Advertisement

Automated Software Engineering

, Volume 12, Issue 2, pp 151–197 | Cite as

Rewriting-Based Techniques for Runtime Verification

  • Grigore Roşu
  • Klaus Havelund
Article

Abstract

Techniques for efficiently evaluating future time Linear Temporal Logic (abbreviated LTL) formulae on finite execution traces are presented. While the standard models of LTL are infinite traces, finite traces appear naturally when testing and/or monitoring real applications that only run for limited time periods. A finite trace variant of LTL is formally defined, together with an immediate executable semantics which turns out to be quite inefficient if used directly, via rewriting, as a monitoring procedure. Then three algorithms are investigated. First, a simple synthesis algorithm for monitors based on dynamic programming is presented; despite the efficiency of the generated monitors, they unfortunately need to analyze the trace backwards, thus making them unusable in most practical situations. To circumvent this problem, two rewriting-based practical algorithms are further investigated, one using rewriting directly as a means for online monitoring, and the other using rewriting to generate automata-like monitors, called binary transition tree finite state machines (and abbreviated BTT-FSMs). Both rewriting algorithms are implemented in Maude, an executable specification language based on a very efficient implementation of term rewriting. The first rewriting algorithm essentially consists of a set of equations establishing an executable semantics of LTL, using a simple formula transforming approach. This algorithm is further improved to build automata on-the-fly via caching and reuse of rewrites (called memoization), resulting in a very efficient and small Maude program that can be used to monitor program executions. The second rewriting algorithm builds on the first one and synthesizes provably minimal BTT-FSMs from LTL formulae, which can then be used to analyze execution traces online without the need for a rewriting system. The presented work is part of an ambitious runtime verification and monitoring project at NASA Ames, called PathExplorer, and demonstrates that rewriting can be a tractable and attractive means for experimenting and implementing logics for program monitoring.

