## A Rewriting-based Approach to Trace Analysis (2002)

### Cached

### Download Links

Venue: | Automated Software Engineering |

Citations: | 3 - 3 self |

### BibTeX

@ARTICLE{Havelund02arewriting-based,

author = {Klaus Havelund and Kestrel Technology},

title = {A Rewriting-based Approach to Trace Analysis},

journal = {Automated Software Engineering},

year = {2002},

volume = {12},

pages = {2005}

}

### OpenURL

### Abstract

We present a rewriting-based algorithm for efficiently evaluating future time Linear Temporal Logic (LTL) formulae on finite execution traces online. While the standard models of LTL are infinite traces, finite traces appear naturally when testing and/or monitoring real applications that only run for limited time periods. The presented algorithm is implemented in the Maude executable specification language and essentially consists of a set of equations establishing an executable semantics of LTL using a simple formula transforming approach. The algorithm is further improved to build automata on-the-fly from formulae, using memoization. The result is a very efficient and small Maude program that can be used to monitor program executions. We furthermore present an alternative algorithm for synthesizing provably minimal observer finite state machines (or automata) from LTL formulae, which can be used to analyze execution traces without the need for a rewriting system, and can hence be used by observers written in conventional programming languages. The presented work is part of an ambitious runtime verification and monitoring project at NASA Ames, called PATHEXPLORER, and demonstrates that rewriting can be a tractable and attractive means for experimenting and implementing program monitoring logics. 1

### Citations

584 | Bandera: Extracting finite-state models from Java source code
- Corbett, Dwyer, et al.
- 2000
(Show Context)
Citation Context ...proving programs correct with respect to requirements specified as LTL formulae. Several systems are currently being developed that apply model checking to software systems written in Java, C and C++ =-=[12, 31, 4, 19, 3, 25, 7, 30]-=-. However, for very large systems, there is little hope that one can actually prove correctness, and one must in those cases rely on debugging and testing. To further strengthen system reliability, on... |

384 | Model checking for programming languages using Verisoft
- Godefroid
- 1997
(Show Context)
Citation Context ...proving programs correct with respect to requirements specified as LTL formulae. Several systems are currently being developed that apply model checking to software systems written in Java, C and C++ =-=[12, 31, 4, 19, 3, 25, 7, 30]-=-. However, for very large systems, there is little hope that one can actually prove correctness, and one must in those cases rely on debugging and testing. To further strengthen system reliability, on... |

332 | Model checking Java programs using Java PathFinder
- Havelund, Pressburger
(Show Context)
Citation Context ...proving programs correct with respect to requirements specified as LTL formulae. Several systems are currently being developed that apply model checking to software systems written in Java, C and C++ =-=[12, 31, 4, 19, 3, 25, 7, 30]-=-. However, for very large systems, there is little hope that one can actually prove correctness, and one must in those cases rely on debugging and testing. To further strengthen system reliability, on... |

132 |
Monitoring Java Programs with Java PathExplorer
- Havelund, Rosu
- 2001
(Show Context)
Citation Context ...thm for generating minimal observer automata from LTL formulae (Section 5). This work constitutes part of the PATHEXPLORER project at NASA Ames, and in particular of the Java PATHEXPLORER (JPAX) tool =-=[13, 14]-=- for monitoring Java program executions. JPAX facilitates automated instrumentation of Java byte code, using JTREK [2], which then emits relevant events to an observer during execution (see Figure 1).... |

123 | Introducing OBJ
- Goguen, Winkler, et al.
- 2000
(Show Context)
Citation Context ...ional formulae, and then reminds the propositional LTL with its infinite trace models. 2.1 Maude and Logics for Program Monitoring Maude [1] is a freely distributed high-performance system in the OBJ =-=[9]-=- algebraic specification family, supporting both rewriting logic [22] and membership equational logic [23]. Because of its efficient rewriting engine, able to execute 3 million rewriting steps per sec... |

86 |
A deadlock detection tool for concurrent Java programs. Software—Practice and Experience (SPE) 29(7
- DeMartini, Iosif, et al.
- 1999
(Show Context)
Citation Context |

75 | Formal analysis of a space craft controller using SPIN - Havelund, Lowry, et al. - 2001 |

64 | Automata-based verification of temporal properties on running programs
- Giannakopoulou, Havelund
- 2001
(Show Context)
Citation Context ...be examined in a forward direction, and show how future time and past time LTL formulae can be embedded as comments in code and get expanded into Java code fragments to get executed whenever reached. =-=[6]-=- presents a Bschi automata ¡ inspired algorithm adapted to finite trace LTL. The Maude rewriting implementation of LTL described in this paper, besides its simplicity, elegance and efficiency, offers ... |

29 | Java PathExplorer - a Runtime Verification Tool
- Havelund, Rosu
- 2001
(Show Context)
Citation Context ...thm for generating minimal observer automata from LTL formulae (Section 5). This work constitutes part of the PATHEXPLORER project at NASA Ames, and in particular of the Java PATHEXPLORER (JPAX) tool =-=[13, 14]-=- for monitoring Java program executions. JPAX facilitates automated instrumentation of Java byte code, using JTREK [2], which then emits relevant events to an observer during execution (see Figure 1).... |

25 |
The Temporal Rover and ATG
- Drusinsky
(Show Context)
Citation Context ...M-generator is implemented in Maude in about 200 lines of code. The idea of using temporal logic in program testing is not new, and has already been pursued in the commercial Temporal Rover tool (TR) =-=[5]-=-, and in the MaC tool [21]. Both tools have greatly inspired our work. In [27, 24] various algorithms to generate testing automata from temporal logic formulae are described. Our basic contribution in... |

13 |
Maude System documentation at http://maude.csl.sri.com/papers
- Clavel, Duran, et al.
- 1999
(Show Context)
Citation Context ...esent the formula such that it can be used to efficiently analyze the trace as it is traversed. We will present such a data structure. We will present andsimplement our logics and algorithms in Maude =-=[1]-=-, a high-performance system supporting both membership equational logic [23] and rewriting logic [22]. The current version of Maude can do up to 3 million rewritings per second on 800MHz processors, a... |

13 | An overview of the Tatami project
- Goguen, Lin, et al.
- 2000
(Show Context)
Citation Context ...s not intended to be a theorem prover, we actually have to generate the proof obligations by hand. However, the proof obligations below could be automatically generated by a proof assistant like KUMO =-=[8]-=- or a theorem prover like PVS [29] 6 . Theorem: For any traceTand any formulaX,T |= X if and only ifT |- X. Proof: By induction, both on traces and formulae. We first need to prove two lemmas, namely ... |

7 | Specification and Error Pattern Based Program Monitoring
- Havelund, Johnson, et al.
- 2001
(Show Context)
Citation Context ...a formula bottom-up for each point in the trace, going backwards from the final state, towards the initial state. Unfortunately, despite its linear complexity this algorithm cannot be used online. In =-=[17, 10]-=- we dualize the dynamic programming technique and apply it to past time LTL, in which case the trace more naturally can be examined in a forward direction, and show how future time and past time LTL f... |