Re-Thinking Product Line Verification as a Constraints Problem Kathi Fisler (WPI) Shriram Krishnamurthi (Brown) Brown undergraduate collaborators: Harry.

Slides:

Advertisements

Similar presentations

Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.

Advertisements

This research is funded in part the U. S. National Science Foundation grant CCR DEET for Component-Based Software Murali Sitaraman, Durga P. Gandi.

A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.

Temporal-Logic Constraints in Feature-Oriented Verification Kathi Fisler (WPI) joint work with Shriram Krishnamurthi (Brown) Colin Blundell (Brown; now.

Ch. 7 Process Synchronization (1/2) I Background F Producer - Consumer process :  Compiler, Assembler, Loader, · · · · · · F Bounded buffer.

ComS 512 Project John Altidor Michelle Ruse Jonathan Schroeder.

1 Verifying Aspect Advice Modularly By:Shiram Krishnamurthi Kathi Fisler Michael Greenberg Presented by:Iddit Shalem.

Margrave: XACML Verification and Change-Impact Analysis Kathi Fisler, WPI Shriram Krishnamurthi, Brown Leo Meyerovich, Brown Michael Carl Tschantz, Brown.

Putting the User in Usable Verification Kathi Fisler, WPI Joint work with Shriram Krishnamurthi.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.

Aspect-Oriented Software Development (AOSD) Tutorial #10 Interference among Aspects.

Digitaalsüsteemide verifitseerimise kursus1 Formal verification: Property checking Property checking.

(Quickly) Testing the Tester via Path Coverage Alex Groce Oregon State University (formerly NASA/JPL Laboratory for Reliable Software)

Proof Points Key ideas when proving mathematical ideas.

Aspect-Oriented Software Development (AOSD) Tutorial #10 Interference among Aspects.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

CHAPTER 10 Recursion. 2 Recursive Thinking Recursion is a programming technique in which a method can call itself to solve a problem A recursive definition.

Flavio Lerda 1 LTL Model Checking Flavio Lerda. 2 LTL Model Checking LTL –Subset of CTL* of the form: A f where f is a path formula LTL model checking.

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.

15-820A 1 LTL to Büchi Automata Flavio Lerda A 2 LTL to Büchi Automata LTL Formulas Subset of CTL* –Distinct from CTL AFG p  LTL  f  CTL. f.

Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.

Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.

GENERAL CONCEPTS OF OOPS INTRODUCTION With rapidly changing world and highly competitive and versatile nature of industry, the operations are becoming.

ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.

Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.

VERIFICATION OF ASPECT ORIENTED MODELS BY DON MARTIN JAYASHREE VENKIPURAM PATHANGI PIYUSH SRIVASTAVA REFERENCES F. Mostefaoui and J. Vachon,” Design level.

Lifecycle Verification of the NASA Ames K9 Rover Executive Dimitra Giannakopoulou Mike Lowry Corina Păsăreanu Rich Washington.

Software Life Cycle Requirements and problem analysis. –What exactly is this system supposed to do? Design –How will the system solve the problem? Coding.

Verifying Interactive Web Programs Daniel R. Licata Shriram Krishnamurthi Brown University.

CERN IT Department CH-1211 Genève 23 Switzerland t Internet Services Job Monitoring for the LHC experiments Irina Sidorova (CERN, JINR) on.

Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL ( )

Approaching a Problem Where do we start? How do we proceed?

Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.

Visual Basic.NET BASICS Lesson 5 Exponentiation, Order of Operations, and Error Handling.

Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.

Lesson 7: I can connect area diagrams and the distributive property to partial products of the standard algorithm with renaming. 5th Grade Module 1 –

A Case Study in Using ACL2 for Feature-Oriented Verification Kathi Fisler and Brian Roberts WPI Computer Science.

Submodule construction in logics 1 Gregor v. Bochmann, University of Ottawa Using First-Order Logic to Reason about Submodule Construction Gregor v. Bochmann.

End-To-End Arguments in System Design J.H. Saltzer, D.P. Reed, and D. Clark Presented by: Amit Mondal.

Alloy-based Lightweight Verification for Aspect-oriented Architecture Naoyasu Ubayashi(Kyushu Institute of Technology) Yuki Sato(Kyushu Institute of Technology)

Qusay H. Mahmoud CIS* CIS* Service-Oriented Computing Qusay H. Mahmoud, Ph.D.

Lesson 1-8 Solving Addition and Subtraction Equations.

Solving Linear Equations Define and use: Linear Equation in one variable, Solution types, Equivalent Equations.

1 Incremental Analysis of Interference Among Aspects Authors: Emilia Katz, Shmuel Katz The Technion.

Chapter 1 Software Engineering Principles. Problem analysis Requirements elicitation Software specification High- and low-level design Implementation.

SAT-Based Model Checking Without Unrolling Aaron R. Bradley.