Keywords

runtime analysis rewriting verification 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Artho, C., Drusinsky, D., Goldberg, A., Havelund, K., Lowry, M., Pasareanu, C., Roşu, G., and Visser, W. 2003. Experiments with test case generation and runtime analysis. In Proc. of ASM’03: Abstract State Machines, Vol. 2589 of Lecture Notes in Computer Science, Taormina, Italy, Springer, pp. 87–107.Google Scholar
  2. Ball, T., Podelski, A., and Rajamani, S. 2001. Boolean and cartesian abstractions for model checking c programs. In Proc. of TACAS’01: Tools and Algorithms for the Construction and Analysis of Systems, Lecture Notes in Computer Science, Genova, Italy.Google Scholar
  3. Bouhoula, A., Jouannaud, J.-P., and Meseguer, J. 2000. Specification and proof in membership equational logic. Theoretical Computer Science, 236:35–132.Google Scholar
  4. Bryant, R.E. 1986. Graph-based algorithms for boolean function manipulation. IEEE Transactions on Computers, C-35(8):677–691.Google Scholar
  5. Chen, F. and Roşu, G. 2003. Towards monitoring-oriented programming: A paradigm combining specification and implementation. In Proc. of RV’03: the Third International Workshop on Runtime Verification, Vol. 89 of Electronic Notes in Theoretical Computer Science, Elsevier Science, Boulder, Colorado, USA, pp. 106–125.Google Scholar
  6. Clavel, M. 2001. The ITP tool. In Logic, Language and Information. Proc. of the First Workshop on Logic and Language, Kronos, pp. 55–62.Google Scholar
  7. Clavel, M., Durán, F.J., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., and Quesada., J.F. 1999. Maude: Specification and programming in rewriting logic, Maude System documentation at http://maude.csl.sri.com/papers.
  8. Clavel, M., Durán, F.J., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., and Quesada., J.F. 2002. Maude: Specification and programming in rewriting logic. Theoretical Computer Science, 285:187–243.Google Scholar
  9. Corbett, J., Dwyer, M.B., Hatcliff, J., Pasareanu, C.S., Robby, Laubach S., and Zheng., H. 2000. Bandera: Extracting finite-state models from java source code. In Proc. of ICSE’00: International Conference on Software Engineering, Limerich, Ireland, ACM Press.Google Scholar
  10. Demartini, C., Iosif, R., and Sisto., R. 1999. A deadlock detection tool for concurrent java programs. Software Practice and Experience, 29(7):577–603.Google Scholar
  11. Drusinsky, D. 2000. The temporal rover and the atg rover. In Proc. of SPIN’00: SPIN Model Checking and Software Verification, Vol. 1885 of Lecture Notes in Computer Science, Springer Stanford, California, USA, pp. 323–330.Google Scholar
  12. Drusinsky, D. 2003. Monitoring temporal rules combined with time series. In Proc. of CAV’03: Computer Aided Verification, Vol. 2725 of Lecture Notes in Computer Science, Springer-Verlag, Boulder, Colorado, USA, pp. 114–118.Google Scholar
  13. Fidge, C.J. 1988. Partial orders for parallel debugging. In Proc. of the 1988 ACM SIGPLAN and SIGOPS workshop on Parallel and Distributed Debugging, ACM, pp. 183–194.Google Scholar
  14. Finkbeiner, B., Sankaranarayanan, S., and Sipma, H. 2002. Collecting statistics over runtime executions. In Proc. of RV’02: The Second International Workshop on Runtime Verification, volume 70 of Electronic Notes in Theoretical Computer Science, Elsevier, Paris, France.Google Scholar
  15. Finkbeiner, B. and Sipma, H. 2001. Checking finite traces using alternating automata. In Proc. of RV’01: The First International Workshop on Runtime Verification, Vol. 55(2) of Electronic Notes in Theoretical Computer Science, Elsevier Science, Paris, France.Google Scholar
  16. Giannakopoulou, D. and Havelund, K. 2001. Automata-based verification of temporal properties on running programs. In Proc. of ASE’01: International Conference on Automated Software Engineering, Institute of Electrical and Electronics Engineers, Coronado Island, California, pp. 412–416.Google Scholar
  17. Godefroid, P. 1997. Model checking for programming languages using verisoft. In Proc. of POPL’97: the 24th ACM Symposium on Principles of Programming Languages, Paris, France, pp. 174–186.Google Scholar
  18. Goguen, J., Lin, K., Roşu, G., Mori, A., and Warinschi, B. 2000. An overview of the Tatami project. In Cafe: An Industrial-Strength Algebraic Formal Method, Elsevier, pp. 61–78.Google Scholar
  19. Goguen, J., Thatcher, J., Wagner, E., and Wright, J. 1977. Initial algebra semantics and continuous algebras. Journal of the Association for Computing Machinery, 24(1):68–95.Google Scholar
  20. Goguen, J., Winkler, T., Meseguer, J., Futatsugi, K., and Jouannaud, J.-P. 2000. Introducing OBJ. In Software Engineering with OBJ: Algebraic Specification in Action, Kluwer.Google Scholar
