Stefan Jaksic,Ezio Bartocci,Radu Grosu,Dejan Nickovic

DOI: https://doi.org/10.48550/arXiv.1802.03775

2018-02-12

Abstract:Runtime verification (RV) is a pragmatic and scalable, yet rigorous technique, to assess the correctness of complex systems, including cyber-physical systems (CPS). By measuring how robustly a CPS run satisfies a specification, RV allows in addition, to quantify the resiliency of a CPS to perturbations. In this paper we propose Algebraic Runtime Verification (ARV), a general, semantic framework for RV, which takes advantage of the monoidal structure of runs (w.r.t. concatenation) and the semiring structure of a specification automaton (w.r.t. choice and concatenation), to compute in an incremental and application specific fashion the resiliency measure. This allows us to expose the core aspects of RV, by developing an abstract monitoring algorithm, and to strengthen and unify the various qualitative and quantitative approaches to RV, by instantiating choice and concatenation with real-valued functions as dictated by the application. We demonstrate the power and effectiveness of our framework on two case studies from the automotive domain.

Logic in Computer Science

Angelo Ferrando,Vadim Malvone

2024-08-21

Abstract:Trusting software systems, particularly autonomous ones, is challenging. To address this, formal verification techniques can ensure these systems behave as expected. Runtime Verification (RV) is a leading, lightweight method for verifying system behaviour during execution. However, traditional RV assumes perfect information, meaning the monitoring component perceives everything accurately. This assumption often fails, especially with autonomous systems operating in real-world environments where sensors might be faulty. Additionally, traditional RV considers the monitor to be passive, lacking the capability to interpret the system's information and thus unable to address incomplete data. In this work, we extend standard RV of Linear Temporal Logic properties to accommodate scenarios where the monitor has imperfect information and behaves rationally. We outline the necessary engineering steps to update the verification pipeline and demonstrate our implementation in a case study involving robotic systems.

Formal Languages and Automata Theory,Logic in Computer Science,Software Engineering

Mohammad Reza Besharati,Mohammad Izadi,Ehsaneddin Asgari

DOI: https://doi.org/10.48550/arXiv.2204.07430

2022-04-29

Abstract:Underlying computational model has an important role in any computation. The state and transition (such as in automata) and rule and value (such as in Lisp and logic programming) are two comparable and counterpart computational models. Both of deductive and model checking verification techniques are relying on a notion of state and as a result, their underlying computational models are state dependent. Some verification problems (such as compliance checking by which an under compliance system is verified against some regulations and rules) have not a strong notion of state nor transition. Behalf of it, these systems have a strong notion of value symbols and declarative rules defined on them. SARV (Stateless And Rule-Based Verification) is a verification framework that designed to simplify the overall process of verification for stateless and rule-based verification problems (e.g. compliance checking). In this paper, a formal logic-based framework for creating intelligent compliance checking systems is presented. We define and introduce this framework, report a case study and present results of an experiment on it. The case study is about protocol compliance checking for smart cities. Using this solution, a Rescue Scenario use case and its compliance checking are sketched and modeled. An automation engine for and a compliance solution with SARV are introduced. Based on 300 data experiments, the SARV-based compliance solution outperforms famous machine learning methods on a 3125-records software quality dataset.

Software Engineering,Artificial Intelligence,Logic in Computer Science

Rui Wang,Yingxia Wei,Houbing Song,Yu Jiang,Yong Guan,Xiaoyu Song,Xiaojuan Li

DOI: https://doi.org/10.1109/tii.2017.2788901

IF: 12.3

2018-01-01

IEEE Transactions on Industrial Informatics

Abstract:Robot systems have been widely used in industry and also play an important role in human social life. Safety critical applications usually demand rigorously formal verification to ensure correctness. But for the increasing complexity of dynamic environments and applications, it is not easy to build a comprehensive model for the traditional offline verification. In this paper, we propose RobotRV, the first data-centered real-time verification approach for the robot system. Within this approach, a domain-specific language named RoboticSpec is designed to specify the complex application scenario of the robot system, the data packets transmitted in the robot system, and the safety critical temporal properties. Then, we develop an engine to automatically translate the RoboticSpec model into a real-time verifier. The generated verifier serves as an independent plug-in component for the runtime verification of concerned temporal properties. We applied the proposed approach to a real robot system. As presented in experiment results, our method detected potential failures, and improved the safety of robot system.

