• Like
  • Save
Ingenierría de Software Automática
Upcoming SlideShare
Loading in...5

Ingenierría de Software Automática



Ingenierría de Software Automática

Ingenierría de Software Automática



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Ingenierría de Software Automática Ingenierría de Software Automática Presentation Transcript

    • 2
    • ComunicacionesNavegacionComercioSeguridad deinstalaciones
    • 5
    • 6Performance-critical open networkingsystems that are costly to shut down.“Systems must never crash and mustalways meet their deadlines.”“Systems must be dependable”available, trustworthy, maintainable,safe and secure-integrity and confidentiality (secrecy, anonymity)-
    • 7
    • 8
    • 10
    • Software ErrorsSoftware CorrectnessModel CheckingCourse DetailsTherac-25 Radiation Overdosing (1985-87)Radiation machine for treatment ofcancer patientsAt least 6 cases of overdosis in period1985–1987 (≈ 100-times dosis)Three cancer patients diedSource: Design error in the controlsoftware (race condition)
    • Software ErrorsSoftware CorrectnessModel CheckingCourse DetailsAT&T Telephone Network Outage (1990)January 1990: problem in New YorkCity leads to 9 h-outage of large partsof U.S. telephone networkCosts: several 100 million US$Source: software flaw (wronginterpretation of break statement inC)
    • 13
    • (-ilities)extensibility!
    • 15Source: NASA Jet Propulsion LabBandwidth: < 1KB/secLatency: > hoursData: > 10MB/secComo lograr extensibilidady eficiencia sin sacrificarla seguridad?
    • 16Source: Carnegie Mellon
    • 17Often download occurs without approval! (virus..)
    • 18
    • 19
    • 20
    • 21
    • 23
    • 24
    • 25Consequences (7.000 M euro)Until Ariane, it was not fully appreciated how software cancontribute to a system failure. Software cannot fail, this wasthe repeated cry.- Ariane 5 development programme at risk- SOHO (Multi-national research programme studyingthe behaviour of the Sun’s heliosphere interrupted)- Many research careers jeapordised- Future satellite launches not insured
    • 26
    • 27“After a crew member mistakenly entered a zero into the datafield of an application, the computer system proceeded to divideanother quantity by that zero. The operation caused a bufferoverflow, and the error eventually brought down the shipspropulsion system.The result: the Yorktown was dead in the water for morethan two days.”
    • 28
    •   Non-exhaustive: miss unseen cases  Trust entities required  Slow down performance  Burden on consumers
    • 31
    • 33
    • 34
    • 35
    • 36
    • programa
    • Heavy and weak FMs Lightweight and strong FMs
    • 44
    • 45
    • 46
    • 47
    • 48
    • 49
    • 50A Lightweight Approach_____________________________________“A lightweight approach, in comparisonto the traditional approach, lacks powerof expression and breadth of coverage.A surgical laser likewise produces less powerand poorer coverage than a lightbulb, but itmakes more efficient use of the energy itconsumes, and its effect is more dramatic”[Jackson and Wing 1996]
    • 51
    • 53
    • 55Software ComponentsSofware Processes
    • PropiedadesDatos ProgramasEspecificacionesRequerimientosTipos...Juegos de DatosOutput: EscenariosInput: Ejemplos CódigoDocumentación
    • Datos ProgramasInferencia InductivaGeneración EscenariosPropiedadesTransformaciónde ProgramasPrototipadoautomáticoMinería de Datos
    • PropiedadesProgramas
    • Ejemplo de derivación{Y>0} - precondición{X=Y*Q+R, R>=0} - postcondiciónPropiedadesProgramas
    • Ejemplo de derivación{Y>0} - precondiciónQ:=0; R:=X;while R>Y doR:= R - Y;Q:= Q + 1end while;{X=Y*Q+R, R>=0} - postcondiciónPropiedadesProgramas
    • Ejemplo de derivación{Y>0} - precondiciónQ:=0; R:=X;while R>Y doR:= R - Y;Q:= Q + 1end while;{X=Y*Q+R, R>=0} - postcondiciónPropiedadesProgramas
    • Transformaciónde Programas:•  Compilación•  Especialización•  Deforestación•  SlicingProgramasPropiedades
    • Datos ProgramasInferencia Inductiva(Síntesis de Programasa partir de Ejemplos)Generación Juegos de DatosTesting Estructural (white-box)
    • 1. Definir caminos de prueba2. Generar bancos o juegosde datos que hagan seguir cadacamino(acumulando las ‘constraints’que definen los arcos del camino yaplicando técnicas deCONSTRAINT SOLVING)Datos ProgramasGeneración Juegos de Datos
    • DatosPropiedadesMinería de Datos
    • +*..
    • PropiedadesProgramas
    • Datos ProgramasInferencia InductivaGeneración EscenariosPropiedadesTransformaciónde ProgramasPrototipadoMinería de Datos
    • ProgramasPropiedadesDatosDiagnósticoDeclarativo 2. Especificaciónde la Semántica(ORACULO)3. Analiza (abstract)CORRECCIÓNCOMPLETITUD(1. Síntoma)4. Diagnosticafuentes de error5. Reparacódigo
    • Criterio: Si existe A ∈ Tr(S) tal que A ∉ S entonces r es incorrecta Ejemplo: Sea el programa incorrecto: par(0) = truepar(s(X)) = par(X). y la semántica: S={par(0),par(s(s(0))}
