@article{20279, author = {{Sharma, Arnab and Wehrheim, Heike}}, journal = {{CoRR}}, title = {{{Testing Monotonicity of Machine Learning Models}}}, volume = {{abs/2002.12278}}, year = {{2020}}, } @article{21016, author = {{Dalvandi, Sadegh and Doherty, Simon and Dongol, Brijesh and Wehrheim, Heike}}, journal = {{Dagstuhl Artifacts Ser.}}, number = {{2}}, pages = {{15:1--15:2}}, title = {{{Owicki-Gries Reasoning for C11 RAR (Artifact)}}}, doi = {{10.4230/DARTS.6.2.15}}, volume = {{6}}, year = {{2020}}, } @inproceedings{21017, author = {{Dalvandi, Sadegh and Doherty, Simon and Dongol, Brijesh and Wehrheim, Heike}}, booktitle = {{34th European Conference on Object-Oriented Programming, {ECOOP} 2020, November 15-17, 2020, Berlin, Germany (Virtual Conference)}}, editor = {{Hirschfeld, Robert and Pape, Tobias}}, pages = {{11:1--11:26}}, publisher = {{Schloss Dagstuhl - Leibniz-Zentrum f{\"{u}}r Informatik}}, title = {{{Owicki-Gries Reasoning for C11 RAR}}}, doi = {{10.4230/LIPIcs.ECOOP.2020.11}}, volume = {{166}}, year = {{2020}}, } @inproceedings{21018, author = {{Richter, Cedric and Wehrheim, Heike}}, booktitle = {{35th {IEEE/ACM} International Conference on Automated Software Engineering, {ASE} 2020, Melbourne, Australia, September 21-25, 2020}}, pages = {{1016--1028}}, publisher = {{{IEEE}}}, title = {{{Attend and Represent: A Novel View on Algorithm Selection for Software Verification}}}, year = {{2020}}, } @proceedings{21019, editor = {{Ahrendt, Wolfgang and Wehrheim, Heike}}, isbn = {{978-3-030-50994-1}}, publisher = {{Springer}}, title = {{{Tests and Proofs - 14th International Conference, TAP@STAF 2020, Bergen, Norway, June 22-23, 2020, Proceedings [postponed]}}}, doi = {{10.1007/978-3-030-50995-8}}, volume = {{12165}}, year = {{2020}}, } @unpublished{17825, abstract = {{Software verification has recently made enormous progress due to the development of novel verification methods and the speed-up of supporting technologies like SMT solving. To keep software verification tools up to date with these advances, tool developers keep on integrating newly designed methods into their tools, almost exclusively by re-implementing the method within their own framework. While this allows for a conceptual re-use of methods, it requires novel implementations for every new technique. In this paper, we employ cooperative verification in order to avoid reimplementation and enable usage of novel tools as black-box components in verification. Specifically, cooperation is employed for the core ingredient of software verification which is invariant generation. Finding an adequate loop invariant is key to the success of a verification run. Our framework named CoVerCIG allows a master verification tool to delegate the task of invariant generation to one or several specialized helper invariant generators. Their results are then utilized within the verification run of the master verifier, allowing in particular for crosschecking the validity of the invariant. We experimentally evaluate our framework on an instance with two masters and three different invariant generators using a number of benchmarks from SV-COMP 2020. The experiments show that the use of CoVerCIG can increase the number of correctly verified tasks without increasing the used resources}}, author = {{Haltermann, Jan Frederik and Wehrheim, Heike}}, booktitle = {{arXiv:2008.04551}}, title = {{{Cooperative Verification via Collective Invariant Generation}}}, year = {{2020}}, } @inproceedings{16724, author = {{Sharma, Arnab and Wehrheim, Heike}}, booktitle = {{Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).}}, publisher = {{ACM}}, title = {{{Higher Income, Larger Loan? Monotonicity Testing of Machine Learning Models}}}, year = {{2020}}, } @article{16725, author = {{Richter, Cedric and Hüllermeier, Eyke and Jakobs, Marie-Christine and Wehrheim, Heike}}, journal = {{Journal of Automated Software Engineering}}, publisher = {{Springer}}, title = {{{Algorithm Selection for Software Validation Based on Graph Kernels}}}, year = {{2020}}, } @article{13770, author = {{Karl, Holger and Kundisch, Dennis and Meyer auf der Heide, Friedhelm and Wehrheim, Heike}}, journal = {{Business & Information Systems Engineering}}, number = {{6}}, pages = {{467--481}}, publisher = {{Springer}}, title = {{{A Case for a New IT Ecosystem: On-The-Fly Computing}}}, doi = {{10.1007/s12599-019-00627-x}}, volume = {{62}}, year = {{2020}}, } @inproceedings{16214, author = {{Pauck, Felix and Bodden, Eric and Wehrheim, Heike}}, booktitle = {{Software Engineering 2020, Fachtagung des GI-Fachbereichs Softwaretechnik, 24.