Rewriting-Based Techniques for Runtime Verification

Techniques for efficiently evaluating future time Linear Temporal Logic (abbreviated LTL) formulae on finite execution traces are presented. While the standard models of LTL are infinite traces, finite traces appear naturally when testing and/or monitoring real applications that only run for limited time periods. A finite trace variant of LTL is formally defined, together with an immediate executable semantics which turns out to be quite inefficient if used directly, via rewriting, as a monitoring procedure. Then three algorithms are investigated. First, a simple synthesis algorithm for monitors based on dynamic programming is presented; despite the efficiency of the generated monitors, they unfortunately need to analyze the trace backwards, thus making them unusable in most practical situations. To circumvent this problem, two rewriting-based practical algorithms are further investigated, one using rewriting directly as a means for online monitoring, and the other using rewriting to generate automata-like monitors, called binary transition tree finite state machines (and abbreviated BTT-FSMs). Both rewriting algorithms are implemented in Maude, an executable specification language based on a very efficient implementation of term rewriting. The first rewriting algorithm essentially consists of a set of equations establishing an executable semantics of LTL, using a simple formula transforming approach. This algorithm is further improved to build automata on-the-fly via caching and reuse of rewrites (called memoization), resulting in a very efficient and small Maude program that can be used to monitor program executions. The second rewriting algorithm builds on the first one and synthesizes provably minimal BTT-FSMs from LTL formulae, which can then be used to analyze execution traces online without the need for a rewriting system. The presented work is part of an ambitious runtime verification and monitoring project at NASA Ames, called PathExplorer, and demonstrates that rewriting can be a tractable and attractive means for experimenting and implementing logics for program monitoring.

[1]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[2]  G. Rosu,et al.  Synthesizing Dynamic Programming Algorithms fromLinear Temporal Logic Formulae , 2001 .

[3]  SymposiumT. Owen O'MalleyDept Eecient Speciication-based Oracles for Critical Systems , 1996 .

[4]  Michael R. Lowry,et al.  Formal Analysis of a Space-Craft Controller Using SPIN , 2001, IEEE Trans. Software Eng..

[5]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[6]  Grigore Rosu,et al.  Specification and Error Pattern Based Program Monitoring , 2001 .

[7]  Mahesh Viswanathan,et al.  Testing Extended Regular Language Membership Incrementally by Rewriting , 2003, RTA.

[8]  Reid G. Simmons,et al.  Collecting and Analyzing Data from Distributed Control Programs , 2001, Electron. Notes Theor. Comput. Sci..

[9]  Koushik Sen,et al.  Runtime safety analysis of multithreaded programs , 2003, ESEC/FSE-11.

[10]  Grigore Rosu,et al.  An Overview of the Tatami Project , 2000 .

[11]  Jieh Hsiang,et al.  Refutational Theorem Proving Using Term-Rewriting Systems , 1985, Artif. Intell..

[12]  Cnrs Fre,et al.  Model Checking a Path (Preliminary Report) , 2003 .

[13]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[14]  José Meseguer,et al.  Specification and proof in membership equational logic , 2000, Theor. Comput. Sci..

[15]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[16]  Narciso Martí-Oliet,et al.  Maude: specification and programming in rewriting logic , 2002, Theor. Comput. Sci..

[17]  Grigore Rosu,et al.  Java PathExplorer: A Runtime Verification Tool , 2001 .

[18]  Bernd Finkbeiner,et al.  Collecting Statistics Over Runtime Executions , 2005, Formal Methods Syst. Des..

[19]  Orna Kupferman,et al.  Model Checking of Safety Properties , 1999, Formal Methods Syst. Des..

[20]  Doron A. Peled,et al.  PET: An Interactive Software Testing Tool , 2000, CAV.

[21]  Koushik Sen,et al.  Generating Optimal Monitors for Extended Regular Expressions , 2003, RV@CAV.

[22]  Grigore Rosu,et al.  Towards Monitoring-Oriented Programming: A Paradigm Combining Specification and Implementation , 2003, RV@CAV.

[23]  Mahesh Viswanathan,et al.  Java-MaC: a Run-time Assurance Tool for Java Programs , 2001, RV@CAV.

