Yuhong Zhao,Franz Rammig

DOI: https://doi.org/10.1016/j.entcs.2009.09.035

2009-01-01

Electronic Notes in Theoretical Computer Science

Abstract:Model-based runtime verification is an extension to the state-of-the-art runtime verification, aimed at checking at runtime the system implementation against the system model (consistency checking) and the system model against the system specification (safety checking). Notice that our runtime verification works at the model level, thus, we do not need to strictly synchronize this runtime verification with the system execution. In fact, we mainly use the runtime information (current states) obtained from the system execution to reduce the state space (of the system model) to be explored. It means that this model-based runtime verification might run before or after the system execution, i.e., switch alternately between a preventive pre-checking mode and a maintaining post-checking mode. In order to make it run ahead of the system execution for as long time as possible, we present two possible strategies so that this runtime verification can selectively reduce the state space (of the system model) to be explored by making the system model enriched with probabilities and additional information derived and learned at the system testing phase.

Ramy Medhat,Yogi Joshi,Borzoo Bonakdarpour,Sebastian Fischmeister

DOI: https://doi.org/10.48550/arXiv.1411.2239

2014-11-09

Abstract:Runtime verification is an effective automated method for specification-based offline testing and analysis as well as online monitoring of complex systems. The specification language is often a variant of regular expressions or a popular temporal logic, such as LTL. This paper presents a novel and efficient parallel algorithm for verifying a more expressive version of LTL specifications that incorporates counting semantics, where nested quantifiers can be subject to numerical constraints. Such constraints are useful in evaluating thresholds (e.g., expected uptime of a web server). The significance of this extension is that it enables us to reason about the correctness of a large class of systems, such as web servers, OS kernels, and network behavior, where properties are required to be instantiated for parameterized requests, kernel objects, network nodes, etc. Our algorithm uses the popular {\em MapReduce} architecture to split a program trace into variable-based clusters at run time. Each cluster is then mapped to its respective monitor instances, verified, and reduced collectively on a multi-core CPU or the GPU. Our algorithm is fully implemented and we report very encouraging experimental results, where the monitoring overhead is negligible on real-world data sets.

Logic in Computer Science

Ting Wang,Jun Sun,Xinyu Wang,Yang Liu,Yuanjie Si,Jin Song Dong,Xiaohu Yang,Xiaohong Li

DOI: https://doi.org/10.1109/tse.2014.2359893

IF: 7.4

2014-01-01

IEEE Transactions on Software Engineering

Abstract:Zeno runs, where infinitely many actions occur within finite time, may arise in Timed Automata models. Zeno runs are not feasible in reality and must be pruned during system verification. Thus it is necessary to check whether a run is Zeno or not so as to avoid presenting Zeno runs as counterexamples during model checking. Existing approaches on non-Zenoness checking include either introducing an additional clock in the Timed Automata models or additional accepting states in the zone graphs. In addition, there are approaches proposed for alternative timed modeling languages, which could be generalized to Timed Automata. In this work, we investigate the problem of non-Zenoness checking in the context of model checking LTL properties, not only evaluating and comparing existing approaches but also proposing a new method. To have a systematic evaluation, we develop a software toolkit to support multiple non-Zenoness checking algorithms. The experimental results show the effectiveness of our newly proposed algorithm, and demonstrate the strengths and weaknesses of different approaches.

Yuhong Zhao,Franz J. Rammig

DOI: https://doi.org/10.1109/isorc.2012.28

2012-01-01

Abstract:This paper presents a lightweight verification technique, which is applicable to dependable real-time systems, provided that the (abstract) model and the (concrete) implementation of the system under test are given in advance. In addition to the usual quality assurance techniques at design time (e.g., formal verification) and at implementation time (e.g., testing), we provide a special form of model checking at run time. That is, we check the correctness of an actual system execution by means of exploring a partial model space covering the current execution trace. In doing so, concrete state information is observed from time to time while the system to be checked is running. This runtime information is used to guide model checking to reduce the model space to be explored. In this sense, we call this method online model checking. Since we do not directly check the execution trace itself, our online checking at model level is capable of checking a running system some steps ahead of the actual state of execution. In this paper, we describe online model checking as well as the underlying system architecture in general, explain the basic algorithm and its extension to improve performance, and provide experimental results.

