ABSTRACT
Runtime Assertion Checking (RAC) is the discipline of verifying program assertions at runtime, i.e. when executing the code. Nowadays, RAC usually relies on Behavioral Interface Specification Languages (BISL) à la Eiffel for writing powerful code specifications. Since now more than 20 years, several works have studied RAC. Most of them have focused on BISL. Some others have also considered combinations of RAC with others techniques, e.g. deductive verification (DV). Very few tackle RAC as a verification technique that soundly generates efficient code from formal annotations. Here, we revisit these three RAC's research areas by emphasizing the works done in E-Acsl, which is both a BISL and a RAC tool for C code. We also compare it to others languages and tools.
- T. M. Austin, S. E. Breach, and G. S. Sohi. 1994. Efficient Detection of All Pointer and Array Access Errors. In Conf. on Programming Language Design and Implementation (PLDI). https://doi.org/10.1145/178243.178446 Google ScholarDigital Library
- G. Barany and J. Signoles. 2017. Hybrid Information Flow Analysis for Real-World C Code. In Int. Conf. on Tests and Proofs (TAP). https://doi.org/10.1007/978-3-319-61467-0_2 Google ScholarCross Ref
- M. Barnett, M. Fähndrich, K. R. M. Leino, P. Müller, W. Schulte, and H. Venter. 2011. Commun. ACM, https://doi.org/10.1145/1953122.1953145 Google ScholarDigital Library
- P. Baudin, J.-C. Filliâtre, C. Marché, B. Monate, Y. Moy, and V. Prevosto. [n.d.]. ACSL: ANSI/ISO C Specification Language. http://frama-c.com/acsl.htmlGoogle Scholar
- B. Becker, C. Lourenço, and C. Marché. 2021. Explaining Counterexamples with Giant-Step Assertion Checking. In Workshop on Formal Integrated Development Environments (F-IDE).Google Scholar
- B. Beckert, M. Kirsten, J. Klamroth, and M. Ulbrich. 2020. Modular Verification of JML Contracts Using Bounded Model Checking. In Int. Symp. On Leveraging Applications of Formal Methods, Verification and Validation (ISoLA).Google Scholar
- L. Blatter, N. Kosmatov, P. Le Gall, V. Prevosto, and G. Petiot. 2018. Static and Dynamic Verification of Relational Properties on Self-composed C Code. In Int. Conf. on Tests and Proofs (TAP). https://doi.org/10.1007/978-3-319-92994-1_3 Google ScholarCross Ref
- S. Blazy, D. Bühler, and B. Yakobowski. 2017. Structuring Abstract Interpreters through State and Value Abstractions. In International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI’17). https://doi.org/10.1007/978-3-319-52234-0_7 Google ScholarCross Ref
- C. Casalnuovo, P. T. Devanbu, A. Oliveira, V. Filkov, and B. Ray. 2015. Assert Use in GitHub Projects. In Int. Conf. on Software Engineering (ICSE). https://doi.org/doi/10.5555/2818754.2818846Google Scholar
- P. Chalin. 2007. A Sound Assertion Semantics for the Dependable Systems Evolution Verifying Compiler. In Int. Conf. on Software Engineering (ICSE). https://doi.org/10.1109/ICSE.2007.9 Google ScholarDigital Library
- A. Charguéraud, J.-C. Filliâtre, C. Lourenço, and M. Pereira. 2019. GOSPEL – Providing OCaml with a Formal Specification Language. In Int. Conf. on Formal Methods (FM). https://doi.org/10.1007/978-3-030-30942-8_29 Google ScholarCross Ref
- Y. Cheon. 2003. A runtime assertion checker for the Java Modeling Language. Ph.D. Dissertation. Iowa State University.Google Scholar
- L. A. Clarke and D. S. Rosenblum. 2006. A Historical Perspective on Runtime Assertion Checking in Software Development. SIGSOFT Software Engineering Notes, https://doi.org/10.1145/1127878.1127900 Google ScholarDigital Library
