Kang Yu,Zhenbang Chen,Wei Dong

DOI: https://doi.org/10.1109/SERE-C.2014.43

2014-01-01

Abstract:Runtime verification with a predictive semantics defines how to monitor a temporal property in a predictive manner. In this paper, we propose a predictive runtime verification framework for Cyber-Physical Systems (CPS), which are usually open embedded systems, aiming to predict the runtime failures of CPS before the failure really happen. We present the method for online predications based on the program information and the runtime information. We have implemented a prototype framework based on JavaMOP. The experimental results demonstrate that our framework is generally applicable.

Yuehan Chi,Yushi Cheng,Xiaoyu Ji

DOI: https://doi.org/10.1088/1742-6596/2242/1/012038

2022-01-01

Journal of Physics Conference Series

Abstract:The application of information technology in many fields is becoming more and more popular, but while bringing about a rapid increase in productivity, it also brings some safety issues, especially in industrial control systems. Since the industrial control system often uses a computer as the control center of some devices, once this computer is attacked, it will cause serious harm. The use of additional security software for security monitoring is not completely credible, after all, security monitoring software will also be attacked and become invalid. Therefore, the method of using some side channels and machine learning is very popular recently, especially the power consumption side channels. However, the power consumption will change with the running time of the device. If the model trained by supervised learning will fail after a few days, this paper proposes a self-learning method based on the power consumption side channel, which can be stable for a long time with a high accuracy of 97%.

Yanming Yang,Xin Xia,David Lo,Tingting Bi,John Grundy,Xiaohu Yang

DOI: https://doi.org/10.1145/3503509

IF: 3.685

2022-01-01

ACM Transactions on Software Engineering and Methodology

Abstract:Predictive models are one of the most important techniques that are widely applied in many areas of software engineering. There have been a large number of primary studies that apply predictive models and that present well-performed studies in various research domains, including software requirements, software design and development, testing and debugging, and software maintenance. This article is a first attempt to systematically organize knowledge in this area by surveying a body of 421 papers on predictive models published between 2009 and 2020. We describe the key models and approaches used, classify the different models, summarize the range of key application areas, and analyze research results. Based on our findings, we also propose a set of current challenges that still need to be addressed in future work and provide a proposed research road map for these opportunities.

Lin Gui,Jun Sun,Yang Liu,Yuanjie Si,Jin Song Dong,Xinyu Wang

DOI: https://doi.org/10.1145/2483760.2483779

2013-01-01

Abstract:Testing provides a probabilistic assurance of system correctness. In general, testing relies on the assumptions that the system under test is deterministic so that test cases can be sampled. However, a challenge arises when a system under test behaves non-deterministiclly in a dynamic operating environment because it will be unknown how to sample test cases. In this work, we propose a method combining hypothesis testing and probabilistic model checking so as to provide the ``assurance" and quantify the error bounds. The idea is to apply hypothesis testing to deterministic system components and use probabilistic model checking techniques to lift the results through non-determinism. Furthermore, if a requirement on the level of ``assurance" is given, we apply probabilistic model checking techniques to push down the requirement through non-determinism to individual components so that they can be verified using hypothesis testing. We motivate and demonstrate our method through an application of system reliability prediction and distribution. Our approach has been realized in a toolkit named RaPiD, which has been applied to investigate two real-world systems.

Tao CHEN,M WANG

DOI: https://doi.org/10.3969/j.issn.1673-629X.2019.02.006

2019-01-01

Abstract:Runtime verification is a new lightweight automatic verification technique.The verification software used in this technology is composed of two parts:one part is the monitored target program;the other is the monitor.The main idea of the runtime verification method based on formalized language is to input a formal specification syntax that represents events and properties and target program, and output a new program.The new program with inserting pile will execute the corresponding function to judge whether it satisfies the formal specification grammar when it meets the point that needs to be monitored.However, when the traditional single thread runtime verification monitor has many properties that the target program needs to monitor, the regenerated program may slow down the performance of the program because of the more specified nature.In this paper, we optimize the prototype tool Movec by using multi-core parallel technology.Through the way of serial program monitor assigned to multithreading, Clang compiler's piling technology and multi-core task allocation method have realized the optimization of Movec prototype tools.The optimized Movec is compared with the experimental data without the improved tools, which shows that the multithread operation method has a better effect.