Ming Chai,Haifeng Wang,Tao Tang,Hongjie Liu

DOI: https://doi.org/10.1016/j.jss.2021.110962

IF: 3.5

2021-07-01

Journal of Systems and Software

Abstract:<p>With the growing complexity of railway control systems, it is required to preform runtime safety checks of system executions that go beyond conventional runtime monitoring of pre-programmed safety conditions. Runtime verification is a lightweight and rigorous formal method that dynamically analyses execution traces against some formal specifications. A challenge in applying this method in railway systems is defining a suitable monitoring specification language, i.e., a language that is expressive, of reasonable complexity, and easy to understand. In this paper, we propose parameterized modal live sequence charts (PMLSCs) by introducing the alphabet of the specification into charts to distinguish between silent events and unexpected events. We further investigate the expressiveness and complexity theories of the language. In particular, we prove that PMLSCs are closed under negation and the complexity of a subclass of PMLSCs is linear, which allows the language to be used to monitor a system online. Finally, we use PMLSCs to monitor an RBC system in the Chinese high-speed railway and evaluate the performance. The experimental results show that the PMLSC has high monitoring efficiency, and can reduce false alarm rate by introducing alphabets of charts.</p>

computer science, theory & methods, software engineering

Li Xuandong,Wang Linzhang,Qiu Xiaokang,Lei Bin,Yuan Jiesong,Zhao Jianhua,Zheng Guoliang

DOI: https://doi.org/10.1007/11767077_8

2006-01-01

Abstract:In this paper, we use UML sequence diagrams as scenario-based specifications, and give the solution to runtime verification of Java programs for the safety consistency and the mandatory consistency. The safety consistency requires that any forbidden scenario described by a given sequence diagram never happens during the execution of a program, and the mandatory consistency requires that if a reference scenario described by the given sequence diagrams occurs during the execution of a program, it must immediately adhere to a scenario described by the other given sequence diagram. In the solution, we first instrument the program under verification so as to gather the program execution traces related to a given scenario-based specification; then we drive the instrumented program by random test cases so as to generate the program execution traces; last we check if the collected program execution traces satisfy the given specification. Our work leads to a testing tool which may proceed in a fully automatic and push-button fashion.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.2991/iccasm.2012.212

2012-01-01

Abstract:A verification methodology is presented for railway interlocking system which is regarded as a safety-critical system.The methodology utilizes UML to model the function requirement and LTL to verify the safety requirements of the specification.The device specifications of railway interlocking system are modeled with UML, then translate into FSM.The safety specification is translated LTL and analyzed with NuSMV.We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

Xingjun Zhang,Yan Yang,Endong Wang,Ilsun You,Xiaoshe Dong

DOI: https://doi.org/10.1504/ijahuc.2015.071660

2015-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:To achieve the software fault tolerance at runtime, based on runtime verification techniques, this paper proposes a runtime model of running program, which is used to define the actions and constrains for runtime software fault management. This model contains the descriptions of event, path, scope and adjustment. A runtime fault management system prototype, which mainly includes the rule description, event acquisition, fault diagnosis and handling, is implemented to verify the model. Two test cases are used to estimate the effect of the prototype, and the results show that this method can handle faults successfully at runtime.

Yu Jiang,Yixiao Yang,Han Liu,Hui Kong,Ming Gu,Jiaguang Sun,Lui Sha

DOI: https://doi.org/10.1109/rtas.2016.7461337

2016-01-01

Abstract:Simulink is widely used for model driven development (MDD) of industrial software systems. Typically, the Simulink based development is initiated from Stateflow modeling, followed by simulation, validation and code generation mapped to physical execution platforms. However, recent industrial trends have raised the demands of rigorous verification on safety-critical applications, which is unfortunately challenging for Simulink. In this paper, we present an approach to bridge the Stateflow based model driven development and a well- defined rigorous verification. First, we develop a self- contained toolkit to translate Stateflow model into timed automata, where major advanced modeling features in Stateflow are supported. Taking advantage of the strong verification capability of Uppaal, we can not only find bugs in Stateflow models which are missed by Simulink Design Verifier, but also check more important temporal properties. Next, we customize a runtime verifier for the generated nonintrusive VHDL and C code of Stateflow model for monitoring. The major strength of the customization is the flexibility to collect and analyze runtime properties with a pure software monitor, which opens more opportunities for engineers to achieve high reliability of the target system compared with the traditional act that only relies on Simulink Polyspace. We incorporate these two parts into original Stateflow based MDD seamlessly. In this way, safety-critical properties are both verified at the model level, and at the consistent system implementation level with physical execution environment in consideration. We apply our approach on a train controller design, and the verified implementation is tested and deployed on a real hardware platform.