- E. Cohen, M. Dahlweid, M. Hillebrand, D. Leinenbach, M. Moskal, T. Santen, W. Schulte, and S. Tobies. 2009. VCC: A Practical System for Verifying Concurrent C. In Int. Conf. on Theorem Proving in Higher Order Logics (TPHOL). https://doi.org/10.1007/978-3-642-03359-9_2 Google ScholarDigital Library
- D. R. Cok. 2011. OpenJML: JML for Java 7 by Extending OpenJDK. In Int. Symp. on NASA Formal Methods (NFM). https://doi.org/10.1007/978-3-642-20398-5_35 Google ScholarCross Ref
- M. Delahaye, N. Kosmatov, and J. Signoles. 2013. Common Specification Language for Static and Dynamic Analysis of C Programs. In Symp. on Applied Computing (SAC). https://doi.org/10.1145/2480362.2480593 Google ScholarDigital Library
- M. Fähndrich, M. Barnett, and F. Logozzo. 2010. Embedded Contract Languages. In Symp. on Applied Computing (SAC). https://doi.org/10.1145/1774088.1774531 Google ScholarDigital Library
- M. Fähndrich and F. Logozzo. 2010. Static Contract Checking with Abstract Interpretation. In Formal Verification of Object-Oriented Software (FoVeOOS). https://doi.org/10.1007/978-3-642-18070-5_2 Google ScholarCross Ref
- Y. Falcone, K. Havelund, and G. Reger. 2013. A Tutorial on Runtime Verification. In Engineering Dependable Software Systems. https://doi.org/10.3233/978-1-61499-207-3-141 Google ScholarCross Ref
- J.-C. Filliâtre and C. Marché. 2007. The Why/Krakatoa/Caduceus Platform for Deductive Program Verification. In Int. Conf. on Computer Aided Verification (CAV). https://doi.org/10.1007/978-3-540-73368-3_21 Google ScholarCross Ref
- J.-C. Filliâtre, L. Gondelman, and A. Paskevich. 2014. The Spirit of Ghost Code. In Int. Conf. on Computer Aided Verification (CAV). https://doi.org/10.1007/978-3-319-08867-9_1 Google ScholarDigital Library
- J.-C. Filliâtre and A. Paskevich. 2013. Why3 — Where Programs Meet Provers. In European Symp. on Programming (ESOP). https://doi.org/10.1007/978-3-642-37036-6_8 Google ScholarDigital Library
- A. Giorgetti, J. Groslambert, J. Julliand, and O. Kouchnarenko. 2008. Verification of class liveness properties with Java Modeling Language. IET Software, 2, 6 (2008), https://doi.org/10.1049/iet-sen:20080008 Google ScholarCross Ref
- R. Hähnle and M. Huisman. 2019. Deductive Software Verification: From Pen-and-Paper Proofs to Industrial Tools. https://doi.org/10.1007/978-3-319-91908-9_18 Google ScholarCross Ref
- J. Hatcliff, G. T. Leavens, K. R. M. Leino, P. Müller, and M. Parkinson. 2012. Behavioral Interface Specification Languages. Computing Surveys, 44, 3 (2012), https://doi.org/10.1145/2187671.2187678 Google ScholarDigital Library
- D. Hoang, Y. Moy, A. Wallenburg, and R. Chapman. 2015. SPARK 2014 and GNATprove – A competition report from builders of an industrial-strength verifying compiler. Software Tools for Technology Transfer, https://doi.org/10.1007/s10009-014-0322-5 Google ScholarDigital Library
- Marieke Huisman and Alejandro Tamalet. 2009. A Formal Connection between Security Automata and JML Annotations. In Int. Conf. on Fundamental Approaches to Software Engineering (FASE). https://doi.org/10.1007/978-3-642-00593-0_23 Google ScholarDigital Library
- A. Jakobsson, N. Kosmatov, and J. Signoles. 2016. Fast as a Shadow, Expressive as a Tree: Optimized Memory Monitoring for C. Science of Computer Programming, https://doi.org/10.1016/j.scico.2016.09.003 Google ScholarDigital Library
- R. W. M. Jones and P. H. J. Kelly. 1997. Backwards-compatible bounds checking for arrays and pointers in C programs. In Int. Workshop on Automatic Debugging (AADEBUG). https://doi.org/10.1145/1134285.1134309 Google ScholarDigital Library
