341 research outputs found
From Model Checking to Runtime Verification and Back
We describe a novel approach for adapting an existing software model checker
to perform precise runtime verification. The software under test is allowed to
communicate with the wider environment (including the file system and network).
The modifications to the model checker are small and self-contained, making
this a viable strategy for re-using existing model checking tools in a new
context.
Additionally, from the data that is gathered during a single execution in the
runtime verification mode, we automatically re-construct a description of the
execution environment which can then be used in the standard, full-blown model
checker. This additional verification step can further improve coverage,
especially in the case of parallel programs, without introducing substantial
overhead into the process of runtime verification
On-Line Monitoring for Temporal Logic Robustness
In this paper, we provide a Dynamic Programming algorithm for on-line
monitoring of the state robustness of Metric Temporal Logic specifications with
past time operators. We compute the robustness of MTL with unbounded past and
bounded future temporal operators MTL over sampled traces of Cyber-Physical
Systems. We implemented our tool in Matlab as a Simulink block that can be used
in any Simulink model. We experimentally demonstrate that the overhead of the
MTL robustness monitoring is acceptable for certain classes of practical
specifications
Operational Semantics of Process Monitors
CSPe is a specification language for runtime monitors that can directly
express concurrency in a bottom-up manner that composes the system from
simpler, interacting components. It includes constructs to explicitly flag
failures to the monitor, which unlike deadlocks and livelocks in conventional
process algebras, propagate globally and aborts the whole system's execution.
Although CSPe has a trace semantics along with an implementation demonstrating
acceptable performance, it lacks an operational semantics. An operational
semantics is not only more accessible than trace semantics but also
indispensable for ensuring the correctness of the implementation. Furthermore,
a process algebra like CSPe admits multiple denotational semantics appropriate
for different purposes, and an operational semantics is the basis for
justifying such semantics' integrity and relevance. In this paper, we develop
an SOS-style operational semantics for CSPe, which properly accounts for
explicit failures and will serve as a basis for further study of its
properties, its optimization, and its use in runtime verification
A Novel Run-Time Monitoring Architecture for Safe and Efficient Inline Monitoring
20th International Conference on Reliable Software Technologies - Ada-Europe 2015 (Ada-Europe 2015), Madrid, Spain.Verification and testing are two of the most costly and time consuming steps during the development of safety critical systems. The advent of complex and sometimes partially unpredictable computing architectures such as multicore commercial-of-the-shelf platforms, together with the composable development approach adopted in multiple industrial domains such as avionics and automotive, rendered the exhaustive testing of all situations that could potentially be encountered by the system once deployed on the field nearly impossible. Run-time verification (RV) is a promising solution to help accelerate the development of safety critical applications whilst maintaining the high degree of reliability required by such systems. RV adds monitors in the application, which check at run-time if the system is behaving according to predefined specifications. In case of deviations from the specifications during the runtime, safeguarding measures can be triggered in order to keep the system and its environment in a safe state, as well as potentially attempting to recover from the fault that caused the misbehaviour. Most of the state-of-the-art on RV essentially focused on the monitor generation, concentrating on the expressiveness of the specification language and its translation in correct-by-construction monitors. Few of them addressed the problem of designing an efficient and safe run-time monitoring (RM) architecture. Yet, RM is a key component for RV. The RM layer gathers information from the monitored application and transmits it to the monitors. Therefore, without an efficient and safe RM architecture, the whole RV system becomes useless, as its inputs and hence by extension its outputs cannot be trusted. In this paper, we discuss the design of a novel RM architecture suited to safety critical applications
A decidable policy language for history-based transaction monitoring
Online trading invariably involves dealings between strangers, so it is
important for one party to be able to judge objectively the trustworthiness of
the other. In such a setting, the decision to trust a user may sensibly be
based on that user's past behaviour. We introduce a specification language
based on linear temporal logic for expressing a policy for categorising the
behaviour patterns of a user depending on its transaction history. We also
present an algorithm for checking whether the transaction history obeys the
stated policy. To be useful in a real setting, such a language should allow one
to express realistic policies which may involve parameter quantification and
quantitative or statistical patterns. We introduce several extensions of linear
temporal logic to cater for such needs: a restricted form of universal and
existential quantification; arbitrary computable functions and relations in the
term language; and a "counting" quantifier for counting how many times a
formula holds in the past. We then show that model checking a transaction
history against a policy, which we call the history-based transaction
monitoring problem, is PSPACE-complete in the size of the policy formula and
the length of the history. The problem becomes decidable in polynomial time
when the policies are fixed. We also consider the problem of transaction
monitoring in the case where not all the parameters of actions are observable.
We formulate two such "partial observability" monitoring problems, and show
their decidability under certain restrictions
Tree Buffers
In runtime verification, the central problem is to decide if a given program execution violates a given property. In online runtime verification, a monitor observes a program’s execution as it happens. If the program being observed has hard real-time constraints, then the monitor inherits them. In the presence of hard real-time constraints it becomes a challenge to maintain enough information to produce error traces, should a property violation be observed. In this paper we introduce a data structure, called tree buffer, that solves this problem in the context of automata-based monitors: If the monitor itself respects hard real-time constraints, then enriching it by tree buffers makes it possible to provide error traces, which are essential for diagnosing defects. We show that tree buffers are also useful in other application domains. For example, they can be used to implement functionality of capturing groups in regular expressions. We prove optimal asymptotic bounds for our data structure, and validate them using empirical data from two sources: regular expression searching through Wikipedia, and runtime verification of execution traces obtained from the DaCapo test suite
Specification and Verification of Media Constraints using UPPAAL
We present the formal specification and verification of a multimedia stream. The stream is described in a timed automata notation. We verify that the stream satisfies certain quality of service properties, in particular, throughput and end-to-end latency. The verification tool used is the real-time model checker UPPAAL
DecSerFlow: Towards a Truly Declarative Service Flow Language
The need for process support in the context of web services
has triggered the development of many languages, systems, and standards.
Industry has been developing software solutions and proposing
standards such as BPEL, while researchers have been advocating the
use of formal methods such as Petri nets and pi-calculus. The languages
developed for service flows, i.e., process specification languages for web
services, have adopted many concepts from classical workflow management
systems. As a result, these languages are rather procedural and
this does not fit well with the autonomous nature of services. Therefore,
we propose DecSerFlow as a Declarative Service Flow Language. DecSerFlow
can be used to specify, enact, and monitor service flows. The
language is extendible (i.e., constructs can be added without changing
the engine or semantical basis) and can be used to enforce or to check the
conformance of service flows. Although the language has an appealing
graphical representation, it is grounded in temporal logic
- …