KP Jevitha,Bharat Jayaraman,M Sethumadhavan

2024-06-18

Abstract:Finite-state models are ubiquitous in the study of concurrent systems, especially controllers and servers that operate in a repetitive cycle. In this paper, we show how to extract finite state models from a run of a multi-threaded Java program and carry out runtime verification of correctness properties. These properties include data-oriented and control-oriented properties; the former express correctness conditions over the data fields of objects, while the latter are concerned with the correct flow of control among the modules of larger software. As the extracted models can become very large for long runs, the focus of this paper is on constructing reduced models with user-defined abstraction functions that map a larger domain space to a smaller one. The abstraction functions should be chosen so that the resulting model is property preserving, i.e., proving a property on the abstract model carries over to the concrete model. The main contribution of this paper is in showing how runtime verification can be made efficient through online property checking on property-preserving abstract models. The property specification language resembles a propositional linear temporal logic augmented with simple datatypes and operators. Classic concurrency examples and larger case studies (Multi-rotor Drone Controller, OAuth Protocol) are presented in order to demonstrate the usefulness of our proposed techniques, which are incorporated in an Eclipse plug-in for runtime visualization and verification of Java programs.

Software Engineering

Robert Abela,Christian Colombo,Axel Curmi,Mattea Fenech,Mark Vella,Angelo Ferrando

DOI: https://doi.org/10.4204/EPTCS.391.7

2023-10-04

Abstract:Autonomous and robotic systems are increasingly being trusted with sensitive activities with potentially serious consequences if that trust is broken. Runtime verification techniques present a natural source of inspiration for monitoring and enforcing the desirable properties of the communication protocols in place, providing a formal basis and ways to limit intrusiveness. A recently proposed approach, RV-TEE, shows how runtime verification can enhance the level of trust to the Rich Execution Environment (REE), consequently adding a further layer of protection around the Trusted Execution Environment (TEE). By reflecting on the implication of deploying RV in the context of trustworthy computing, we propose practical solutions to two threat models for the RV-TEE monitoring process: one where the adversary has gained access to the system without elevated privileges, and another where the adversary gains all privileges to the host system but fails to steal secrets from the TEE.

Cryptography and Security,Robotics

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.1109/ICCASM.2010.5620084

2010-01-01

Abstract:A modeling and verification methodology is presented for railway interlocking system which is regarded as a safety-critical system. The methodology utilizes UML (Unified Modeling Language) to model the function requirement and FSM (Finite State Machine) to verify the safety requirements of the specification. The device specifications of railway interlocking system are modeled with UML, and dynamic behaviors of the device and whole system are modeled with FSM, the safety specification is translated LTL (Linear Temporal Logic) and analyzed with NuSMV. We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

Yuhong Zhao,Simon Oberthür,Norma Montealegre,Franz J. Rammig,Martin Kardos

DOI: https://doi.org/10.1007/11752578_125

2006-01-01

Abstract:Component-based self-optimizing systems can adjust themselves over time to dynamic environments by means of exchanging components. In case that such systems are safety-critical, the dependability issue becomes paramountly significant. This paper presents a novel model-based runtime verification to increase dependability for the self-optimizing systems of this kind. The proposed verification approach plays a role of an alternative acceptance test transparently integrated in RTOS, named model-based acceptance test. The verification is performed at the level of (RT-UML) models representing the systems under consideration. The properties to be checked are expressed by RT-OCL where the underlying temporal logic is restricted to either time-annotated ACTL or LTL formulae. The applied technique is based on the on-the-fly model checking, which runs interleaved with the execution of the checked system in a pipelined manner. More specifically, for ACTL formulae this means an on-the-fly solution to the NHORNSAT problem, while in the case of LTL formulae, the emptiness checking method is applied.

Ritam Ganguly,Anik Momtaz,Borzoo Bonakdarpour

DOI: https://doi.org/10.1007/s10703-024-00450-5

2024-06-15

Formal Methods in System Design

Abstract:This paper focuses on runtime verification of distributed systems in the partial synchronous model, where a clock synchronization algorithm ensures a bound on maximum clock skew among all processes. We introduce two centralized monitoring technique where the specification in the linear temporal logic ( LTL ) is either represented by a deterministic finite automaton, or, we use a progression-based formula rewitting technique to reduce the distributed runtime verification problem to an SMT problem. We report on rigorous synthetic, as well as real-world case studies involving Cassandra (a non-SQL database management system) and data available from RACE (Runtime for Airspace Concept Evaluation) by NASA. We show that both our automata-based as well as our progression-based approached are effective in evaluating all the possible verdicts given a distributed computation with the progression-based approach having less overhead in general.

