Ingenierría de Software Automática
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Ingenierría de Software Automática

on

  • 555 views

Ingenierría de Software Automática

Ingenierría de Software Automática

Statistics

Views

Total Views
555
Views on SlideShare
555
Embed Views
0

Actions

Likes
0
Downloads
7
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Ingenierría de Software Automática Presentation Transcript

  • 1. 2
  • 2. ComunicacionesNavegacionComercioSeguridad deinstalaciones
  • 3. 4ATRIBUTOSCLÁSICOS:FIABILIDADSEGURIDADROBUSTEZCORRECCIÓNEFICIENCIA
  • 4. 5
  • 5. 6Performance-critical open networkingsystems that are costly to shut down.“Systems must never crash and mustalways meet their deadlines.”“Systems must be dependable”available, trustworthy, maintainable,safe and secure-integrity and confidentiality (secrecy, anonymity)-
  • 6. 7
  • 7. 8
  • 8. 10
  • 9. Software ErrorsSoftware CorrectnessModel CheckingCourse DetailsTherac-25 Radiation Overdosing (1985-87)Radiation machine for treatment ofcancer patientsAt least 6 cases of overdosis in period1985–1987 (≈ 100-times dosis)Three cancer patients diedSource: Design error in the controlsoftware (race condition)
  • 10. Software ErrorsSoftware CorrectnessModel CheckingCourse DetailsAT&T Telephone Network Outage (1990)January 1990: problem in New YorkCity leads to 9 h-outage of large partsof U.S. telephone networkCosts: several 100 million US$Source: software flaw (wronginterpretation of break statement inC)
  • 11. 13
  • 12. (-ilities)extensibility!
  • 13. 15Source: NASA Jet Propulsion LabBandwidth: < 1KB/secLatency: > hoursData: > 10MB/secComo lograr extensibilidady eficiencia sin sacrificarla seguridad?
  • 14. 16Source: Carnegie Mellon
  • 15. 17Often download occurs without approval! (virus..)
  • 16. 18
  • 17. 19
  • 18. 20
  • 19. 21
  • 20. 23
  • 21. 24
  • 22. 25Consequences (7.000 M euro)Until Ariane, it was not fully appreciated how software cancontribute to a system failure. Software cannot fail, this wasthe repeated cry.- Ariane 5 development programme at risk- SOHO (Multi-national research programme studyingthe behaviour of the Sun’s heliosphere interrupted)- Many research careers jeapordised- Future satellite launches not insured
  • 23. 26
  • 24. 27“After a crew member mistakenly entered a zero into the datafield of an application, the computer system proceeded to divideanother quantity by that zero. The operation caused a bufferoverflow, and the error eventually brought down the shipspropulsion system.The result: the Yorktown was dead in the water for morethan two days.”
  • 25. 28
  • 26.   Non-exhaustive: miss unseen cases  Trust entities required  Slow down performance  Burden on consumers
  • 27. 31
  • 28. 33
  • 29. 34
  • 30. 35
  • 31. 36
  • 32. programa
  • 33. Heavy and weak FMs Lightweight and strong FMs
  • 34. 44
  • 35. 45
  • 36. 46
  • 37. 47
  • 38. 48
  • 39. 49
  • 40. 50A Lightweight Approach_____________________________________“A lightweight approach, in comparisonto the traditional approach, lacks powerof expression and breadth of coverage.A surgical laser likewise produces less powerand poorer coverage than a lightbulb, but itmakes more efficient use of the energy itconsumes, and its effect is more dramatic”[Jackson and Wing 1996]
  • 41. 51
  • 42. 53
  • 43. 55Software ComponentsSofware Processes
  • 44. PropiedadesDatos ProgramasEspecificacionesRequerimientosTipos...Juegos de DatosOutput: EscenariosInput: Ejemplos CódigoDocumentación
  • 45. Datos ProgramasInferencia InductivaGeneración EscenariosPropiedadesTransformaciónde ProgramasPrototipadoautomáticoMinería de Datos
  • 46. PropiedadesProgramas
  • 47. Ejemplo de derivación{Y>0} - precondición{X=Y*Q+R, R>=0} - postcondiciónPropiedadesProgramas
  • 48. Ejemplo de derivación{Y>0} - precondiciónQ:=0; R:=X;while R>Y doR:= R - Y;Q:= Q + 1end while;{X=Y*Q+R, R>=0} - postcondiciónPropiedadesProgramas
  • 49. Ejemplo de derivación{Y>0} - precondiciónQ:=0; R:=X;while R>Y doR:= R - Y;Q:= Q + 1end while;{X=Y*Q+R, R>=0} - postcondiciónPropiedadesProgramas
  • 50. Transformaciónde Programas:•  Compilación•  Especialización•  Deforestación•  SlicingProgramasPropiedades
  • 51. Datos ProgramasInferencia Inductiva(Síntesis de Programasa partir de Ejemplos)Generación Juegos de DatosTesting Estructural (white-box)
  • 52. 1. Definir caminos de prueba2. Generar bancos o juegosde datos que hagan seguir cadacamino(acumulando las ‘constraints’que definen los arcos del camino yaplicando técnicas deCONSTRAINT SOLVING)Datos ProgramasGeneración Juegos de Datos
  • 53. DatosPropiedadesMinería de Datos
  • 54. +*..
  • 55. PropiedadesProgramas
  • 56. Datos ProgramasInferencia InductivaGeneración EscenariosPropiedadesTransformaciónde ProgramasPrototipadoMinería de Datos
  • 57. ProgramasPropiedadesDatosDiagnósticoDeclarativo 2. Especificaciónde la Semántica(ORACULO)3. Analiza (abstract)CORRECCIÓNCOMPLETITUD(1. Síntoma)4. Diagnosticafuentes de error5. Reparacódigo
