Abstract runtime monitoring with USE

Adsorption and photodecomposition of formic acid on rutile TiO2 (110) have been investigated with infrared reflection–absorption spectroscopy (IRRAS) employing p- and s-polarized light along the [001] and [ 11⎯⎯0 ] crystal directions. The single crystal surfaces were prepared either by sputtering and annealing in ultrahigh vacuum (UHV) to obtain a reduced surface (r-TiO2), or by sputtering without annealing to create a rough, highly defective surface (sp-TiO2). Results are compared with corresponding measurements on rutile nanocrystals performed in synthetic air. IRRAS spectra obtained on r-TiO2 and rutile nanocrystals are very similar, and show that in both cases formic acid dissociates and is predominately adsorbed as a bridging bidentate formate species, and that the formate adsorption structure on the nanocrystals is dominated by interactions with majority (110) surfaces. In contrast, the IRRAS spectra on sp-TiO2 are different, with only minor spectral features associated with (110) surfaces and lost azimuthal symmetry, both of which imply changed adsorption geometry due to bonding to low-coordinated Ti atoms with lower valences. The UV-induced rate of formate photodecomposition is about 30 times higher on rutile nanocrystals in synthetic air compared with sp-TiO2 under UHV conditions, and even larger than on r-TiO2. These differences are explained by the lack of oxygen and limited hydroxyl coverage under UHV conditions. The difference in reactivity between the r-TiO2 and sp-TiO2 surfaces is attributed to a high concentration of strongly bonded bridging bidentate formate species on the (110) surface, which lowers its reactivity. The results point to a pressure gap where the availability of molecular oxygen and the hydroxyl concentration limit the photoreactivity in UHV leading to an almost 20-fold decrease of the formate degradation rate in UHV. In contrast, the structure represented by the single crystal (110) surface is shown to capture the essential structural properties, which dictates the formic acid adsorption and adsorption structure of rutile nanocrystals

Reusable Event Types for Models at Runtime to Support the Examination of Runtime Phenomena

Abstract-Today's software is getting more and more complex and harder to understand. Models help to organize knowledge and emphasize the structure of a software at a higher abstraction level. While the usage of model-driven techniques is widely adopted during software construction, it is still an open research topic if models can also be used to make runtime phenomena more comprehensible as well. It is not obvious which models are suitable for manual analysis and which model elements can be related to what type of runtime events. This paper proposes a collection of runtime event types that can be reused for various systems and meta-models. Based on these event types, information can be derived which help human observers to assess the current system state. Our approach is applied in a case study and evaluated regarding generalisability and completeness by relating it to two different meta-models

On Formalizing UML and OCL Features and Their Employment to Runtime Verification

Model-driven development (MDD) has been identified as a promising approach for developing software. By using abstract models of a system and by generating parts of the system out of these models, one tries to improve the efficiency of the overall development process and the quality of the resulting software. In the context of MDD the Unified Modeling Language (UML) and its related textual Object Constraint Language (OCL) have gained a high recognition. To be able to generate systems of high quality and to allow for interoperability between modeling tools, a well-defined semantics for these languages is required. This thesis summarizes published work in this context that employs an endogenous metamodeling approach to define the semantics of newer elements of the UML. While the covered elements are exhaustively used to define relations between elements of the metamodel of the UML, the UML specification leaves out a precise definition of their semantics. Our proposed approach uses models, not only to define the abstract syntax, but also to define the semantics of UML. By using UML and OCL for this, existing modeling tools can be used to validate the definition. The second part of this thesis covers work on the usage of UML and OCL models for runtime verification. It is shown how models can still be used at the end of a software development process, i. e., after an implementation has manually been added to generated parts, even though they are not used as central parts of the development process. This work also influenced the integration of protocol state machines into a modeling tool, which lead to publications about the runtime semantics of state machines and the capabilities to declaratively specify behavior using state machines

Abstract Runtime Monitoring with USE

Abstract—We present a tool that permits developers to monitor and verify assumptions at an abstract level about an application running on a virtual machine. On the implementation level, a so-called platform aligned model (PAM) described in the UML (Unified Modeling Language) and enriched by OCL (Object Constraint Language) requirements is used to formalize these assumptions. Our solution allows a developer to concentrate on verifying core parts of an implementation while ignoring major parts of peripheral technical details. In order to easily detect a PAM which characterizes the central requirements, we propose a semi-automatic approach. First, a complete program model is generated by analyzing the source code. Afterwards, this model is reduced by the user to central classes and associations. This reduced model is enriched by the assumptions about the expected behavior of the system. The monitor connects to the running snapshot, i.e., an instance of the PAM, which corresponds to the current state. When the application is further executed this snapshot is synchronized by listening to changes in the running system. During monitoring the stated assumptions are validated and possible violations are reported to the user. I