Yuhong Zhao,Franz Rammig

DOI: https://doi.org/10.1016/j.entcs.2009.09.035

2009-01-01

Electronic Notes in Theoretical Computer Science

Abstract:Model-based runtime verification is an extension to the state-of-the-art runtime verification, aimed at checking at runtime the system implementation against the system model (consistency checking) and the system model against the system specification (safety checking). Notice that our runtime verification works at the model level, thus, we do not need to strictly synchronize this runtime verification with the system execution. In fact, we mainly use the runtime information (current states) obtained from the system execution to reduce the state space (of the system model) to be explored. It means that this model-based runtime verification might run before or after the system execution, i.e., switch alternately between a preventive pre-checking mode and a maintaining post-checking mode. In order to make it run ahead of the system execution for as long time as possible, we present two possible strategies so that this runtime verification can selectively reduce the state space (of the system model) to be explored by making the system model enriched with probabilities and additional information derived and learned at the system testing phase.

Erwan Mahe,Boutheina Bannour,Christophe Gaston,Pascale Le Gall

2024-03-05

Abstract:Runtime Verification (RV) refers to a family of techniques in which system executions are observed and confronted to formal specifications, with the aim of identifying faults. In Offline RV, observation is done in a first step and verification in a second, on a static artifact collected during observation. In this paper, we define an approach to offline RV of Distributed Systems (DS) against interactions. Interactions are formal models describing communications within a DS. DS are composed of subsystems deployed on different machines and interacting via message passing. Therefore, observing executions of a DS entails logging a collection of local execution traces, one for each subsystem, that we call a multi-trace. A major challenge in analyzing multi-traces is that there are no practical means to synchronize the ends of observations of all local traces. We address this via an operation, called lifeline removal, which we apply on-the-fly on the specification during verification once a local trace has been entirely analyzed. This operation removes from the interaction the specification of actions occurring on the subsystem that is no-longer observed. This may allow further execution of the specification via removing deadlocks due to the partial orders of actions. We prove the correctness of the resulting RV algorithm and introduce two optimization techniques which we also prove correct. We implement a Partial Order Reduction (POR) technique via the selection of a one-unambiguous action (as a unique first step to a linearization) which existence is determined via another use of the lifeline removal operator. Additionally, Local Analyses (LOC) i.e., the verification of local traces, can be leveraged during the global multi-trace analysis to prove failure more quickly. Experiments illustrate the application of our RV approach and the benefits of our optimizations.

Formal Languages and Automata Theory

KP Jevitha,Bharat Jayaraman,M Sethumadhavan

2024-06-18

Abstract:Finite-state models are ubiquitous in the study of concurrent systems, especially controllers and servers that operate in a repetitive cycle. In this paper, we show how to extract finite state models from a run of a multi-threaded Java program and carry out runtime verification of correctness properties. These properties include data-oriented and control-oriented properties; the former express correctness conditions over the data fields of objects, while the latter are concerned with the correct flow of control among the modules of larger software. As the extracted models can become very large for long runs, the focus of this paper is on constructing reduced models with user-defined abstraction functions that map a larger domain space to a smaller one. The abstraction functions should be chosen so that the resulting model is property preserving, i.e., proving a property on the abstract model carries over to the concrete model. The main contribution of this paper is in showing how runtime verification can be made efficient through online property checking on property-preserving abstract models. The property specification language resembles a propositional linear temporal logic augmented with simple datatypes and operators. Classic concurrency examples and larger case studies (Multi-rotor Drone Controller, OAuth Protocol) are presented in order to demonstrate the usefulness of our proposed techniques, which are incorporated in an Eclipse plug-in for runtime visualization and verification of Java programs.