-28. Februar 2020, Innsbruck, Austria}}, editor = {{Felderer, Michael and Hasselbring, Wilhelm and Rabiser, Rick and Jung, Reiner}}, pages = {{123--124}}, publisher = {{Gesellschaft f{\"{u}}r Informatik e.V.}}, title = {{{Reproducing Taint-Analysis Results with ReproDroid}}}, doi = {{10.18420/SE2020_36}}, year = {{2020}}, } @inproceedings{3287, abstract = {{For optimal placement and orchestration of network services, it is crucial that their structure and semantics are specified clearly and comprehensively and are available to an orchestrator. Existing specification approaches are either ambiguous or miss important aspects regarding the behavior of virtual network functions (VNFs) forming a service. We propose to formally and unambiguously specify the behavior of these functions and services using Queuing Petri Nets (QPNs). QPNs are an established method that allows to express queuing, synchronization, stochastically distributed processing delays, and changing traffic volume and characteristics at each VNF. With QPNs, multiple VNFs can be connected to complete network services in any structure, even specifying bidirectional network services containing loops. We discuss how management and orchestration systems can benefit from our clear and comprehensive specification approach, leading to better placement of VNFs and improved Quality of Service. Another benefit of formally specifying network services with QPNs are diverse analysis options, which allow valuable insights such as the distribution of end-to-end delay. We propose a tool-based workflow that supports the specification of network services and the automatic generation of corresponding simulation code to enable an in-depth analysis of their behavior and performance.}}, author = {{Schneider, Stefan Balthasar and Sharma, Arnab and Karl, Holger and Wehrheim, Heike}}, booktitle = {{2019 IFIP/IEEE International Symposium on Integrated Network Management (IM)}}, location = {{Washington, DC, USA}}, pages = {{116----124}}, publisher = {{IFIP}}, title = {{{Specifying and Analyzing Virtual Network Services Using Queuing Petri Nets}}}, year = {{2019}}, } @inproceedings{7752, author = {{Sharma, Arnab and Wehrheim, Heike}}, booktitle = {{Proceedings of the Software Engineering Conference (SE)}}, isbn = {{978-3-88579-686-2}}, location = {{Stuttgart}}, pages = {{157 -- 158}}, publisher = {{Gesellschaft für Informatik e.V. (GI)}}, title = {{{Testing Balancedness of ML Algorithms}}}, volume = {{P-292}}, year = {{2019}}, } @misc{7623, author = {{Zhang, Shikun}}, pages = {{64}}, publisher = {{Universität Paderborn}}, title = {{{Combining Android Apps for Analysis Purposes}}}, year = {{2019}}, } @inproceedings{7635, author = {{Sharma, Arnab and Wehrheim, Heike}}, booktitle = {{IEEE International Conference on Software Testing, Verification and Validation (ICST)}}, location = {{Xi'an, China, April, 2019}}, pages = {{125----135}}, publisher = {{IEEE}}, title = {{{Testing Machine Learning Algorithms for Balanced Data Usage}}}, year = {{2019}}, } @misc{12885, author = {{Haltermann, Jan Frederik}}, title = {{{Analyzing Data Usage in Array Programs}}}, year = {{2019}}, } @inproceedings{15838, abstract = {{In the field of software analysis a trade-off between scalability and accuracy always exists. In this respect, Android app analysis is no exception, in particular, analyzing large or many apps can be challenging. Dealing with many small apps is a typical challenge when facing micro-benchmarks such as DROIDBENCH or ICC-BENCH. These particular benchmarks are not only used for the evaluation of novel tools but also in continuous integration pipelines of existing mature tools to maintain and guarantee a certain quality-level. Considering