properties. We formally analyze the properties enforceable by various program monitors and nd that although this belief is correct when considering monitors with simple remedial options, it is incorrect for more powerful monitors that can be modeled by edit automata. We dene an interesting set of properties called innite renewal properties and demonstrate how, when given any reasonable innite renewal property, to construct an edit au- tomaton that provably enforces that property. We analyze the set of innite renewal properties and show that it includes every safety prop- erty, some liveness properties, and some properties that are neither safety nor liveness.
Article
In Barringer et al. (2004,Vol. 2937, LNCS), EAGLE was introduced as a general purpose rule-based temporal logic for specifying run-time monitors. A novel interpretative trace-checking scheme via stepwise transformation of an EAGLE monitoring formula was defined and implemented. However, even though EAGLE presents an elegant formalism for the expression of complex trace properties, EAGLE's interpretation scheme is complex and appears difficult to implement efficiently. In this article, we introduce RULER, a primitive conditional rule-based system, which has a simple and easily implemented algorithm for effective run-time checking, and into which one can compile a wide range of temporal logics and other specification formalisms used for run-time verification. As a formal demonstration, we provide a translation scheme for linear-time propositional temporal logic with a proof of translation correctness. We then introduce a parameterized version of RULER, in which rule names may have rule-expression or data parameters, which then coincides with the same expressivity as EAGLE with data arguments. RULER with just rule-expression parameters extend the expressiveness of RULER strictly beyond the class of context-free languages. For the language classes expressible in propositional RULER, the addition of rule-expression and data parameters enables more compact translations. Finally, we outline a few simple syntactic extensions of ‘core’ RULER that can lead to further conciseness of specification but still enabling easy and efficient implementation.
Conference Paper
Not Available
Article
Methodological guidelines for object-oriented software construction that improve the reliability of the resulting software systems are presented. It is shown that the object-oriented techniques rely on the theory of design by contract, which underlies the design of the Eiffel analysis, design, and programming language and of the supporting libraries, from which a number of examples are drawn. The theory of contract design and the role of assertions in that theory are discussed.< ></ETX
Article
This paper addresses those questions for the class of enforcement mechanisms that work by monitoring execution steps of some system, herein called the target, and terminating the target's execution if it is about to violate the security policy being enforced. We call this class EM, for Execution Monitoring. EM includes security kernels, reference monitors, firewalls, and most other operating system and hardware -based enforcement mechanisms that have appeared in the literature. Our targets may be objects, modules, processes, subsystems, or entire systems; the execution steps monitored may range from fine-grained actions (such as memory accesses) to higher-level operations (such as method calls) to operations that change the security-configuration and thus restrict subsequent execution
S-DAVER: script-based data verification for Qt GUIs
  • Saes -University Of Cátedra
  • Murcia
Cátedra SAES -University of Murcia. S-DAVER: script-based data verification for Qt GUIs, 2014. Available from: http://www.catedrasaes.org/wiki/GuiVerification [last accessed April 2015].
Modular data structure verification Massachusetts Institute of Technology Available from
  • V Kuncak
Kuncak V. Modular data structure verification. PhD Thesis, Massachusetts Institute of Technology, 2007. Available from: http://lara.epfl.ch/~kuncak/papers/Kuncak07DecisionProceduresModularDataStructureVerification. pdf [last accessed April 2015].
Qt : cross-platform application and UI framework Available from: http://qt.nokia.com [last accessed
  • Nokia Corporation
Nokia Corporation. Qt : cross-platform application and UI framework, 2012. Available from: http://qt.nokia.com [last accessed April 2015].
ChaiScript: easy to use scripting for C++, 2012. Available from
  • J Turner
  • J Turner
Turner J, Turner J. ChaiScript: easy to use scripting for C++, 2012. Available from: http://www.chaiscript.com/ [last accessed April 2015].
cKanren: miniKanren with Constraints
  • Ce Alvis
  • Jj Willcock
  • Km Carter
  • We Byrd
  • Dp Friedman
Alvis CE, Willcock JJ, Carter KM, Byrd WE, Friedman DP. cKanren: miniKanren with Constraints. In Proceedings of the 2011 Workshop on Scheme and Functional Programming (Scheme '11), Portland, Oregon, 2011.
The GIMP Toolkit (GTK), version 2.x, 2012. Available from: http://www.gtk.org [last accessed
  • Gtk+ The
  • Team
The GTK+ Team. The GIMP Toolkit (GTK), version 2.x, 2012. Available from: http://www.gtk.org [last accessed April 2015].
Runtime verification and compensations
  • C Colombo
Colombo C. Runtime verification and compensations. PhD Thesis, Dept. of Computer Science, University of Malta, 2012.
Programming ASP.NET MVC 4 – Developing Real-world Web Applications with ASP.NET MVC. O'Reilly Media
  • J Chadwick
  • T Snyder
  • H Panda
Chadwick J, Snyder T, Panda H. Programming ASP.NET MVC 4 – Developing Real-world Web Applications with ASP.NET MVC. O'Reilly Media: Sebastopol, California, 2012.
Lua 5.1 Reference Manual. Lua.org
  • R Ierusalimschy
  • L H De Figueiredo
  • W Celes
Ierusalimschy R, de Figueiredo LH, Celes W. Lua 5.1 Reference Manual. Lua.org, 2006. Available from: http://www. amazon.com/exec/obidos/ASIN/8590379833/lua-indexmanual-20 [last accessed April 2015].
IEEE 1012-2004 -IEEE standard for software verification and validation
Institute of Electrical and Electronics Engineers. IEEE 1012-2004 -IEEE standard for software verification and validation. IEEE, IEEE 2005:0-110. DOI: 10.1109/IEEESTD.2005.96278.
Runtime verification of safety-progress properties
  • Y Falcone
  • J C Fernandez
  • L Mounier
Falcone Y, Fernandez JC, Mounier L. Runtime verification of safety-progress properties. In RV, Lecture Notes in Computer Science, Vol. 5779, Bensalem S, Peled D (eds). Springer: Berlin Heidelberg, 2009; 40-59.
cKanren: miniKanren with Constraints
  • C E Alvis
  • J J Willcock
  • K M Carter
  • W E Byrd
  • D P Friedman
Alvis CE, Willcock JJ, Carter KM, Byrd WE, Friedman DP. cKanren: miniKanren with Constraints. In Proceedings of the 2011 Workshop on Scheme and Functional Programming (Scheme '11), Portland, Oregon, 2011.