View
217
Download
0
Category
Tags:
Preview:
Citation preview
Runtime Verification of C Programs
with Inspiration from AOP
Klaus Havelund
Jet Propulsion Laboratory Pasadena, USA
Aspect Oriented Programming and Runtime Verification
• Aspect Oriented Programming (AOP):• Pointcut : predicate on program statements.• Advice : pointcut + code (execute code each
time statement satisfying pointcut is reached).
• Runtime Verification (RV = State-full AOP ):• Tracecut : predicate on execution traces.• Advice : tracecut + code (execute code each
time trace predicate is violated - or satisfied, depending on the default).
one possible view
RCAT tool: Developed by Margaret Smith/JPL
Overview of the RMOR System
C program
RMOR
connection
fail = call(F29)
void F29(int m){ …}
…F29(2);… instrumented
C program
monitor
void F29(int m){ …}…submit(fail);F29(2);…
void submit(int event){ switch state of{ … case S3: if(event == fail){ state = S4; } …}
specification
state S3{ when fail -> s4; … }
RCAT
C program
RMOR
connection
fail = call(F29)
void F29(int m){ …}
…F29(2);… instrumented
C program
monitor
void F29(int m){ …}…submit(fail);F29(2);…
void submit(int event){ switch state of{ … case S3: if(event == fail){ state = S4; } …}
specification
state S3{ when fail -> s4; … }
C program
RMOR
connection
fail = call(F29)
void F29(int m){ …}
…F29(2);… instrumented
C program
monitor
void F29(int m){ …}…submit(fail);F29(2);…
void submit(int event){ switch state of{ … case S3: if(event == fail){ state = S4; } …}
specification
state S3{ when fail -> s4; … }
C program
RMOR
connection
fail = call(F29)
void F29(int m){ …}
…F29(2);… instrumented
C program
monitor
void F29(int m){ …}…submit(fail);F29(2);…
void submit(int event){ switch state of{ … case S3: if(event == fail){ state = S4; } …}
specification
state S3{ when fail -> s4; … }
C program
RMOR
connection
fail = call(F29)
void F29(int m){ …}
…F29(2);… instrumented
C program
monitor
void F29(int m){ …}…submit(fail);F29(2);…
void submit(int event){ switch state of{ … case S3: if(event == fail){ state = S4; } …}
specification
state S3{ when fail -> s4; … }
The pointcut language for specifyingprogram points is inspired from aspect oriented programming.
<pc_expr> ::= 'call' '(' idpat1:idpat2 ')' | 'set' '(' idpat1:idpat2 ')' | 'withincode' '(' idpat1:idpat2 ')' | 'within' '(' idpat1 ')' | <ident> | <pc_expr> && <pc_expr> | <pc_expr> || <pct_expr> | '!' <pc_expr> | '(' <pc_expr> ')'
A specifiation can statemany properties, eachrepresented by a monitor.
Event/pointcut parameterization:properties parameterized withsymbols/events and/or pointcuts
Future Extension
Future Extension
Data parameterization:properties parameterized withdata values
The RMOR Grammar
<specification> ::= <monitor>*
<monitor> ::= 'handled'? 'monitor' <monitor_name> '{' <declaration>* '}'
<declaration> ::= <import_decl> | <pointcut_decl> | <symbol_decl> | <machine_decl> | <state_decl>
<import-decl> ::= 'import' <ident> ';'
<pointcut_decl> ::= pointcut <ident> '=' <pc_expr> ';'
<symbol_decl> ::= 'symbol' <symbol_name> '=' ('before' | 'after') <pc_expr> ';' | 'symbol' <ident> (',' <ident>)* ';'
<machine_decl> ::= 'machine' <ident> '{' <state_decl>* '}'
<state_decl> ::= <state_modifier>* 'state' <ident> '{' <transition>* '}' | 'super' <ident> '[' <ident> (',' <ident>)* ']' '{' ('while' <condition> ';')? <transition>* '}' <state_modifier> ::= 'initial' | 'anytime' | 'once' | 'safe' | 'live' | 'next'
<condition> ::= 'ANY' | <ident> | <condition> '&&' <condition> | <condition> '||' <condition> | '!'<condition> | '(' <condition> ')'
<transition> ::= 'when' <condition> ('->'|'=>') <ident> ';'
<pc_expr> ::= 'call' '(' idpat1:idpat2 ')' | 'set' '(' idpat1:idpat2 ')' | 'withincode' '(' idpat1:idpat2 ')' | 'within' '(' idpat1 ')' | <ident> | <pc_expr> && <pc_expr> | <pc_expr> || <pct_expr> | '!' <pc_expr> | '(' <pc_expr> ')'
CIL: C Intermediate LanguageA C Program Analysis and Transformation Tool
…while(x>0){ f(x); x--;};…
results:………
…while(x>0){ M_submit(42); f(x); x--;};…
…void M_submit(int e){ switch(state){ case S7: … }}
transformation
normalize
AST normalized AST
CIL
specification
Monitor syntesizer
+
events
Recommended