this latter usage it becomes very important to be able to achieve benchmark results as fast as possible. Hence, benchmarks have to be optimized for this purpose. One approach to do so is app merging. We implemented the Android Merge Tool (AMT) following this approach and show that its novel aspects can be used to produce scaled up and accurate benchmarks. For such benchmarks Android app analysis tools do not suffer from the scalability-accuracy trade-off anymore. We show this throughout detailed experiments on DROIDBENCH employing three different analysis tools (AMANDROID, ICCTA, FLOWDROID). Benchmark execution times are largely reduced without losing benchmark accuracy. Moreover, we argue why AMT is an advantageous successor of the state-of-the-art app merging tool (APKCOMBINER) in analysis lift-up scenarios.}}, author = {{Pauck, Felix and Zhang, Shikun}}, booktitle = {{2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)}}, isbn = {{9781728141367}}, keywords = {{Program Analysis, Android App Analysis, Taint Analysis, App Merging, Benchmark}}, title = {{{Android App Merging for Benchmark Speed-Up and Analysis Lift-Up}}}, doi = {{10.1109/asew.2019.00019}}, year = {{2019}}, } @inproceedings{16215, author = {{Derrick, John and Doherty, Simon and Dongol, Brijesh and Schellhorn, Gerhard and Wehrheim, Heike}}, booktitle = {{Formal Methods - The Next 30 Years - Third World Congress, {FM} 2019, Porto, Portugal, October 7-11, 2019, Proceedings}}, editor = {{H. ter Beek, Maurice and McIver, Annabelle and N. Oliveira, Jos{\'{e}}}}, pages = {{179--195}}, publisher = {{Springer}}, title = {{{Verifying Correctness of Persistent Concurrent Data Structures}}}, doi = {{10.1007/978-3-030-30942-8\_12}}, volume = {{11800}}, year = {{2019}}, } @article{16216, author = {{Russo, Alessandra and Schürr, Andy and Wehrheim, Heike}}, journal = {{Formal Asp. Comput.}}, number = {{5}}, pages = {{457--458}}, title = {{{Editorial}}}, doi = {{10.1007/s00165-019-00495-y}}, volume = {{31}}, year = {{2019}}, } @article{16217, author = {{Fränzle, Martin and Kapur, Deepak and Wehrheim, Heike and Zhan, Naijun}}, journal = {{Formal Asp. Comput.}}, number = {{1}}, pages = {{1}}, title = {{{Editorial}}}, doi = {{10.1007/s00165-018-00477-6}}, volume = {{31}}, year = {{2019}}, } @inbook{13872, author = {{Beyer, Dirk and Jakobs, Marie-Christine}}, booktitle = {{Fundamental Approaches to Software Engineering}}, isbn = {{9783030167219}}, issn = {{0302-9743}}, title = {{{CoVeriTest: Cooperative Verifier-Based Testing}}}, doi = {{10.1007/978-3-030-16722-6_23}}, year = {{2019}}, } @inproceedings{13993, author = {{Derrick, John and Doherty, Simon and Dongol, Brijesh and Schellhorn, Gerhard and Wehrheim, Heike}}, booktitle = {{Formal Methods - The Next 30 Years - Third World Congress, {FM} 2019, Porto, Portugal, October 7-11, 2019, Proceedings}}, pages = {{179--195}}, title = {{{Verifying Correctness of Persistent Concurrent Data Structures}}}, doi = {{10.1007/978-3-030-30942-8\_12}}, year = {{2019}}, } @article{10011, author = {{Fränzle, Martin and Kapur, Deepak and Wehrheim, Heike and Zhan, Naijun}}, journal = {{Formal Asp. Comput.}}, number = {{1}}, pages = {{1}}, title = {{{Editorial}}}, doi = {{10.1007/s00165-018-00477-6}}, volume = {{31}}, year = {{2019}}, } @inproceedings{10091, author = {{König, Jürgen and Wehrheim, Heike}}, booktitle = {{{NASA} Formal Methods - 11th International Symposium, {NFM} 2019, Houston, TX, USA, May 7-9, 2019, Proceedings}}, editor = {{M. Badger, Julia and Yvonne Rozier, Kristin}}, pages = {{263--279}}, publisher = {{Springer}}, title = {{{Data Independence for Software Transactional Memory}}}, doi = {{10.1007/978-3-030-20652-9\_18}}, volume = {{11460}}, year = {{2019}}, } @inproceedings{10092, author = {{Doherty, Simon and Dongol, Brijesh and Wehrheim, Heike and Derrick, John}}, booktitle = {{Proceedings of the 24th {ACM} {SIGPLAN} Symposium on Principles and Practice of Parallel Programming, PPoPP 2019, Washington, DC, USA, February 16-20, 2019}}, editor = {{K. Hollingsworth, Jeffrey and Keidar, Idit}}, pages = {{355--365}}, publisher = {{{ACM}}}, title = {{{Verifying C11 programs operationally}}}, doi = {{10.1145/3293883.3295702}}, year = {{2019}}, } @inproceedings{10093, author = {{Beyer, Dirk and Jakobs, Marie-Christine and Lemberger, Thomas and Wehrheim, Heike}}, booktitle = {{Software Engineering and Software Management (SE/SWM 2019), Stuttgart, Germany, February 18-22, 2019}}, editor = {{Becker, Steffen and Bogicevic, Ivan and Herzwurm, Georg and Wagner, Stefan}}, pages = {{151----152}}, publisher = {{GI}}, title = {{{Combining Verifiers in Conditional Model Checking via Reducers}}}, doi = {{10.18420/se2019-46}}, volume = {{P-292}}, year = {{2019}}, } @inproceedings{10094, author = {{Sharma, Arnab and Wehrheim, Heike}}, booktitle = {{Software Engineering and Software Management, {SE/SWM} 2019, Stuttgart, Germany, February 18-22, 2019}}, editor = {{Becker, Steffen and Bogicevic, Ivan and Herzwurm, Georg and Wagner, Stefan}}, pages = {{157--158}}, publisher = {{{GI}}}, title = {{{Testing Balancedness of ML Algorithms}}}, doi = {{10.18420/se2019-48}}, volume = {{{P-292}}}, year = {{2019}}, } @inproceedings{10095, author = {{Richter, Cedric and Wehrheim, Heike}}, booktitle = {{Tools and Algorithms for the Construction and Analysis of Systems - 25 Years of {TACAS:} TOOLympics, Held as Part of {ETAPS} 2019, Prague, Czech Republic, April 6-11, 2019, Proceedings, Part {III}}}, editor = {{Beyer, Dirk and Huisman, Marieke and Kordon, Fabrice and Steffen, Bernhard}}, pages = {{229--233}}, publisher = {{Springer}}, title = {{{PeSCo: Predicting Sequential Combinations of Verifiers - (Competition Contribution)}}}, doi = {{10.1007/978-3-030-17502-3_19}}, volume = {{11429}}, year = {{2019}}, } @misc{10105, author = {{Haltermann, Jan}}, publisher = {{Universität Paderborn}}, title = {{{Analyzing Data Usage in Array Programs}}}, year = {{2019}}, } @inproceedings{10108, abstract = {{Recent years have seen the development of numerous tools for the analysis of taint flows in Android apps. Taint analyses aim at detecting data leaks, accidentally or by purpose programmed into apps. Often, such tools specialize in the treatment of specific features impeding precise taint analysis (like reflection or inter-app communication). This multitude of tools, their specific applicability and their various combination options complicate the selection of a tool (or multiple tools) when faced with an analysis instance, even for knowledgeable users, and hence hinders the successful adoption of taint analyses. In this work, we thus present CoDiDroid, a framework for cooperative Android app analysis. CoDiDroid (1) allows users to ask questions about flows in apps in varying degrees of detail, (2) automatically generates subtasks for answering such questions, (3) distributes tasks onto analysis tools (currently DroidRA, FlowDroid, HornDroid, IC3 and two novel tools) and (4) at the end merges tool answers on subtasks into an overall answer. Thereby, users are freed from having to learn about the use and functionality of all these tools while still being able to leverage their capabilities. Moreover, we experimentally show that cooperation among tools pays off with respect to effectiveness, precision and scalability.}}, author = {{Pauck, Felix and Wehrheim, Heike}}, booktitle = {{Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering}}, isbn = {{978-1-4503-5572-8}}, keywords = {{Android Taint Analysis, Cooperation, Precision, Tools}}, pages = {{374--384}}, title = {{{Together Strong: Cooperative Android App Analysis}}}, doi = {{10.1145/3338906.3338915}}, year = {{2019}}, } @inproceedings{13874, author = {{Isenberg, Tobias and Jakobs, Marie-Christine and Pauck, Felix and Wehrheim, Heike}}, booktitle = {{Tests and Proofs - 13th International Conference, {TAP} 2019, Held as Part of the Third World Congress on Formal Methods 2019, Porto, Portugal, October 9-11, 2019, Proceedings}}, pages = {{3--20}}, title = {{{When Are Software Verification Results Valid for Approximate Hardware?