Java-MaC: A Run-Time Assurance Approach for Java Programs

TL;DR: Java-MaC as discussed by the authors is a prototype implementation of the Monitoring and Checking (MaC) architecture for Java programs, which is a lightweight formal method solution which works as a viable complement to the current heavyweight formal methods.

Abstract: We describe Java-MaC, a prototype implementation of the Monitoring and Checking (MaC) architecture for Java programs. The MaC architecture provides assurance that the target program is running correctly with respect to a formal requirements specification by monitoring and checking the execution of the target program at run-time. MaC bridges the gap between formal verification, which ensures the correctness of a design rather than an implementation, and testing, which does not provide formal guarantees about the correctness of the system. Use of formal requirement specifications in run-time monitoring and checking is the salient aspect of the MaC architecture. MaC is a lightweight formal method solution which works as a viable complement to the current heavyweight formal methods. In addition, analysis processes of the architecture including instrumentation of the target program, monitoring, and checking are performed fully automatically without human direction, which increases the accuracy of the analysis. Another important feature of the architecture is the clear separation between monitoring implementation-dependent low-level behaviors and checking high-level behaviors, which allows the reuse of a high-level requirement specification even when the target program implementation changes. Furthermore, this separation makes the architecture modular and allows the flexibility of incorporating third party tools into the architecture. The paper presents an overview of the MaC architecture and a prototype implementation Java-MaC.

Full text

%61>-:;1<A7.!-66;A4>)61)%61>-:;1<A7.!-66;A4>)61)
#+074):4A75576;#+074):4A75576;
-8):<5-6<)4!)8-:;# -8):<5-6<7.758=<-:6.7:5)<176#+1-6+-

)>))"=6<15-;;=:)6+-88:7)+0.7:)>)!:7/:)5;)>))"=6<15-;;=:)6+-88:7)+0.7:)>)!:7/:)5;
77627715
#%1+75
)0-;0&1;?)6)<0)6
%61>-:;1<A7.441671;
#)58)<0)66)6
%61>-:;1<A7.!-66;A4>)61)
3)66)6+1;=8-66-,=
6;=8--
%61>-:;1<A7.!-66;A4>)61)
4--+1;=8-66-,=
4-/#7374;3A
%61>-:;1<A7.!-66;A4>)61)
;7374;3A+1;=8-66-,=
7447?<01;)6,),,1<176)4?7:3;)<0<<8;:-87;1<7:A=8-66-,=+1;(8)8-:;
"-+755-6,-,1<)<176"-+755-6,-,1<)<176
77627715)0-;0&1;?)6)<0)6#)58)<0)66)66;=8--)6, 4-/#7374;3A)>))"=6
<15-;;=:)6+-88:7)+0.7:)>)!:7/:)5;):+0
!7;<8:16<>-:;176!=*41;0-,16
7:5)4-<07,;16#A;<-5-;1/6
&74=5-;;=-):+08)/-;
$0-7:1/16)48=*41+)<1761;)>)14)*4-)<???;8:16/-:4163+75
!=*41;0-:%"0<<8,@,717:/ "+
$01;8)8-:1;87;<-,)<#+074):4A75576;0<<8;:-87;1<7:A=8-66-,=+1;(8)8-:;
7:57:-16.7:5)<17684-);-+76<)+<:-87;1<7:A87*7@=8-66-,=

