automated size analysis for ocl
play

Automated Size Analysis for OCL Fang Yu , Tevfik Bultan, Erik - PowerPoint PPT Presentation

Oct 29, 2022 •170 likes •466 views

Automated Size Analysis for OCL Fang Yu , Tevfik Bultan, Erik Peterson Department of Computer Science University of California, Santa Barbara ESEC/FSE07 p. 1/28 Overview Target: Object Constraint Language Idea: Size Abstraction

  1. Automated Size Analysis for OCL Fang Yu , Tevfik Bultan, Erik Peterson Department of Computer Science University of California, Santa Barbara ESEC/FSE07 – p. 1/28

  2. Overview • Target: Object Constraint Language • Idea: Size Abstraction • Method: Infinite State Model Checking • Experiments: Verification of Java Card API Specifications ESEC/FSE07 – p. 2/28

  3. OCL What is Object Constraint Language (OCL)? • A specification language for describing constraints on object oriented models • Developed at IBM and now part of the UML standard • Used to describe precise constraints that cannot be presented in UML diagrams: • class invariants on attributes and associations • pre and post conditions of class methods ESEC/FSE07 – p. 3/28

  4. OCL Why shall we care about OCL? • UML/OCL is a widely adopted industry standard at the design stage • Object Management Group (OMG) standard • Identifying design errors before the implementation stage is cost effective There is a lack of automatic verification tools to check the correctness of OCL specifications! ESEC/FSE07 – p. 4/28

  5. OCL Collection OCL allows collections of arbitrary types and this makes automatic verification difficult. There are three basic collection types in OCL: • A Set is a collection that contains instances of a valid OCL type but does not contain duplicate elements • A Bag is like a Set , but it can contain duplicate elements • A Sequence is like a Bag but the elements are ordered ESEC/FSE07 – p. 5/28

  6. OCL Example From OCL Specifications of Java Card API 2.1.1 Class Invariant: self.thrownExceptions->isEmpty() implies (self.theAID->size() >= 5 and self.theAID->size() <= 16) Method Specification: context AID::equal(anObject: Set(Integer)): Boolean post: self.thrownExceptions = self.thrownExceptions@pre and (result = (anObject->asSequence = self.theAID)) context AID::getBytes(dest: Sequence(Integer), offset: Integer, e: Integer): Integer post: ... self.theAID = dest-> subSequence(offset, offset+self.theAID->size()) ... ESEC/FSE07 – p. 6/28

  7. Size Analysis OCL Size Analysis Framework: Verified OCL Action Language OCL Parser Size Abstraction Falsified Specification Verifier Unknown Size Abstraction: • Converts OCL expressions on collection types into arithmetic constraints on their sizes • Abstracts away the contents of the collections Action Language Verifier (ALV): • Composite model checking (BDD + Polyhedra + DFA) • Infinite state verification using conservative approximation techniques (e.g., widening, bounded fixpoint computations) ESEC/FSE07 – p. 7/28

  8. Size Abstraction Since we abstract away the contents, size constraints may not be precise. For example, the size constraints generated for the expression o 1 ->union ( o 2 ) : • if o 1 , o 2 are Set , then max ( o 1 .v, o 2 .v ) ≤ o.v ≤ o 1 .v + o 2 .v • if o 1 , o 2 are Bag or Seq , then o.v = o 1 .v + o 2 .v where • o denotes the collection that is the result of the expression (which is the union of o 1 and o 2 ) • o.v , o 1 .v , o 2 .v denote the sizes of the collections ESEC/FSE07 – p. 8/28