- J. Kandziora, M. Huisman, C. Bockisch, and M. Zaharieva-Stojanovski. 2015. Run-time assertion checking of JML annotations in multithreaded applications with e-OpenJML. In Workshop on Formal Techniques for Java-like Programs (FTfJP). https://doi.org/10.1145/2786536.2786541 Google ScholarDigital Library
- F. Kirchner, N. Kosmatov, V. Prevosto, J. Signoles, and B. Yakobowski. 2015. Frama-C: A Software Analysis Perspective. Formal Aspects of Computing, https://doi.org/10.1007/s00165-014-0326-7 Google ScholarDigital Library
- P. S. Kochhar and D. Lo. 2017. Revisiting Assert Use in GitHub Projects. In Int. Conf. on Evaluation and Assessment in Software Engineering (EASE). https://doi.org/10.1145/3084226.3084259 Google ScholarDigital Library
- B. Konikowska, A. Tarlecki, and A. Blikle. 1988. A three-valued logic for software specification and validation. In VDM ’88 VDM — The Way Ahead. https://doi.org/10.1007/3-540-50214-9_19 Google ScholarCross Ref
- P. Kosiuczenko. 2010. An Abstract Machine for the Old Value Retrieval. In Int. Conf. on Mathematics of Program Construction (MPC). https://doi.org/10.1007/978-3-642-13321-3_14 Google ScholarCross Ref
- N. Kosmatov, C. Marché, J. Signoles, and Y. Moy. 2016. Static vs Dynamic Verification in Why3, Frama-C and SPARK 2014. In Int. Symp. On Leveraging Applications of Formal Methods, Verification and Validation (ISoLA).Google Scholar
- N. Kosmatov, F. Maurica, and J. Signoles. 2020. Efficient Runtime Assertion Checking for Properties over Mathematical Numbers. In Int. Conf. on Runtime Verification (RV). https://doi.org/10.1007/978-3-030-60508-7_17 Google ScholarCross Ref
- N. Kosmatov, G. Petiot, and J. Signoles. 2013. An Optimized Memory Monitoring for Runtime Assertion Checking of C Programs. In Int. Conf. on Runtime Verification (RV). https://doi.org/10.1007/978-3-642-40787-1_10 Google ScholarCross Ref
- G. T. Leavens, A. L. Baker, and C. Ruby. 1999. JML: A Notation for Detailed Design. https://doi.org/10.1007/978-1-4615-5229-1_12 Google ScholarCross Ref
- H. Lehner. 2011. A Formal Definition of JML in Coq and its Application to Runtime Assertion Checking. Ph.D. Dissertation. ETH Zurich.Google Scholar
- K. R. M. Leino. 2008. This is Boogie 2.Google Scholar
- D. Ly, N. Kosmatov, F. Loulergue, and J. Signoles. 2018. Soundness of a Dataflow Analysis for Memory Monitoring. In Workshop on Languages and Tools for Ensuring Cyber-Resilience in Critical Software-Intensive Systems (HILT). https://doi.org/10.1145/3375408.3375416 Google ScholarDigital Library
- D. Ly, N. Kosmatov, F. Loulergue, and J. Signoles. 2020. Verified Runtime Assertion Checking for Memory Properties. In Int. Conf. on Tests and Proofs (TAP). https://doi.org/10.1007/978-3-030-50995-8_6 Google ScholarCross Ref
- F. Maurica, D. R. Cok, and J. Signoles. 2018. Runtime Assertion Checking and Static Verification: Collaborative Partners. In Int. Symp. On Leveraging Applications of Formal Methods, Verification and Validation (ISoLA). https://doi.org/10.1007/978-3-030-03421-4_6 Google ScholarCross Ref
- B. Meyer. 1988. Eiffel: A language and environment for software engineering. Systems and Software, https://doi.org/10.1016/0164-1212(88)90022-2 Google ScholarDigital Library
- A. Ouadjaout and A. Miné. 2020. A Library Modeling Language for the Static Analysis of C Programs. In Static Analysis Symp. (SAS). https://doi.org/10.1007/978-3-030-65474-0_11 Google ScholarCross Ref
- D. Pariente and J. Signoles. 2017. Static Analysis and Runtime Assertion Checking: Contribution to Security Counter-Measures. In Symp. sur la Sécurité des Technologies de l’Information et des Communications (SSTIC).Google Scholar
