Departmental Papers (CIS)

Date of this Version

6-2016

Document Type

Conference Paper

Comments

Workshop on Pre- and Post-Deployment Verification Techniques (PrePost@IFM), pp. 46--53, Reykjavik, Iceland, June 2016.

Abstract

Pre-deployment verification of software components with respect to behavioral specifications in the assume-guarantee form does not, in general, guarantee absence of errors at run time. This is because assumptions about the environment cannot be discharged until the environment is fixed. An intuitive approach is to complement pre-deployment verification of guarantees, up to the assumptions, with post-deployment monitoring of environment behavior to check that the assumptions are satisfied at run time. Such a monitor is typically implemented by instrumenting the application code of the component. An additional challenge for the monitoring step is that environment behaviors are typically obtained through an I/O library, which may alter the component’s view of the input format. This transformation requires us to introduce a second pre-deployment verification step to ensure that alarms raised by the monitor would indeed correspond to violations of the environment assumptions. In this paper, we describe an approach for constructing monitors and verifying them against the component assumption. We also discuss limitations of instrumentation-based monitoring and potential ways to overcome it.

Subject Area

CPS Formal Methods

Publication Source

Workshop on Pre- and Post-Deployment Verification Techniques (PrePost@IFM)

Start Page

46

Last Page

53

Share

COinS
 

Date Posted: 05 February 2017

This document has been peer reviewed.