626 research outputs found
Decentralised LTL Monitoring
Users wanting to monitor distributed or component-based systems often
perceive them as monolithic systems which, seen from the outside, exhibit a
uniform behaviour as opposed to many components displaying many local
behaviours that together constitute the system's global behaviour. This level
of abstraction is often reasonable, hiding implementation details from users
who may want to specify the system's global behaviour in terms of an LTL
formula. However, the problem that arises then is how such a specification can
actually be monitored in a distributed system that has no central data
collection point, where all the components' local behaviours are observable. In
this case, the LTL specification needs to be decomposed into sub-formulae
which, in turn, need to be distributed amongst the components' locally attached
monitors, each of which sees only a distinct part of the global behaviour. The
main contribution of this paper is an algorithm for distributing and monitoring
LTL formulae, such that satisfac- tion or violation of specifications can be
detected by local monitors alone. We present an implementation and show that
our algorithm introduces only a minimum delay in detecting
satisfaction/violation of a specification. Moreover, our practical results show
that the communication overhead introduced by the local monitors is
considerably lower than the number of messages that would need to be sent to a
central data collection point
Decentralised LTL Monitoring
International audienceUsers wanting to monitor distributed or component-based systems often perceive them as monolithic systems which, seen from the outside, exhibit a uniform behaviour as opposed to many components displaying many local behaviours that together constitute the system's global behaviour. This level of abstraction is often reasonable, hiding implementation details from users who may want to specify the system's global behaviour in terms of a linear-time temporal logic (LTL) formula. However, the problem that arises then is how such a specification can actually be monitored in a distributed system that has no central data collection point, where all the components' local behaviours are observable. In this case, the LTL specification needs to be decomposed into sub-formulae which, in turn, need to be distributed amongst the components' locally attached monitors, each of which sees only a distinct part of the global behaviour. The main contribution of this paper is an algorithm for distributing and monitoring LTL formulae, such that satisfaction or violation of specifications can be detected by local monitors alone. We present an implementation and show that our algorithm introduces only a negligible delay in detecting satisfaction/violation of a specification. Moreover, our practical results show that the communication overhead introduced by the local monitors is generally lower than the number of messages that would need to be sent to a central data collection point. Furthermore, our experiments strengthen the argument that the algorithm performs well in a wide range of different application contexts, given by different system/communication topologies and/or system event distributions over time
Organising LTL monitors over distributed systems with a global clock
Users wanting to monitor distributed systems often prefer to abstract
away the architecture of the system, allowing them to directly specify correctness properties on the global system behaviour. To support this abstraction, a
compilation of the properties would not only involve the typical choice of monitoring algorithm, but also the organisation of submonitors across the component
network. Existing approaches, considered in the context of LTL properties over
distributed systems with a global clock, include the so-called orchestration and
migration approaches. In the orchestration approach, a central monitor receives
the events from all subsystems. In the migration approach, LTL formulae transfer
themselves across subsystems to gather local information.
We propose a third way of organising submonitors: choreography — where monitors are orgnized as a tree across the distributed system, and each child feeds
intermediate results to its parent. We formalise this approach, proving its correctness and worst case performance, and report on an empirical investigation
comparing the three approaches on several concerns of decentralised monitoring.peer-reviewe
Organising LTL monitors over distributed systems with a global clock
Users wanting to monitor distributed systems often prefer to abstract
away the architecture of the system, allowing them to directly specify correctness properties on the global system behaviour. To support this abstraction, a
compilation of the properties would not only involve the typical choice of monitoring algorithm, but also the organisation of submonitors across the component
network. Existing approaches, considered in the context of LTL properties over
distributed systems with a global clock, include the so-called orchestration and
migration approaches. In the orchestration approach, a central monitor receives
the events from all subsystems. In the migration approach, LTL formulae transfer
themselves across subsystems to gather local information.
We propose a third way of organising submonitors: choreography — where monitors are orgnized as a tree across the distributed system, and each child feeds
intermediate results to its parent. We formalise this approach, proving its correctness and worst case performance, and report on an empirical investigation
comparing the three approaches on several concerns of decentralised monitoring.peer-reviewe
Decentralised Evaluation of Temporal Patterns over Component-based Systems at Runtime
Long version of the paper accepted for FACS 2014 - The 11th International Symposium on Formal Aspects of Component SoftwareInternational audienceSelf-adaptation allows systems to modify their structure and/or their behaviour depending on the environment and the system itself. Since reconfigurations must not happen at any but in suitable circumstances, guiding and controlling dynamic reconfigurations at runtime is an important issue. This paper contributes to two essential topics of the self-adaptation---a runtime temporal properties evaluation, and a decentralization of control loopsSelf-adaptation allows systems to modify their structure and/or their behaviour depending on the environment and the system itself. Since reconfigurations must not happen at any but in suitable circumstances, guiding and controlling dynamic reconfigurations at runtime is an important issue. This paper contributes to two essential topics of the self-adaptation - a runtime temporal properties evaluation, and a decentralization of control loops. It extends the work on the adaptation of component-based systems at runtime via policies with temporal patterns by providing a) a specific progressive semantics of temporal patterns and b) a decentralised method which is suitable to deal with temporal patterns of component-based systems at runtime
Decentralised Runtime Verification of Timed Regular Expressions
Ensuring the correctness of distributed cyber-physical systems can be done at runtime by monitoring properties over their behaviour. In a decentralised setting, such behaviour consists of multiple local traces, each offering an incomplete view of the system events to the local monitors, as opposed to the standard centralised setting with a unique global trace. We introduce the first monitoring framework for timed properties described by timed regular expressions over a distributed network of monitors. First, we define functions to rewrite expressions according to partial knowledge for both the centralised and decentralised cases. Then, we define decentralised algorithms for monitors to evaluate properties using these functions, as well as proofs of soundness and eventual completeness of said algorithms. Finally, we implement and evaluate our framework on synthetic timed regular expressions, giving insights on the cost of the centralised and decentralised settings and when to best use each of them
Monitoring Partially Synchronous Distributed Systems using SMT Solvers
In this paper, we discuss the feasibility of monitoring partially synchronous
distributed systems to detect latent bugs, i.e., errors caused by concurrency
and race conditions among concurrent processes. We present a monitoring
framework where we model both system constraints and latent bugs as
Satisfiability Modulo Theories (SMT) formulas, and we detect the presence of
latent bugs using an SMT solver. We demonstrate the feasibility of our
framework using both synthetic applications where latent bugs occur at any time
with random probability and an application involving exclusive access to a
shared resource with a subtle timing bug. We illustrate how the time required
for verification is affected by parameters such as communication frequency,
latency, and clock skew. Our results show that our framework can be used for
real-life applications, and because our framework uses SMT solvers, the range
of appropriate applications will increase as these solvers become more
efficient over time.Comment: Technical Report corresponding to the paper accepted at Runtime
Verification (RV) 201
- …