TY - CONF AU - Schellhorn, Gerhard AU - Travkin, Oleg AU - Wehrheim, Heike ED - Huisman, Marieke ID - 3159 T2 - Integrated Formal Methods - 12th International Conference, {IFM} 2016, Reykjavik, Iceland, June 1-5, 2016, Proceedings TI - Towards a Thread-Local Proof Technique for Starvation Freedom ER - TY - CONF AU - Doherty, Simon AU - Dongol, Brijesh AU - Derrick, John AU - Schellhorn, Gerhard AU - Wehrheim, Heike ED - Fatourou, Panagiota ED - Jim{\'{e}}nez, Ernesto ED - Pedone, Fernando ID - 3160 T2 - 20th International Conference on Principles of Distributed Systems, {OPODIS} 2016, December 13-16, 2016, Madrid, Spain TI - Proving Opacity of a Pessimistic {STM} ER - TY - JOUR AU - Isenberg, Tobias AU - Jakobs, Marie{-}Christine AU - Pauck, Felix AU - Wehrheim, Heike ID - 3161 JF - CoRR TI - Deriving approximation tolerance constraints from verification runs ER - TY - JOUR AB - Today, service compositions often need to be assembled or changed on-the-fly, which leaves only little time for quality assurance. Moreover, quality assurance is complicated by service providers only giving information on their services in terms of domain specific concepts with only limited semantic meaning.In this paper, we propose a method for constructing service compositions based on pre-verified templates. Templates, given as workflow descriptions, are typed over a (domain-independent) template ontology defining concepts and predicates. Their meaning is defined by an abstract semantics, leaving the specific meaning of ontology concepts open, however, only up to given ontology rules. Templates are proven correct using a Hoare-style proof calculus, extended by a specific rule for service calls. Construction of service compositions amounts to instantiation of templates with domain-specific services. Correctness of an instantiation can then simply be checked by verifying that the domain ontology (a) adheres to the rules of the template ontology, and (b) fulfills the constraints of the employed template. AU - Walther, Sven AU - Wehrheim, Heike ID - 175 JF - Science of Computer Programming TI - On-The-Fly Construction of Provably Correct Service Compositions - Templates and Proofs ER - TY - CONF AB - Software verification is an established method to ensure software safety. Nevertheless, verification still often fails, either because it consumes too much resources, e.g., time or memory, or the technique is not mature enough to verify the property. Often then discarding the partial verification, the validation process proceeds with techniques like testing.To enable standard testing to profit from previous, partial verification, we use a summary of the verification effort to simplify the program for subsequent testing. Our techniques use this summary to construct a residual program which only contains program paths with unproven assertions. Afterwards, the residual program can be used with standard testing tools.Our first experiments show that testing profits from the partial verification.The test effort is reduced and combined verification and testing is faster than a complete verification. AU - Czech, Mike AU - Jakobs, Marie-Christine AU - Wehrheim, Heike ED - Jens Knoop, Uwe Zdun ID - 186 T2 - Software Engineering 2016 TI - Just test what you cannot verify! ER - TY - CONF AB - In modern software development, paradigms like component-based software engineering (CBSE) and service-oriented architectures (SOA) emphasize the construction of large software systems out of existing components or services. Therein, a service is a self-contained piece of software, which adheres to a specified interface. In a model-based software design, this interface constitutes our sole knowledge of the service at design time, while service implementations are not available. Therefore, correctness checks or detection of potential errors in service compositions has to be carried out without the possibility of executing services. This challenges the usage of standard software error localization techniques for service compositions. In this paper, we review state-of-the-art approaches for error localization of software and discuss their applicability to service compositions. AU - Krämer, Julia AU - Wehrheim, Heike ID - 224 T2 - Proceedings of the 5th European Conference on Service-Oriented and Cloud Computing (ESOCC 2016) TI - A short survey on using software error localization for service compositions ER - TY - CONF AB - Error detection, localization and correction are time-intensive tasks in software development, but crucial to deliver functionally correct products. Thus, automated approaches to these tasks have been intensively studied for standard software systems. For model-based software