)>))"=6<15-;;=:)6+-88:7)+0.7:)>)!:7/:)5;)>))"=6<15-;;=:)6+-88:7)+0.7:)>)!:7/:)5;
*;<:)+<*;<:)+<
'-,-;+:1*-)>)))8:7<7<A8-1584-5-6<)<1767.<0-761<7:16/)6,0-+316/)):+01<-+<=:-
.7:)>)8:7/:)5;$0-)):+01<-+<=:-8:7>1,-;);;=:)6+-<0)<<0-<):/-<8:7/:)51;:=6616/+7::-+<4A
?1<0:-;8-+<<7).7:5)4:-9=1:-5-6<;;8-+1B+)<176*A5761<7:16/)6,+0-+316/<0--@-+=<1767.<0-
<):/-<8:7/:)5)<:=6<15-)*:1,/-;<0-/)8*-<?--6.7:5)4>-:1B+)<176?01+0-6;=:-;<0-
+7::-+<6-;;7.),-;1/6:)<0-:<0)6)61584-5-6<)<176)6,<-;<16/?01+0,7-;67<8:7>1,-.7:5)4
/=):)6<--;)*7=<<0-+7::-+<6-;;7.<0-;A;<-5
%;-7..7:5)4:-9=1:-5-6<;8-+1B+)<176;16:=6<15-5761<7:16/)6,+0-+316/1;<0-;)41-6<);8-+<7.<0-
)):+01<-+<=:-)1;)41/0<?-1/0<.7:5)45-<07,;74=<176?01+0?7:3;);)>1)*4-+7584-5-6<<7
<0-+=::-6<0-)>A?-1/0<.7:5)45-<07,;6),,1<176)6)4A;1;8:7+-;;-;7.<0-):+01<-+<=:-16+4=,16/
16;<:=5-6<)<1767.<0-<):/-<8:7/:)55761<7:16/)6,+0-+316/):-8-:.7:5-,.=44A)=<75)<1+)44A
?1<07=<0=5)6,1:-+<176?01+016+:-);-;<0-)++=:)+A7.<0-)6)4A;1;67<0-:1587:<)6<.-)<=:-7.<0-
):+01<-+<=:-1;<0-+4-):;-8):)<176*-<?--65761<7:16/1584-5-6<)<176,-8-6,-6<47?4->-4*-0)>17:;
)6,+0-+316/01/04->-4*-0)>17:;?01+0)447?;<0-:-=;-7.)01/04->-4:-9=1:-5-6<;8-+1B+)<176->-6
?0-6<0-<):/-<8:7/:)51584-5-6<)<176+0)6/-;=:<0-:57:-<01;;-8):)<1765)3-;<0-):+01<-+<=:-
57,=4):)6,)447?;<0-C-@1*141<A7.16+7:87:)<16/<01:,8):<A<774;16<7<0-):+01<-+<=:-$0-8)8-:
8:-;-6<;)67>-:>1-?7.<0-)):+01<-+<=:-)6,)8:7<7<A8-1584-5-6<)<176)>))
-A?7:,;-A?7:,;
;7.<?):-:-41)*141<A.7:5)4;8-+1B+)<176:=6<15-5761<7:16/)6,+0-+316/-@-+=<176<:)+->)41,)<176
8:7/:)516;<:=5-6<)<176)>))>)*A<-+7,--6/16--:16/
755-6<;755-6<;
!7;<8:16<>-:;176!=*41;0-,16
7:5)4-<07,;16#A;<-5-;1/6
&74=5-;;=-):+08)/-;
$0-7:1/16)48=*41+)<1761;)>)14)*4-)<???;8:16/-:4163+75
!=*41;0-:%"0<<8,@,717:/ "+
$01;27=:6)4):<1+4-1;)>)14)*4-)<#+074):4A75576;0<<8;:-87;1<7:A=8-66-,=+1;(8)8-:;

 ! " #$%&'()!**$"+&'-,
.
+&$/01$"+&2&$3 54
687%7#9:;77=<?>A@CBEDF%FHGJI%FF%KJLHMONQPRSTNHFUDV
WYXZ[X]\_^a`cbd\_efghXi_X[jlkmnoXeQpqgXrms\T^pEnXeUpEtuwvxy"z|{}`~k_ntOu#X]k_sj tOk_^~X]\
6HO>AH9((H9!BDUJMJLJKON-LS]PRsPNS[M%HPqV
gXrms\_^cpEnoXeQpkaxJk_nmprX^hu`[z|XeH`cXthy%eQzi_X^cZcz}pEk&j}j zeHk_z}Z\_py%^[~\_eH\_cxbQ\Tn&ms\_z_eQt
yO{lu#{{