/ PSWLAB Thread Modular Model Checking by Cormac Flanagan and Shaz Qadeer (published in Spin’03) Hong,Shin Thread Modular Model.

Model adequacy checking in the ANOVA Checking assumptions is important –Normality –Constant variance –Independence –Have we fit the right model? Later.

Lecture 5 Page 1 CS 111 Summer 2013 Bounded Buffers A higher level abstraction than shared domains or simple messages But not quite as high level as RPC.

Solve each equation or formula for the variable specified.

John D. McGregor C10 – Error architecture

Topic 36: Zero-Knowledge Proofs

Bell Ringer What value(s) of x make the sentence true? 7 + x = 12

CS223: Software Engineering

Modular Alternatives to Testing

Dept of Computer Science University of Maryland College Park

New Characterizations in Turnstile Streams with Applications

Lesson 1-4 Solving Inequalities.

CSEP590 – Model Checking and Automated Verification

Over-Approximating Boolean Programs with Unbounded Thread Creation

Threading And Parallel Programming Constructs

John D. McGregor Session 5 Error Modeling

CSCI1600: Embedded and Real Time Software

Indicator 10 Solving Inequalities.

Warm Up Solve. 1. 2x + 9x – 3x + 8 = –4 = 6x + 22 – 4x 3. + = 5

Lecture 10, Computer Networks (198:552)

Lesson 1 LT: I can distinguish between acids and bases based on formula and chemical properties.

Program correctness Model-checking CTL

Presentation transcript:

Re-Thinking Product Line Verification as a Constraints Problem Kathi Fisler (WPI) Shriram Krishnamurthi (Brown) Brown undergraduate collaborators: Harry Li (PhD UT Austin  Facebook) Colin Blundell (PhD student UPenn  IBM Research) Michael Greenberg (PhD student UPenn) Thanks to Don Batory, Bob Hall, Gregor Kiczales

TOSEM06: Foundations of Incremental Aspect Model-Checking. Shriram Krishnamurthi and Kathi Fisler. FSE04: Verifying Aspect Advice Modularly. Shriram Krishnamurthi, Kathi Fisler, and Michael Greenberg. ASE04: Parameterized Interfaces for Open System Verification of Product Lines. Colin Blundell, Kathi Fisler, Shriram Krishnamurthi, and Pascal Van Hentenryck. JournASE03: Modular Verification of Open Features Through Three-Valued Model Checking. Harry Li, Shriram Krishnamurthi and Kathi Fisler. FSE02: Verifying Cross-Cutting Features as Open Systems. Harry Li, Shriram Krishnamurthi and Kathi Fisler ASE02: Interfaces for Modular Feature Verification. Harry Li, Shriram Krishnamurthi and Kathi Fisler. SPIN02: The Influence of Software Module Systems on Modular Verification. Harry Li, Kathi Fisler, and Shriram Krishnamurthi FSE01: Modular Verification of Collaboration-Based Software Designs. Kathi Fisler and Shriram Krishnamurthi. Aspects Interfaces Features extend multiple parties Data

Composition: Insert transitions into/out of the feature Model of Features Program Feature Interfaces: [Structural] where to connect; [Behavioral] assumption formula at exit, guarantee formula at entry guarantee assumption

Verification Assumptions Interested in functional verification – “if a message is decrypted, then it is not mailed until it is delivered or re-encrypted” OPEN: Not all features/order known up front Composition may add data variables, add control paths, route around control paths Scalability through modular verification

decrypt encrypt forward clear text message “Reject” If a message is decrypted, then it is not mailed until it is delivered or re-encrypted

Let’s try Model Checking MC: system x property  true or counter-eg

forward-incoming forward don’t forward maildeliver [interface state] AG (decrypted → A[ (encrypted V deliver) R ¬mail ]) FORWARD Property: If a message is decrypted, then it is not mailed until it is delivered or re-encrypted Model checking succeeds

forward-incoming forward don’t forward maildeliver [interface state] AG (decrypted → A[ (encrypted V deliver) R ¬mail ]) FORWARD Property: If a message is decrypted, then it is not mailed until it is delivered or re-encrypted Model checking succeeds should fail!

Problems with Classical Model Checking Closed system assumption – might succeed trivially, b/c data not visible – might fail inaccurately, b/c future path not known – assumes fixed definition of terms (Jo’s talk) Data values ascribed by states, not flows Binary result doesn’t distinguish between false and don’t know suggests 3-valued verification

A Better Solution We decompose verification: – Per module – Per product  constraint generation  constraint solving Shift in perspective: per module, from verification to constraint generation In latest work, constraints are parameterized CTL formulas detect feature interactions

Lessons Learned Modular feature verification must handle cross- modular data flows Some classes of feature-interaction errors can be detected modularly and algorithmically Generate property-specific, parameterized interfaces per module “verification” isn’t the right goal