  9. Size Constraints Type o, o 1 , o 2 OCL Expression Size Constraint o 1 ->including ( e ) s, s o 1 .v ≤ o.v ≤ o 1 .v + 1 ∧ ( o 1 .v = 0 ⇒ o.v = 1) ∧ o 1 .c m, m o.v = o 1 .v + 1 ∧ o 1 .c o 1 ->append ( e ) m, m o.v = o 1 .v + 1 ∧ o 1 .c o 1 ->excluding ( e ) s, s max (0 , o 1 .v − 1) ≤ o.v ≤ o 1 .v ∧ o 1 .c m, m max (0 , o 1 .v − 1) ≤ o.v ≤ o 1 .v ∧ o 1 .c o 1 ->union ( o 2 ) s, s, s max ( o 1 .v, o 2 .v ) ≤ o.v ≤ o 1 .v + o 2 .v ∧ o 1 .c ∧ o 2 .c m, s/m, m/s o.v = o 1 .v + o 2 .v ∧ o 1 .c ∧ o 2 .c o 1 ->intersection ( o 2 ) s, s/m, m/s 0 ≤ o.v ≤ min ( o 1 .v, o 2 .v ) ∧ o 1 .c ∧ o 2 .c m, m, m 0 ≤ o.v ≤ min ( o 1 .v, o 2 .v ) ∧ o 1 .c ∧ o 2 .c o 1 - o 2 s, s, s max (0 .o 1 .v − o 2 .v ) ≤ o.v ≤ o 1 .v ∧ o 1 .c ∧ o 2 .c o 1 ->subSequence ( i 1 , i 2 ) m, m ( o 1 .v ≥ i 2 ≥ i 1 ∧ o.v = i 2 − i 1 + 1) ∧ o 1 .c o 1 ->at ( i ) m, m ( o 1 .v ≥ i ≥ 0 ⇒ o.v = 1) ∧ o 1 .c o 1 ->asSet s, s o.v = o 1 .v ∧ o 1 .c s, m (( o 1 .v > 0 ∧ 1 ≤ o.v ≤ o 1 .v ) ∨ ( o 1 .v = o.v = 0)) ∧ o 1 .c ESEC/FSE07 – p. 9/28

  10. OCL Specification context OwnerPIN::update(newpin: Sequence(Integer), offset:Integer,length: Integer, e:Integer) pre: newpin->notEmpty() and offset >= 0 and offset+length <= newpin->size() and length >= 0 post:( 1: thrownExceptions=thrownExceptions@pre 2: and self.pin->subSequence(0,length) =newpin->subSequence(offset, offset+length) )or( 3: thrownExceptions=thrownExceptions@pre->including(e) 4: and length > self.maxPINSize )or( 5: thrownExceptions=thrownExceptions@pre->including(e) 6: and systemInstance->notEmpty() ) ESEC/FSE07 – p. 10/28

  11. Size Constraints newpin->notEmpty() newpin.size > 0 self.pin->subSequence(0,length) result.size = length - 0 + 1 and pin.size >= length and length >= 0 thrownExceptions = thrownExceptions@pre->including(e) thrownExceptions.size = result.size and result.size = thrownExceptions@pre.size + 1 ESEC/FSE07 – p. 11/28

  12. Action Language Abstraction module updateMod() updateMod: pre: newpin > 0 and offset >= 0 and length + offset <= newpin and length >= 0 and post:( 1: (thrownExceptions’ = thrownExceptions 2: and tmp8 = tmp9 and tmp8 = length - 0 + 1 and pin’ >= length and length >= 0 and tmp9 = length + offset - offset + 1 and newpin’ >= length + offset and length + offset >= offset ) or ( 3: thrownExceptions’ = tmp10 and tmp10 = thrownExceptions + 1 4: and length > maxPINSize’ ) or ( 5: thrownExceptions’ = tmp11 and tmp11 = thrownExceptions + 1 6: and systemInstance’ > 0) ); endmodule ESEC/FSE07 – p. 12/28

  13. OCL Formalization An OCL class specification is C = ( P, A, M ) , where • P: a set of properties representing class invariants • A: a set of attributes (fields of the class) • M: a set of methods. For each m ∈ M , • m.pre : A is pre condition • m.post : A × A @ pre is post condition We define the formal semantics of OCL as a transition system. ESEC/FSE07 – p. 13/28

  14. Transition System The corresponding transition system is � C � = ( S, I, R ) , where S is the set of states, I ⊆ S is the initial states, and R is the transition relation, and • S = dom ( A 1 ) × . . . × dom ( A n ) • For all p ∈ P , I ⊆ � p � • R m = { ( s 1 , s 2 ) | s 1 ∈ � m.pre � ∧ ( s 1 , s 2 ) ∈ � m.post �} • R = � m ∈ M R m • Given a set of states Q ⊆ S , R ( Q ) = { s 2 | ∃ s 1 ∈ Q , ( s 1 , s 2 ) ∈ R } • R ∗ denotes the reflexive transitive closure of R , and R ∗ ( I ) is the set of all reachable states in the transition system ESEC/FSE07 – p. 14/28

