Upload
dexter
View
46
Download
0
Tags:
Embed Size (px)
DESCRIPTION
POLYLARVA Technology Agnostic Runtime Verification. A System’s Behaviour. Testing. Model Checking. Runtime Verification. Inputs to Runtime Verification System. No more than 10 users can be logged onto the system at any one time - PowerPoint PPT Presentation
Citation preview
POLYLARVA Technology Agnostic Runtime Verification
A System’s Behaviour
Testing
Model Checking
Runtime Verification
Inputs to Runtime Verification System
•No more than 10 users can be logged onto the system at any one time
•A user cannot execute more than 3 failed transactions in one session
•A user which has been idle for more than 5 minutes should be logged out
Creating a Runtime Monitor
Creating a Runtime Monitor
Creating a Runtime Monitor
Creating a Runtime Monitor
Creating a Runtime Monitor
The LARVA Architecture
LARVA – JAVA SpecificProperty to be verified : New accounts can be added for a User if the User settings allowIt. Otherwise this should be disallowed.
before ( User u1) : (call(* User.addAccount(..)) && target(u1) && !cflow(adviceexecution())) {
Monitor monitor_instance = getMonitorInstance(u1); monitor_instance.call(thisJoinPoint.getSignature().toString(), 8/*addAccount*/);}
LARVA – JAVA SpecificProperty to be verified : New accounts can be added for a User if the User settings allowIt. Otherwise this should be disallowed.
if ((_occurredEvent(_event,8/*addAccount*/))
&& (!u .canAddAccounts ())){
_state_id_account = 5;//moving to state cannotadd
_goto_account(_info);}
LARVA – JAVA SpecificProperty to be verified : New accounts can be added for a User if the User settings allowIt. Otherwise this should be disallowed.
if ((_occurredEvent(_event,8/*addAccount*/))
&& (!u .canAddAccounts ())){
_state_id_account = 5;//moving to state cannotadd
_goto_account(_info);}
Goals for PolyLARVA
1) Improve LARVA framework to become a customisable monitoring architecture supporting potentially numerous platforms and technologies
GeneratedMonitor
System(Any Language)
Notifies monitor when specificEvents take place
Evaluates monitoring logic
The PolyLARVA Specification Language
• The PolyLarva specification language proposed is an ECA (Event-Condition-Action) rule-based language
rule name : event \ condition action
ruleAddAccnt: addAccount(u2, a) \ isTooManyAccts -> logTooMany;
The PolyLARVA Specification Language
ruleAddAccnt: addAccount(u2, a) \ isTooManyAccts -> logTooMany;
states { int accountCnt}
conditions{ isTooManyAccts = {accountCnt > 5;} }
The PolyLARVA Specification Language
ruleAddAccnt: addAccount(u2, a) \ isTooManyAccts -> logTooMany;
states { int accountCnt}
conditions{ isTooManyAccts = {accountCnt > 5;} }
actions { logTooMany = {System.out.println("Account limit of 5 exceeded.");}}}
Evaluating Conditions & Actions
Keep Integer count of users in system - usercount
Increment counter on new user addition.
Compare this counter against a set limit on every new user addition
Log warning message
Monitor System
ruleAddUser: addUser( ) \ usercount > 5 logTooManyUsers
addUser()
Evaluating Conditions & Actions
canAddAccounts is a property of a User Instance
Monitor must refer to system to obtain evaluation of condition
Monitor System
ruleAddUser: addAccount( User u ) \ u.canAddAccounts() logNewAccount
addAccount(User u)
u.canAddAccounts()
Evaluating Conditions & Actions
canAddAccounts is a property of a User Instance
Monitor must refer to system to obtain evaluation of condition
Monitor System
ruleAddUser: addAccount( User u ) \ u.canAddAccounts() logNewAccountu.canAddAccounts()
System vs Monitor Conditions & Actions
Monitor Side System Side
Can be evaluated by monitor – no reference to system specific properties
Must be evaluated on the system – reference variables and methods declared in system code
Must be written in JAVA code Must be written in system language
Monitor System
conditions { monitorSide { isTooManyAccts = {accountCnt > 5;} } }
conditions { systemSide { cannotAddAccts = {return !user.canAddAcounts();} } }
The PolyLARVA Architecture
Phase 1: Creation of JAVA code which covers the monitor logic for validating properties
The PolyLARVA Architecture
Phase 2: Creation of code which will be used to instrument the system code Creation of ‘Aspect’ code
The PolyLARVA Architecture
Phase 2: Creation of code which will be used to instrument the system code Creation of code that adds monitor logic on system side
The PolyLARVA Architecture - Communication
Communication between Monitor and Instrumented System via Sockets
The PolyLARVA Language Specific Compiler
Generation of ‘Aspect’ Code
• The Runtime Monitor must be aware of any events, relevant to monitoring, that occur on the system
• Aspect Programming is ideal for use in Runtime Monitoring systems
• Can support a large number of programming languages , though not all
Aspect Code
Generation of JAVA ‘Aspect’ Code
Event Specification
Aspect Code
addAccount(User u2, Account a) = {execution Account a.new(User u2)}
Context_Aspect.ajbefore(Account a,User u2):target(a) && execution(Account.new(..)) && args (u2)&& !cflow(adviceexecution()){ LarvaCommClient.getClientConnection().sendMessage( LarvaCommClient.ASPECT_EVENT, 5,
UniqueIDGenerator.getIdentifier(a)+","+ UniqueIDGenerator.getIdentifier(u2)+",");}
What if our system program is written in PERL?
Event Specification
Aspect Code
addAccount(User u2, Account a) = {execution Account a.new(User u2)}
Context_Aspect.plPERL Aspect Code [uses Aspect.pm]
Uses socket connection to
communicate with monitor
Generation of Monitor ‘Helper’ Code(System Side)
Helper Code
conditions{ systemSide { cannotAddAccts = {!user.canAddAcounts();} } } %%conditions
System side code copied verbatim to
generated code. Helper code becomes
part of System.
PolyLARVA – A Flexible Runtime Monitoring System
QDDC Counterexample Formulas
LUSTRE DATEs RuleBased
JAVA C++
C#
PERL
...
PolyLARVA – A Flexible Runtime Monitoring System
QDDC Counterexample Formulas
LUSTRE DATEs RuleBased
JAVA C++
C#
PERL
...
PolyLARVA – A Flexible Runtime Monitoring System
QDDC Counterexample Formulas
LUSTRE DATEs RuleBased
JAVA C++
C#
PERL
...
PolyLARVA – A Flexible Runtime Monitoring System
QDDC Counterexample Formulas
LUSTRE DATEs RuleBased
JAVA C++ C# PERL ... ...
Future Work on PolyLARVA Runtime Monitor
• Implementation of other Language Specific Compilers
• Implementation of translator for specification in DATEs format to new PolyLarvaspecification
• Analysis of specification script for optimisation of rules
• Ability to save and load Monitor state • Any more?
THE ENDPOLYLARVA Technology Agnostic Runtime Verification