Pengcheng Zhang,Henry Muccini,Andrea Polini,Xuandong Li

DOI: https://doi.org/10.1109/ase.2011.6100105

2011-01-01

Abstract:In run-time evolving systems, components may evolve while the system is being operated. Unsafe run-time changes may compromise the correct execution of the entire system. Traditional design-time verification techniques difficultly cope with run-time changes, and run-time monitoring may detect disfunctions only too late, when the failure arises. The desire would be to define advanced monitors with the ability to predict and prevent the potential errors happening in the future. In this direction, this paper proposes CASSANDRA, a new approach that by combining design-time and run-time analysis techniques, can “look ahead” in the near execution future, and predict potential failures. During run-time we on-the-fly construct a model of the future k-step global state space according to design-time specifications and the current execution state. Consequently, we can run-time check whether possible failures might happen in the future.

Wei Dong,ChangZhi Zhao,ShaoXian Shu,Martin Leucker

DOI: https://doi.org/10.1007/s11432-012-4739-8

2012-01-01

Science China Information Sciences

Abstract:Since formal verification and testing of systems is normally faced with challenges such as state explosion and uncertain execution environments, it is extremely difficult to exhaustively verify and test software during the development phase. Therefore, monitoring has become an indispensable means for finding latent software faults at runtime. Most current monitoring approaches only generate passive monitors, which cannot foresee possible faults and consequently cannot prevent their occurrence. In this paper, we propose an active monitoring approach based on runtime verification. This approach aims to predict possible incoming violations using a monitor that executes anticipatory semantics of temporal logic, and then generates the necessary steering actions according to a partial system model, which steers the system away from paths causing these violations. In this case, the monitor and monitored system make up a discrete feedback control loop. We further investigate the control theory behind active monitoring so that non-blocking controllability can be achieved. The results of applying active monitoring to two cases, a railway crossing control system and security-enhanced Linux (SELinux), show that the method can effectively ensure both safety and security properties at runtime.

Changzhi Zhao,Wei Dong,Ji Wang,Ping Sui,Zhichang Qi

2009-01-01

Abstract:As the increment of software complexity, traditional software analysis, verification and testing techniques can not fully guarantee the correctness and faultlessness of deployed systems. As a result, software health management has been proposed as an effective complement of traditional quality assurance methods. Runtime monitoring is critical for software health management. Runtime verification is one of the monitoring techniques based on formal method, but it only generates the passive monitor and cannot predict violations until they occur. This paper presents the ongoing work of software active online monitoring via looking ahead into a runtime partial system model to explore the possible fault states in advance. The procedures include monitoring the current execution, predicting the occurrences of violations based on anticipatory semantics, and preventing them by intervening system’s execution. The formal description of active online monitoring problem and a corresponding architecture are further discussed in the paper.

Yuhong Zhao,Franz Rammig

DOI: https://doi.org/10.1016/j.entcs.2009.09.035

2009-01-01

Electronic Notes in Theoretical Computer Science

Abstract:Model-based runtime verification is an extension to the state-of-the-art runtime verification, aimed at checking at runtime the system implementation against the system model (consistency checking) and the system model against the system specification (safety checking). Notice that our runtime verification works at the model level, thus, we do not need to strictly synchronize this runtime verification with the system execution. In fact, we mainly use the runtime information (current states) obtained from the system execution to reduce the state space (of the system model) to be explored. It means that this model-based runtime verification might run before or after the system execution, i.e., switch alternately between a preventive pre-checking mode and a maintaining post-checking mode. In order to make it run ahead of the system execution for as long time as possible, we present two possible strategies so that this runtime verification can selectively reduce the state space (of the system model) to be explored by making the system model enriched with probabilities and additional information derived and learned at the system testing phase.

