Hui Liang,Jin Song Dong,Jing Sun,Roger Duke,Rudolph E. Seviora

DOI: https://doi.org/10.1109/iceccs.2006.1690364

2006-01-01

Abstract:With current trends towards more complex software system and use of higher level languages, a monitoring technique is of increasing importance for the areas such as performance enhancement, dependability, correctness checking and so on. In this paper, we present a formal specification-based online monitoring technique. The key idea of our technique is to build a linking system, which connects a specification animator and a program debugger. The required information about dynamic behaviors of the formal specification and concrete implementation of a target system is obtained from the animator and the debugger. Based on that information, the judgment on the consistency of the concrete implementation with the formal specification will be provided. Not embedding any instrumentation code into the target system, our monitoring technique will not alter the dynamic behavior of the target system. Animating the formal specification, rather than annotating the target system with extra formal specifications, our monitoring technique separates the implementation-dependent description of the monitored objects and the formal requirement specification of them

张鹏程,李宣东,李雯睿

DOI: https://doi.org/10.1360/112012-562

2014-01-01

Scientia Sinica Informationis

Abstract:In open environments, unsafe run-time changes of systems and environments may compromise the correct execution of the entire systems and make the software systems do not meet the original specifications, which may eventually lead to the occurrence of software failures. Runtime monitor which is a lightweight formal dynamic verification technology has become the basic means of detecting software failures in open environments. For scenario-based specification property sequence charts, this paper defines the multi-valued monitoring semantics from the perspective of game theory: satisfied, infinitely controllable, the system is finitely controllable, the system is emergency controllable, the environment is finitely controllable, the environment is emergency controllable, violated. Through the multi-valued semantics definition, the monitor can detect failures as early as possible and also provide sufficient information to help the system to take measures for failure prevention and recovery. Finally, the property sequence chart used in RailCab case study shows its extensive application prospect.

Xinyi Yu,Weijie Dong,Xiang Yin,Shaoyuan Li

DOI: https://doi.org/10.48550/arXiv.2203.16267

2022-03-30

Abstract:Online monitoring aims to evaluate or to predict, at runtime, whether or not the behaviors of a system satisfy some desired specification. It plays a key role in safety-critical cyber-physical systems. In this work, we propose a new model-based approach for online monitoring for specifications described by Signal Temporal Logic (STL) formulae. Specifically, we assume that the observed state traces are generated by an underlying dynamic system whose model is known. The main idea is to consider the dynamic of the system when evaluating the satisfaction of the STL formulae. To this end, effective approaches for the computation of feasible sets for STL formulae are provided. We show that, by explicitly utilizing the model information of the dynamic system, the proposed online monitoring algorithm can falsify or certify of the specification in advance compared with existing algorithms, where no model information is used. We also demonstrate the proposed monitoring algorithm by case studies.

Systems and Control

Xinyi Yu,Weijie Dong,Xiang Yin,Shaoyuan Li

2023-11-09

Abstract:Online monitoring aims to evaluate or to predict, at runtime, whether or not the behaviors of a system satisfy some desired specification. It plays a key role in safety-critical cyber-physical systems. In this work, we propose a new monitoring approach, called model predictive monitoring, for specifications described by Signal Temporal Logic (STL) formulae. Specifically, we assume that the observed state traces are generated by an underlying dynamical system whose model is known but the control law is unknown. The main idea is to use the dynamic of the system to predict future states when evaluating the satisfaction of the STL formulae. To this end, effective approaches for the computation of feasible sets of STL formulae are provided. We show that, by explicitly utilizing the model information of the dynamical system, the proposed online monitoring algorithm can falsify or certify of the specification in advance compared with existing algorithms, where no model information is used. We also demonstrate the proposed monitoring algorithm by several real world case studies.