H@=¡J<?H9(9(H9¢O£[9(T¤O¡¦¥wdH9J§8¨©Ewª

7H«H7#©A«%¬
Bw®JUGGqUG¯°%MM¯LF#®(F°(Ls®-±q²QK(L#UPq°hSNR%LS]P³OMHGGS[M"#P(V
gXrms\_^cpEnoXeQpkaxJk_nmprX^´\TeHf´ce;k_^cn\TpEzAk_e?uH`[z|Xe`cXthy"eUz}i_X^Z~zpEµkaY¶YXeUeUZ~_j iT\_eUzE\_t
yO{lu#{{
·5¸-¹;º;»¼½¾º¾¿ÁÀÃÂÄsÂ;Å]Æ[Ç~ÈlÉHÂʾËÌ_ËTÍÎ˾ÏÐËÒÑsÇ~Ó_Ô~Ó_ÔrÕsÑHÂ5ÈlÖÑQ×Â[ÖÂ;ØwÔcËTÔ~ÈlÓ¾ØÙÓTÚÔ~ÛQÂÎÓ_ØUÈÔ~Ó_Ç]Í
ÈlØUÜÙËTØÄÏÛQÂ;ÆÝÈlØUÜ1Þ|ÎËÏàßoËTÇ~ÆcÛUÈÔ~Â;Æ[Ô~ásÇ~Â?Ú}Ó_ÇÊË̾ËâÑQÇ~Ó¾ÜTÇcË_ÖÅ;ãäÛUÂdÎËÏ)ËTÇ~ÆcÛUÈÔ~Â;Æ[Ô~ásÇ~Â
ÑQÇ~ÓÌÈÄQÂ;ÅËTÅ]Å]áQÇcË_ØQÆ;ÂÔ~ÛËÔÔ~ÛU´ÔcËÇ~ܾÂ[ÔhÑsÇ~Ó¾Ü_ÇcËTÖåÈlÅÇ~áQØUØQÈØQܵÆ[Ó_Ç]Ç~Â;Æ[Ô~×ÕdæÈÔ~ÛÃÇ~Â;Å]ÑHÂ;Æ[ÔÔ~ÓË
ÚÓTÇ~ÖoË_×Ç~ÂçwáQÈlÇ~Â[ÖÂ;ØwÔ~ÅÅ]ÑHÂ;Æ[ÈlèUÆËTÔ~ÈlÓ_ØâÉwÕÒÖÓ_ØUÈÔ~Ó_Ç~ÈlØUÜ5ËTØÄÒÆÛQÂ;ÆcÝsÈlØQÜoÔ~ÛQÂÂ[ésÂ;Æ;áQÔ~ÈlÓ_ØdÓTÚqÔ~ÛQÂ
ÔcËTÇ~Ü_Â[ÔJÑQÇ~Ó¾ÜTÇcË_ÖËÔOÇ~áUØQÍAÔ~ÈlÖ¾ã_Î˾Ï=ÉsÇ~ÈêÄsܾÂ;ÅOÔ~ÛQÂÜËTÑÉHÂ[ÔæÂ;Â;ØhÚÓ_Ç~ÖoËT×Q̾Â[Ç~ÈèÆËÔ~ÈÓ_Ø%ÐTæÛUÈlÆcÛ
Â;ØUÅ]ásÇ~Â;Å#Ô~ÛUÂJÆ;Ó_Ç]Ç~Â;ÆÔ~ØUÂ;Å]Å%Ó_ÚUËYÄsÂ;Å]ÈlܾØÇcËTÔ~ÛQÂ[ÇÔ~ÛUË_ØËTØhÈlÖÑQ×Â[ÖÂ;ØwÔcËTÔ~ÈlÓ¾Ø"Ð;ËTØÄ&Ô~Â;ÅaÔ~ÈlØUÜsÐæÛUÈlÆcÛ
ÄQÓwÂ;ÅØQÓ_ÔÑQÇ~ÓÌÈÄQÂÚ}Ó_Ç~ÖoË_×"ܾáUËTÇcËTØÔ~Â[Â;ÅYË_ÉHÓ¾ásÔÔ~ÛUÂÆ;ÓTÇ]Ç~Â;Æ[Ô~ØQÂ;Å]ÅÓTÚOÔ~ÛUÂÅaÕsÅaÔ~Â;Öã
ë
Å]ÂÓTÚ-ÚÓTÇ~ÖoË_×HÇ~ÂçwáUÈÇ~Â;ÖÂ;ØwÔàÅ]ÑHÂ[Æ;ÈèÆËÔ~ÈÓ_ØUÅÈlصÇ~áQØQÍAÔ~ÈlÖÂÖÓ_ØUÈÔ~Ó_Ç~ÈlØUÜ´Ë_ØUĵÆcÛUÂ;ÆcÝÈØQÜÈlÅ
Ô~ÛUÂÅ~Ë_×lÈlÂ;ØwÔYË_Å]ÑHÂ;Æ[ÔÓTÚÔ~ÛQÂÎËÏËÇ~ÆÛQÈlÔ~Â[Æ[Ô~áQÇ~¾ãUÎ˾Ï1ÈÅËh×lÈÜ_ÛwÔæÂ[ÈÜ_ÛwÔYÚ}Ó_Ç~ÖoËT×"ÖÂÔ~ÛUÓÄÅ]Ó_Í
×láQÔ~ÈlӾشæÛQÈlÆÛæÓ_Ç~ÝÅËTÅËÌÈË_ÉQ×lÂYÆ[Ó¾ÖÑU×lÂ;ÖÂ[ØÔOÔ~ÓÔ~ÛUÂÆ;áQÇ]Ç~Â[ØÔ(ÛQÂËÌwÕsæÂ;ÈlܾÛwÔJÚÓ_Ç~ÖoËT×UÖÂ[Ô~ÛsÍ