  15. OCL Correctness An OCL class specification is correct if and only if its class invariants are consistent with the pre and post conditions of its methods. We formalize this as follows: Definition : An OCL class specification C = ( P, A, M ) with the corresponding transition system � C � = ( I, S, R ) is correct , if and only if, all the reachable states of the class satisfy all the class invariants, i.e., for all p ∈ P , R ∗ ( I ) ⊆ � p � . ESEC/FSE07 – p. 15/28

  16. Reachability Analysis • Concrete States: I, R ( I ) , R ∗ ( I ) , || P || • Abstract States (Over Approximation): I ′ , R ′ ( I ′ ) , R ′∗ ( I ′ ) , || P || ′ • R ∗ ( I ) ⊆ || P || , correct • R ′∗ ( I ′ ) ⊆ || P || ′ , correct? We do not know. • We use ¬||¬ P || ′ as an under approximation of || P || . ESEC/FSE07 – p. 16/28

  17. Size Abstraction Size abstraction satisfies the following properties: ∀ s ∈ S, s ∈ I ⇒ abs ( s ) ∈ abs ( I ) ∀ s 1 , s 2 ∈ S, ( s 1 , s 2 ) ∈ R ⇒ ( abs ( s 1 ) , abs ( s 2 )) ∈ abs ( R ) ∀ s ∈ S, ∀ p ∈ P, abs ( s ) ∈ �¬ abs ( ¬ p ) � ⇒ s ∈ � p � Based on these properties, we can prove the following theorem: Theorem : Given a class specification C , if abs ( C ) is correct, then C is correct. ESEC/FSE07 – p. 17/28

  18. Case Study: Java Card API We applied our technique to verification of the Java Card Application Programming Interface (API) specifications. • Java Card is a platform for developing applications that run on smart cards • The OCL specifications of Java Card API 2.1.1 are given by [Larsson and Mostowski, ENTCS04]. • These include 31 classes and 150 methods in javacard.framework , javacard.security , javacard.framework.service , and javacardx.crypto packages. ESEC/FSE07 – p. 18/28

  19. Case Study: Java Card API Almost any type of smart card can benefit from Java Card technology: • Subscriber Identity Module (SIM) cards, used in cell phones on most wireless networks • Financial cards supporting both online and offline transactions • Government and health-care identity cards • Smart tickets for mass transit However, if there are errors in the Java Card API specifications, these applications may be vulnerable! ESEC/FSE07 – p. 19/28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Small Cell Height &amp; Base Size Analysis Analysis on Height and Base Size of deployments 15

Small Cell Height &amp; Base Size Analysis Analysis on Height and Base Size of deployments 15

Small Cell Height &amp; Base Size Analysis Analysis on Height and Base Size of deployments 15 October 2019 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of

1.03k views • 23 slides
Automated capability analysis in Wordpress plugins Using static and dynamic analysis SNE RP2

Automated capability analysis in Wordpress plugins Using static and dynamic analysis SNE RP2

Automated capability analysis in Wordpress plugins Using static and dynamic analysis SNE RP2 Frank Uijtewaal Collab: DongIT (dongit.nl) Initial project goal Find a new and interesting type of security analysis for web applications

480 views • 35 slides
Automated Verification of Shape and Size Properties via Separation Logic Huu Hai Nguyen 1 ,

Automated Verification of Shape and Size Properties via Separation Logic Huu Hai Nguyen 1 ,

Automated Verification of Shape and Size Properties via Separation Logic Huu Hai Nguyen 1 , Cristina David 2 , Shengchao Qin 3 , and Wei-Ngan Chin 1 , 2 1 Computer Science Programme, Singapore-MIT Alliance 2 Department of Computer Science, National

222 views • 18 slides
my.SWISSTRAFFIC Automated Traffic Collection &amp; Analysis FULLY AUTOMATED TRAFFIC DATA

my.SWISSTRAFFIC Automated Traffic Collection &amp; Analysis FULLY AUTOMATED TRAFFIC DATA

my.SWISSTRAFFIC Automated Traffic Collection &amp; Analysis FULLY AUTOMATED TRAFFIC DATA COLLECTION AND ANALYTICS There is a high demand for reliable Traffic Data but Static data single-purpose data Invasive costly deployment &amp;

404 views • 18 slides
A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web

A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web

A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web Alexei Bulazel &amp; Blent Yener River Loop Security Rensselaer Polytechnic Institute (RPI) Introduction Automated dynamic malware analysis is