}}}, doi = {{10.1007/978-3-030-31157-5_1}}, year = {{2019}}, } @misc{3320, author = {{Rautenberg, Kai}}, publisher = {{Universität Paderborn}}, title = {{{Korrektheitsbeweise für Muster von Servicekompositionen}}}, year = {{2018}}, } @inproceedings{3414, abstract = {{Over the years, Design by Contract (DbC) has evolved as a powerful concept for program documentation, testing, and verification. Contracts formally specify assertions on (mostly) object-oriented programs: pre- and postconditions of methods, class invariants, allowed call orders, etc. Missing in the long list of properties specifiable by contracts are, however, method correlations: DbC languages fall short on stating assertions relating methods. In this paper, we propose the novel concept of inter-method contract, allowing precisely for expressing method correlations.We present JMC as a language for specifying and JMCTest as a tool for dynamically checking inter-method contracts on Java programs. JMCTest fully automatically generates objects on which the contracted methods are called and the validity of the contract is checked. Using JMCTest, we detected that large Java code bases (e.g. JBoss, Java RT) frequently violate standard inter-method contracts. In comparison to other verification tools inspecting (some) inter-method contracts, JMCTest can find bugs that remain undetected by those tools.}}, author = {{Börding, Paul and Haltermann, Jan Frederik and Jakobs, Marie-Christine and Wehrheim, Heike}}, booktitle = {{Proceedings of the IFIP International Conference on Testing Software and Systems (ICTSS 2018)}}, location = {{Cádiz, Spain}}, pages = {{39----55}}, publisher = {{Springer}}, title = {{{JMCTest: Automatically Testing Inter-Method Contracts in Java}}}, volume = {{11146}}, year = {{2018}}, } @inbook{3536, author = {{Schellhorn, Gerhard and Wedel, Monika and Travkin, Oleg and König, Jürgen and Wehrheim, Heike}}, booktitle = {{Software Engineering and Formal Methods}}, isbn = {{9783319929699}}, issn = {{0302-9743}}, pages = {{105--120}}, publisher = {{Springer International Publishing}}, title = {{{FastLane Is Opaque – a Case Study in Mechanized Proofs of Opacity}}}, doi = {{10.1007/978-3-319-92970-5_7}}, year = {{2018}}, } @article{3153, author = {{Doherty, Simon and Derrick, John and Dongol, Brijesh and Wehrheim, Heike}}, journal = {{CoRR}}, title = {{{Causal Linearizability: Compositionality for Partially Ordered Executions}}}, year = {{2018}}, } @unpublished{2711, abstract = {{In recent years, researchers have developed a number of tools to conduct taint analysis of Android applications. While all the respective papers aim at providing a thorough empirical evaluation, comparability is hindered by varying or unclear evaluation targets. Sometimes, the apps used for evaluation are not precisely described. In other cases, authors use an established benchmark but cover it only partially. In yet other cases, the evaluations differ in terms of the data leaks searched for, or lack a ground truth to compare against. All those limitations make it impossible to truly compare the tools based on those published evaluations. We thus present ReproDroid, a framework allowing the accurate comparison of Android taint analysis tools. ReproDroid supports researchers in inferring the ground truth for data leaks in apps, in automatically applying tools to benchmarks, and in evaluating the obtained results. We use ReproDroid to comparatively evaluate on equal grounds the six prominent taint analysis tools Amandroid, DIALDroid, DidFail, DroidSafe, FlowDroid and IccTA. The results are largely positive although four tools violate some promises concerning features and accuracy. Finally, we contribute to the area of unbiased benchmarking with a new and improved version of the open test suite DroidBench.}}, author = {{Pauck, Felix and Bodden, Eric and Wehrheim, Heike}}, booktitle = {{arXiv:1804.02903}}, title = {{{Do Android Taint Analysis Tools Keep their Promises?}}}, year = {{2018}}, } @inproceedings{5774, abstract = {{Information flow analysis investigates the flow of data in applications, checking in particular for flows from private sources to public sinks. Flow- and path-sensitive analyses are, however, often too costly to be performed every time a security-critical application is run. In this paper, we propose a variant of proof carrying code for information flow security. To this end, we develop information flow (IF) certificates which get attached to programs as well as a method for IF certificate validation. We prove soundness of our technique, i.e., show it to be tamper-free. The technique is implemented within the program analysis tool CPAchecker. Our experiments confirm that the use of certificates pays off for costly analysis runs.