Systems and Control,Formal Languages and Automata Theory

Pengcheng Zhang,Patrizio Pelliccione,Hareton Leung,Xuandong Li

DOI: https://doi.org/10.1016/j.infsof.2018.01.014

IF: 3.9

2018-01-01

Information and Software Technology

Abstract:Abstract Context Unpredictability and uncertainty about future evolutions of both the system and its environment may easily compromise the behavior of the system. The subsequent software failures can have serious consequences. When dealing with open environments, run-time monitoring is one of the most promising techniques to detect software failures. Several monitoring approaches have been proposed in the last years; however, they suffer from two main limitations. First, they provide limited information to be exploited at run-time for early detecting and managing situations that most probably will lead to failures. Second, they mainly rely on logic-based specifications, whose intrinsic complexity may hamper the use of these monitoring approaches in industrial contexts. Objective In order to address these two limitations, this paper proposes a novel approach, called PREDIMO ( PREDI ctive MO nitoring). The approach starts from scenario-based specifications, automatically generates predictive monitors called MA s (Multi-valued Automata), which take into account the actual status and also the possible evolution of both system and environment in the near future, and enables the definition of precise strategies to prevent failures. More specifically, the generated monitors evaluate the specified properties and return one of the seven different values representing the degree of controllability of the system and the distance of the potential incoming failure. The translation from scenario-based specifications to MA s preserves the semantics of the starting specification. Method We use the design and creation research methodology to design an innovative approach that fills highlighted gaps of state-of-the-art approaches. The validation of the approach is performed through a large experimentation with OSGi (Open Service Gateway Initiative) applications. Results We present a novel language to specify the properties to be monitored. Then, we present a novel approach to automatically generate predictive monitors from the specified properties. Conclusion The overall approach is tool supported and a large experimentation demonstrates its feasibility and usability.

Y Jiao,Q Zhu,H Lv,BF Wu

2005-01-01

Abstract:Embedded systems are enjoying more and more popularity in industrial applications. Platform-based rapid prototype is a promising design paradigm in which verification and validation remain a key issue and time-consuming indeed. It is increasingly important to carry out verification and validation in higher abstraction levels. Conventional techniques and tools, such as hardware/software co-simulation and co-emulation are insufficient in this point. Monitoring technique provides an alternative. We present an event-driven hardware/software hybrid monitor system suitable for platform-based embedded system design, which allows system-level monitor and observation of target system at different abstraction level. The monitor system is comprised of software probes, special hardware unit, and embedded analysis tools (EAT). The software probes collect events in target system in running time and export them via the hardware unit to a database on a host for further processing by the EAT. The paper describes such a system and how it works.

X. W. Ye,C. Z. Dong,T. Liu

2015-01-01

Abstract:In this study, a vision-based method for monitoring of structural dynamic behaviors is presented. With the aid of digital image processing technique and multi-point pattern matching algorithm, an integrated system for monitoring of structural dynamic behaviors is developed. A comparative study of vibration monitoring and dynamic characteristics identification is conducted with the vision-based displacement measurement system and the acceleration measurement system synchronously. The experimental results demonstrate that the structural dynamic indicators analyzed by the proposed vision-based system and the acceleration measurement system are quite consistent, which validates the feasibility of the proposed method for monitoring of structural dynamic behaviors by vision-based system.

Xiaoying Bai,Yongli Liu,Lijun Wang,Wei-Tek Tsai,Peide Zhong

DOI: https://doi.org/10.1109/services-i.2009.103

IF: 4.199

2009-01-01

Simulation Modelling Practice and Theory

Abstract:Runtime monitoring is necessary for continuous quality assurance of Web services. In a monitoring system, sensors with policies are widely used to collect runtime execution data, detect behavior anomalies and generate alerts. Hard-coded sensors and policies are expensive to develop and maintain. They are hard to accommodate the flexible changes of the service-based system to be monitored. The paper proposes a model-driven approach to facilitate automatic sensor generation and policy enforcement. The sensors and policies are decoupled from the software and are defined at the abstraction model level, including structure and behavior models. WSDL and OWL-S are used for modeling the service-base software, and automatic generating sensors based on dependency and coverage strategies. The policy model is constructed following the WS-Policy framework with a 3-tuple policy definition and a correlation matrix identifying the associations between policies and sensors. Policies are enforced by the policy engine that interoperates with service execution engine to communicate runtime behavior information and verification results. These features have been implemented and experimented with data.

Yousef Abuseta

DOI: https://doi.org/10.48550/arXiv.1802.03667

2018-02-11

Software Engineering

Abstract:Runtime monitoring is essential for the violation detection during the underlying software system execution. In this paper, an investigation of the monitoring activity of MAPE-K control loop is performed which aims at exploring:(1) the architecture of the monitoring activity in terms of the involved components and control and data flow between them; (2) the standard interface of the monitoring component with other MAPE-K components; (3) the adaptive monitoring and its importance to the monitoring overhead issue; and (4) the monitoring mode and its relevance to some specific situations and systems. This paper also presented a Java framework for the monitoring process for self adaptive systems.