684 views • 33 slides
Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal and Wenke Lee College of Computing Georgia Institute of Technology Agenda l Background l Defeating Automated Malware Analysis Host

1.28k views • 28 slides
GR-INSPECTOR A SIGNAL ANALYSIS TOOLBOX FOR GNU RADIO MOTIVATION OF AUTOMATED SIGNAL ANALYSIS

GR-INSPECTOR A SIGNAL ANALYSIS TOOLBOX FOR GNU RADIO MOTIVATION OF AUTOMATED SIGNAL ANALYSIS

GR-INSPECTOR A SIGNAL ANALYSIS TOOLBOX FOR GNU RADIO MOTIVATION OF AUTOMATED SIGNAL ANALYSIS Spectrum Monitoring Explore real-world signals Easy access for beginners Live demodulation Batch processing of signals TASKS OF RECEIVING UNKNOWN

626 views • 16 slides
Symbolic String Verification: Combining String Analysis and Size Analysis Fang Yu Tevfik Bultan

Symbolic String Verification: Combining String Analysis and Size Analysis Fang Yu Tevfik Bultan

Symbolic String Verification: Combining String Analysis and Size Analysis Symbolic String Verification: Combining String Analysis and Size Analysis Fang Yu Tevfik Bultan Oscar H. Ibarra Deptartment of Computer Science University of California

477 views • 36 slides
CELLENGER CELLENGER Automated High Automated High Content Content Analysis of Analysis of

CELLENGER CELLENGER Automated High Automated High Content Content Analysis of Analysis of

CELLENGER CELLENGER Automated High Automated High Content Content Analysis of Analysis of Biomedical Biomedical Imagery Imagery Dr. Maria Athelogou the cognitive computing company the cognitive computing company Founded in 1994 as

308 views • 19 slides
Informed and automated k -mer size selection for genome assembly Rayan Chikhi, Paul Medvedev

Informed and automated k -mer size selection for genome assembly Rayan Chikhi, Paul Medvedev

Informed and automated k -mer size selection for genome assembly Rayan Chikhi, Paul Medvedev Pennsylvania State University HiTSeq - July 2013 1/15 G ENOME ASSEMBLY Genome assembly is the technique used to reconstruct genome sequences from DNA

212 views • 20 slides
Towards Safety Analysis of Interactions Between Human Users and Automated Driving Systems

Towards Safety Analysis of Interactions Between Human Users and Automated Driving Systems

10th European Congress on Embedded Real-Time Systems - ERTS 2020 Towards Safety Analysis of Interactions Between Human Users and Automated Driving Systems Fredrik Warg Stig Ursing Martin Kaalhus Richard Wiik Safety of Automated Driving

762 views • 19 slides
Trace Level Automated Mercury Speciation Analysis Vivien Taylor, 1 Brian Jackson, 1 Annie

Trace Level Automated Mercury Speciation Analysis Vivien Taylor, 1 Brian Jackson, 1 Annie

Trace Level Automated Mercury Speciation Analysis Vivien Taylor, 1 Brian Jackson, 1 Annie Carter, 2 Colin Davies 2 1. Trace Element Core, Dartmouth College 2. Brooks Rand Labs Background Trace Level Automated Mercury Analysis EPA 1630

549 views • 25 slides
Automated High-dimensional Cytometric Data Analysis Cytometric Data Analysis Philip L. De Jager,

Automated High-dimensional Cytometric Data Analysis Cytometric Data Analysis Philip L. De Jager,

Automated High-dimensional Cytometric Data Analysis Cytometric Data Analysis Philip L. De Jager, M.D. Ph.D. Director, Program in Translational NeuroPsychiatric Genomics Brigham &amp; Womens Hospital Assistant Professor of Neurology Harvard

477 views • 46 slides
AUTOMATED ANALYSIS OF URINE SEDIMENT GIOVANNI BATTISTA FOGAZZI CLINICAL AND RESEARCH LABORATORY

AUTOMATED ANALYSIS OF URINE SEDIMENT GIOVANNI BATTISTA FOGAZZI CLINICAL AND RESEARCH LABORATORY

AUTOMATED ANALYSIS OF URINE SEDIMENT GIOVANNI BATTISTA FOGAZZI CLINICAL AND RESEARCH LABORATORY ON URINARY SEDIMENT U.O. DI NEFROLOGIA E DIALISI FONDAZIONE IRCCS CA GRANDA OSPEDALE MAGGIORE POLICLINICO MILANO- ITALY 1985: THE FIRST AUTOMATED