Software Engineering

Matt Luckcuck

DOI: https://doi.org/10.48550/arXiv.2007.03522

2021-05-25

Abstract:Dynamic formal verification is a key tool for providing ongoing confidence that a system is meeting its requirements while in use, especially when paired with static formal verification before the system is in use. This paper presents a workflow and Runtime Verification (RV) toolchain, Varanus, and their application to an industrial case study. Using the workflow we manually derive a Communicating Sequential Processes (CSP) model from natural-language safety requirements documents, which Varanus uses as the monitor oracle. This reuse of the model means that the monitor oracle does not have to be developed separately, risking inconsistencies between it and the model for static verification. The approach is demonstrated by the offline RV of a teleoperated manipulation system, called MASCOT, which enables remote operations inside the Joint European Torus (JET) fusion reactor. We describe our model of the MASCOT safety design documents (including how the modelling process revealed an underspecification in the design) and evaluate the Varanus toolchain's utility. The workflow and tool provide validation of the safety documents, traceability of the safety properties from the documentation to the system, and a verified oracle for RV.

Robotics,Formal Languages and Automata Theory,Software Engineering

Jian Shi,Ying Qiao,Hongan Wang

DOI: https://doi.org/10.1145/2016656.2016666

2011-01-01

Abstract:In this paper, we introduce an approach to visualize the inference process in a rule engine -- Drools, which employs Rete as its pattern matching algorithm. As a software visualization work, our approach is focused on both static structure of the Rete network and dynamic behavior of the inference process. Since logic programming is distinct from other traditional programming paradigms, our approach is also different from traditional program/algorithm visualization methods. In this paper, we first introduce the target we choose to visualize, and then provide a description of the problem and our visualization approach. Finally, with an implementation and an interesting case -- sudoku solving, we show that the visualization work is helpful to understanding not only the Rete algorithm, but also the rules used in the inference. Besides, our work supports debugging, tracing and analyzing the rule engine, which is useful in finding errors and optimization.

Wolfgang Schreiner

DOI: https://doi.org/10.48550/arXiv.1904.00620

2019-04-01

Logic in Computer Science

Abstract:The RISC Algorithm Language (RISCAL) is a language for the formal modeling of theories and algorithms. A RISCAL specification describes an infinite class of models each of which has finite size; this allows to fully automatically check in such a model the validity of all theorems and the correctness of all algorithms. RISCAL thus enables us to quickly verify/falsify the specific truth of propositions in sample instances of a model class before attempting to prove their general truth in the whole class: the first can be achieved in a fully automatic way while the second typically requires our assistance. RISCAL has been mainly developed for educational purposes. To this end this paper reports on some new enhancements of the tool: the automatic generation of checkable verification conditions from algorithms, the visualization of the execution of procedures and the evaluation of formulas illustrating the computation of their results, and the generation of Web-based student exercises and assignments from RISCAL specifications. Furthermore, we report on our first experience with RISCAL in the teaching of courses on logic and formal methods and on further plans to use this tool to enhance formal education.

Joseph Birkner,Andreas Dolp,Negin Karimi,Nikita Basargin,Alona Kharchenko,Rafael Hostettler

2023-10-03

Abstract:In human-robot interaction policy design, a rule-based method is efficient, explainable, expressive and intuitive. In this paper, we present the Signal-Rule-Slot framework, which refines prior work on rule-based symbol system design and introduces a new, Bayesian notion of interaction rule utility called Causal Pathway Self-information. We offer a rigorous theoretical foundation as well as a rich open-source reference implementation Ravestate, with which we conduct user studies in text-, speech-, and vision-based scenarios. The experiments show robust contextual behaviour of our probabilistically informed rule-based system, paving the way for more effective human-machine interaction.