    • Exitos clamorosos aldescubrir errores en:FTP - file transferAutentificación clavesCoherencia caché diskEncriptaciónAlg. div. PentiumComercio electrónicoEdmund M. Clarke, E. Allen Emerson, and Joseph Sifakis the winners of the 2007 A.M. Turing Award
    • Datos ProgramasPropiedad3. ¿?K |= Ψ2. Compilacióna Kripke K4. Generaciónde escenarios(contraejemplo)1. Especificación enLógica TemporalΨ
    • Propiedades típicas  Alcanzabilidad EF RestartEs posible alcanzar la estación de llegada  Seguridad AG ¬BoomNo es posible alcanzar el estado ¬Boom  Vivacidad AG [Req → AFAck]Todo requerimiento alguna vez se atenderá  Equidad AG AF DeviceEnabledLa propiedad DeviceEnabled se satisfaceinfinitas veces en toda computación
    • Some Disadvantages
    • 91Proof-Carrying Code:A Language-Based Security Approach
    • ProgramasPropiedadesProof Carryingcode2. Validarprueba1. CompiladorCertificante:Código + prueba
    • Code producer Host
    • This storeinstruction isdangerous!Code producer Host
    • I am convinced it is safeto execute only ifall([a:exp] (all([b:exp](=> (/ a b) (/ b a)))Code producer HostA verification condition
    • … (impi (/ a b) (/ b a)([ab:pf(/ a b)](andi b a (ander a b ab)(andel a b ab))))…)λCode producer Host
    • Your proof typechecks.I believe you because Ibelieve in logic.λCode producer Host
    • Automation via CertifyingCompilationSourcecodeType safetyProofObjectcodeCertifyingCompiler% spj foo.java bar.class baz.c -ljdk1.2.2Looks and smells like a compiler.CPUProofCheckingTrusted Host
    • 102ABPrueba formal o“explicación” de seguridadCódigo (optimizado)
    • Good Things About PCC  Agnostic to how the code is produced  Someone else does the really hard work(shifts the burden of ensuring the safetyfrom code consumer to code producer)  Requires minimal infrastructure(simpler, smaller, and faster TCB)  Proofs are a “semantic checksum”
    • Curry-Howard IsomorphismIn a logical framework language:predicates (properties) can be represented as typesandproofs as programs (i.e., expression terms).! Under certain conditions typechecking issufficient to ensure the validity of the proofs.
    • La lógica proporciona una formulaciónsimbólica e independiente del dominiode las leyes del pensamiento humanoEste doble carácter de la lógica haceposible mecanizar sus técnicas y métodos
    • clausal logic Relational(Prolog)equational logic Functional(Haskell)many sorted logic typesorder sorted logic inheritancemodal logic: dynamic objectstemporal concurrencyepistemic knowledgedeontic normsMultiparadigm Programming
    • The ELP Group30 Researchers (15 PhDs)(the biggest group of GPLIS)María AlpuenteSalvador LucasGermán VidalJose HernándezJavier OliverM. José RamírezSantiago EscobarCesar FerriChristophe JoubertMarisa LlorensJosep SilvaAlicia Villanueva_______________15 PhD FellowsBeatriz Alarcón, Mauricio Alba, Gustavo Arroyo, Antonio Bella, Aristides Dasso, Marco A. Feliu, Ana Funes, RaulGutierrez, Jose Iborra, Alexei Lescaylle, Rafael Navarro, Daniel Romero, Salvador Tamarit
    • Data ProgramsTest data generationProgram learningPropertiesRefinementDeclarative debuggingProgram transformationProgram certificationspecificationstypes…data batteriesexamples…The ELP groupexplores all arcs ofthis trianglewith the aim ofautomating thecorrespondingphases of thesoftware process.
    • program analyzers and certifiersprogram transformers(filtering, slicing, correction)declarative debuggersmodel checkersweb verifiersnet simulatorsMulti-ParadigmDeclarativePrograms
    • NPA Protocol AnalyzerImplementation size: 8000 lines source Maude codeImplementation size:2.000 lines source Haskell code(collaboration with U. Illinois at Urbana-Champaigne, NRL, and SRI)
    • The Java certification toolImplementation size: 600 lines source Maude code
    • :LoadWeb site directory WWeb Specification SGVerdi Web Verification SystemImplementation size: 8.000 lines source Java code; 800 lines Maude code
    • :Load TRS (+ eval strategy)Mu-Term termination proverImplementation size: 14.000 lines source Haskell code
    • A Tool for Slicing Curry ProgramsImplementation size: 2.000 lines source Haskell code
    • The user interface basicallyconsists of a graphicaleditor and a pane forconsistency analysis.The user can executethe net(fire the enabledtransitions)as well as transform it(reconfiguration).MCReNet analyzer for Petri NetsImplementation size: 2.000 lines source Java code
    • Equational (AC) GeneralizationImplementation size: 700 lines source Maude code
    • DBDT is a machine learning tool for inferring classifiers,implemented in JBuilder using the WEKA librariesApplications to Web categorization(classification of Web documents into one or more categories)DBDT machine learning tool