Xin Chen,Sriram Sankaranarayanan

DOI: https://doi.org/10.1109/RTSS.2017.00035

2017-01-01

Abstract:The predictive monitoring problem asks whether a deployed system is likely to fail over the next T seconds under some environmental conditions. This problem is of the utmost importance for cyber-physical systems, and has inspired real-time architectures capable of adapting to such failures upon forewarning. In this paper, we present a linear model-predictive scheme for the real-time monitoring of linear systems governed by time-triggered controllers and time-varying disturbances. The scheme uses a combination of offline (advance) and online computations to decide if a given plant model has entered a state from which no matter what control is applied, the disturbance has a strategy to drive the system to an unsafe region. Our approach is independent of the control strategy used: this allows us to deal with plants that are controlled using model-predictive control techniques or even opaque machine-learning based control algorithms that are hard to reason with using existing reachable set estimation algorithms. Our online computation reuses the symbolic reachable sets computed offline. The real-time monitor instantiates the reachable set with a concrete state estimate, and repeatedly performs emptiness checks with respect to a safety property. We classify the various alarms raised by our approach in terms of what they imply about the system as a whole. We implement our real-time monitoring approach over numerous linear system benchmarks and show that the computation can be performed rapidly in practice. Furthermore, we also examine the alarms reported by our approach and show how some of the alarms can be used to improve the controller.

Jun Zhu,Changguo Guo,Quan Yin,Jianlu Bo,Quanyuan Wu

DOI: https://doi.org/10.1109/icycs.2008.298

2008-01-01

Abstract:Software runtime monitoring mechanisms can be used to increase the dependability of software systems. However, it is a complex and burdensome job for developers to rebuild existing software systems by adding software runtime monitoring mechanism. Meanwhile, current software runtime monitoring mechanisms are mainly restricted to monitor centralized software systems. This paper presents a novel method, in which distributed software runtime monitoring mechanism is applied to construct dependable software systems, by using AOP technique. This method can satisfy users' changeful monitoring requirements, and decrease the development pressure of developers. Distributed software runtime monitoring mechanism, the kernel of which is a monitoring Web service that can collect runtime monitoring information and provide constant online monitoring information access service, can be repeatedly reused in software systems as a non-functional aspect that has been modeled in this paper. Then we implement a construction platform, which can automatically generate monitoring code and monitoring Web service according to users' monitoring requirements, automatically instrument monitoring code and service into the source code of software system, and then remotely monitor the instrumented software system through monitoring Web service, in terms of this essential idea. We choose a typical multi-thread program as a case study to demonstrate the practicability and feasibility of the approach.

Ge Zhou,Wei Dong,Wanwei Liu,Hao Shi,Chi Hu,Liangze Yin

DOI: https://doi.org/10.1109/QRS-C.2017.65

2017-01-01

Abstract:For runtime verification techniques, the most important part that limits its usage is how to reduce the influence of monitors. An important indicator is the amount of software codes after monitor instrumentation. The application of RV is hindered from the size-explosion problem of monitor construction. Namely, the state number of the monitor obtained is doubly exponential in the size of the input specification. This paper puts forward the method of processing parametric properties by utilizing monitor patterns and taking usage of arrays or functions, thereby greatly reducing the amount of monitor codes of the target system. It can improve the application of RV techniques in resource limited and safety critical systems, such as embedded control systems in transport or aerospace areas. Finally, the validity of the method is verified by constructing specific Benchmarks.

