Correct-by-construction implementation of runtime monitors using stepwise refinement

Runtime verification (RV) is a lightweight technique for verifying traces of computer systems. One challenge in applying RV is to guarantee that the implementation of a runtime monitor correctly detects and signals unexpected events. In this paper, we present a method for deriving correct-by-construction implementations of runtime monitors from high-level specifications using Fiat, a Coq library for stepwise refinement. SMEDL (Scenario-based Meta-Event Definition Language), a domain specific language for event-driven RV, is chosen as the specification language. We propose an operational semantics for SMEDL suitable to be used in Fiat to describe the behavior of a monitor in a relational way. Then, by utilizing Fiat\u27s refinement calculus, we transform a declarative monitor specification into an executable runtime monitor with a proof that the behavior of the implementation is strictly a subset of that provided by the specification. Moreover, we define a predicate on the syntax structure of a monitor definition to ensure termination and determinism. Most of the proof work required to generate monitor code has been automated

Confluence and Convergence in Probabilistically Terminating Reduction Systems

Convergence of an abstract reduction system (ARS) is the property that any derivation from an initial state will end in the same final state, a.k.a. normal form. We generalize this for probabilistic ARS as almost-sure convergence, meaning that the normal form is reached with probability one, even if diverging derivations may exist. We show and exemplify properties that can be used for proving almost-sure convergence of probabilistic ARS, generalizing known results from ARS.Comment: Pre-proceedings paper presented at the 27th International Symposium on Logic-Based Program Synthesis and Transformation (LOPSTR 2017), Namur, Belgium, 10-12 October 2017 (arXiv:1708.07854

Iterated elimination procedures

We study the existence and uniqueness (i.e.,order independence) of any arbitrary form of iterated elimination procedures in an abstract environment. By allowing for a transfinite elimination, we show a general existence of the iterated elimination procedure. Inspired by the seminal work of Gilboa, Kalai and Zemel (1990), we identify a fairly weak suffcient condition of Monotonicity* for the order independence of iterated elimination procedure. Monotonicity* requires a monotonicity property along any elimination path. Our approach is applicable to different forms of iterated elimination procedures used in (in)finite games, for example, iterated elimination of strictly dominated strategies, iterated elimination of weakly dominated strategies, rationalizability, and soon. We introduce a notion of CD* games, which incorporates Jackson's (1992) idea of "boundedness", and show the iterated elimination procedure is order independent in the class of CD* games. In finite games, we also formulate and show an "outcome" order-independence result suitable for Marx and Swinkels's (1997) notion of nice weak dominance