}}, author = {{Töws, Manuel and Wehrheim, Heike}}, booktitle = {{Theoretical Aspects of Computing – ICTAC 2018}}, isbn = {{9783030025076}}, issn = {{0302-9743}}, pages = {{435--454}}, publisher = {{Springer International Publishing}}, title = {{{Information Flow Certificates}}}, doi = {{10.1007/978-3-030-02508-3_23}}, year = {{2018}}, } @inproceedings{4999, author = {{Pauck, Felix and Bodden, Eric and Wehrheim, Heike}}, booktitle = {{Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering - ESEC/FSE 2018}}, isbn = {{9781450355735}}, publisher = {{ACM Press}}, title = {{{Do Android taint analysis tools keep their promises?}}}, doi = {{10.1145/3236024.3236029}}, year = {{2018}}, } @article{6828, author = {{Derrick, John and Doherty, Simon and Dongol, Brijesh and Schellhorn, Gerhard and Travkin, Oleg and Wehrheim, Heike}}, journal = {{Formal Asp. Comput.}}, number = {{5}}, pages = {{597--625}}, title = {{{Mechanized proofs of opacity: a comparison of two techniques}}}, doi = {{10.1007/s00165-017-0433-3}}, volume = {{30}}, year = {{2018}}, } @inproceedings{6836, author = {{Doherty, Simon and Dongol, Brijesh and Wehrheim, Heike and Derrick, John}}, booktitle = {{Integrated Formal Methods - 14th International Conference, {IFM} 2018, Maynooth, Ireland, September 5-7, 2018, Proceedings}}, pages = {{110--129}}, title = {{{Making Linearizability Compositional for Partially Ordered Executions}}}, doi = {{10.1007/978-3-319-98938-9\_7}}, year = {{2018}}, } @inproceedings{6838, author = {{Doherty, Simon and Dongol, Brijesh and Wehrheim, Heike and Derrick, John}}, booktitle = {{Integrated Formal Methods - 14th International Conference, {IFM} 2018, Maynooth, Ireland, September 5-7, 2018, Proceedings}}, pages = {{110--129}}, title = {{{Making Linearizability Compositional for Partially Ordered Executions}}}, doi = {{10.1007/978-3-319-98938-9\_7}}, year = {{2018}}, } @inproceedings{6839, author = {{Doherty, Simon and Dongol, Brijesh and Wehrheim, Heike and Derrick, John}}, booktitle = {{32nd International Symposium on Distributed Computing, {DISC} 2018, New Orleans, LA, USA, October 15-19, 2018}}, pages = {{45:1--45:3}}, title = {{{Brief Announcement: Generalising Concurrent Correctness to Weak Memory}}}, doi = {{10.4230/LIPIcs.DISC.2018.45}}, year = {{2018}}, } @article{1043, abstract = {{Approximate computing (AC) is an emerging paradigm for energy-efficient computation. The basic idea of AC is to sacrifice high precision for low energy by allowing hardware to carry out “approximately correct” calculations. This provides a major challenge for software quality assurance: programs successfully verified to be correct might be erroneous on approximate hardware. In this letter, we present a novel approach for determining under what conditions a software verification result is valid for approximate hardware. To this end, we compute the allowed tolerances for AC hardware from successful verification runs. More precisely, we derive a set of constraints which—when met by the AC hardware—guarantees the verification result to carry over to AC. On the practical side, we furthermore: 1) show how to extract tolerances from verification runs employing predicate abstraction as verification technology and 2) show how to check such constraints on hardware designs. We have implemented all techniques, and exemplify them on example C programs and a number of recently proposed approximate adders.