Second International Competition on Runtime Verification: CRV 2015

International audienceWe report on the Second International Competition on Run-time Verification (CRV-2015). The competition was held as a satellite event of the 15th International Conference on Runtime Verification (RV'15). The competition consisted of three tracks: o✏ine monitoring, online monitoring of C programs, and online monitoring of Java programs. This report describes the format of the competition, the participating teams and submitted benchmarks. We give an example illustrating the two main inputs expected from the participating teams, namely a benchmark (i.e., a program and a property on this program) and a monitor for this benchmark. We also propose some reflection based on the lessons learned

COST Action IC1402 Runtime Verification beyond Monitoring

International audienceIn this paper we report on COST Action IC1402 which studies Run-time Verification approaches beyond Monitoring. COST Actions are funded by the European Union and are an efficient networking instrument for researchers, engineers and scholars to cooperate and coordinate research activities. This COST action IC1402 lasted over the past four years, involved researchers from 27 different European countries and Australia and allowed to have many different working group meetings, workshops and individual visits

A Taxonomy for Classifying Runtime Verification Tools

International audienceOver the last 15 years Runtime Verification (RV) has grown into a diverse and active field, which has stimulated the development of numerous theoretical frameworks and tools. Many of the tools are at first sight very different and challenging to compare. Yet, there are similarities. In this work, we classify RV tools within a high-level taxonomy of concepts. We first present this taxonomy and discuss the different dimensions. Then, we survey RV tools and classify them according to the taxonomy. This paper constitutes a snapshot of the current state of the art and enables a comparison of existing tools

Runtime verification on data-carrying traces

Malfunctioning software systems can cause severe loss of money, sensitive data, or even human life. The ambition is therefore to verify these systems not only statically, but also monitor their behaviour at runtime. For the latter case, the temporal logic LTL---a de facto standard specification formalism in runtime verification---is widely used and well-understood. However, propositional variables are usually not a natural nor sufficient model to represent the behaviour of complex, interactive systems that can process arbitrary input values. Consequently, there is a demand for more expressive formalisms that are defined what we call traces with data, i.e., traces that contain propositions enriched with values from a (possibly) infinite domain. This thesis studies the runtime monitoring with data for a natural extension of LTL that includes first-order quantification, called LTLFO. The logic's quantifiers range over values that appear in a trace. Under assumptions laid out of what should arguably be considered a ``proper'' runtime monitor, this thesis first identifies and analyses the underlying decision problems of monitoring properties in LTL and LTLFO. Moreover, it proposes a monitoring procedure for the latter. A result is that LTLFO is undecidable, and the prefix problem too, which an online monitor has to preferably solve to coincide with monotonicity. Hence, the obtained monitor cannot be complete for LTLFO; however, this thesis proves the soundness of its construction and gives experimental results from an implementation, in order to justify its usefulness and efficiency in practice. The monitor is based on a new type of automaton, called spawning automaton; it helps to efficiently decide what parts of a possibly infinite state space need to be memorised at runtime. Furthermore, the problem occurs that not every property can be monitored trace-length independently, which is possible in LTL. For that reason, a hierarchy of effectively monitorable properties is proposed. It distinguishes properties for which a monitor requires only constant memory from ones for which a monitor inevitably has to grow ad infinitum, independently of how the future of a trace evolves. Last but not least, a proof of concept validates the monitoring means developed in this thesis on a widely established system with intensive data use: Malicious behaviour is checked on Android devices based on the most comprehensive malware set presently available. The overall detection and false positive rates are 93.9% and 28%, respectively. As a means of conducting the experiments and as a contribution in itself, an application-agnostic logging-layer for the Android system has been developed and its technical insights are explained. It aims at leveraging runtime verification techniques on Android, like other domain-specific instrumentation approaches did, such as AspectJ for Java