Thomas A. Henzinger,Fabian Kresse,Kaushik Mallik,Emily Yu,Đorđe Žikelić

2024-12-21

Abstract:We study the problem of predictive runtime monitoring of black-box dynamical systems with quantitative safety properties. The black-box setting stipulates that the exact semantics of the dynamical system and the controller are unknown, and that we are only able to observe the state of the controlled (aka, closed-loop) system at finitely many time points. We present a novel framework for predicting future states of the system based on the states observed in the past. The numbers of past states and of predicted future states are parameters provided by the user. Our method is based on a combination of Taylor's expansion and the backward difference operator for numerical differentiation. We also derive an upper bound on the prediction error under the assumption that the system dynamics and the controller are smooth. The predicted states are then used to predict safety violations ahead in time. Our experiments demonstrate practical applicability of our method for complex black-box systems, showing that it is computationally lightweight and yet significantly more accurate than the state-of-the-art predictive safety monitoring techniques.

Systems and Control,Artificial Intelligence

Zhang Yanyuan,Liu Min,Ye Jun,Jiang Liyuan

1995-01-01

Xibei Gongye Daxue Xuebao/Journal of Northwestern Polytechnical University

Abstract:Ref. does not offer any information for monitoring 3L Parallel FORTRAN. To meet this monitoring need, the authors have developed a method that is generally applicable to monitoring various parallel programs. In fact, due to the great difficulties involved, there exist, to the authors' best knowledge, only special systems for monitoring specific parallel software such as GMAT of Cray and INSTANT of BBN. The authors' strategy can be essentially described by what follows. The authors place a great number of probes into the user's parallel programs. These probes can monitor any trouble occuring in any part of the parallel programs when it is running and report through a special communication network to a special management system. Thus the users can discover any trouble that occurs when running the parallel programs. As a step towards solving the problems associated with dynamic tracing of parallel programs, the authors developed an appropriate state transition mechanism for tasks. Recently the authors' method was examined by a group of Chinese experts organized by the funding agency. The method was deemed to be novel, dependable, and useful.

Xingjun Zhang,Yan Yang,Endong Wang,Ilsun You,Xiaoshe Dong

DOI: https://doi.org/10.1504/ijahuc.2015.071660

2015-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:To achieve the software fault tolerance at runtime, based on runtime verification techniques, this paper proposes a runtime model of running program, which is used to define the actions and constrains for runtime software fault management. This model contains the descriptions of event, path, scope and adjustment. A runtime fault management system prototype, which mainly includes the rule description, event acquisition, fault diagnosis and handling, is implemented to verify the model. Two test cases are used to estimate the effect of the prototype, and the results show that this method can handle faults successfully at runtime.

Shiyi Kong,Minyan Lu,Jun Ai,Shuguang Wang

DOI: https://doi.org/10.48550/arXiv.2110.06629

2021-10-13

Abstract:Modern software systems become too complex to be tested and validated. Detecting software partial failures in complex systems at runtime assist to handle software unintended behaviors, avoiding catastrophic software failures and improving software runtime availability. These detection techniques aim to find the manifestation of faults before they finally lead to unavoidable failures, thus supporting following runtime fault tolerant techniques. We review the state of the art articles and find that the content failures account for the majority of all kinds of software failures, but its detection methods are rarely studied. In this work, we propose a novel failure detection indicator based on the software runtime dynamic execution information for software content failures. The runtime information is recorded during software execution, then transformed to a measure named runtime entropy and finally fed into machine learning models. The machine learning models are built to classify the intended and unintended behaviors of the objected software systems. A series of controlled experiments on several open source projects are conducted to prove the feasibility of the method. We also evaluate the accuracy of machine learning models built in this work.

Software Engineering,Systems and Control

Angelo Ferrando,Rafael C. Cardoso

DOI: https://doi.org/10.4204/EPTCS.348.3

2021-10-25

Abstract:Runtime Verification is a lightweight formal verification technique. It is used to verify at runtime whether the system under analysis behaves as expected. The expected behaviour is usually formally specified by means of properties, which are used to automatically synthesise monitors. A monitor is a device that, given a sequence of events representing a system execution, returns a verdict symbolising the satisfaction or violation of the formal property. Properties that can (resp. cannot) be verified at runtime by a monitor are called monitorable and non-monitorable, respectively. In this paper, we revise the notion of monitorability from a practical perspective, where we show how non-monitorable properties can still be used to generate partial monitors, which can partially check the properties. Finally, we present the implications both from a theoretical and practical perspectives.