systems, the situation is different. While error detection is still well-studied, error localization and correction is a less-studied domain. In this paper, we examine error localization and correction for models of service compositions. Based on formal definitions of error and correction in this context, we show that the classical approach of error localization and correction, i.e. first determining a set of suspicious statements and then proposing changes to these statements, is ineffective in our context. In fact, it lessens the chance to succeed in finding a correction at all.In this paper, we introduce correction proposal as a novel approach on error correction in service compositions integrating error localization and correction in one combined step. In addition, we provide an algorithm to compute such correction proposals automatically. AU - Krämer, Julia AU - Wehrheim, Heike ID - 226 T2 - Proceedings of the 1st International Workshop on Formal to Practical Software Verification and Composition (VeryComp 2016) TI - A Formal Approach to Error Localization and Correction in Service Compositions ER - TY - CONF AB - Information flow analysis studies the flow of data between program entities (e.g. variables), where the allowed flow is specified via security policies. Typical information flow analyses compute a conservative (over-)approximation of the flows in a program. Such an analysis may thus signal non-existing violations of the security policy.In this paper, we propose a new technique for inspecting the reported violations (counterexamples) for spuriousity. Similar to counterexample-guided-abstraction-refinement (CEGAR) in software verification, we use the result of this inspection to improve the next round of the analysis. We prove soundness of this scheme. AU - Töws, Manuel AU - Wehrheim, Heike ID - 227 T2 - Proceedings of the 18th International Conference on Formal Engineering Methods (ICFEM 2016) TI - A CEGAR Scheme for Information Flow Analysis ER - TY - CONF AB - We present PAndA2, an extendable, static analysis tool for Android apps which examines permission related security threats like overprivilege, existence of permission redelegation and permission flows. PAndA2 comes along with a textual and graphical visualization of the analysis result and even supports the comparison of analysis results for different android app versions. AU - Jakobs, Marie-Christine AU - Töws, Manuel AU - Pauck, Felix ED - Ishikawa F, Romanovsky A, Troubitsyna E ID - 170 T2 - Workshop on Formal and Model-Driven Techniques for Developing Trustworthy Systems TI - PAndA 2 : Analyzing Permission Use and Interplay in Android Apps (Tool Paper) ER - TY - THES AU - Isenberg, Tobias ID - 1190 TI - Induction-based Verification of Timed Systems ER - TY - GEN AU - Zhang, Guangli ID - 162 TI - Program Slicing: A Way of Separating WHILE Programs into Precise and Approximate Portions ER - TY - GEN AU - Czech, Mike ID - 164 TI - Predicting Rankings of Software Verification Tools Using Kernels for Structured Data ER - TY - GEN AB - . AU - Dewender, Markus ID - 133 TI - Verifikation von Service Kompositionen mit Spin ER - TY - GEN AB - . AU - Heinisch, Philipp ID - 134 TI - Verifikation von Service Kompositionen mit Prolog ER - TY - CONF AB - Before execution, users should formally validate the correctness of software received from untrusted providers. To accelerate this validation, in the proof carrying code (PCC) paradigm the provider delivers the software together with a certificate, a formal proof of the software’s correctness. Thus, the user only checks if the attached certificate shows correctness of the delivered software.Recently, we introduced configurable program certification, a generic, PCC based framework supporting various software analyses and safety properties. Evaluation of our framework revealed that validation suffers from certificate reading. In this paper, we present two orthogonal approaches which improve certificate validation, both reducing the impact of certificate reading. The first approach reduces the certificate size, storing information only if it cannot easily be recomputed. The second approach partitions the certificate into independently checkable parts. The trick is to read parts of the certificate while already checking read parts. Our experiments show that validation highly benefits from our improvements. AU - Jakobs, Marie-Christine ID - 250 T2 - Proceedings of the 13th International Conference on Software Engineering and Formal Methods (SEFM) TI - Speed Up Configurable Certificate Validation by Certificate Reduction and Partitioning ER - TY - CONF AB - Today, software verification is an established analysis method which can