}}, author = {{Isenberg, Tobias and Jakobs, Marie-Christine and Pauck, Felix and Wehrheim, Heike}}, issn = {{1943-0663}}, journal = {{IEEE Embedded Systems Letters}}, pages = {{22--25}}, publisher = {{Institute of Electrical and Electronics Engineers (IEEE)}}, title = {{{Validity of Software Verification Results on Approximate Hardware}}}, doi = {{10.1109/LES.2017.2758200}}, year = {{2018}}, } @inproceedings{1096, abstract = {{to appear}}, author = {{Beyer, Dirk and Jakobs, Marie-Christine and Lemberger, Thomas and Wehrheim, Heike}}, booktitle = {{Proceedings of the 40th International Conference on Software Engineering (ICSE)}}, location = {{Gothenburg, Sweden}}, pages = {{1182----1193}}, publisher = {{ACM}}, title = {{{Reducer-Based Construction of Conditional Verifiers}}}, year = {{2018}}, } @misc{3512, author = {{Börding, Paul}}, publisher = {{Universität Paderborn}}, title = {{{Testing Java Method Contracts}}}, year = {{2017}}, } @inproceedings{3155, author = {{Töws, Manuel and Wehrheim, Heike}}, booktitle = {{Formal Methods and Software Engineering - 19th International Conference on Formal Engineering Methods, {ICFEM} 2017, Xi'an, China, November 13-17, 2017, Proceedings}}, editor = {{Duan, Zhenhua and Ong, Luke}}, pages = {{362----378}}, title = {{{Policy Dependent and Independent Information Flow Analyses}}}, doi = {{10.1007/978-3-319-68690-5_22}}, year = {{2017}}, } @inproceedings{3156, author = {{König, Jürgen and Wehrheim, Heike}}, booktitle = {{Theoretical Aspects of Computing - {ICTAC} 2017 - 14th International Colloquium, Hanoi, Vietnam, October 23-27, 2017, Proceedings}}, editor = {{Van Hung, Dang and Kapur, Deepak}}, pages = {{118----135}}, title = {{{Value-Based or Conflict-Based? Opacity Definitions for STMs}}}, doi = {{10.1007/978-3-319-67729-3_8}}, year = {{2017}}, } @inproceedings{114, abstract = {{Proof witnesses are proof artifacts showing correctness of programs wrt. safety properties. The recent past has seen a rising interest in witnesses as (a) proofs in a proof-carrying-code context, (b) certificates for the correct functioning of verification tools, or simply (c) exchange formats for (partial) verification results. As witnesses in all theses scenarios need to be stored and processed, witnesses are required to be as small as possible. However, software verification tools – the prime suppliers of witnesses – do not necessarily construct small witnesses. In this paper, we present a formal account of proof witnesses. We introduce the concept of weakenings, reducing the complexity of proof witnesses while preserving the ability of witnessing safety. We develop aweakening technique for a specific class of program analyses, and prove it to be sound. Finally, we experimentally demonstrate our weakening technique to indeed achieve a size reduction of proof witnesses.}}, author = {{Jakobs, Marie-Christine and Wehrheim, Heike}}, booktitle = {{NASA Formal Methods: 9th International Symposium}}, editor = {{Barrett, Clark and Davies, Misty and Kahsai, Temesghen}}, pages = {{389--403}}, title = {{{Compact Proof Witnesses}}}, doi = {{10.1007/978-3-319-57288-8_28}}, year = {{2017}}, } @inproceedings{115, abstract = {{Whenever customers have to decide between different instances of the same product, they are interested in buying the best product. In contrast, companies are interested in reducing the construction effort (and usually as a consequence thereof, the quality) to gain profit. The described setting is widely known as opposed preferences in quality of the product and also applies to the context of service-oriented computing. In general, service-oriented computing emphasizes the construction of large software systems out of existing services, where services are small and self-contained pieces of software that adhere to a specified interface. Several implementations of the same interface are considered as several instances of the same service. Thereby, customers are interested in buying the best service implementation for their service composition wrt. to metrics, such as costs, energy, memory consumption, or execution time. One way to ensure the service quality is to employ certificates, which can come in different kinds: Technical certificates proving correctness can be automatically constructed by the service provider and again be automatically checked by the user. Digital certificates allow proof of the integrity of a product. Other certificates might be rolled out if service providers follow a good software construction principle, which is checked in annual audits. Whereas all of these certificates are handled differently in service markets, what they have in common is that they influence the buying decisions of customers. In this paper, we review state-of-the-art developments in certification with respect to service-oriented computing. We not only discuss how certificates are constructed and handled in service-oriented computing but also review the effects of certificates on the market from an economic perspective.