[24]  Scott D. Stoller,et al.  Model-checking multi-threaded distributed Java programs , 2000, International Journal on Software Tools for Technology Transfer.

[25]  Natarajan Shankar,et al.  Experiments in Theorem Proving and Model Checking for Protocol Verification , 1996, FME.

[26]  Orna Kupferman,et al.  Freedom, weakness, and determinism: from linear-time to branching-time , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[27]  José Meseguer,et al.  Specification and proof in membership equational logic , 2000, Theor. Comput. Sci..

[28]  Michael R. Lowry,et al.  Experiments with Test Case Generation and Runtime Analysis , 2003, Abstract State Machines.

[29]  Gerard J. Holzmann,et al.  A practical method for verifying event-driven software , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[30]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[31]  Narciso Martí-Oliet,et al.  The Maude System , 1999, RTA.

[32]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[33]  Debra J. Richardson,et al.  Specification-based test oracles for reactive systems , 1992, International Conference on Software Engineering.

[34]  Grigore Rosu,et al.  Monitoring Java Programs with Java PathExplorer , 2001, RV@CAV.

[35]  Joseph A. Goguen,et al.  Initial Algebra Semantics and Continuous Algebras , 1977, J. ACM.

[36]  Doron A. Peled,et al.  Tracing the executions of concurrent programs , 2002, Electron. Notes Theor. Comput. Sci..

[37]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[38]  Claudio Demartini,et al.  A deadlock detection tool for concurrent Java programs , 1999, Softw. Pract. Exp..

[39]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multithreaded programs , 1997, TOCS.

[40]  David L. Dill,et al.  Java model checking , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[41]  Orna Kupferman,et al.  An Improved Algorithm for the Membership Problem for Extended Regular Expressions , 2002, MFCS.

[42]  Bernd Finkbeiner,et al.  Checking Finite Traces Using Alternating Automata , 2004, Formal Methods Syst. Des..

[43]  Doron Drusinsky Monitoring Temporal Rules Combined with Time Series , 2003, CAV.

[44]  Colin J. Fidge,et al.  Partial orders for parallel debugging , 1988, PADD '88.

[45]  G. Ro Synthesizing Dynamic Programming Algorithms from Linear Temporal Logic Formulae , 2001 .

[46]  Dimitra Giannakopoulou,et al.  Automata-based verification of temporal properties on running programs , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[47]  Grigore Rosu,et al.  Efficient monitoring of safety properties , 2004, International Journal on Software Tools for Technology Transfer.

[48]  A. Prasad Sistla,et al.  The complexity of propositional linear temporal logics , 1982, STOC '82.

[49]  Doron Drusinsky,et al.  The Temporal Rover and the ATG Rover , 2000, SPIN.

[50]  Zohar Manna,et al.  Temporal Verification of Reactive Systems , 1995, Springer New York.

[51]  Grigore Rosu,et al.  Testing Linear Temporal Logic Formulae on Finite Execution Traces , 2001 .

[52]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[53]  Grigore Rosu,et al.  Monitoring programs using rewriting , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[54]  Mahesh Viswanathan,et al.  Runtime Assurance Based On Formal Specifications , 1999, PDPTA.

[55]  Vijay K. Garg,et al.  Partial Order Trace Analyzer (POTA) for Distributed Programs , 2003, RV@CAV.

[56]  Radu Iosif,et al.  A deadlock detection tool for concurrent Java programs , 1999, Softw. Pract. Exp..

[57]  Grigore Rosu,et al.  Synthesizing Monitors for Safety Properties , 2002, TACAS.

[58]  Andreas Podelski,et al.  Boolean and Cartesian abstraction for model checking C programs , 2001, International Journal on Software Tools for Technology Transfer.

[59]  MeseguerJosé Conditional rewriting logic as a unified model of concurrency , 1992 .

[60]  Hiroaki Yamamoto An Automata-Based Recognition Algorithm for Semi-extended Regular Expressions , 2000, MFCS.

[61]  José Meseguer,et al.  Membership algebra as a logical framework for equational specification , 1997, WADT.

[62]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.