Jing Ying,Zhijun He,Zhaohui Wu,Jiangyun Li,Weicheng Fan,Zhaohui Xu

DOI: https://doi.org/10.1145/224155.224158

1995-01-01

ACM SIGSOFT Software Engineering Notes

Abstract:This paper puts forward a kind of novel methodology for software system development, from the point of view of the problem existed in software development -- the gap between the requirement specification level and the program implementation level. We attempt to begin from the specification level of software development to touch the process of high-level specification construction profoundly. We propose a specification language to support multiple semantic dimensions and based on which build a unified functional model of software system in a specific domain. On the bases of these, we apply transformation and refinement methods to the model and transit it from the specification level to the implementation level. We expect such a process can change the current software producing procedure in nature. We also put this methodology into the application of the software development in real-time serving domain we focus on, which turns out to be encouraging.

Hui Liu,Xue Guo,Weizhong Shao

DOI: https://doi.org/10.1109/tse.2013.4

IF: 7.4

2013-01-01

IEEE Transactions on Software Engineering

Abstract:Software refactoring is an effective method for improvement of software quality while software external behavior remains unchanged. To facilitate software refactoring, a number of tools have been proposed for code smell detection and/or for automatic or semi-automatic refactoring. However, these tools are passive and human driven, thus making software refactoring dependent on developers' spontaneity. As a result, software engineers with little experience in software refactoring might miss a number of potential refactorings or may conduct refactorings later than expected. Few refactorings might result in poor software quality, and delayed refactorings may incur higher refactoring cost. To this end, we propose a monitor-based instant refactoring framework to drive inexperienced software engineers to conduct more refactorings promptly. Changes in the source code are instantly analyzed by a monitor running in the background. If these changes have the potential to introduce code smells, i.e., signs of potential problems in the code that might require refactorings, the monitor invokes corresponding smell detection tools and warns developers to resolve detected smells promptly. Feedback from developers, i.e., whether detected smells have been acknowledged and resolved, is consequently used to optimize smell detection algorithms. The proposed framework has been implemented, evaluated, and compared with the traditional human-driven refactoring tools. Evaluation results suggest that the proposed framework could drive inexperienced engineers to resolve more code smells (by an increase of 140 percent) promptly. The average lifespan of resolved smells was reduced by 92 percent. Results also suggest that the proposed framework could help developers to avoid similar code smells through timely warnings at the early stages of software development, thus reducing the total number of code smells by 51 percent.

Alireza Esna Ashari,Eric Feron

DOI: https://doi.org/10.48550/arXiv.1309.1485

2013-12-04

Abstract:The aim is to create reliable and verifiable fault detection software to detect abrupt changes in safety-critical dynamic systems. Fault detection methods are implemented as software on digital computers that monitor and control the system. We implement three observer-based fault detection methods on a 3 degrees of freedom (3DOF) laboratory helicopter, in the form of software. We examine the performance of those methods to detect different faults during flight in a closed-loop setup. All selected methods show acceptable detection performance. However, it is not possible to repeat the test for every possible conditions, inputs and fault scenarios. In this paper, we translate fault detection properties and mathematical proofs into a formal language, previously used in software validation and verification. We include the translated properties in software in the form of non-executable annotations that can be read by machine. Consequently, some high level functional properties of the code can be verified by automatic software verification tools. This certifies fault detection software for a set of bounded data and increases the reliability in practice.

Software Engineering,Optimization and Control

Shengwei An,Xiaoxing Ma,Chun Cao,Ping Yu,Chang Xu

DOI: https://doi.org/10.1109/QRS.2015.33

2015-01-01

Abstract:Dynamic Software Update (DSU) is a technique to upgrade running programs without shutting them down. DSU can improve system availability and maintenance flexibility. However, its adoption in practice is still limited due to the risk of system misbehavior that careless DSU may bring. To reduce this risk we propose a formal framework for the specification and verification of DSU. Different from previous approaches where DSU is described from the viewpoint of program's internal state transitions, our framework focuses on program's external behavior and its effect on its environment. This more abstract view avoids over specification of DSU and allows for better DSU flexibility. Based on this framework, we also devise a mechanism that automatically synthesizes runtime monitors to improve DSU timeliness without compromising its safety.

Maximilian A. Köhl,Clemens Dubslaff,Holger Hermanns

2024-08-30

Abstract:The observable behavior of a system usually carries useful information about its internal state, properties, and potential future behaviors. In this paper, we introduce configuration monitoring to determine an unknown configuration of a running system based on observations of its behavior. We develop a modular and generic pipeline to synthesize automata-theoretic configuration monitors from a featured transition system model of the configurable system to be monitored. The pipeline further allows synthesis under partial observability and network-induced losses as well as predictive configuration monitors taking the potential future behavior of a system into account. Beyond the novel application of configuration monitoring, we show that our approach also generalizes and unifies existing work on runtime monitoring and fault diagnosis, which aim at detecting the satisfaction or violation of properties and the occurrence of faults, respectively. We empirically demonstrate the efficacy of our approach with a case study on configuration monitors synthesized from configurable systems community benchmarks.