ÓÄQÅ;ã(ìrØíË_ÄUÄsÈlÔ~ÈlÓ_Ø%ÐqË_ØUË_×ÕsÅ]ÈÅÑsÇ~ÓwÆ;Â;Å]Å]Â;ÅoÓTÚÔ~ÛQÂËTÇ~ÆcÛUÈÔ~Â;ÆÔ~áQÇ~ÂÈlØQÆ;×láÄQÈlØQÜâÈlØUÅaÔ]Ç~áQÖÂ;ØwÔcËTÔ~ÈlÓ¾Ø
Ó_ÚOÔ~ÛQÂÔcËÇ~ܾÂ[ÔÑQÇ~Ó_Ü_ÇcËTÖÐHÖÓ¾ØQÈlÔ~ÓTÇ~ÈlØUÜQÐË_ØUÄÆÛQÂ;ÆÝÈlØUÜËTÇ~ÂhÑHÂ[Ç]ÚÓTÇ~ÖÂĵÚáQ×l×lÕË_ásÔ~Ó¾ÖoËTÔ~ÈlÆËT×l×lÕ
æÈÔ~ÛUÓ¾ásÔÛáQÖoË_ØîÄsÈÇ~Â;Æ[Ô~ÈlÓ¾Ø"ÐæÛUÈlÆcÛÈlØUÆ[Ç~ÂËTÅ]Â;ÅÔ~ÛQÂ?Ë_Æ;Æ;ásÇcË_Æ[Õ1Ó_ÚÔ~ÛUÂ?ËTØËT×lÕsÅ]ÈlÅ;ãYïØQÓ_Ô~ÛQÂ[Ç
ÈlÖÑHÓ_Ç]ÔcË_ØwÔÚ}ÂËTÔ~ásÇ~ÂÒÓ_ÚÔ~ÛQÂËÇ~ÆÛQÈlÔ~Â[Æ[Ô~áQÇ~ÂÒÈlÅÔ~ÛUµÆ;×lÂËTǵÅ]Â;ÑËÇcËTÔ~ÈlÓ¾Ø1ÉHÂ[ÔæÂ;Â;Ø1ÖÓ_ØUÈÔ~Ó_Ç~ÈlØQÜ
ÈlÖÑU×lÂ;ÖÂ;ØwÔcËTÔ~ÈlÓ_ØQÍrÄQÂ;ÑHÂ[ØÄQÂ[ØÔ´×lÓæàÍ|×lÂ;ÌÂ[×ÉHÂ;ÛËÌÈlÓ_Ç~ÅË_ØÄîÆcÛUÂ[ÆÝÈlØUÜðÛQÈlܾÛQÍ|×lÂ;ÌÂ[×&ÉHÂ;ÛUËÌÈlÓ_Ç~Å;Ð
æÛUÈlÆcÛ/Ë_×l×lÓæÅdÔ~ÛQÂðÇ~Â;áUÅ]ÂÙÓTÚ5Ë1ÛUÈlܾÛsÍ|×Â[ÌÂ;×Ç~ÂçwáUÈÇ~Â;ÖÂ;ØwÔÒÅ]ÑHÂ;Æ[ÈlèUÆËTÔ~ÈlÓ_Ø/Â;ÌÂ;ØñæÛQÂ;ØÔ~ÛQÂ
ÔcËTÇ~Ü_Â[ÔoÑQÇ~Ó_Ü_ÇcË_ÖòÈlÖÑQ×Â[ÖÂ;ØwÔcËTÔ~ÈlÓ¾ØóÆÛUË_ØQܾÂ;Å;ãôUáQÇ]Ô~ÛQÂ[Ç~ÖÓ_Ç~Â_ÐOÔ~ÛUÈlÅoÅ]Â;ÑËÇcËTÔ~ÈlÓ¾ØîÖoËTÝÂ;Å´Ô~ÛQÂ
ËTÇ~ÆcÛUÈÔ~Â;Æ[Ô~ásÇ~ÂÖÓÄsáU×ËTÇoËTØÄíË_×l×lÓæÅÔ~ÛQµõÂéQÈlÉQÈ×lÈÔÕ=ÓTÚÈlØUÆ;ÓTÇ~ÑHÓ_ÇcËÔ~ÈØQÜÃÔ~ÛUÈÇcÄ=ÑËÇ]ÔÕÙÔ~ÓwÓ¾×lÅ
ÈlØÔ~ÓÔ~ÛUÂËÇ~ÆÛQÈlÔ~Â[Æ[Ô~áQÇ~¾ãäÛUÂÑUË_ÑHÂ[ÇYÑQÇ~Â[Å]Â;ØwÔ~ÅËTØÓÌÂ[Ç~ÌÈlÂ[æ8Ó_Ú-Ô~ÛQÂhÎËϦËTÇ~ÆcÛUÈÔ~Â;Æ[Ô~ásÇ~ÂË_ØUÄ
Ë´ÑQÇ~ÓTÔ~Ó_ÔrÕQÑHÂ&ÈÖÑQ×lÂ;ÖÂ;ØwÔcËTÔ~ÈlӾصÊËÌ_ËTÍÎËÏã
ö÷ø%ùhú
»Tû-¹¾ü¾Å]Ó_Ú}ÔræàËÇ~ÂqÇ~Â;×lÈË_ÉQÈ×lÈÔÕwÐ[ÚÓ_Ç~ÖoËT×Å]ÑHÂ;Æ;ÈèUÆËTÔ~ÈlÓ¾Ø"ÐÇ~áUØsÍ|Ô~ÈlÖÂ-ÖÓ_ØUÈÔ~Ó_Ç~ÈlØQÜË_ØÄÆcÛUÂ[ÆÝwÍ
ÈlØUÜQÐÂéQÂ[Æ;áQÔ~ÈlÓ¾ØÔ]ÇcËTÆ;ÂÌ_Ë_×lÈÄUËÔ~ÈlÓ¾Ø%ÐsÑsÇ~Ó¾Ü_ÇcËTÖÈlØUÅaÔ]Ç~áQÖÂ;ØwÔcËTÔ~ÈlÓ¾Ø"ÐÊËÌ_ËsÐÊËÌ_ËhÉwÕÔ~Â;Æ;ÓÄsÂÂ[ØUܾÈÍ
ØUÂ;ÂÇ~ÈØQÜ
ý(þÿ

