Results 1 - 10
of
69
A Brief Account of Runtime Verification
, 2008
"... In this paper, a brief account of the field of runtime verification is given. Starting with a definition of runtime verification, a comparison to well-known verification techniques like model checking and testing is provided, and applications in which runtime verification brings out its distinguishi ..."
Abstract
-
Cited by 80 (3 self)
- Add to MetaCart
(Show Context)
In this paper, a brief account of the field of runtime verification is given. Starting with a definition of runtime verification, a comparison to well-known verification techniques like model checking and testing is provided, and applications in which runtime verification brings out its distinguishing features are pointed out. Moreover, extensions of runtime verification such as monitor-oriented programming, and monitor-based runtime reflection are sketched and their similarities and differences are discussed. Finally, the use of runtime verification for contract enforcement is briefly pointed out.
Processing flows of information: from data stream to complex event processing
- ACM COMPUTING SURVEYS
, 2011
"... A large number of distributed applications requires continuous and timely processing of information as it flows from the periphery to the center of the system. Examples include intrusion detection systems which analyze network traffic in real-time to identify possible attacks; environmental monitori ..."
Abstract
-
Cited by 67 (11 self)
- Add to MetaCart
A large number of distributed applications requires continuous and timely processing of information as it flows from the periphery to the center of the system. Examples include intrusion detection systems which analyze network traffic in real-time to identify possible attacks; environmental monitoring applications which process raw data coming from sensor networks to identify critical situations; or applications performing online analysis of stock prices to identify trends and forecast future values. Traditional DBMSs, which need to store and index data before processing it, can hardly fulfill the requirements of timeliness coming from such domains. Accordingly, during the last decade, different research communities developed a number of tools, which we collectively call Information flow processing (IFP) systems, to support these scenarios. They differ in their system architecture, data model, rule model, and rule language. In this article, we survey these systems to help researchers, who often come from different backgrounds, in understanding how the various approaches they adopt may complement each other. In particular, we propose a general, unifying model to capture the different aspects of an IFP system and use it to provide a complete and precise classification of the systems and mechanisms proposed so far.
C.: Comparing LTL semantics for runtime verification
- Journal of Logic and Computation
, 2008
"... Abstract. When monitoring a system wrt. a property defined in a temporal logic such as LTL, a major concern is to settle with an adequate interpretation of observable system events; that is, models of temporal logic formulae are usu-ally infinite words of events, whereas at runtime only finite but i ..."
Abstract
-
Cited by 40 (5 self)
- Add to MetaCart
(Show Context)
Abstract. When monitoring a system wrt. a property defined in a temporal logic such as LTL, a major concern is to settle with an adequate interpretation of observable system events; that is, models of temporal logic formulae are usu-ally infinite words of events, whereas at runtime only finite but incrementally expanding prefixes are available. In this work, we review LTL-derived logics for finite traces from a runtime-verification perspective. In doing so, we establish four maxims to be satisfied by any LTL-derived logic aimed at runtime-verification. As no preexisting logic readily satisfies all of them, we introduce a new four-valued logic RV-LTL in ac-cordance to these maxims. The semantics of RV-LTL indicates whether a finite word describes a system behaviour which either (1) satisfies the monitored prop-erty, (2) violates the property, (3) will presumably violate the property, or (4) will presumably conform to the property in the future, once the system has stabilised. Notably, (1) and (2) correspond to the classical semantics of LTL, whereas (3) and (4) are chosen whenever an observed system behaviour has not yet lead to a violation or acceptance of the monitored property. Moreover, we present a monitor construction for RV-LTL properties in terms of Moore machines signalising the semantics of the so far obtained execution trace wrt. the monitored property. 1
Runtime Verification of Safety-Progress Properties
, 2009
"... The underlying property, its definition and representation play a major role when monitoring a system. Having a suitable and con-venient framework to express properties is thus a concern for runtime analysis. It is desirable to delineate in this framework the spaces of pro-perties for which runtime ..."
Abstract
-
Cited by 19 (7 self)
- Add to MetaCart
The underlying property, its definition and representation play a major role when monitoring a system. Having a suitable and con-venient framework to express properties is thus a concern for runtime analysis. It is desirable to delineate in this framework the spaces of pro-perties for which runtime verification approaches can be applied to. This paper presents a unified view of runtime verification and enforce-ment of properties in the safety-progress classification. Firstly, we char-acterize the set of properties which can be verified (monitorable proper-ties) and enforced (enforceable properties) at runtime. We propose in particular an alternative definition of “property monitoring” to the one classically used in this context. Secondly, for the delineated spaces of properties, we obtain specialized verification and enforcement monitors.
Y.: Decentralised LTL monitoring
, 2011
"... Abstract. Users wanting to monitor distributed or component-based systems often perceive them as monolithic systems which, seen from the outside, exhibit a uniform behaviour as opposed to many components displaying many local behaviours that together constitute the system’s global behaviour. This le ..."
