Efficient parametric runtime verification with deterministic string rewriting

Early efforts in runtime verification show that parametric regular and temporal logic specifications can be monitored efficiently. These approaches, however, have limited expressiveness: their specifications always reduce to monitors with finite state. More recent developments showed that parametric context-free properties can be efficiently monitored with overheads generally lower than 12-15%. While context-free grammars are more expressive than finite-state languages, they still do not allow every computable safety property. This paper presents a monitor synthesis algorithm for string rewriting systems (SRS). SRSs are well known to be Turing complete, allowing for the formal specification of any computable safety property. Earlier attempts at Turing complete monitoring have been relatively inefficient. This paper demonstrates that monitoring parametric SRSs is practical. The presented algorithm uses a modified version of Aho-Corasick string searching for quick pattern matching with an incremental rewriting approach that avoids reexamining parts of the string known to contain no redexes.

[1]  William G. Griswold,et al.  An Overview of AspectJ , 2001, ECOOP.

[2]  Runtime Verification , 2010, Lecture Notes in Computer Science.

[3]  Ondrej Lhoták,et al.  Adding trace matching with free variables to AspectJ , 2005, OOPSLA '05.

[4]  Grigore Rosu,et al.  Towards Monitoring-Oriented Programming: A Paradigm Combining Specification and Implementation , 2003, RV@CAV.

[5]  Grigore Rosu,et al.  Efficient monitoring of parametric context-free patterns , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[6]  Benjamin Livshits,et al.  Finding application errors and security flaws using PQL: a program query language , 2005, OOPSLA '05.

[7]  Alexander Aiken,et al.  Relational queries over program traces , 2005, OOPSLA '05.

[8]  Grigore Rosu,et al.  Garbage collection for monitoring parametric properties , 2011, PLDI '11.

[9]  Marcelo d'Amorim,et al.  Event-based runtime verification of java programs , 2005, WODA '05.

[10]  Narciso Martí-Oliet,et al.  All About Maude - A High-Performance Logical Framework, How to Specify, Program and Verify Systems in Rewriting Logic , 2007, All About Maude.

[11]  Gordon J. Pace,et al.  LARVA --- Safer Monitoring of Real-Time Java Programs (Tool Paper) , 2009, 2009 Seventh IEEE International Conference on Software Engineering and Formal Methods.

[12]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[13]  Grigore Rosu,et al.  Monitoring Java Programs with Java PathExplorer , 2001, RV@CAV.

[14]  Grigore Rosu,et al.  Efficient Formalism-Independent Monitoring of Parametric Properties , 2009, 2009 IEEE/ACM International Conference on Automated Software Engineering.

[15]  Amer Diwan,et al.  The DaCapo benchmarks: java benchmarking development and analysis , 2006, OOPSLA '06.

[16]  Howard Barringer,et al.  Rule Systems for Run-time Monitoring: from Eagle to RuleR , 2010, J. Log. Comput..

[17]  Grigore Rosu,et al.  Mop: an efficient and generic runtime verification framework , 2007, OOPSLA.

[18]  Marcelo d'Amorim,et al.  Event-based runtime verification of java programs , 2005, ACM SIGSOFT Softw. Eng. Notes.

[19]  Oege de Moor,et al.  Making trace monitors feasible , 2007, OOPSLA.

[20]  Robert E. Strom,et al.  Typestate: A programming language concept for enhancing software reliability , 1986, IEEE Transactions on Software Engineering.

[21]  Swarat Chaudhuri,et al.  Instrumenting C Programs with Nested Word Monitors , 2007, SPIN.

[22]  Grigore Rosu,et al.  Dependent advice: a general approach to optimizing history-based aspects , 2009, AOSD '09.

[23]  Grigore Rosu,et al.  An overview of the MOP runtime verification framework , 2012, International Journal on Software Tools for Technology Transfer.

[24]  Felix Klaedtke,et al.  MONPOLY: Monitoring Usage-Control Policies , 2011, RV.

[25]  Mahesh Viswanathan,et al.  Java-MaC: A Run-Time Assurance Approach for Java Programs , 2004, Formal Methods Syst. Des..

[26]  Jean-Yves Marion,et al.  Behavior Abstraction in Malware Analysis , 2010, RV.

[27]  Friedrich Otto,et al.  String-Rewriting Systems , 1993, Text and Monographs in Computer Science.

[28]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[29]  Ondrej Lhoták,et al.  A Staged Static Program Analysis to Improve the Performance of Runtime Monitoring , 2007, ECOOP.

[30]  Choonghwan Lee,et al.  Towards Categorizing and Formalizing the JDK API , 2012 .