5 research outputs found
Decentralised LTL Monitoring
Users wanting to monitor distributed or component-based systems often
perceive them as monolithic systems which, seen from the outside, exhibit a
uniform behaviour as opposed to many components displaying many local
behaviours that together constitute the system's global behaviour. This level
of abstraction is often reasonable, hiding implementation details from users
who may want to specify the system's global behaviour in terms of an LTL
formula. However, the problem that arises then is how such a specification can
actually be monitored in a distributed system that has no central data
collection point, where all the components' local behaviours are observable. In
this case, the LTL specification needs to be decomposed into sub-formulae
which, in turn, need to be distributed amongst the components' locally attached
monitors, each of which sees only a distinct part of the global behaviour. The
main contribution of this paper is an algorithm for distributing and monitoring
LTL formulae, such that satisfac- tion or violation of specifications can be
detected by local monitors alone. We present an implementation and show that
our algorithm introduces only a minimum delay in detecting
satisfaction/violation of a specification. Moreover, our practical results show
that the communication overhead introduced by the local monitors is
considerably lower than the number of messages that would need to be sent to a
central data collection point
Runtime Verification with Controllable Time Predictability and Memory Utilization
The goal of runtime verifi cation is to inspect the well-being of a system by employing a monitor during its execution. Such monitoring imposes cost in terms of resource utilization. Memory usage and predictability of monitor invocations are the key indicators of the quality of a monitoring solution, especially in the context of embedded systems. In this work, we propose a novel control-theoretic approach for coordinating time predictability and memory utilization in runtime monitoring of real-time embedded systems. In particular, we design a PID controller and four fuzzy controllers with di erent optimization control objectives. Our approach controls the frequency of monitor invocations by incorporating a bounded memory bu er that stores events which need to be monitored. The controllers attempt to improve time predictability, and maximize memory utilization, while ensuring the soundness of the monitor. Unlike existing approaches based on static analysis, our
approach is scalable and well-suited for reactive systems that are required to react to stimuli from the environment in a timely fashion. Our experiments using two case studies (a laser beam stabilizer for aircraft tracking, and a Bluetooth mobile payment system) demonstrate the advantages of using controllers to achieve low variation in the frequency of monitor invocations, while maintaining maximum memory utilization in highly non-linear environments. In addition to this problem, the thesis presents a brief overview of our preceding work on runtime verifi cation
Dynamic contracts for verification and enforcement of real-time systems properties
Programa de Doutoramento em Informática (MAP-i) das Universidades do Minho, de Aveiro e do PortoRuntime veri cation is an emerging discipline that investigates methods and tools to enable
the veri cation of program properties during the execution of the application. The goal is
to complement static analysis approaches, in particular when static veri cation leads to
the explosion of states. Non-functional properties, such as the ones present in real-time
systems are an ideal target for this kind of veri cation methodology, as are usually out of
the range of the power and expressiveness of classic static analyses.
Current real-time embedded systems development frameworks lack support for the veri -
cation of properties using explicit time where counting time (i.e., durations) may play an
important role in the development process. Temporal logics targeting real-time systems
are traditionally undecidable. Based on a restricted fragment of Metric temporal logic with
durations (MTL-R), we present the proposed synthesis mechanisms 1) for target systems
as runtime monitors and 2) for SMT solvers as a way to get, respectively, a verdict at
runtime and a schedulability problem to be solved before execution. The later is able to
solve partially the schedulability analysis for periodic resource models and xed priority
scheduler algorithms. A domain speci c language is also proposed in order to describe
such schedulability analysis problems in a more high level way.