£;9ó(¡qHc´7=§O

wH§Ow¢O@ä

T



T¦JH

7#9

9"

T§¦7#9îOÒ@Ùw

7-§(

7

H9JH©E¬T>AhH9(§
!
UH©|>A§(>E7#9Ù7

7

r´

¬-@=w¢%5(>
"
_ó

§Ow¡J©E7Q¬H§
#
äÛQÈÅOÇ~Â;Å]Â;ËTÇ~ÆcÛ´æàËTÅqÅ]áQÑUÑHÓ_Ç]Ô~Â;ÄÈlØ´ÑUËTÇ]Ô(ÉwÕ
%$'&
Qô?ÏàÏ
(
Í
*)+)-,+,-.+/+)
Ð
0$'&
sô?ÏàÏ
(
YÍ
*/+/-,+123.04
wÐ
$'&
sô=ÏàÏ
(
YÍ
*/65/+)-/65.
sÐ#ï
(87:9
ï&ï
892)
Í
*/2
[Í
;2
Í
/.04<
sÐUË_ØÄ
=7$(>$?/-/+/2@.
_Í
*)64
Í
;2
[Í
*/6A/6A
ã
Æ
B
5-/+/-<
hj 
C
X^&Y`~\fwXnzA`¶Q;j zZabUX^Z[{Ù¶^z}eUprX]foz}eÒp}bUX
'D
Xp}bUX^[jl\TeHf_Z[{
EF-EG0HJI*K0L-MONQP6R+S0P+R6T+S6S6UJNWV3XOY*Z6ZON\[I]V

^
>A9ÙT

rw¬
W6
T>E>
"
wH©(

THh¤

_=Hh

>A7#9(>
"
whH9J§=H¤O7#@Ù7
_
J>|©E
0`
"6H9"¬Ù¤
0
T
3

a¤(©>A9J§(¤(

T>|H©

wH1¤J§(>EdJ

H
a_
w9
b
7#9(§(¤

§>A9 Oí

7
c
7

T@=H©
H
0
T>
"d
w>E7#9 B
;e
©A

«H!H9J§
gf
>A9OªO¢
ihjjk
#V
-`Qe
7#@Ù¡J©Ew
b
r7

T@óH©
Q
H
0
T>
ld
w>E7#9à¢
O7Q
0
H
0
s¢((H9O7H¬Hw
m_


7#@ÙÒð¡


0
H©E9%´H9(H©A¬>|´@=wO7§
n`o
5H7#9(
p
7

(>|

7

7#©A§
`q
>
l
Tw¢

7#@Ù¡J©Aw

H
0
_>
ld
w>E7#9Ã7

TH©
r
c©A>
l
¬-@=

@óH>A9(
>A9

rH>
"_
J©E
`ts
oOµª

7s5í7

7

r´

TT>
lu
wH9J§
v
7#@Ù¡q©E
6w
->Ac¬ów@ó7Ã
6wO
w§
H§
O
H9

Ã>A9
x
H
0
_>
ld
w>E7#9!

T(9(7#©E7HªH¬
`



7#9(§à¢

H
0
T>
ld
w>E7#9
y
¤(©Ad¡(¡J©A¬
9O7H7Ã¬@ >A@Ù¡q©E@Ù9%>E7#9(w¢
t_
q¤O7
i
r7

T@óH©J@Ù7-§O©Ah7

àO¬@=
0`
s
oJð>|w¢
0
H9Á>
l
5/§OT>Eª#9 (H
z_
w9
{
r7

T@óH©A©E¬
x
H
0
T>
"d
(§à¢>EÙ>A©A©§O7Ù9O7H
9(T¤
O
O
:
7
|


9O17

? ¡J

>
"
w¤(©|

ó>A@Ù¡J©A@Ù9">A7#97

ÒO§(>Eª#9
`
s
oJ>A?>A
}_


wH¤(îH9!>A@=¡J©E@Ù9%>E7#97

9>Aâ@â¤

_ @Ù7

î§OwH>A©E§à¢&H9(§
H©A7@ó¬ð9O7H

T>
"
©A¬
Q
r7#©|©E7sO
p
7

T@=H©O§OT>Eª#9
`

7O¢O
0
o

¡7#>
"_
J>A©A>E>A

7

>A9%

7§J¤

>E7#9Ã7


0|
7

T>A9%7?H9=>A@=¡J©E@Ù9%>E7#9Ã7

Oo§O>Eª#9ðJ(H
_
w9
a
H
0
T>
ld
(§
n`
O¨9(µ¬1(o7

c

Ò9Oª#>A9(w
0
T(

HÒ

TH§J>E>E7#9(H©A©A¬Ù

T>E§
717

H
0
7#@=ÃJ>A5ª#¡
:_
wc´w9 §O>Eª#9ñH9(§8>|@Ù¡J©E@Ù9%>E7#9(H
~_
w987
H9?>A@Ù¡J©A@Ù9">A7#97#9?¡


