Practical runtime monitoring with impact guarantees of java programs with real-time constraints

With the ever growing need of robust and reliable software, formal methods are increasingly being employed. A recurrent problem is the intractability of exhaustively verifying software. Due to its scalability to real-life systems, testing has been used extensively to verify software. However, testing usually lacks coverage. Runtime verification is a compromise whereby the current execution trace is verified during runtime. Thus, it scales well without loss of coverage. In this thesis we examine closely the work in runtime verification and identify potential improvements with regards to the specification of properties and guarantees which are given. For the first issue of specification we make use of a real-life case study to better understand the day-to-day properties which system architects would need to formalise. DATE is the logic which results from these experiments and experiences. It is shown to be highly expressive and versatile for real-life scenarios. This is further confirmed by the second case study carried out and presented in this work. Our logic requires a complete architecture to be usable with Java programs. This architecture, called Larva, is developed using Java and AspectJ with the aim of being able to automatically create and instrument monitoring code from a Larva script. A central aspect of this thesis is the work on real-time properties. Such properties are very sensitive to overheads, because overheads slow down the system and use up resources. For this purpose, we present a theory based on the prominent real-time logic, duration calculus, to be able to give guarantees on the effects of slowing down/speeding up the target system due to the monitoring overhead. Another form of guarantee which we can give on real-time properties is the upperbound of memory overhead used during runtime verification. This is achieved by starting from the subset of duration calculus, QDDC, and translating it into Lustre. To relate Larva to other tools in the field we use a benchmark to compare expressivity and resource consumption of Larva to other prominent tools. Furthermore, a subset of duration calculus (counterexample traces), QDDC, and Lustre have been shown to be translatable into Larva. This has two main purposes: first that this allows users familiar with other logics to utilise Larva, and second that the guarantees enjoyed by these logics, will also benefit Larva.

[1]  Eric Bodden Efficient and Expressive Runtime Verification for Java , 2005 .

[2]  Dimitra Giannakopoulou,et al.  Automata-based verification of temporal properties on running programs , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[3]  Grigore Rosu,et al.  Efficient monitoring of safety properties , 2004, International Journal on Software Tools for Technology Transfer.

[4]  Doron Drusinsky,et al.  The Temporal Rover and the ATG Rover , 2000, SPIN.

[5]  Ahmed Bouajjani,et al.  From Duration Calculus To Linear Hybrid Automata , 1995, CAV.

[6]  Jochen Hoenicke,et al.  Combination of processes, data, and time , 2006 .

[7]  Henrik Thane,et al.  Monitoring, Testing and Debugging of Distributed Real-Time Systems , 2000 .

[8]  Mahesh Viswanathan,et al.  Java-MaC: A Run-Time Assurance Approach for Java Programs , 2004, Formal Methods Syst. Des..

[9]  Nicolas Halbwachs,et al.  From Discrete Duration Calculus to Symbolic Automata , 2006, SLAP@ETAPS.

[10]  Mahesh Viswanathan,et al.  Verisim: Formal analysis of network simulations , 2000, ISSTA '00.

[11]  Grigore Rosu,et al.  Allen Linear (Interval) Temporal Logic - Translation to LTL and Monitor Synthesis , 2006, CAV.

[12]  Patrick Lincoln,et al.  Maude as a metalanguage , 1998, WRLA.

[13]  Dov M. Gabbay,et al.  The Declarative Past and Imperative Future: Executable Temporal Logic for Interactive Systems , 1987, Temporal Logic in Specification.

[14]  Marcelo d'Amorim,et al.  Monitoring-Oriented Programming: A Tool-Supported Methodology for Higher Quality Object-Oriented Software , 2004 .

[15]  Grigore Rosu,et al.  Testing Linear Temporal Logic Formulae on Finite Execution Traces , 2001 .

[16]  D. Fisman,et al.  A Practical Introduction to PSL (Series on Integrated Circuits and Systems) , 2006 .

[17]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[18]  Doron Drusinsky,et al.  On-line Monitoring of Metric Temporal Logic with Time-Series Constraints Using Alternating Finite Automata , 2006, J. Univers. Comput. Sci..

[19]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[20]  Michael R. Hansen,et al.  Chopping a point , 1996 .

[21]  Klaus Havelund,et al.  Automated Runtime Verification with Eagle , 2005, MSVVEIS.

[22]  Grigore Rosu,et al.  Monitoring programs using rewriting , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[23]  Matthias Fruth,et al.  Trace Checking with Real−Time Specifications , 2004 .