Formal Languages and Automata Theory,Software Engineering

Bf Wu,Cl Peng,Cg Hu,W Li

1999-01-01

Abstract:With the development of computer science, computer systems have stepped into the stage of large-scale and sophisticated infrastructure. Both software and hardware become more and more complex. To analyze such systems, the traditional static analysis methods have proved to be inefficient, we need to use the computer monitoring techniques. Among different kinds of the computer monitoring technique, the event-driven monitoring method is most widely used. The method includes a very important step that is to instrument the programs to be run in the system. This is a tremendous work in normal case and implementing it in automatic way with the help of tools is necessary. The paper introduces such a tool the name of which is Automatic Instrumentation tool of C-language (AIC). And some difficult issues and their settlement in the implementation of the tool is discussed.

Chuwei Wang,Xinyi Yu,Jianing Zhao,Lars Lindemann,Xiang Yin

2023-11-27

Abstract:Online monitoring is a widely used technique in assessing if the performance of the system satisfies some desired requirements during run-time operation. Existing works on online monitoring usually assume that the monitor can acquire system information periodically at each time instant. However, such a periodic mechanism may be unnecessarily energy-consuming as it essentially requires to turn on sensors consistently. In this paper, we proposed a novel self-triggered mechanism for model-based online monitoring of discrete-time dynamical system under specifications described by signal temporal logic (STL) formulae. Specifically, instead of sampling the system state at each time instant, a self-triggered monitor can actively determine when the next system state is sampled in addition to its monitoring decision regarding the satisfaction of the task. We propose an effective algorithm for synthesizing such a self-triggered monitor that can correctly evaluate a given STL formula on-the-fly while maximizing the time interval between two observations. We show that, compared with the standard online monitor with periodic information, the proposed self-triggered monitor can significantly reduce observation burden while ensuring that no information of the STL formula is lost. Case studies are provided to illustrate the proposed monitoring mechanism.

Systems and Control

Jeremy Morse,Dejanira Araiza-Illan,Jonathan Lawry,Arthur Richards,Kerstin Eder

DOI: https://doi.org/10.48550/arXiv.1603.01082

IF: 3.7

2016-03-03

Robotics

Abstract:The widespread adoption of autonomous systems depends on providing guarantees of safety and functional correctness, at both design time and runtime. Information about the extent to which functional requirements can be met in combination with non-functional requirements (NFRs) -- i.e. requirements that can be partially complied with -- , under dynamic and uncertain environments, provides opportunities to enhance the safety and functional correctness of systems at design time. We present a technique to formally define system attributes that can change or be changed to deal with dynamic and uncertain environments (denominated weakened specifications) as a partially ordered lattice, and to automatically explore the system under different specifications, using probabilistic model checking, to find the likelihood of satisfying a requirement. The resulting probabilities form boundaries of "optimal specifications", analogous to Pareto frontiers in multi-objective optimization, informing the designer about the system's capabilities, such as resilience or robustness, when changing its attributes to deal with dynamic and uncertain environments. We illustrate the proposed technique through a domestic robotic assistant example.

Shen Limin,Li Feng,Peng Siwei,Si Yali

DOI: https://doi.org/10.1109/CSIE.2009.236

2009-01-01

Abstract:A method is proposed for enhancing SCADA systems survivability using exogenous isomorphic real-time monitor and simulation monitor. The formal definition of monitors is given. The fundamental principles of attack resistance, malicious operation detection and fault prediction are introduced, which are accomplished by using cooperation between the real-time monitor and simulation monitor. The real-time monitor is responsible for monitoring the states of SCADA systems, events and control commands, estimating whether there is faults and risk in systems based on states and implementation commands of system, and creating a simulation monitor if it is necessary. The simulation monitor is responsible for simulating implementation of control command, monitoring the process of simulation, forecasting the results of control commands, and estimating whether the commands are harmful based on the results. Finally, a water treatment system is given to illustrate the feasibility and effectiveness of the method.

薛永岭,黄皓,张博

DOI: https://doi.org/10.3969/j.issn.1000-3428.2009.09.046

2009-01-01

Abstract:Current software attacks often build on exploits that subvert machine-code execution.This paper proposes a new signature monitoring technique to enhance the control-flow integrity of program.It uses the execution of function as the basic item of the control-flow of the program.To get more exact intent of program,it scans the source code,and gets the information of function call sequence.According to the information,the model of program’s intent can be built.The model is used to monitor the program in runtime.Experimental results show the monitoring system makes the program more secure to reject the control-flow attacks.