Abstract
-
Cited by 12 (1 self)
- Add to MetaCart
(Show Context)
Abstract. Users wanting to monitor distributed or component-based systems often perceive them as monolithic systems which, seen from the outside, exhibit a uniform behaviour as opposed to many components displaying many local behaviours that together constitute the system’s global behaviour. This level of abstraction is often reasonable, hiding implementation details from users who may want to specify the system’s global behaviour in terms of an LTL formula. However, the problem that arises then is how such a specification can actually be monitored in a distributed system that has no central data collection point, where all the components ’ local behaviours are observable. In this case, the LTL specification needs to be decomposed into sub-formulae which, in turn, need to be distributed amongst the components ’ locally attached monitors, each of which sees only a distinct part of the global behaviour. The main contribution of this paper is an algorithm for distributing and monitoring LTL formulae, such that satisfaction or violation of specifications can be detected by local monitors alone. We present an implementation and show that our algorithm introduces only a minimum delay in detecting satisfaction/violation of a specification. Moreover, our practical results show that the communication overhead introduced by the local monitors is generally lower than the number of messages that would need to be sent to a central data collection point. 1
From propositional to first-order monitoring
"... Abstract. The main purpose of this paper is to introduce a first-order temporal logic, LTL FO, and a corresponding monitor construction based on a new type of automaton, called spawning automaton. Specifically, we show that monitoring a specification in LTL FO boils down to an undecidable decision p ..."
Abstract
-
Cited by 12 (1 self)
- Add to MetaCart
Abstract. The main purpose of this paper is to introduce a first-order temporal logic, LTL FO, and a corresponding monitor construction based on a new type of automaton, called spawning automaton. Specifically, we show that monitoring a specification in LTL FO boils down to an undecidable decision problem. The proof of this result revolves around specific ideas on what we consider a “proper ” monitor. As these ideas are general, we outline them first in the setting of standard LTL, before lifting them to the setting of first-order logic and LTL FO. Although due to the above result one cannot hope to obtain a complete monitor for LTL FO, we prove the soundness of our automatabased construction and give experimental results from an implementation. These seem to substantiate our hypothesis that the automata-based construction leads to efficient runtime monitors whose size does not grow with increasing trace lengths (as is often observed in similar approaches). However, we also discuss formulae for which growth is unavoidable, irrespective of the chosen monitoring approach. 1
What can you verify and enforce at runtime?
- INT J SOFTW TOOLS TECHNOL TRANSFER
, 2011
"... The underlying property, its definition, and representation play a major role when monitoring a system. Having a suitable and convenient framework to express properties is thus a concern for runtime analysis. It is desirable to delineate in this framework the sets of properties for which runtime ana ..."
Abstract
-
Cited by 12 (2 self)
- Add to MetaCart
The underlying property, its definition, and representation play a major role when monitoring a system. Having a suitable and convenient framework to express properties is thus a concern for runtime analysis. It is desirable to delineate in this framework the sets of properties for which runtime analysis approaches can be applied to. This paper presents a unified view of runtime verification and enforcement of properties in the Safety-Progress classification. First, we extend the Safety-Progress classification of properties in a runtime context. Second, we characterize the set of properties which can be verified (monitorable properties) and enforced (enforceable properties) at runtime. We propose in particular an alternative definition of “property monitoring” to the one classically used in this context. Finally, for the delineated sets of properties, we define specialized verification and enforcement monitors.
Monitoring business constraints with the Event Calculus
- ACM TIST
"... Today, large business processes are composed of smaller, autonomous, interconnected sub-systems, achiev-ing modularity and robustness. Quite often, these large processes comprise software components as well as human actors, they face highly dynamic environments and their sub-systems are updated and ..."
Abstract
-
Cited by 11 (7 self)
- Add to MetaCart
Today, large business processes are composed of smaller, autonomous, interconnected sub-systems, achiev-ing modularity and robustness. Quite often, these large processes comprise software components as well as human actors, they face highly dynamic environments and their sub-systems are updated and evolve independently of each other. Due to their dynamic nature and complexity, it might be difficult, if not impos-sible, to ensure at design-time that such systems will always exhibit the desired/expected behaviors. This, in turn, triggers the need for runtime verification and monitoring facilities. These are needed to check whether the actual behavior complies with expected business constraints, internal/external regulations and desired best practices. In this work, we present Mobucon EC, a novel monitoring framework that tracks streams of events and continuously determines the state of business constraints. In Mobucon EC, business constraints are defined using the declarative language Declare. For the purpose of this work, Declare has been suit-ably extended to support quantitative time constraints and non-atomic, durative activities. The logic-based language Event Calculus (EC) has been adopted to provide a formal specification and semantics to Declare constraints, while a light-weight, logic programming-based EC tool supports dynamically reasoning about partial, evolving execution traces. To demonstrate the applicability of our approach, we describe a case study about maritime safety and security and provide a synthetic benchmark to evaluate its scalability.
CoMA: Conformance Monitoring of Java programs by Abstract State Machines
"... State Machines), a specification-based approach and its supporting tool for runtime monitoring of Java software. Based on the information obtained from code execution and model simulation, the conformance of the concrete implementation is checked with respect to its formal specification given in ter ..."
Abstract
-
Cited by 10 (8 self)
- Add to MetaCart
(Show Context)
State Machines), a specification-based approach and its supporting tool for runtime monitoring of Java software. Based on the information obtained from code execution and model simulation, the conformance of the concrete implementation is checked with respect to its formal specification given in terms of Abstract State Machines. At runtime, undesirable behaviors of the implementation, as well as incorrect specifications of the system behavior are recognized. The technique we propose makes use of Java annotations, which link the concrete implementation to its formal model, without enriching the code with behavioral information contained only in the abstract specification. The approach fosters the separation between implementation and specification, and allows the reuse of specifications for other purposes (formal verification, simulation, model-based testing, etc.). 1
