Jan Kofron

Model Checking of Software Components: Combining Java PathFinder and Behavior Protocol Model Checker

Although there exist several software model checkers that check the code against properties specified e.g. via a temporal logic and assertions, or just verifying low-level properties (like unhandled exceptions), none of them supports checking of software components against a high-level behavior specification. We present our approach to model checking of software components implemented in Java against a high-level specification of their behavior defined via behavior protocols, which employs the Java PathFinder model checker and the protocol checker. The property checked by the Java PathFinder (JPF) tool (correctness of particular method call sequences) is validated via its cooperation with the protocol checker. We show that just the publisher/listener pattern claimed to be the key flexibility support of JPF (even though proved very useful for our purpose) was not enough to achieve this kind of checking

Reverse Engineering Component Models for Quality Predictions

Legacy applications are still widely spread. If a need to change deployment or update its functionality arises, it becomes difficult to estimate the performance impact of such modifications due to absence of corresponding models. In this paper, we present an extendable integrated environment based on Eclipse developed in the scope of the Q-Impress project for reverse engineering of legacy applications (in C/C++/Java). The Q-Impress project aims at modeling quality attributes (performance, reliability, maintainability) at an architectural level and allows for choosing the most suitable variant for implementation of a desired modification. The main contributions of the project include i) a high integration of all steps of the entire process into a single tool, a beta version of which has been already successfully tested on a case study, ii) integration of multiple research approaches to performance modeling, and iii) an extendable underlying meta-model for different quality dimensions.

Model Checking of Component Behavior Specification: A Real Life Experience

Abstract This paper is based on a real-life experience with behavior specification of a non-trivial component-based application. The experience is that model checking of such a specification yields very long error traces (providing counterexamples) in the order of magnitude of hundreds of states. Analyzing and interpreting such an error trace to localize and debug the actual specification is a tedious work. We present two techniques designed to address the problem: state space visualization and protocol annotation and share the positive experience with applying them, in terms of making the debugging process more efficient.

Framework for Static Analysis of PHP Applications

Dynamic languages, such as PHP and JavaScript, are widespread and heavily used. They provide dynamic features such as dynamic type system, virtual and dynamic method calls, dynamic includes, and built-in dynamic data structures. This makes it hard to create static analyses, e.g., for automatic error discovery. Yet exploiting errors in such programs, especially in web applications, can have significant impacts. In this paper, we present static analysis framework for PHP, automatically resolving features common to dynamic languages and thus reducing the complexity of defining new static analyses. In particular, the framework enables defining value and heap analyses for dynamic languages independently and composing them automatically and soundly. We used the framework to implement static taint analysis for finding security vulnerabilities. The analysis has revealed previously unknown security problems in real application. Comparing to existing state-of-the-art analysis tools for PHP, it has found more real problems with a lower false-positive rate.

TBP: Code-Oriented Component Behavior Specification

Assuring components compatibility plays a crucial part in developing a reliable component system. Especially, when the components come from different vendors worldwide. In order to do so, an appropriate formalism for behavior specification of components is necessary. We propose a formalism of threaded behavior protocols, which-unlike most other formalisms-allows for both analysis on the formal level (correctness and substitutability checking) and reasoning about conformance of a specification and the actual implementation. Moreover, the formalism is designed to be simple enough and to directly support constructs known from implementation languages (e.g., method calls, threads, synchronized blocks), so that it is easy to use by a nonprofessional.

On Security Analysis of PHP Web Applications

In recent years, focus of business world has been moved towards the Internet. Web applications provide a generous interface non-stop thus offering to malicious users a wide spectrum of possible attacks. Consequently, the security of web applications has become a crucial issue. The state-of-the-art tools for bug discovery in languages used for web-application development, such as PHP, suffer from a relatively high false-positive rate and low coverage of real errors; this is caused mainly by unprecise modeling of dynamic features of such languages and path-insensivity of the tools. In this paper, we will demonstrate weak points of the tools and describe our novel approach to these issues. We will show how our technique handles some of the situations where other tools fail and illustrate it on examples.

Statistical Approach to Architecture Modes in Smart Cyber Physical Systems

Smart Cyber-Physical Systems (sCPS) are complex distributed decentralized systems of cooperating components. They typically operate in uncertain environments and thus require means for managing variability at run-time. Architectural modes have traditionally been a proven means for the runtime variability. They are easy to understand, easy to realize in resource-constrained systems and (contrary to more sophisticated methods of learning) provide an explicit specification that can be inspected and validated at design time. However, in uncertain environments (which is the case of sCPS), they tend to lack expressivity to take into account the level of uncertainty and factor it in the mode-switching logic. In this paper we present a rich language to specify mode-switch guards. The semantics of the language is based on statistical tests, which, as we show, is a convenient way to reason about uncertainty in the state of the environment.

Data-flow Analysis of Programs with Associative Arrays

Dynamic programming languages, such as PHP, JavaScript, and Python, provide built-in data struc-tures including associative arrays and objects with similar semantics—object properties can be cre-ated at run-time and accessed via arbitrary expressions. While a high level of security and safety ofapplications written in these languages can be of a particular importance (consider a web applica-tion storing sensitive data and providing its functionality worldwide), dynamic data structures posesignificant challenges for data-flow analysis making traditional static verification methods both un-sound and imprecise. In this paper, we propose a sound and precise approach for value and points-toanalysis of programs with associative arrays-like data structures, upon which data-flow analyses canbe built. We implemented our approach in a web-application domain—in an analyzer of PHP code.

BeJC: checking compliance between Java implementation and behavior specification

An important correctness aspect of software built in a modular way is behavior specification of its particular components. Only then one can reason about communication correctness and properties of particular components. Since it is much more effective to do so at the level of behavior models, establishing a correspondence between behavior specification and implementation becomes an important part. In this paper, we present a method for verifying compliance between behavior specification of a software component and its Java implementation. We also discuss practical experience with the BeJC tool that implements the compliance checking algorithm and its application in the software development process.

Framework for Static Analysis of PHP Applications (Artifact)

This artifact is based on Weverca, a static analyzer framework for PHP applications. The aim of Weverca is to provide developers with a framework that would allow for an easy implementation of custom static analyses of PHP, while not coping with the dynamic language issues. The framework processes the input source code in two phases. In the first phase, the program-point graph is constructed, which has the dynamic constructs (eval, dynamic includes, type information) already resolved. The developer can then implement a custom static analysis in the second phase, exploiting the output of the first phase. The provided package is designed to support repeatability of the experiments of the companion paper: in particular to perform security (taint) analyses of two bundled applications. Instruction to compile and run the analyzer are also provided.