Logic in Computer Science,Artificial Intelligence,Formal Languages and Automata Theory

Lei Cui,Bo Li,Jianxin Li,Hardy, J.

DOI: https://doi.org/10.1109/ICPADS.2012.111

2012-01-01

Abstract:Software aging has been cited in many scenarios including Operating System, Web Servers, Real-time Systems. However, few studies have been conducted in long running virtualized environments where more and more software is being delivered as a service. Furthermore, state-of-the-art methods lack the ability to deal with miscellaneous upper applications and underlying systems transparently in virtualized scenarios. In this paper, we detect aging phenomenon by conducting experiments in physical and virtual machines and identify the differences between the two, and propose a feature code-based methodology for failure prediction through system call, then implement a prototype in virtual machine manager layer to predict failure time and rejuvenate transparently, which is suitable in virtualized scenarios. The evaluation shows the prediction deviation against reality is less than 10%.

Chenxia Luo,Rui Wang,Yu Jiang,Kang Yang,Yong Guan,Xiaojuan Li,Zhiping Shi

DOI: https://doi.org/10.1109/compsac.2018.00033

2018-01-01

Abstract:The robot has attracted much attention to anticipate improved quality of human life. Real-time obstacle avoidance is one of hot spots of the research. Runtime verification is a real-time and lightweight verification technology to verify the properties in many fields. In this case study, we use the JavaMOP, a runtime verification tool to verify the implementations' correctness of the safety strategies for avoiding collision as a complement to the design. The design of the safety strategies can be classified as the pre-contact safety strategy and the post-contact safety strategy. The former can avoid obstacles and the latter can reduce the physical damage after a collision. Additionally, this case study also proposes a new method of dynamic parameter selection. It can automatically update the parameters during the operation of the robot without having to get familiar with and to modify robot programs. Because some special parameters may change as mutative factors or be updated by engineers' experience in the uncertain environment, they cannot be fixed. We follow the JavaMOP specification to describe informal requirements using the FSM and ptLTL languages. Finally, the experimental results verify the correctness of the safety strategies and the effectiveness of dynamic parameter selection.

Pengcheng Zhang,Patrizio Pelliccione,Hareton Leung,Xuandong Li

DOI: https://doi.org/10.1016/j.infsof.2018.01.014

IF: 3.9

2018-01-01

Information and Software Technology

Abstract:Abstract Context Unpredictability and uncertainty about future evolutions of both the system and its environment may easily compromise the behavior of the system. The subsequent software failures can have serious consequences. When dealing with open environments, run-time monitoring is one of the most promising techniques to detect software failures. Several monitoring approaches have been proposed in the last years; however, they suffer from two main limitations. First, they provide limited information to be exploited at run-time for early detecting and managing situations that most probably will lead to failures. Second, they mainly rely on logic-based specifications, whose intrinsic complexity may hamper the use of these monitoring approaches in industrial contexts. Objective In order to address these two limitations, this paper proposes a novel approach, called PREDIMO ( PREDI ctive MO nitoring). The approach starts from scenario-based specifications, automatically generates predictive monitors called MA s (Multi-valued Automata), which take into account the actual status and also the possible evolution of both system and environment in the near future, and enables the definition of precise strategies to prevent failures. More specifically, the generated monitors evaluate the specified properties and return one of the seven different values representing the degree of controllability of the system and the distance of the potential incoming failure. The translation from scenario-based specifications to MA s preserves the semantics of the starting specification. Method We use the design and creation research methodology to design an innovative approach that fills highlighted gaps of state-of-the-art approaches. The validation of the approach is performed through a large experimentation with OSGi (Open Service Gateway Initiative) applications. Results We present a novel language to specify the properties to be monitored. Then, we present a novel approach to automatically generate predictive monitors from the specified properties. Conclusion The overall approach is tool supported and a large experimentation demonstrates its feasibility and usability.