}}, author = {{Jakobs, Marie-Christine and Krämer, Julia and van Straaten, Dirk and Lettmann, Theodor}}, booktitle = {{The Ninth International Conferences on Advanced Service Computing (SERVICE COMPUTATION)}}, editor = {{Marcelo De Barros, Janusz Klink,Tadeus Uhl, Thomas Prinz}}, pages = {{7--12}}, title = {{{Certification Matters for Service Markets}}}, year = {{2017}}, } @article{90, abstract = {{We propose and extend an approach for the verification of safety properties for parameterized timed systems modeled as networks of timed automata. For this task, we introduce an incremental workflow that is based on our algorithm IC3 with Zones. It proceeds in a cycle in which single models of the system are verified, and the verification results are employed for the reasoning about the entire system. Starting with the smallest instances, the verification of the safety property is carried out fast and efficient. On successful verification, the algorithm produces an inductive strengthening of the safety property. We reuse this result and try to reason about the entire parameterized timed system. To this end, we extrapolate the inductive strengthening into a candidate for the next-larger model. In case this candidate is a valid inductive strengthening for the next larger model, our main theorem reasons about all models of the parameterized timed system, stating that the safety property holds true for all models. Otherwise, the main cycle starts over with the verification of the next larger model. This workflow is iterated indefinitely, until able to reason about the entire parameterized timed system, until a counterexample trace is found, or until the single models become too large to be handled in the verification. We reuse the intermediate results in a Feedback-loop in order to accelerate the verification runs for the single models. Furthermore, we consider an extended formalism in comparison to our previous publications.}}, author = {{Isenberg, Tobias}}, journal = {{ACM Transactions on Embedded Computing Systems}}, number = {{2}}, pages = {{47:1--47:24}}, publisher = {{ACM}}, title = {{{Incremental Inductive Verification of Parameterized Timed Systems}}}, doi = {{10.1145/2984640}}, year = {{2017}}, } @inproceedings{5769, abstract = {{Information Flow Analysis (IFA) aims at detecting illegal flows of information between program entities. “Legality” is therein specified in terms of various security policies. For the analysis, this opens up two possibilities: building generic, policy independent and building specific, policy dependent IFAs. While the former needs to track all dependencies between program entities, the latter allows for a reduced and thus more efficient analysis. In this paper, we start out by formally defining a policy independent information flow analysis. Next, we show how to specialize this IFA via policy specific variable tracking, and prove soundness of the specialization. We furthermore investigate refinement relationships between policies, allowing an IFA for one policy to be employed for its refinements. As policy refinement depends on concrete program entities, we additionally propose a precomputation of policy refinement conditions, enabling an efficient refinement check for concrete programs.}}, author = {{Töws, Manuel and Wehrheim, Heike}}, booktitle = {{Formal Methods and Software Engineering - 19th International Conference on Formal Engineering Methods (ICFEM 2017)}}, isbn = {{9783319686899}}, issn = {{0302-9743}}, pages = {{362--378}}, publisher = {{Springer International Publishing}}, title = {{{Policy Dependent and Independent Information Flow Analyses}}}, doi = {{10.1007/978-3-319-68690-5_22}}, year = {{2017}}, }