918 views • 34 slides
Low fertility in Latin America: an analysis using cohort size variation and age- specific growth

Low fertility in Latin America: an analysis using cohort size variation and age- specific growth

Low fertility in Latin America: an analysis using cohort size variation and age- specific growth rates Vanessa di Lego Ana Paula Verona Cedeplar/UFMG/Brazil Abstract Some important studies have impinged upon the size of generations as playing

500 views • 27 slides
2017-2018 Winter NWEA Class Size vs. Growth Analysis Office of Teaching and Learning Class Size

2017-2018 Winter NWEA Class Size vs. Growth Analysis Office of Teaching and Learning Class Size

2017-2018 Winter NWEA Class Size vs. Growth Analysis Office of Teaching and Learning Class Size and Research Smaller class sizes Make it easier for teachers to build relationships Provide more of an opportunity to get personalized

447 views • 15 slides
Database Design 340151 Big Databases &amp; Cloud Services (P. Baumann) 1 Core Database Design

Database Design 340151 Big Databases &amp; Cloud Services (P. Baumann) 1 Core Database Design

Database Design 340151 Big Databases &amp; Cloud Services (P. Baumann) 1 Core Database Design Steps Our focus in this section Conceptual design Construct a description of the information used in an enterprise Focus on

476 views • 12 slides
Last Time Why Database Management Systems? IT420: Database Management and High-level

Last Time Why Database Management Systems? IT420: Database Management and High-level

Last Time Why Database Management Systems? IT420: Database Management and High-level abstractions for data access, Organization manipulation, and administration Data integrity and security Performance and scalability Introduction

224 views • 9 slides
Lecture 05 (09-11-2015) High-Level Design with SysML Christoph Lth Jan Peleska

Lecture 05 (09-11-2015) High-Level Design with SysML Christoph Lth Jan Peleska

Systeme hoher Qualitt und Sicherheit Universitt Bremen WS 2015/2016 Lecture 05 (09-11-2015) High-Level Design with SysML Christoph Lth Jan Peleska Dieter Hutter SSQ, WS 15/16 Where are we? 01: Concepts of Quality 02: Legal

389 views • 23 slides
Why Components? Software components are binary units of independent production, acquisition,

Why Components? Software components are binary units of independent production, acquisition,

Why Components? Software components are binary units of independent production, acquisition, and deployment that interact to form a functioning system (Szyperski 1997) The rationale behind component software: Largely pushed by desktop

768 views • 25 slides
Object oriented Object oriented Object oriented Object oriented approach and UML approach and

Object oriented Object oriented Object oriented Object oriented approach and UML approach and

Object oriented Object oriented Object oriented Object oriented approach and UML approach and UML approach and UML approach and UML Goals The goals of this chapter are to introduce the object oriented approach to software systems

1.06k views • 92 slides
Outline Object-orientation and databases CS 235: Object-oriented model: ODL Object

Outline Object-orientation and databases CS 235: Object-oriented model: ODL Object

Outline Object-orientation and databases CS 235: Object-oriented model: ODL Object Query Language Introduction to Databases Svetlozar Nestorov Lecture Notes #15 CS 235: Introduction to Databases 2 Object-Oriented DBMSs ODMG

550 views • 8 slides
Living in the Present: On-the-fly Information Processing in Scalable Web Architectures David

Living in the Present: On-the-fly Information Processing in Scalable Web Architectures David

Department of Computing Living in the Present: On-the-fly Information Processing in Scalable Web Architectures David Eyers, Tobias Freudenreich, Alessandro Margara, Sebastian Frischbier, Peter Pietzuch , Patrick Eugster University of Otago, TU

589 views • 20 slides
Spanish Tax Agency Spanish Tax Agency ITS 2.0 implementation ITS 2.0 implementation experience

Spanish Tax Agency Spanish Tax Agency ITS 2.0 implementation ITS 2.0 implementation experience

Spanish Tax Agency Spanish Tax Agency ITS 2.0 implementation ITS 2.0 implementation experience in HTML5: experience in HTML5: www.agenciatributaria.es www.agenciatributaria.es MultilingualWeb Workshop Making the Multilingual Web Work Rome,

307 views • 27 slides

More recommend