Monitoring Assumptions in Assume-Guarantee Contracts

Monitoring Assumptions in Assume-Guarantee Contracts

Pre-deployment verification of software components with respect to behavioral specifications in the assume-guarantee form does not, in general, guarantee absence of errors at run time. This is because assumptions about the environment cannot be discharged until the environment is fixed. An intuiti...

Full description

Bibliographic Details
Main Authors: Oleg Sokolsky, Teng Zhang, Insup Lee, Michael McDougall
Format: Article
Language:English
Published: Open Publishing Association 2016-05-01
Series:Electronic Proceedings in Theoretical Computer Science
Online Access:http://arxiv.org/pdf/1606.00505v1
id doaj-9eaa685407074c909a0b14572a79ea18
record_format Article
spelling doaj-9eaa685407074c909a0b14572a79ea182020-11-25T00:43:21ZengOpen Publishing AssociationElectronic Proceedings in Theoretical Computer Science2075-21802016-05-01208Proc. PrePost 2016465310.4204/EPTCS.208.4:5Monitoring Assumptions in Assume-Guarantee ContractsOleg SokolskyTeng ZhangInsup LeeMichael McDougallPre-deployment verification of software components with respect to behavioral specifications in the assume-guarantee form does not, in general, guarantee absence of errors at run time. This is because assumptions about the environment cannot be discharged until the environment is fixed. An intuitive approach is to complement pre-deployment verification of guarantees, up to the assumptions, with post-deployment monitoring of environment behavior to check that the assumptions are satisfied at run time. Such a monitor is typically implemented by instrumenting the application code of the component. An additional challenge for the monitoring step is that environment behaviors are typically obtained through an I/O library, which may alter the component's view of the input format. This transformation requires us to introduce a second pre-deployment verification step to ensure that alarms raised by the monitor would indeed correspond to violations of the environment assumptions. In this paper, we describe an approach for constructing monitors and verifying them against the component assumption. We also discuss limitations of instrumentation-based monitoring and potential ways to overcome it.http://arxiv.org/pdf/1606.00505v1
collection DOAJ
language English
format Article
sources DOAJ
author Oleg Sokolsky
Teng Zhang
Insup Lee
Michael McDougall
spellingShingle Oleg Sokolsky
Teng Zhang
Insup Lee
Michael McDougall
Monitoring Assumptions in Assume-Guarantee Contracts
Electronic Proceedings in Theoretical Computer Science
author_facet Oleg Sokolsky
Teng Zhang
Insup Lee
Michael McDougall
author_sort Oleg Sokolsky
title Monitoring Assumptions in Assume-Guarantee Contracts
title_short Monitoring Assumptions in Assume-Guarantee Contracts
title_full Monitoring Assumptions in Assume-Guarantee Contracts
title_fullStr Monitoring Assumptions in Assume-Guarantee Contracts
title_full_unstemmed Monitoring Assumptions in Assume-Guarantee Contracts
title_sort monitoring assumptions in assume-guarantee contracts
publisher Open Publishing Association
series Electronic Proceedings in Theoretical Computer Science
issn 2075-2180
publishDate 2016-05-01
description Pre-deployment verification of software components with respect to behavioral specifications in the assume-guarantee form does not, in general, guarantee absence of errors at run time. This is because assumptions about the environment cannot be discharged until the environment is fixed. An intuitive approach is to complement pre-deployment verification of guarantees, up to the assumptions, with post-deployment monitoring of environment behavior to check that the assumptions are satisfied at run time. Such a monitor is typically implemented by instrumenting the application code of the component. An additional challenge for the monitoring step is that environment behaviors are typically obtained through an I/O library, which may alter the component's view of the input format. This transformation requires us to introduce a second pre-deployment verification step to ensure that alarms raised by the monitor would indeed correspond to violations of the environment assumptions. In this paper, we describe an approach for constructing monitors and verifying them against the component assumption. We also discuss limitations of instrumentation-based monitoring and potential ways to overcome it.
url http://arxiv.org/pdf/1606.00505v1
work_keys_str_mv AT olegsokolsky monitoringassumptionsinassumeguaranteecontracts
AT tengzhang monitoringassumptionsinassumeguaranteecontracts
AT insuplee monitoringassumptionsinassumeguaranteecontracts
AT michaelmcdougall monitoringassumptionsinassumeguaranteecontracts
_version_ 1725278864106586112

Similar Items