  • 58. Criterio: Si existe A ∈ Tr(S) tal que A ∉ S entonces r es incorrecta Ejemplo: Sea el programa incorrecto: par(0) = truepar(s(X)) = par(X). y la semántica: S={par(0),par(s(s(0))}
  • 59. Exitos clamorosos aldescubrir errores en:FTP - file transferAutentificación clavesCoherencia caché diskEncriptaciónAlg. div. PentiumComercio electrónicoEdmund M. Clarke, E. Allen Emerson, and Joseph Sifakis the winners of the 2007 A.M. Turing Award
  • 60. Datos ProgramasPropiedad3. ¿?K |= Ψ2. Compilacióna Kripke K4. Generaciónde escenarios(contraejemplo)1. Especificación enLógica TemporalΨ
  • 61. Propiedades típicas  Alcanzabilidad EF RestartEs posible alcanzar la estación de llegada  Seguridad AG ¬BoomNo es posible alcanzar el estado ¬Boom  Vivacidad AG [Req → AFAck]Todo requerimiento alguna vez se atenderá  Equidad AG AF DeviceEnabledLa propiedad DeviceEnabled se satisfaceinfinitas veces en toda computación
  • 62. Some Disadvantages
  • 63. 91Proof-Carrying Code:A Language-Based Security Approach
  • 64. ProgramasPropiedadesProof Carryingcode2. Validarprueba1. CompiladorCertificante:Código + prueba
  • 65. Code producer Host
  • 66. This storeinstruction isdangerous!Code producer Host
  • 67. I am convinced it is safeto execute only ifall([a:exp] (all([b:exp](=> (/ a b) (/ b a)))Code producer HostA verification condition
  • 68. … (impi (/ a b) (/ b a)([ab:pf(/ a b)](andi b a (ander a b ab)(andel a b ab))))…)λCode producer Host
  • 69. Your proof typechecks.I believe you because Ibelieve in logic.λCode producer Host
  • 70. Automation via CertifyingCompilationSourcecodeType safetyProofObjectcodeCertifyingCompiler% spj foo.java bar.class baz.c -ljdk1.2.2Looks and smells like a compiler.CPUProofCheckingTrusted Host
  • 71. 102ABPrueba formal o“explicación” de seguridadCódigo (optimizado)
  • 72. Good Things About PCC  Agnostic to how the code is produced  Someone else does the really hard work(shifts the burden of ensuring the safetyfrom code consumer to code producer)  Requires minimal infrastructure(simpler, smaller, and faster TCB)  Proofs are a “semantic checksum”
  • 73. Curry-Howard IsomorphismIn a logical framework language:predicates (properties) can be represented as typesandproofs as programs (i.e., expression terms).! Under certain conditions typechecking issufficient to ensure the validity of the proofs.
  • 74. La lógica proporciona una formulaciónsimbólica e independiente del dominiode las leyes del pensamiento humanoEste doble carácter de la lógica haceposible mecanizar sus técnicas y métodos
  • 75. clausal logic Relational(Prolog)equational logic Functional(Haskell)many sorted logic typesorder sorted logic inheritancemodal logic: dynamic objectstemporal concurrencyepistemic knowledgedeontic normsMultiparadigm Programming
  • 76. The ELP Group30 Researchers (15 PhDs)(the biggest group of GPLIS)María AlpuenteSalvador LucasGermán VidalJose HernándezJavier OliverM. José RamírezSantiago EscobarCesar FerriChristophe JoubertMarisa LlorensJosep SilvaAlicia Villanueva_______________15 PhD FellowsBeatriz Alarcón, Mauricio Alba, Gustavo Arroyo, Antonio Bella, Aristides Dasso, Marco A. Feliu, Ana Funes, RaulGutierrez, Jose Iborra, Alexei Lescaylle, Rafael Navarro, Daniel Romero, Salvador Tamarit
  • 77. Data ProgramsTest data generationProgram learningPropertiesRefinementDeclarative debuggingProgram transformationProgram certificationspecificationstypes…data batteriesexamples…The ELP groupexplores all arcs ofthis trianglewith the aim ofautomating thecorrespondingphases of thesoftware process.
  • 78. program analyzers and certifiersprogram transformers(filtering, slicing, correction)declarative debuggersmodel checkersweb verifiersnet simulatorsMulti-ParadigmDeclarativePrograms
  • 79. NPA Protocol AnalyzerImplementation size: 8000 lines source Maude codeImplementation size:2.000 lines source Haskell code(collaboration with U. Illinois at Urbana-Champaigne, NRL, and SRI)
  • 80. The Java certification toolImplementation size: 600 lines source Maude code
  • 81. :LoadWeb site directory WWeb Specification SGVerdi Web Verification SystemImplementation size: 8.000 lines source Java code; 800 lines Maude code
  • 82. :Load TRS (+ eval strategy)Mu-Term termination proverImplementation size: 14.000 lines source Haskell code
  • 83. A Tool for Slicing Curry ProgramsImplementation size: 2.000 lines source Haskell code
  • 84. The user interface basicallyconsists of a graphicaleditor and a pane forconsistency analysis.The user can executethe net(fire the enabledtransitions)as well as transform it(reconfiguration).MCReNet analyzer for Petri NetsImplementation size: 2.000 lines source Java code
  • 85. Equational (AC) GeneralizationImplementation size: 700 lines source Maude code
  • 86. DBDT is a machine learning tool for inferring classifiers,implemented in JBuilder using the WEKA librariesApplications to Web categorization(classification of Web documents into one or more categories)DBDT machine learning tool