Finally, we validate both approaches, the rst using empirical scheduling scenarios for unimulti-
processor settings, and the second using the use case of the lightweight autopilot
system Px4/Ardupilot widely used for industrial and entertainment purposes. The former
also shows that certain classes of real-time scheduling problems can be solved, even though
without scaling well. The later shows that for the cases where the former cannot be used,
the proposed synthesis technique for monitors is well applicable in a real world scenario
such as an embedded autopilot
ight stack.A verificação do tempo de execução e uma disciplina emergente que investiga métodos e ferramentas para permitir a verificação de propriedades do programa durante a execução da aplicação. O objetivo é complementar abordagens de analise estática, em particular quando a verificação estática se traduz em explosão de estados. As propriedades não funcionais, como as que estão presentes em sistemas em tempo real, são um alvo ideal para este tipo de metodologia de verificação, como geralmente estão fora do alcance do poder e expressividade das análises estáticas clássicas.
As atuais estruturas de desenvolvimento de sistemas embebidos para tempo real não possuem suporte para a verificação de propriedades usando o tempo explicito onde a contagem de tempo (ou seja, durações) pode desempenhar um papel importante no processo de desenvolvimento. As logicas temporais que visam sistemas de tempo real são tradicionalmente indecidÃveis. Com base num fragmento restrito de MTL-R (metric temporal logic with durations), apresentaremos os mecanismos de sÃntese 1) para sistemas alvo como monitores de tempo de execução e 2) para solvers SMT como forma de obter, respetivamente, um veredicto em tempo de execução e um problema de escalonamento para ser resolvido antes da execução. O ultimo é capaz de resolver parcialmente a analise de escalonamento para modelos de recursos periódicos e ainda para algoritmos de escalonamento de prioridade fixa. Propomos também uma linguagem especifica de domÃnio para descrever esses mesmos problemas de analise de escalonamento de forma mais geral e sucinta.
Finalmente, validamos ambas as abordagens, a primeira usando cenários de escalonamento empÃrico para sistemas uni- multi-processador e a segunda usando o caso de uso do sistema de piloto automático leve Px4/Ardupilot amplamente utilizado para fins industriais e de entretenimento. O primeiro mostra que certas classes de problemas de escalonamento em tempo real podem ser solucionadas, embora não seja escalável. O ultimo mostra que, para os casos em que a primeira opção não possa ser usada, a técnica de sÃntese proposta para monitores aplica-se num cenário real, como uma pilha de voo de um piloto automático embebido.This thesis was partially supported by National Funds through FCT/MEC (Portuguese
Foundation for Science and Technology) and co- nanced by ERDF (European Regional
Development Fund) under the PT2020 Partnership, within the CISTER Research Unit
(CEC/04234); FCOMP-01-0124-FEDER-015006 (VIPCORE) and FCOMP-01-0124-FEDER-
020486 (AVIACC); also by FCT and EU ARTEMIS JU, within project ARTEMIS/0003/2012,
JU grant nr. 333053 (CONCERTO); and by FCT/MEC and the EU ARTEMIS JU within
project ARTEMIS/0001/2013 - JU grant nr. 621429 (EMC2)
The Past, Present, and Future(s): Verifying Temporal Software Properties
Software systems are increasingly present in every aspect of our society, as their deployment can be witnessed from seemingly trivial applications of light switches, to critical control systems of nuclear facilities. In the context of critical systems, software faults and errors could potentially lead to detrimental consequences, thus more rigorous methodologies beyond the scope of testing need be applied to software systems. Formal verification, the concept of being able to mathematically prove the correctness of an algorithm with respect to a mathematical formal specification, can indeed help us prevent these failures. A popular specification language for these formal specifications is temporal logic, due to its intuitive, yet precise expressions that can be utilized to both specify and verify fundamental properties pertaining to software systems. Temporal logic can express properties pertaining to safety, liveness, termination, non-termination, and more with regards to various systems such as Windows device drivers, kernel APIs, database servers, etc. This dissertation thus presents automated scalable techniques for verifying expressive temporal logic properties of software systems, specifically those beyond the scope of existing techniques. Furthermore, this work considers the temporal sub-logics fair-CTL, CTL*, and CTL*lp, as verifying