Robotics,Artificial Intelligence,Human-Computer Interaction

Ivan Perez,Anastasia Mavridou,Tom Pressburger,Alexander Will,Patrick J. Martin

DOI: https://doi.org/10.4204/EPTCS.371.15

2022-09-28

Abstract:Runtime verification (RV) has the potential to enable the safe operation of safety-critical systems that are too complex to formally verify, such as Robot Operating System 2 (ROS2) applications. Writing correct monitors can itself be complex, and errors in the monitoring subsystem threaten the mission as a whole. This paper provides an overview of a formal approach to generating runtime monitors for autonomous robots from requirements written in a structured natural language. Our approach integrates the Formal Requirement Elicitation Tool (FRET) with Copilot, a runtime verification framework, through the Ogma integration tool. FRET is used to specify requirements with unambiguous semantics, which are then automatically translated into temporal logic formulae. Ogma generates monitor specifications from the FRET output, which are compiled into hard-real time C99. To facilitate integration of the monitors in ROS2, we have extended Ogma to generate ROS2 packages defining monitoring nodes, which run the monitors when new data becomes available, and publish the results of any violations. The goal of our approach is to treat the generated ROS2 packages as black boxes and integrate them into larger ROS2 systems with minimal effort.

Robotics,Computation and Language,Formal Languages and Automata Theory

Kenji Brameld,Germán Castro,Claude Sammut,Mark Roberts,David W. Aha

2024-01-30

Abstract:ActorSim is a goal reasoning framework developed at the Naval Research Laboratory. Originally, all goal reasoning rules were hand-crafted. This work extends ActorSim with the capability of learning by demonstration, that is, when a human trainer disagrees with a decision made by the system, the trainer can take over and show the system the correct decision. The learning component uses Ripple-Down Rules (RDR) to build new decision rules to correctly handle similar cases in the future. The system is demonstrated using the RoboCup Rescue Agent Simulation, which simulates a city-wide disaster, requiring emergency services, including fire, ambulance and police, to be dispatched to different sites to evacuate civilians from dangerous situations. The RDRs are implemented in a scripting language, FrameScript, which is used to mediate between ActorSim and the agent simulator. Using Ripple-Down Rules, ActorSim can scale to an order of magnitude more goals than the previous version.

Robotics,Artificial Intelligence,Multiagent Systems

Robert Abela,Christian Colombo,Axel Curmi,Mattea Fenech,Mark Vella,Angelo Ferrando

DOI: https://doi.org/10.4204/EPTCS.391.7

2023-10-04

Abstract:Autonomous and robotic systems are increasingly being trusted with sensitive activities with potentially serious consequences if that trust is broken. Runtime verification techniques present a natural source of inspiration for monitoring and enforcing the desirable properties of the communication protocols in place, providing a formal basis and ways to limit intrusiveness. A recently proposed approach, RV-TEE, shows how runtime verification can enhance the level of trust to the Rich Execution Environment (REE), consequently adding a further layer of protection around the Trusted Execution Environment (TEE). By reflecting on the implication of deploying RV in the context of trustworthy computing, we propose practical solutions to two threat models for the RV-TEE monitoring process: one where the adversary has gained access to the system without elevated privileges, and another where the adversary gains all privileges to the host system but fails to steal secrets from the TEE.

Cryptography and Security,Robotics

Alan Perotti,Guido Boella,Artur d'Avila Garcez

DOI: https://doi.org/10.4204/EPTCS.169.8

2014-12-03

Abstract:In this paper we present a novel rule-based approach for Runtime Verification of FLTL properties over finite but expanding traces. Our system exploits Horn clauses in implication form and relies on a forward chaining-based monitoring algorithm. This approach avoids the branching structure and exponential complexity typical of tableaux-based formulations, creating monitors with a single state and a fixed number of rules. This allows for a fast and scalable tool for Runtime Verification: we present the technical details together with a working implementation.

Logic in Computer Science

Ahmad Salim Al-Sibahi,Thomas P. Jensen,Aleksandar S. Dimovski,Andrzej Wasowski

DOI: https://doi.org/10.1145/3278122.3278125

2018-09-18

Abstract:High-level transformation languages like Rascal include expressive features for manipulating large abstract syntax trees: first-class traversals, expressive pattern matching, backtracking and generalized iterators. We present the design and implementation of an abstract interpretation tool, Rabit, for verifying inductive type and shape properties for transformations written in such languages. We describe how to perform abstract interpretation based on operational semantics, specifically focusing on the challenges arising when analyzing the expressive traversals and pattern matching. Finally, we evaluate Rabit on a series of transformations (normalization, desugaring, refactoring, code generators, type inference, etc.) showing that we can effectively verify stated properties.

