380 likes | 554 Views
POLYLARVA Technology Agnostic Runtime Verification. A System’s Behaviour. Testing. Model Checking. Runtime Verification. Inputs to Runtime Verification System. No more than 10 users can be logged onto the system at any one time
E N D
Inputs to Runtime Verification System • No more than 10 users can be logged onto the system at any one time • A user cannot execute more than 3 failed transactions in one session • A user which has been idle for more than 5 minutes should be logged out
LARVA– JAVA Specific Property to be verified : New accounts can be added for a User if the User settings allow It. Otherwise this should be disallowed. before ( User u1) : (call(* User.addAccount(..)) && target(u1) && !cflow(adviceexecution())) { Monitor monitor_instance = getMonitorInstance(u1); monitor_instance.call(thisJoinPoint.getSignature().toString(), 8/*addAccount*/); }
LARVA– JAVA Specific Property to be verified : New accounts can be added for a User if the User settings allow It. Otherwise this should be disallowed. if ((_occurredEvent(_event,8/*addAccount*/)) && (!u .canAddAccounts ())){ _state_id_account = 5;//moving to state cannotadd _goto_account(_info); }
LARVA– JAVA Specific Property to be verified : New accounts can be added for a User if the User settings allow It. Otherwise this should be disallowed. if ((_occurredEvent(_event,8/*addAccount*/)) && (!u .canAddAccounts ())){ _state_id_account = 5;//moving to state cannotadd _goto_account(_info); }
Goals for PolyLARVA • Improve LARVA framework to become a customisable monitoring architecture supporting potentially numerous platforms and technologies System (Any Language) Notifies monitor when specific Events take place Generated Monitor Evaluates monitoring logic
The PolyLARVASpecification Language • The PolyLarvaspecification language proposed is an ECA (Event-Condition-Action) rule-based language rule name : event \ condition action ruleAddAccnt: addAccount(u2, a) \ isTooManyAccts -> logTooMany;
The PolyLARVASpecification Language ruleAddAccnt: addAccount(u2, a) \ isTooManyAccts -> logTooMany; states { intaccountCnt } conditions{ isTooManyAccts = {accountCnt > 5;} }
The PolyLARVASpecification Language ruleAddAccnt: addAccount(u2, a) \ isTooManyAccts -> logTooMany; states { intaccountCnt } conditions{ isTooManyAccts = {accountCnt > 5;} } actions { logTooMany = {System.out.println("Account limit of 5 exceeded.");}} }
Evaluating Conditions & Actions ruleAddUser: addUser( ) \ usercount > 5 logTooManyUsers Monitor System addUser() Keep Integer count of users in system - usercount Increment counter on new user addition. Compare this counter against a set limit on every new user addition Log warning message
Evaluating Conditions & Actions ruleAddUser: addAccount( User u ) \ u.canAddAccounts() logNewAccount u.canAddAccounts() Monitor System addAccount(User u) canAddAccounts is a property of a User Instance Monitor must refer to system to obtain evaluation of condition
Evaluating Conditions & Actions ruleAddUser: addAccount( User u ) \ u.canAddAccounts() logNewAccount u.canAddAccounts() Monitor System canAddAccounts is a property of a User Instance Monitor must refer to system to obtain evaluation of condition
System vs Monitor Conditions & Actions Monitor System conditions { monitorSide { isTooManyAccts = {accountCnt > 5;} } } conditions { systemSide { cannotAddAccts = {return !user.canAddAcounts();} } }
The PolyLARVAArchitecture Phase 1: Creation of JAVA code which covers the monitor logic for validating properties
The PolyLARVAArchitecture Phase 2: Creation of code which will be used to instrument the system code Creation of ‘Aspect’ code
The PolyLARVAArchitecture Phase 2: Creation of code which will be used to instrument the system code Creation of code that adds monitor logic on system side
The PolyLARVAArchitecture - Communication Communication between Monitor and Instrumented System via Sockets
Generation of ‘Aspect’ Code • The Runtime Monitor must be aware of any events, relevant to monitoring, that occur on the system • Aspect Programming is ideal for use in Runtime Monitoring systems • Can support a large number of programming languages , though not all Aspect Code
Generation of JAVA ‘Aspect’ Code Event Specification Aspect Code addAccount(User u2, Account a) = {execution Account a.new(User u2)} Context_Aspect.aj before(Account a,User u2):target(a) && execution(Account.new(..)) && args (u2)&& !cflow(adviceexecution()){ LarvaCommClient.getClientConnection().sendMessage( LarvaCommClient.ASPECT_EVENT, 5, UniqueIDGenerator.getIdentifier(a)+","+ UniqueIDGenerator.getIdentifier(u2)+","); }
What if our system program is written in PERL? Event Specification Aspect Code addAccount(User u2, Account a) = {execution Account a.new(User u2)} Context_Aspect.pl PERL Aspect Code [uses Aspect.pm] Uses socket connection to communicate with monitor
Generation of Monitor ‘Helper’ Code(System Side) Helper Code conditions{ systemSide { cannotAddAccts = {!user.canAddAcounts();} } } %%conditions System side code copied verbatim to generated code. Helper code becomes part of System.
Future Work on PolyLARVARuntime Monitor • Implementation of other Language Specific Compilers • Implementation of translator for specification in DATEs format to new PolyLarvaspecification • Analysis of specification script for optimisation of rules • Ability to save and load Monitor state • Any more?