Efficient monitoring of safety properties

The problem of testing whether a finite execution trace of events generated by an executing program violates a linear temporal logic (LTL) formula occurs naturally in runtime analysis of software. Two efficient algorithms for this problem are presented in this paper, both for checking safety formulae of the form “always P”, where P is a past-time LTL formula. The first algorithm is implemented by rewriting, and the second synthesizes efficient code from formulae. Further optimizations of the second algorithm are suggested, reducing space and time consumption. Special operators suitable for writing succinct specifications are discussed and shown to be equivalent to the standard past-time operators. This work is part of NASA’s PathExplorer project, the objective of which is to construct a flexible framework for efficient monitoring and analysis of program executions.

[1]  Jieh Hsiang,et al.  Refutational Theorem Proving Using Term-Rewriting Systems , 1985, Artif. Intell..

[2]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[3]  Dov M. Gabbay,et al.  The Declarative Past and Imperative Future: Executable Temporal Logic for Interactive Systems , 1987, Temporal Logic in Specification.

[4]  José Meseguer,et al.  Conditioned Rewriting Logic as a United Model of Concurrency , 1992, Theor. Comput. Sci..

[5]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[6]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[7]  Zohar Manna,et al.  Temporal Verification of Reactive Systems , 1995, Springer New York.

[8]  Natarajan Shankar,et al.  Experiments in Theorem Proving and Model Checking for Protocol Verification , 1996, FME.

[9]  José Meseguer,et al.  Membership algebra as a logical framework for equational specification , 1997, WADT.

[10]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[11]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[12]  Gerard J. Holzmann,et al.  A practical method for verifying event-driven software , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[13]  Narciso Martí-Oliet,et al.  The Maude System , 1999, RTA.

[14]  Claudio Demartini,et al.  A deadlock detection tool for concurrent Java programs , 1999, Softw. Pract. Exp..

[15]  Mahesh Viswanathan,et al.  Runtime Assurance Based On Formal Specifications , 1999, PDPTA.

[16]  Matthew B. Dwyer,et al.  Bandera: extracting finite-state models from Java source code , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[17]  David L. Dill,et al.  Java model checking , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[18]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[19]  Klaus Havelund,et al.  Model checking programs , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[20]  Doron Drusinsky,et al.  The Temporal Rover and the ATG Rover , 2000, SPIN.

[21]  Klaus Havelund,et al.  SPIN Model Checking and Software Verification , 2000, Lecture Notes in Computer Science.

[22]  Andreas Podelski,et al.  Boolean and Cartesian Abstraction for Model Checking C Programs , 2001, TACAS.

[23]  Grigore Rosu,et al.  Monitoring Java Programs with Java PathExplorer , 2001, RV@CAV.

[24]  Grigore Rosu,et al.  Java PathExplorer: A Runtime Verification Tool , 2001 .

[25]  Grigore Rosu,et al.  Specification and Error Pattern Based Program Monitoring , 2001 .

[26]  G. Rosu,et al.  Synthesizing Dynamic Programming Algorithms fromLinear Temporal Logic Formulae , 2001 .

[27]  G. Ro Synthesizing Dynamic Programming Algorithms from Linear Temporal Logic Formulae , 2001 .

[28]  Michael R. Lowry,et al.  Formal Analysis of a Space-Craft Controller Using SPIN , 2001, IEEE Trans. Software Eng..

[29]  Grigore Rosu,et al.  Monitoring programs using rewriting , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[30]  Narciso Martí-Oliet,et al.  Maude: specification and programming in rewriting logic , 2002, Theor. Comput. Sci..

[31]  Andreas Podelski,et al.  Boolean and Cartesian abstraction for model checking C programs , 2001, International Journal on Software Tools for Technology Transfer.

[32]  Doron A. Peled,et al.  Tracing the executions of concurrent programs , 2002, Electron. Notes Theor. Comput. Sci..

[33]  Scott D. Stoller,et al.  Model-checking multi-threaded distributed Java programs , 2000, International Journal on Software Tools for Technology Transfer.

[34]  Michael R. Lowry,et al.  Experiments with Test Case Generation and Runtime Analysis , 2003, Abstract State Machines.

[35]  Nicolas Markey,et al.  Temporal logic with past is exponentially more succinct, Concurrency Column , 2003, Bull. EATCS.

[36]  Koushik Sen,et al.  Runtime safety analysis of multithreaded programs , 2003, ESEC/FSE-11.

[37]  Grigore Rosu,et al.  Towards Monitoring-Oriented Programming: A Paradigm Combining Specification and Implementation , 2003, RV@CAV.

[38]  Armin Biere,et al.  High‐level data races , 2003, Softw. Test. Verification Reliab..