6
c§(w
0
T@=>A9O§Òw7

>|9O¡J¤Oà

¤O9


0`s
o(>A
¡(¡

7#

Tà¢O7s´
0
H
0
¢
J
H>|©A7d¡

7

->A§Ooª#¤J

TH9"w
_
7#¤O(

7
|


9(h7

O?>|@Ù¡J©E@Ù9%>E7#9î7#9¦H©|©à¡7#>
l_
J©A>A9(¡J¤O

%¤(9


0`
e
7#9(

¤O9"©A¬H¢5(9  ¬-@ >A
v
T¤(9(9J>A9OªO¢h>Eî>A1(

T§ 7 ª#¤(

TH9%w
5(wO
0
ó7

19O7HóO
:
w¤
O|
9%ó
6w
-

w¤O>E7#9)7

ÒO¬@ >A
v
7
|


î¤(>A9Oª
O8c´7 

TH§(>A>E7#9(H©o@Ùw(7§(
'
H
0
T>
ld
w>E7#9 H9(§>|9Oª
O`s
o(
0

0
r7

TH¢O
¡(¡

7#

T 7
=
7#9">|9%¤O7#¤J©E¬ @Ù7#9J>E7

T>A9Oª H9(§

_O

«->A9Oª

T¤J9(9(>A9Oªñ¬-@
5>A

¡

Ã7

7

T@=H©
%


%¤J>
l
@Ù9%â¡

w>
"d
w>E7#9(
Q
wH9
_
í¤J§7
:d
J©A©
OÒª#¡
_
wc´w9¦OÒ71¡(¡

7#

_O
0`s
5(>A¡(¡

T7#

T¦@=>Aª#"o9O7Hµw@
H
0
¬/¤(
0
¤(©h
}d
_Òª#©AH9


v_


wH¤Jí§Ow

>|9Oª8
0|
T7

Td§O7d9(7Hâw@ >A9


0
>A9Oª
O
7

Ò
6w
-H@Ù¡q©EH¢:¤J
=
w¡7

>A9Oª1(d¬-@C>|
_
7#¤OÒ7
>6
_H
>A9O7H?(©E¡

a¤(©
`o
µ¤(9

~>A@=ð@=7#9(>E7

T>A9(ªO¢(7s´
0
H
0
¢
8
7#¤(©A§/(©E¡/¤(
0
T7

´O
¬-@ 7!§Ow

îH9(§

7



ó
0|
T7

T
0`%q
>
l
Tw¢h¤
O_
(©A
0|
7

Tí

(

_§7
§Ow

µ5>EO7#¤(O7

7#¤Oª#

T¤(9

~>A@=@=7#9(>E7

T>A9(ª
O`



7#9(§à¢(
0
7

To@=s¬¦9O7H

wH¤( §J>AH

7#¤J1¬@

aH>A©A¤

>A@ó@Ù§(>A©E¬
`po
5¤J9

~>A@Ù

TO

T«>|9Oª

wH9
d
J9J§=¤

_ó
0|
T7

Th>A9íd>|@Ù©E¬Ù@=H9(9O
0
´H9(§1O©E¡=O¤(
0
T7Ã«H



7

H
0
¬


>E7#9J
c_

0
r7


Q6
_>E>
"
wH©

aH>A©A¤
O
Ò(¡J¡9J
0`
£;9(>Ao¡q¡
0
s¢J´ð§(
|6
T>
l_

WOy
&¢
v
T¤(9
O
~>A@ÙdHT¤
O
TH9

ð¬-@

7
%
#

UÒ¡

7Hª

TH@=
?_
JH§ð7#9ÙOo6¦7#9J>E7

T>A9OªÒH9(§
!e
O

«->A9Oª=B]6
e
oV

_(>
r


¤
O
T
`ts
oO7
_
-:

>
l
H7

O568
e


T(>A

T%¤
O
5>A7Ò¡

7

->A§OH¤

TH9


(Oð

ªHwÒ¡

7Hª

TH@ >A
~
T¤(9(9J>A9Oª
!
7
|
T

©E¬85>A

T¡

µ7¦
a
7

T@=H©



¤(>
l
T@Ù9"Ù¡

w>
"d
w>E7#9
`'s
oO¦¤J7

7

T@=H©
p
T

%¤(>
"
@Ù9%Ù¡

w>
ld
w

>E7#9Jµ>A9
:
T¤J9

~>A@ÙÃ@Ù7#9(>E7

T>|9OªíH9(§

_O

«->A9Oª>AOðH©A>E9%H¡

7

O
6
e


T(>A

¤
O

`pq
(¤
O
O
0
_@Ù7

H¢@Ù7#9(>E7

T>|9Oª H9(§

T(

«->A9Oª Hí´©A©H


ªHwí¡

7Hª

TH@ >A9(

T¤J@Ù9">A7#9Á

8H¤O7#@ó>
"
wH©A©E¬¡
0|
r7

_@Ù§
{*
T7#@ 
ª#>
l
H9



%¤J>
l
@Ù9%Ù¡

w>
ld
w>E7#9
`'s
o(¦H¤O7#@=>
"
¦¡

7


_
JH§7#9



¤(>
l
T@Ù9"î¡

w>
ld
w>A7#9(î@=«H/O

T¤(9

~>|@ÙñH9JH©E¬T>A
a
T>EªH7

7#¤(
`
9

7HO
0
T(

_


0
T>A>
"
r¤
O
Th7

-Oh

_(>E

¤
O
T>Aà(hw¡J

T>A7#9
_
wc´w9
EF-EG0HJI*K0L-MONQP6R+S0P+R6T+S6S6UJNWV3XOY*Z6ZON\[IT


@Ù7#9J>E7

T>A9Oªî¡

T7Hª

TH@
z
c§Ow¡9(§O9%?©E7Q
c
c©E
0
H©
_
(

>A7

dH9(§
x
_O

«->A9Oªñ(>Eª#

©E
0
H©
~_
(

>E7

_H©
\


¤(>
l
T@Ù9"/Baw
q
>Eª#¤
O
T
h
sV
-`ms
oJ>Aów¡q

T>E7#9åH©A©E7Q5
O=¡

w>
"d
w>E7#9 7

(>Eª#

c©E
0
H©
?
T

%¤(>
"
@Ù9%Ò>A9(§Ow¡9(§O9%7

Oí>A@Ù¡J©E
6
@Ù9%>E7#9>A9

>A@Ù¡J©A@Ù9">A7#9 ¡

w>
ld
§(wH>A©A8

T

7#9
Od
q9O§ 7 O
©E7Q
c
c©E
0
H©¡

w>
ld
w>E7#9
n`
"£;91H§J§(>E>E7#9à¢"(>A´w¡J

T>E7#919(
_
q©Eh(

¤Jµ7

¦J>Eª#

c©E
0
H©
?


¤(>
l
T@Ù9"d¡

w>
ld
w>E7#9 
0
H9!5O9 Oó

ªHwd¡

T7Hª

TH@
>A@=¡J©E@Ù9%>E7#9

T(H9OªH
`=q
J¤
O
O
0
T@=7

H¢(>A @Ù7-§(¤(©A

T>Ac¬ 7

óOÁ6
e


_(>E

¤
O
TH9(§ >E1>A@Ù¡J©E@=9">E7#9
_
JH§ 7#9)´©A©
r
c§O
0d
q9O§)>A9%
0|
a


H@Ù7#9(ªíO
z
7#@Ù¡7#9O9%@=«H>EµH¬¦71>|9

7

¡7

TÃ(>
l
T§

~¡q

c¬î77#©A
>A9%7ðO?

_(>E

¤
O

`q
(7

o
6w
-H@=¡J©EH¢O´Ò
0
?
_
q©E7=©A>A9O«=(

"



68
e
¬-@ 5>E1Ã9Owc´7

«íT>A@â¤J©A7

7ÙH9(H©A¬
u
wO
=
7
|


9OT7

Y9Owc´7

«
>|@â¤(©|>E7#91

T

sB

(

ª#

UH9ñw5H©
`
E¢
^
h
sV
-`
s
5O6
e


_(>E

¤
O
T>AoªH9O
0
TH©
*
_H@Ùw7

T«q¢Q5(>
"
_d>A9(7H©A>A@ó>E§7
H9%¬¡

w>
ld
Ù¡

7Hª

TH@=@=>|9Oª¦©AH9Oª#¤(ªH
`?s
7ñ§O@=7#9(

T1>E?
6¡


>
l
H9O¢
O7Q
0
H
0
s¢(

H¦>A@Ù¡J©E@=9"§/68
e
¡

T7H7Hc¬¡

7
!
#

Uñ¡

7Hª

_H@=w¢

wH©A©A§
O;x`?
"



68
e


ªHw
W
"

ñ
6w


w¤O
_
q©E
a
7-§O/Ba>
`

`
E¢
_
%¬
6

7-§OQV
-`
J£[5>AoH¬7í§Ow¡q©E7s¬
>
#

U

6
e
¢
_


wH¤(d>EµH¤O7#@=>
"
wH©A©A¬î>|9(

T¤

@Ù9%?(ó

ªHwá

7Hª

TH@ H9(§ªH9(
0
TÃO
W
T¤(9
O
~>A@Ù
W
7#@Ù¡7#9O9%d7


"