provide high guarantees for software safety. However, the resources (time and/or memory) for an exhaustive verification are not always available, and analysis then has to resort to other techniques, like testing. Most often, the already achieved partial verification results arediscarded in this case, and testing has to start from scratch.In this paper, we propose a method for combining verification and testing in which testing only needs to check the residual fraction of an uncompleted verification. To this end, the partial results of a verification run are used to construct a residual program (and residual assertions to be checked on it). The residual program can afterwards be fed into standardtesting tools. The proposed technique is sound modulo the soundness of the testing procedure. Experimental results show that this combinedusage of verification and testing can significantly reduce the effort for the subsequent testing. AU - Czech, Mike AU - Jakobs, Marie-Christine AU - Wehrheim, Heike ED - Egyed, Alexander ED - Schaefer, Ina ID - 283 T2 - Fundamental Approaches to Software Engineering TI - Just test what you cannot verify! ER - TY - CONF AB - We propose an incremental workflow for the verification of parameterized systems modeled as symmetric networks of timed automata. Starting with a small number of timed automata in the network, a safety property is verified using IC3, a state-of-the-art algorithm based on induction.The result of the verification, an inductive strengthening, is reused proposing a candidate inductive strengthening for a larger network.If the candidate is valid, our main theorem states that the safety property holds for all sizes of the network of timed automata. Otherwise the number of automata is increased and the next iteration is started with a new run of IC3.We propose and thoroughly examine optimizations to our workflow, e.g. Feedback mechanisms to speed up the run of IC3. AU - Isenberg, Tobias ID - 285 T2 - Proceedings of the 15th International Conference on Application of Concurrency to System Design (ACSD) TI - Incremental Inductive Verification of Parameterized Timed Systems ER - TY - THES AU - Besova, Galina ID - 246 TI - Systematic Development and Re-Use of Model Tranformations ER - TY - CONF AB - Programs from Proofs" is a generic method which generates new programs out of correctness proofs of given programs. The technique ensures that the new and given program are behaviorally equivalent and that the new program is easily verifiable, thus serving as an alternative to proof-carrying code concepts. So far, this generic method has one instantiation that verifies type-state properties of programs. In this paper, we present a whole range of new instantiations, all based on data ow analyses. More precisely, we show how an imprecise but fast data ow analysis can be enhanced with a predicate analysis as to yield a precise but expensive analysis. Out of the safety proofs of this analysis, we generate new programs, again behaviorally equivalent to the given ones, which are easily verifiable" in the sense that now the data ow analysis alone can yield precise results. An experimental evaluation practically supports our claim of easy verification. AU - Jakobs, Marie-Christine AU - Wehrheim, Heike ID - 262 T2 - Proceedings of the 30th Annual ACM Symposium on Applied Computing TI - Programs from Proofs of Predicated Dataflow Analyses ER - TY - JOUR AB - Model transformation is a key concept in model-driven software engineering. The definition of model transformations is usually based on meta-models describing the abstract syntax of languages. While meta-models are thereby able to abstract from uperfluous details of concrete syntax, they often loose structural information inherent in languages, like information on model elements always occurring together in particular shapes. As a consequence, model transformations cannot naturally re-use language structures, thus leading to unnecessary complexity in their development as well as in quality assurance.In this paper, we propose a new approach to model transformation development which allows to simplify the developed transformations and improve their quality via the exploitation of the languages׳ structures. The approach is based on context-free graph grammars and transformations defined by pairing productions of source and target grammars. We show that such transformations have important properties: they terminate and are sound, complete, and deterministic. AU - Besova, Galina AU - Steenken, Dominik AU - Wehrheim, Heike ID - 290 JF - Computer Languages, Systems & Structures TI - Grammar-based model transformations: Definition, execution, and quality properties ER -