Programming Languages

S Meng,Bk Aichernig,Nx Zhang

DOI: https://doi.org/10.1109/PDCAT.2005.100

2005-01-01

Abstract:Component-based software development has become a popular paradigm in software engineering. From the theoretical point of view, components can be seen as coalgebras. In this paper, we present a component specification and verification technique which is based on the theory of coalgebras. We use the formal specification language RSL for expressing coalgebraic component specifications and define their behavioral equivalence by means of bisimulation. Furthermore, a notion of behavior refinement of components is presented together with an associated verification technique based on simulation. Our formal framework demonstrates how final coalgebras provide a means for systematically constructing the minimal model from a given specification.

Ramy Medhat,Yogi Joshi,Borzoo Bonakdarpour,Sebastian Fischmeister

DOI: https://doi.org/10.48550/arXiv.1411.2239

2014-11-09

Abstract:Runtime verification is an effective automated method for specification-based offline testing and analysis as well as online monitoring of complex systems. The specification language is often a variant of regular expressions or a popular temporal logic, such as LTL. This paper presents a novel and efficient parallel algorithm for verifying a more expressive version of LTL specifications that incorporates counting semantics, where nested quantifiers can be subject to numerical constraints. Such constraints are useful in evaluating thresholds (e.g., expected uptime of a web server). The significance of this extension is that it enables us to reason about the correctness of a large class of systems, such as web servers, OS kernels, and network behavior, where properties are required to be instantiated for parameterized requests, kernel objects, network nodes, etc. Our algorithm uses the popular {\em MapReduce} architecture to split a program trace into variable-based clusters at run time. Each cluster is then mapped to its respective monitor instances, verified, and reduced collectively on a multi-core CPU or the GPU. Our algorithm is fully implemented and we report very encouraging experimental results, where the monitoring overhead is negligible on real-world data sets.

Logic in Computer Science

Christopher Lazarus,James G. Lopez,Mykel J. Kochenderfer

DOI: https://doi.org/10.48550/arXiv.2010.10618

IF: 5.414

2020-10-20

Machine Learning

Abstract:The airworthiness and safety of a non-pedigreed autopilot must be verified, but the cost to formally do so can be prohibitive. We can bypass formal verification of non-pedigreed components by incorporating Runtime Safety Assurance (RTSA) as mechanism to ensure safety. RTSA consists of a meta-controller that observes the inputs and outputs of a non-pedigreed component and verifies formally specified behavior as the system operates. When the system is triggered, a verified recovery controller is deployed. Recovery controllers are designed to be safe but very likely disruptive to the operational objective of the system, and thus RTSA systems must balance safety and efficiency. The objective of this paper is to design a meta-controller capable of identifying unsafe situations with high accuracy. High dimensional and non-linear dynamics in which modern controllers are deployed along with the black-box nature of the nominal controllers make this a difficult problem. Current approaches rely heavily on domain expertise and human engineering. We frame the design of RTSA with the Markov decision process (MDP) framework and use reinforcement learning (RL) to solve it. Our learned meta-controller consistently exhibits superior performance in our experiments compared to our baseline, human engineered approach.

Chengcheng Xiang,Zhengwei Qi,Walter Binder

DOI: https://doi.org/10.1142/s0218194015400343

2015-01-01

Abstract:Runtime verification validates the correctness of a program’s execution trace. Much work has been done on improving the expressiveness and efficiency of runtime verification. However, current approaches require static deployment of the verification logic and are often restricted to a limited set of events that can be captured and analyzed, hindering the adoption of runtime verification in production systems. A popular system for runtime verification in Java, JavaMOP (Monitor-Oriented Programming in Java), suffers from the aforementioned limitations due to its dependence on AspectJ, which supports neither dynamic weaving nor an extensible join-point model. In this article, we extend the JavaMOP framework with a dynamic deployment API and a new MOP specification translator, which targets the domain-specific aspect language DiSL instead of AspectJ; DiSL offers an open join-point model that allows for extensions. A case study on lambda expressions in Java8 demonstrates the extensibility of our approach. Moreover, in comparison with JavaMOP using load-time weaving, our implementation reduces runtime overhead by 32%, and heap memory usage by 13%, on average.