68
eb_
JH§â7#9
i


¤(>
l
T@Ù9"&¡

w>
ld
w>A7#9(Y
\
T>E9Ã>A9d7Ò
|6
_>E¡(>A9Oª
©AH9(ª#¤(ªH
0`
s
5O¡q¡
0
>|7

Tª#H9(>
lu
w§Ù>A9Ãc´7?¡J

T
0`s
oO
d
T¡J

w¢



>A7#9(
^
H9(§

¢
_
_>E
0¢
(¬ó§O
6
T>
l_
´Od68
e
å

T(>A

¤
O

`



>A7#9
^
¡

9%oH9î7

H
0|
>Aw
7

Oð68
e


_(>E

¤
O

`



>E7#9

¡

T9"µOd©|H9Oª#¤(ªH
~
r7



¤(>
l

6
@Ù9%¡

w>
ld
w>E7#9
`s
oO

7#9(§?¡J

T
£



>E7#9
Q¤
o7



>E7#9
z¥%£¦
7
J
w¤J
7#9
§
#

U

6
e~`



>A7#9
v¤
Ù§(>|
|
w¤(´>AT¤Oh7#9î@Ù7#9J>E7

T>A9Oª
z
#

Uá

7Hª

_H@=
0`



>A7#9
>¨
ð§O
|6
T>
l_
O
©
#

U

6
e
å>|@Ù¡J©E@Ù9%>E7#9
`



>A7#9
>k
ð§O
|6
T>
l_

7

H
0
TOH§
{
§(¤

>E7#9 

_(9(>
"
¤Oð¤(§ >A9
{
#

U

6
e~`



>A7#9
¥
8¡

T7

->A§O
ñ@=H©A©
_
J¤OÃ>A©A©A¤J

T>
l
H=
6w
OH@Ù¡J©Aí7

5 7

«

w©A>E9%â¡

7Hª

TH@
§`



>E7#9
ª
¡

T9"
%
©A§ó7

«
`q
>A9(H©|©E¬H¢



>E7#9
aj
Ò¤(@=@ó

T>
lu
wH9(§
v
7#9

w©A¤(§(O
¡J¡
0`
«
àþ
¬®¯J®8*¯°±²³¯´µ¶¸·a³*¯t8¯
s
o(7

H
0
TH©A©µ

T¤

¤

¦7

O8

_(>E

¤
O
T8>A=(7s59Á>|9
q
>Eª
h`%s
o(8


_(>E

¤
O
/>A9

w©A¤(§Oóc´7Á@=H>A9 ¡J(H
0

º¹+»;»¼½§¾¿J¹À
H9(§ 
ÂÁ+ÃJÄ@»¼Å!À
¾¿¹0À0`pÆ
¤
O
_>A9OªOñ>
"
ñ¡J(HBa>
`

`
E¢
p_

0
r7

 

ªHw¡

7Hª

_H@
Ç
_¤(9(_V_¢
O
§
_¤(9

~>A@Ù

7#@Ù¡7#9O9%=9(H@Ù©A¬
ÈÉr»ÊÀ6Á
¾¢hH9
ËÀ0À0Ä»Á|À|½ÌÍÄ¼"ÎÀ0Á
_¢´H9(§Á
Á+ÃÄ@»¼Å!À§½6¿OÀ|½6ÏtÀ6Á
8

TîH¤(7#@=>
"
wH©A©E¬ ªH9O
0
T§
{
7#@ 
:
7

T@=H©



¤(>
l

6
@Ù9%¡

w>
ld
w>E7#9
n`Æ
¤
O
T>A9(ªóO
z
T¤(9
O
~>A@Ùd¡q(HH¢Ba>
`

`
E¢5(>A©EdOâ

TªHw
¡

T7Hª

TH@ 
6w


w¤(_V_¢q>A9

r7

T@ó>E7#9
_
7#¤OOÒ
6w
-

w¤O>E7#97

&O?

ªHw5¡

7

ª

TH@ >|
i
7#©|©E

§H9(§
{
TO

T«H§)ª#H>A9JÙOîª#>
l
H9
{
7

T@=H©



¤(>
l
@Ù9%
¡

w>
ld
w>E7#9(
0`
EF-EG0HJI*K0L-MONQP6R+S0P+R6T+S6S6UJNWV3XOY*Z6ZON\[IU

Frequently asked questions

Q1. What are the contributions mentioned in the paper "Java-mac: a run-time assurance approach for java programs" ?

The authors describe Java-MaC, a prototype implementation of the Monitoring and Checking ( MaC ) architecture for Java programs. The MaC architecture provides assurance that the target program is running correctly with respect to a formal requirements specification by monitoring and checking the execution of the target program at run-time. MaC bridges the gap between formal verification, which ensures the correctness of a design rather than an implementation, and testing, which does not provide formal guarantees about the correctness of the system. The paper presents an overview of the MaC architecture and a prototype implementation Java-MaC. Furthermore, this separation makes the architecture modular and allows the flexibility of incorporating third party tools into the architecture.