[24]  Pierre Wolper,et al.  Memory-efficient algorithms for the verification of temporal properties , 1990, Formal Methods Syst. Des..

[25]  Nicolas Markey,et al.  Temporal logic with past is exponentially more succinct, Concurrency Column , 2003, Bull. EATCS.

[26]  Avner Landver,et al.  The ForSpec Temporal Logic: A New Temporal Property-Specification Language , 2002, TACAS.

[27]  Grigore Rosu,et al.  Java PathExplorer: A Runtime Verification Tool , 2001 .

[28]  O. Sokolsky,et al.  Regular Expressions for Run-Time Verification , 2003 .

[29]  Wa Halang,et al.  REAL-TIME SYSTEMS .2. , 1989 .

[30]  Koushik Sen,et al.  Rule-Based Runtime Verification , 2004, VMCAI.

[31]  Nicolas Halbwachs,et al.  Synchronous Observers and the Verification of Reactive Systems , 1993, AMAST.

[32]  Narciso Martí-Oliet,et al.  The Maude System , 1999, RTA.

[33]  Hanêne Ben-Abdallah,et al.  A Monitoring and Checking Framework for Run-time Correctness Assurance , 1998 .

[34]  Pascal Raymond Recognizing Regular Expressions by Means of Dataflow Networks , 1996, ICALP.

[35]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[36]  Grigore Rosu,et al.  Towards Monitoring-Oriented Programming: A Paradigm Combining Specification and Implementation , 2003, RV@CAV.

[37]  T. Kanade Model-Based Testing of Reactive Systems , 2005 .

[38]  Bertrand Meyer,et al.  Applying 'design by contract' , 1992, Computer.

[39]  Florence Maraninchi,et al.  Mode-Automata: a new domain-specific construct for the development of safe critical systems , 2003, Sci. Comput. Program..

[40]  Thomas Colcombet,et al.  Enforcing trace properties by program transformation , 2000, POPL '00.

[41]  H. Piaggio Mathematical Analysis , 1955, Nature.

[42]  Úlfar Erlingsson,et al.  The Inlined Reference Monitor Approach to Security Policy Enforcement , 2004 .

[43]  Wolfgang Schröder-Preikschat,et al.  On aspect-orientation in distributed real-time dependable systems , 2002, Proceedings of the Seventh IEEE International Workshop on Object-Oriented Real-Time Dependable Systems. (WORDS 2002).

[44]  Lujo Bauer,et al.  Composing security policies with polymer , 2005, PLDI '05.

[45]  Paul Caspi,et al.  Timed regular expressions , 2002, JACM.

[46]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[47]  Marcelo d'Amorim,et al.  Event-based runtime verification of java programs , 2005, WODA '05.

[48]  Volker Stolz,et al.  Temporal Assertions using AspectJ , 2006, Electron. Notes Theor. Comput. Sci..

[49]  Anders P. Ravn,et al.  Design of embedded real-time computing systems , 1994 .

[50]  Gordon J. Pace,et al.  Conflict Analysis of Deontic Contracts , 2008 .

[51]  Pascal Fradet,et al.  Systèmes de gestion de ressources et aspects de disponibilité , 2005, Obj. Logiciel Base données Réseaux.

[52]  Michael R. Hansen,et al.  Duration calculus: Logical foundations , 1997, Formal Aspects of Computing.

[53]  Patricia Bouyer,et al.  Weighted Timed Automata: Model-Checking and Games , 2006, MFPS.

[54]  Manfred Broy,et al.  Model-Based Testing of Reactive Systems, Advanced Lectures [The volume is the outcome of a research seminar that was held in Schloss Dagstuhl in January 2004] , 2005, Model-Based Testing of Reactive Systems.

[55]  Ron Koymans,et al.  Specifying real-time properties with metric temporal logic , 1990, Real-Time Systems.

[56]  Thomas A. Henzinger,et al.  What Good Are Digital Clocks? , 1992, ICALP.

[57]  Grigore Rosu,et al.  Java-MOP: A Monitoring Oriented Programming Environment for Java , 2005, TACAS.

[58]  Grigore Rosu,et al.  Rewriting-Based Techniques for Runtime Verification , 2005, Automated Software Engineering.

[59]  Paritosh K. Pandya,et al.  Interval Duration Logic: Expressiveness and Decidability , 2002, Theory and Practice of Timed Systems @ ETAPS.