  21. Gunter, E. and Peled, D. 2002. Tracing the executions of concurrent programs. In Proc. of RV’02: Second International Workshop on Runtime Verification, volume 70 of Electronic Notes in Theoretical Computer Science, Elsevier, Copenhagen, Denmark.Google Scholar
  22. Gunter, E.L., Kurshan, R.P., and Peled, D. 2003. PET: An interactive software testing tool. In Proc. of CAV’00: Computer Aided Verification, Vol. 1885 of Lecture Notes in Computer Science, Springer-Verlag, Chicago, Illinois, USA, pp. 552–556.Google Scholar
  23. Gunter, E.L. and Peled, D. 2000. Using functional languages in formal methods: The PET system. In Parallel and Distributed Processing Techniques and Applications, CSREA, pp. 2981–2986.Google Scholar
  24. Havelund, K., Johnson, S., and Roşu, G. 2001. Specification and error pattern based program monitoring. In Proc. of the European Space Agency workshop on On-Board Autonomy, Noordwijk, The Netherlands.Google Scholar
  25. Havelund, K., Lowry, M.R., and Penix, J. 2001. Formal analysis of a space craft controller using SPIN. IEEE Transactions on Software Engineering, 27(8):749–765, An earlier version occurred in the Proc. of SPIN’98: the fourth SPIN workshop, Paris, France, 1998.Google Scholar
  26. Havelund, K. and Pressburger, T. 2000. Model checking Java programs using Java PathFinder. International Journal on Software Tools for Technology Transfer, 2(4):366–381, Special issue containing selected submissions to SPIN’98: the fourth SPIN workshop, Paris, France, 1998.Google Scholar
  27. Havelund, K. and Roşu, G. 2001. Java PathExplorer—A Runtime verification tool. In Proc. of i-SAIRAS’01: the 6th International Symposium on Artificial Intelligence, Robotics and Automation in Space, Montreal, Canada.Google Scholar
  28. Havelund, K. and Roşu, G. 2001. Monitoring Java programs with java pathexplorer. In Proc. of RV’01: the First International Workshop on Runtime Verification, volume 55 of Electronic Notes in Theoretical Computer Science, Paris, France, Elsevier Science, pp. 97–114.Google Scholar
  29. Havelund, K. and Roşu, G. 2001. Monitoring programs using rewriting. In Proc. of ASE’01: International Conference on Automated Software Engineering, Institute of Electrical and Electronics Engineers, Coronado Island, California, USA, pp. 135–143.Google Scholar
  30. Havelund, K. and Roşu, G. 2001. Testing linear temporal logic formulae on finite execution traces. Technical Report TR 01-08, RIACS, Written 20.Google Scholar
  31. Havelund, K. and Roşu, G. to appear Efficient monitoring of safety properties. Software Tools and Technology Transfer.Google Scholar
  32. Havelund, K. and Roşu, G. 2002. Synthesizing monitors for safety properties. In Proc. of TACAS’02: Tools and Algorithms for Construction and Analysis of Systems, Vol. 2280 of Lecture Notes in Computer Science, Springer, Grenoble, France, pp. 342–356.Google Scholar
  33. Havelund, K. and Shankar, N. 1996. Experiments in theorem proving and model checking for protocol verification. In Proc. of FME’96: Industrial Benefit and Advances in Formal Methods, Vol. 1051 of Lecture Notes in Computer Science, Springer, Oxford, England, pp. 662–681Google Scholar
  34. Holzmann, G.J. and Smith, M.H. 1999. A practical method for verifying event-driven software. In Proc. of ICSE’99: International Conference on Software Engineering, IEEE/ACM, Los Angeles, California, USA.Google Scholar
  35. Hopcroft, J. and Ullman, J. 1979. Introduction to Automata Theory, Languages, and Computation. Reading, Massachusetts: Addison-Wesley.Google Scholar
  36. Hsiang, J. 1985. Refutational theorem proving using term rewriting systems. Artificial Intelligence, 25:255–300.Google Scholar
  37. Kim, M., Kannan, S., Lee, I., and Sokolsky, O. 2001. Java-MaC: A Run-time assurance tool for Java. In Proc. of RV’01: First International Workshop on Runtime Verification, Vol. 55 of Electronic Notes in Theoretical Computer Science, Elsevier Science, Paris, France.Google Scholar
  38. Kortenkamp, D., Milam, T., Simmons, R., and Fernandez, J. 2001. Collecting and analyzing data from distributed control programs. In Proc. of RV’01: First International Workshop on Runtime Verification, volume 55 of Electronic Notes in Theoretical Computer Science, Elsevier Science, Paris, France.Google Scholar
  39. Kupferman, O. and Vardi, M.Y. 1998. Freedom, weakness, and determinism: From linear-time to branching-Time. In Proc. of the IEEE Symposium on Logic in Computer Science, pp. 81–92.Google Scholar
  40. Kupferman, O. and Vardi, M.Y. 1999. Model checking of safety properties. In Proc. of CAV’99: Conference on Computer-Aided Verification, Trento, Italy.Google Scholar
  41. Kupferman, O. and Zuhovitzky, S. 2002. An improved algorithm for the membership problem for extended regular expressions. In Proc. of the International Symposium on Mathematical Foundations of Computer Science, Vol. 2420 of Lecture Notes in Computer Science.Google Scholar