- G. Petiot, B. Botella, J. Julliand, N. Kosmatov, and J. Signoles. 2014. Instrumentation of Annotated C Programs for Test Generation. In Int. Conf. on Source Code Analysis and Manipulation (SCAM). https://doi.org/10.1109/SCAM.2014.19 Google ScholarDigital Library
- G. Petiot, N. Kosmatov, B. Botella, A. Giorgetti, and J. Julliand. 2018. How testing helps to diagnose proof failures. Formal Aspects of Computing, https://doi.org/10.1007/s00165-018-0456-4 Google ScholarDigital Library
- X. Rival and K. Yi. 2020. Introduction to Static Analysis: An Abstract Interpretation Perspective.Google Scholar
- V. Robles, N. Kosmatov, V. Prevosto, L. Rilling, and P. Le Gall. 2019. Tame Your Annotations with MetAcsl: Specifying, Testing and Proving High-Level Properties. https://doi.org/10.1007/978-3-030-31157-5_11 Google ScholarCross Ref
- K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In Annual Technical Conf. (ATC). https://doi.org/doi/10.5555/2342821.2342849Google Scholar
- J. Signoles, N. Kosmatov, and K. Vorobyov. 2017. E-ACSL, a Runtime Verification Tool for Safety and Security of C Programs. In Int. Workshop on Competitions, Usability, Benchmarks, Evaluation, and Standardisation for Runtime Verification Tools (RV-CuBES). https://doi.org/10.29007/fpdh Google ScholarCross Ref
- M. S. Simpson and R. K. Barua. 2012. MemSafe: Ensuring the Spatial and Temporal Memory Safety of C at Runtime. Software: Practice and Experience, https://doi.org/10.1002/spe.2105 Google ScholarDigital Library
- K. Vorobyov, N. Kosmatov, and J. Signoles. 2018. Detection of Security Vulnerabilities in C Code using Runtime Verification. In Int. Conf. on Tests and Proofs (TAP). https://doi.org/10.1007/978-3-319-92994-1_8 Google ScholarCross Ref
- K. Vorobyov, N. Kosmatov, J. Signoles, and A. Jakobsson. 2017. Runtime Detection of Temporal Memory Errors. In Internation Conf. on Runtime Verification (RV). https://doi.org/10.1007/978-3-319-67531-2_18 Google ScholarCross Ref
- K. Vorobyov, J. Signoles, and N. Kosmatov. 2017. Shadow State Encoding for Efficient Monitoring of Block-level Properties. In Int. Symp. on Memory Management (ISMM). https://doi.org/10.1145/3092255.3092269 Google ScholarDigital Library
Index Terms
- The e-ACSL perspective on runtime assertion checking
Recommendations
A contextual interpretation of undefinedness for runtime assertion checking
AADEBUG'05: Proceedings of the sixth international symposium on Automated analysis-driven debuggingRuntime assertion checkers and static checking and verification tools must all cope with the well-known undefinedness problem of logic. This problem is particularly severe for runtime assertion checkers, since, in addition to the possibility of ...
Ortac: Runtime Assertion Checking for OCaml (Tool Paper)
Runtime VerificationAbstractRuntime assertion checking (RAC) is a convenient set of techniques that lets developers abstract away the process of verifying the correctness of their programs by writing formal specifications and automating their verification at runtime.
In this ...
How the design of JML accommodates both runtime assertion checking and formal verification
Formal methods for components and objects pragmatic aspects and applicationsSpecifications that are used in detailed design and in the documentation of existing code are primarily written and read by programmers. However, most formal specification languages either make heavy use of symbolic mathematical operators, which ...
Comments