[60]  Ben C. Moszkowski,et al.  Executing temporal logic programs , 1986, Seminar on Concurrency.

[61]  P. Pandya Specifying and Deciding Quantified Discrete-time Duration Calculus Formulae using DCVALID , 2000 .

[62]  Michael D. Ernst Static and dynamic analysis: synergy and duality , 2003 .

[63]  Klaus Havelund,et al.  Using Runtime Analysis to Guide Model Checking of Java Programs , 2013, SPIN.

[64]  Thomas P. Minka,et al.  Gates , 2008, NIPS.

[65]  Paritosh K. Pandya,et al.  Digitizing Interval Duration Logic , 2003, CAV.

[66]  T. Apostol Mathematical Analysis , 1957 .

[67]  M. Clavel,et al.  Principles of Maude , 1996, WRLA.

[68]  Viktor Kuncak,et al.  Runtime Checking for Program Verification , 2007, RV.

[69]  Mahesh Viswanathan,et al.  Runtime Assurance Based On Formal Specifications , 1999, PDPTA.

[70]  Bernd Finkbeiner,et al.  LOLA: runtime monitoring of synchronous systems , 2005, 12th International Symposium on Temporal Representation and Reasoning (TIME'05).

[71]  Leslie Lamport,et al.  "Sometime" is sometimes "not never": on the temporal logic of programs , 1980, POPL '80.

[72]  Saeed Jalili,et al.  RVERL: Run-time Verification of Real-time and Reactive Programs using Event-based Real-Time Logic Approach , 2007, 5th ACIS International Conference on Software Engineering Research, Management & Applications (SERA 2007).

[73]  Bernd Finkbeiner,et al.  Checking Finite Traces using Alternating Automata , 2001, Electron. Notes Theor. Comput. Sci..

[74]  Katsiaryna Naliuka,et al.  ConSpec - A formal language for policy specification , 2008, Sci. Comput. Program..

[75]  Grigore Rosu,et al.  Synthesizing Monitors for Safety Properties , 2002, TACAS.

[76]  Joseph Sifakis,et al.  Building models of real-time systems from application software , 2003, Proc. IEEE.

[77]  Michael R. Lowry,et al.  Combining test case generation and runtime verification , 2005, Theor. Comput. Sci..

[78]  Thomas A. Henzinger,et al.  A really temporal logic , 1994, JACM.

[79]  Dana Fisman,et al.  Reasoning with Temporal Logic on Truncated Paths , 2003, CAV.

[80]  Martin Leucker,et al.  The Good, the Bad, and the Ugly, But How Ugly Is Ugly? , 2007, RV.

[81]  Zohar Manna,et al.  Reasoning in Interval Temporal Logic , 1983, Logic of Programs.

[82]  Nicolas Halbwachs,et al.  Programming and Verifying Real-Time Systems by Means of the Synchronous Data-Flow Language LUSTRE , 1992, IEEE Trans. Software Eng..

[83]  Saharon Shelah,et al.  On the temporal analysis of fairness , 1980, POPL '80.

[84]  Naoyasu Ubayashi,et al.  Aspect-oriented programming with model checking , 2002, AOSD '02.

[85]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[86]  C. A. R. Hoare,et al.  A Calculus of Durations , 1991, Inf. Process. Lett..

[87]  MeyerBertrand,et al.  Design by Contract , 1997 .

[88]  Ann Q. Gates,et al.  Towards a Tool for Generating Aspects from MEDL and PEDL Specifications for Runtime Verification , 2007, RV.

[89]  Pierre Wolper,et al.  Simple on-the-fly automatic verification of linear temporal logic , 1995, PSTV.

[90]  G. Ro Synthesizing Dynamic Programming Algorithms from Linear Temporal Logic Formulae , 2001 .

[91]  Thomas A. Henzinger,et al.  Real-Time Logics: Complexity and Expressiveness , 1993, Inf. Comput..

[92]  Pascal Raymond,et al.  The synchronous data flow programming language LUSTRE , 1991, Proc. IEEE.

[93]  G. Rosu,et al.  Synthesizing Dynamic Programming Algorithms fromLinear Temporal Logic Formulae , 2001 .

[94]  William G. Griswold,et al.  An Overview of AspectJ , 2001, ECOOP.

[95]  Christian Johansen,et al.  A Formal Language for Electronic Contracts , 2007, FMOODS.

[96]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[97]  Ernst-Rüdiger Olderog,et al.  Transformational design of real-time systems Part I: From requirements to program specifications , 1999, Acta Informatica.