  42. Lee, I., Kannan, S., Kim, M., Sokolsky, O., and Viswanathan, M. 1999. Runtime assurance based on formal specifications. In Proc. of PDPTA’99: International Conference on Parallel and Distributed Processing Techniques and Applications, Las Vegas, Nevada, USA.Google Scholar
  43. Manna, Z. and Pnueli, A. 1992. The Temporal Logic of Reactive and Concurrent Systems. New York: Springer.Google Scholar
  44. Manna, Z. and Pnueli, 1995. Temporal Verification of Reactive Systems: Safety. New York: Springer.Google Scholar
  45. Markey, N. and Schnoebelen, P. 2003. Model checking a path (Preliminary Report). In Proc. of CONCUR’03: International Conference on Concurrency Theory, Vol. 2761 of Lecture Notes in Computer Science, Springer, Marseille, France, pp. 251–265.Google Scholar
  46. Meseguer, J. 1992. Conditional rewriting logic as a unified model of concurrency. Theoretical Computer Science, 73–155.Google Scholar
  47. Meseguer, J. 1998. Membership algebra as a logical framework for equational specification. In Proc. of WADT’97: Workshop on Algebraic Development Techniques, Vol. 1376 of Lecture Notes in Computer Science, Springer, Tarquinia, Italy, pp. 18–61.Google Scholar
  48. O’Malley, T., Richardson, D., and Dillon, L. 1996. Efficient specification-based oracles for critical systems. In Proc. of the California Software Symposium.Google Scholar
  49. Park, D.Y., Stern, U., and Dill, D.L. 2000. Java model checking. In Proc. of the First International Workshop on Automated Program Analysis, Testing and Verification, Limerick, Ireland.Google Scholar
  50. Pnueli, A. 1977. The temporal logic of programs. In Proc. of the 18th IEEE Symposium on Foundations of Computer Science, pp. 46–77.Google Scholar
  51. Richardson, D.J., Aha, S.L., and O’Malley, T.O. 1992. Specification-based test oracles for reactive systems. In Proc. of ICSE’92: International Conference on Software Engineering, Melbourne, Australia, pp. 105–118.Google Scholar
  52. Roşu, G. and Havelund, K. 2001. Synthesizing dynamic programming algorithms from linear temporal logic formulae. RIACS Technical report TR 01-08.Google Scholar
  53. Roşu, G. and Viswanathan, M. 2003. Testing extended regular language membership incrementally by rewriting. In Proc. of RTA’03: Rewriting Techniques and Applications, Vol. 2706 of Lecture Notes in Computer Science, Valencia, Spain, Springer-Verlag, pp. 499–514.Google Scholar
  54. Savage, S., Burrows, M., Nelson, G., Sobalvarro, P., and Anderson, T. 1997. Eraser: A dynamic data race detector for multithreaded programs. ACM Transactions on Computer Systems, 15(4):391–411.Google Scholar
  55. Sen, A. and Garg, V.K. 2003. Partial order trace analyzer (POTA) for distrubted programs. In Proc. of RV’03: the Third International Workshop on Runtime Verification, Vol. 89 of Electronic Notes in Theoretical Computer Science, Boulder, Elsevier Science, Colorado, USA.Google Scholar
  56. Sen, K. and Roşu, G. 2003. Generating optimal monitors for extended regular expressions. In Proc. of RV’03: the Third International Workshop on Runtime Verification, volume 89 of Electronic Notes in Theoretical Computer Science, Elsevier Science, Boulder, Colorado, USA, pp. 162–181.Google Scholar
  57. Sen, K., Roşu, G., and Agha, G. 2003. Runtime safety analysis of multithreaded programs. In Proc. of ESEC/FSE’03: European Software Engineering Conference and ACM SIGSOFT International Symposium on the Foundations of Software Engineering. ACM, Helsinki, Finland.Google Scholar
  58. Shankar, N., Owre, S., and Rushby, J.M. 1993. PVS Tutorial. Computer science laboratory, SRI International, Menlo Park, CA, 1993. Also appears in Tutorial Notes, Formal Methods Europe ‘93: Industrial-Strength Formal Methods, Odense, Denmark, pp. 357–406.Google Scholar
  59. Sistla, A.P. and Clarke, E.M. 1985. The Complexity of propositional linear temporal logics. Journal of the ACM (JACM), 32(3):733–749.Google Scholar
  60. Stoller, S.D. 2000. Model-checking multi-threaded distributed java programs. In Proc. of SPIN’00: SPIN Model Checking and Software Verification, Vol. 1885 of Lecture Notes in Computer Science, Springer, Stanford, California, USA, pp. 224–244.Google Scholar
  61. Visser, W., Havelund, K., Brat, G., and Park, S. 2000. Model checking programs. In Proc. of ASE’00: International Conference on Automated Software Engineering, IEEE CS Press, Grenoble, France.Google Scholar
  62. Yamamoto, H. 2000. An automata-based recognition algorithm for semi-extended regular expressions. In Proc. of the International Symposium on Mathematical Foundations of Computer Science, Vol. 1893 of Lecture Notes in Computer Science, pp. 699–708.Google Scholar

Copyright information

© Springer Science + Business Media, Inc. 2005

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of Illinois at Urbana-ChampaignUrbana-Champaign

Personalised recommendations