these more expressive sub-logics has been an outstanding research problem. We begin building our framework by introducing a novel scalable and high-performance CTL verification technique. Our CTL methodology is unique relative to existing techniques in that it facilitates reasoning about more expressive temporal logics. In particular, it allows us to further introduce various methodologies that allow us to verify fair-CTL, CTL*, and CTL*lp. We support the verification of fair-CTL through a reduction to our CTL model checking technique via the use of infinite non-deterministic branching to symbolically partition fair from unfair executions. For CTL∗, we propose a method that uses an internal encoding which facilitates reasoning about the subtle interplay between the nesting of path and state temporal operators that occurs within CTL∗ proofs. A precondition synthesis strategy is then used over a program transformation which trades nondeterminism in the transition relation for nondeterminism explicit in variables predicting future outcomes when necessary. Finally, we propose a linear-past extension to CTL*, that being CTL*lp, in which the past is linear and each moment in time has a unique past. We support this extension through the use of history variables over our CTL∗ technique. We demonstrate the fully automated implementation of our techniques, and report our bench- marks carried out on code fragments from the PostgreSQL database server, Apache web server, Windows OS kernel, as well as smaller programs demonstrating the expressiveness of fair-CTL, CTL*, and CTL*lp specifications. Together, these novel methodologies lead to a new class of fully automated tools capable of proving crucial properties that no tool could previously prove in the infinite-state setting
Model checking techniques for runtime testing and QoS analysis
Los sistemas software y hardware se encuentran cada vez más presentes en nuestras vidas, en multitud de campos de aplicación y de cualquier tamaño. El análisis de estos sistemas es una tarea dura pero necesaria para garantizar que cumplan con sus requisitos. Estos requisitos pueden ser de varios tipos, como evitar comportamientos erróneos u ofrecer un rendimiento satisfactorio.
Existen muchas técnicas y herramientas diseñadas para atacar este problema. Por lo general, se aplican distintas técnicas dependiendo del tipo de sistema, fase de desarrollo o tipo de análisis. El model checking es una de estas técnicas de análisis. Un model checker analiza el espacio de estados de un sistema para comprobar si el sistema cumple una propiedad dada. Sin embargo, según aumenta la complejidad del sistema a analizar, su espacio de estados crece rápidamente, hasta llegar a un punto en el que no es factible analizarlo.
En esta tesis proponemos una solución integrada basada en model checking para analizar sistemas cuyo comportamiento pueda ser observado en forma de trazas de ejecución. Hemos llamado a esta solución OptySim. Nuestra solución permite acceder a sistemas externos de una forma uniforme, permitiendo realizar distintos tipos de análisis sobre diferentes tipos de sistemas de una forma más homogénea.
OptySim trata con un conjunto de trazas de ejecución, que representan un subconjunto del espacio de estados completo del sistema. Para obtener dichas trazas el sistema se ejecuta repetidas veces, posiblemente variando parámetros del sistema de acuerdo a las instrucciones del usuario, generándose una traza por cada ejecución. El contenido de las trazas depende de cada sistema, y además puede variar dependiendo de las necesidades del análisis. Para ello se pueden aplicar una de las proyecciones que se han definido, y que transforman trazas completas en trazas abstractas con una menor, pero suficiente para los propósitos del análisis, cantidad de información.
El análisis está guiado por uno o más objetivos establecidos por el usuario, tales como asertos o fórmulas de lógica temporal (LTL), y que le dan al análisis el significado pretendido por el usuario. Los objetivos pueden indicar tanto propiedades deseables del sistema, por ejemplo una meta de rendimiento, como propiedades que no deben ocurrir, por ejemplo una condición de error.
OptySim se ha aplicado a varios casos de estudio en varias áreas y con distintos propósitos, para demostrar su utilidad. En primer lugar se ha integrado con el simulador de redes ns-2, para análisis de fiabilidad y rendimiento, optimización de parámetros, y validación y ajuste de modelos. Para el segundo grupo de casos de estudio, se ha integrado con una máquina virtual de Java para analizar programas escritos en dicho lenguaje de programación. En esta ocasión, todos los casos de estudio están enfocados a la depuración de programas