computer science, theory & methods

Angelo Ferrando,Vadim Malvone

2024-08-21

Abstract:Trusting software systems, particularly autonomous ones, is challenging. To address this, formal verification techniques can ensure these systems behave as expected. Runtime Verification (RV) is a leading, lightweight method for verifying system behaviour during execution. However, traditional RV assumes perfect information, meaning the monitoring component perceives everything accurately. This assumption often fails, especially with autonomous systems operating in real-world environments where sensors might be faulty. Additionally, traditional RV considers the monitor to be passive, lacking the capability to interpret the system's information and thus unable to address incomplete data. In this work, we extend standard RV of Linear Temporal Logic properties to accommodate scenarios where the monitor has imperfect information and behaves rationally. We outline the necessary engineering steps to update the verification pipeline and demonstrate our implementation in a case study involving robotic systems.

Formal Languages and Automata Theory,Logic in Computer Science,Software Engineering

ZHENG Jian-hua,LI Di,XIAO Shu-hua

DOI: https://doi.org/10.3969/j.issn.1009-0134.2007.09.005

2007-01-01

Abstract:It is necessary to finish the verification for real-time embedded system during the system design period because of the time constraint in the system.After analyzing severa methodologies,the paper concludes that model checking of formal verification based on Timed Automaton is a useful method to analyze and verify the real-time embedded system Then the paper gives the definitions of Timed Automation and the introduction of mode checkers tool UPPAAL.In the end the applicaton of a passenger priority traffic light contro system is described:including the detailed process of modeling and verification.The resul proves that the system meets the requirements.

Junyan Qian,Baowen Xu

2007-01-01

Abstract:we present a methodology for automatically verifying programs against safety specifications based on finite state machine. Firstly, computing the abstract transition between abstract states is done by calling a theorem prover, and then an initial abstract model automatically is extracted from concrete program using predicate abstraction. However, the process of abstraction can be exponential in the number of predicates used. Program slicing, predicate inference and partitioning the set of candidate predicates into subsets make abstract model construction effective. By counterexample-guided abstraction refinement scheme, the abstraction refines incrementally until the specification is either satisfied or refuted. Finally, our methods can be extended to verifying concurrency programs by parallel composition.

Zhou Conghua,Chen Zhenyu,Ju Shiguang

2008-01-01

Journal of Computer Research and Development

Abstract:For concurrent software systems, linear temporal logic SE-LTL is a specification language with high expressive power and the ability to reason about both states and events. Until now, the SE-LTL model checking algorithm is still explicit, and the state explosion is the primary verification difficulty. A bounded model checking procedure is introduced for SE-LTL which reduces model checking to propositional satisfiability. This new technique avoids the space blow up of BDDs, and sometimes speeds up the verification. For SE-LTL-X the procedure and stuttering equivalent technique is further integrated. The experiment result shows that the integration can reduce the verification time very much.

Chenxia Luo,Rui Wang,Yu Jiang,Kang Yang,Yong Guan,Xiaojuan Li,Zhiping Shi

DOI: https://doi.org/10.1109/compsac.2018.00033

2018-01-01

Abstract:The robot has attracted much attention to anticipate improved quality of human life. Real-time obstacle avoidance is one of hot spots of the research. Runtime verification is a real-time and lightweight verification technology to verify the properties in many fields. In this case study, we use the JavaMOP, a runtime verification tool to verify the implementations' correctness of the safety strategies for avoiding collision as a complement to the design. The design of the safety strategies can be classified as the pre-contact safety strategy and the post-contact safety strategy. The former can avoid obstacles and the latter can reduce the physical damage after a collision. Additionally, this case study also proposes a new method of dynamic parameter selection. It can automatically update the parameters during the operation of the robot without having to get familiar with and to modify robot programs. Because some special parameters may change as mutative factors or be updated by engineers' experience in the uncertain environment, they cannot be fixed. We follow the JavaMOP specification to describe informal requirements using the FSM and ptLTL languages. Finally, the experimental results verify the correctness of the safety strategies and the effectiveness of dynamic parameter selection.

Alan Perotti,Guido Boella,Artur d'Avila Garcez

DOI: https://doi.org/10.4204/EPTCS.169.8

2014-12-03

Abstract:In this paper we present a novel rule-based approach for Runtime Verification of FLTL properties over finite but expanding traces. Our system exploits Horn clauses in implication form and relies on a forward chaining-based monitoring algorithm. This approach avoids the branching structure and exponential complexity typical of tableaux-based formulations, creating monitors with a single state and a fixed number of rules. This allows for a fast and scalable tool for Runtime Verification: we present the technical details together with a working implementation.

Logic in Computer Science