Formal Methods in System Design

, Volume 43, Issue 1, pp 29–60 | Cite as

Time-triggered runtime verification

  • Borzoo Bonakdarpour
  • Samaneh Navabpour
  • Sebastian Fischmeister


The goal of runtime verification is to monitor the behavior of a system to check its conformance to a set of desirable logical properties. The literature of runtime verification mostly focuses on event-triggered solutions, where a monitor is invoked when an event of interest occurs (e.g., change in the value of some variable). At invocation, the monitor evaluates the set of properties of the system that are affected by the occurrence of the event. This constant invocation introduces two major defects to the system under scrutiny at run time: (1) significant overhead, and (2) unpredictability of behavior. These defects are serious obstacles when applying runtime verification on safety-critical systems that are time-sensitive by nature.

To circumvent the aforementioned defects in runtime verification, in this article, we introduce a novel time-triggered approach, where the monitor takes samples from the system with a constant frequency, in order to analyze the system’s health. We describe the formal semantics of time-triggered monitoring and discuss how to optimize the sampling period using minimum auxiliary memory. We show that such optimization is NP-complete and consequently introduce a mapping to Integer Linear Programming. Experiments on a real-time benchmark suite show that our approach introduces bounded overhead and effectively reduces the involvement of the monitor at run time by using negligible auxiliary memory. We also show that in some cases it is even possible to reduce the overall overhead of runtime verification by using our time-triggered approach when the structure of the system allows choosing a long enough sampling period.


Runtime verification Monitoring Time-triggered Predictability Overhead Real-time Embedded systems 



This research was supported in part by NSERC Discovery Grant 418396-2012, NSERC DG 357121-2008, ORF-RE03-045, ORF-RE04-036, ORF-RE04-039, APCPJ 386797-09, CFI 20314 and CMC, STPGP-430575, and the industrial partners associated with these projects.


  1. 1.
  2. 2.
    Alur R, Dill D (1994) A theory of timed automata. Theor Comput Sci 126(2):183–235 MathSciNetMATHCrossRefGoogle Scholar
  3. 3.
    Artho C, Drusinksy D, Goldberg A, Havelund K, Lowry M, Pasareanu C, Roşu G, Visser W (2003) Experiments with test case generation and runtime analysis. In: Proceedings of the 10th international conference on advances in theory and practice of abstract state machines, ASM’03, pp 87–108 Google Scholar
  4. 4.
    Barringer H, Goldberg A, Havelund K, Sen K (2004) Rule-based runtime verification. In: Proceedings of the 5th international conference on verification, model checking, and abstract interpretation, VMCAI’04, pp 44–57 CrossRefGoogle Scholar
  5. 5.
    Bauer A, Leucker M, Schallhart C Runtime verification for LTL and TLTL. ACM transactions on software Engineering and Methodology (TOSEM) (2009, in press) Google Scholar
  6. 6.
    Bauer A, Leucker M, Schallhart C (2010) Comparing LTL semantics for runtime verification. J Log Comput 20(3):651–674 MathSciNetMATHCrossRefGoogle Scholar
  7. 7.
    Bauer A, Leucker M, Schallhart C (2011) Runtime verification for LTL and TLTL. ACM Trans Softw Eng Methodol 20(4):14 CrossRefGoogle Scholar
  8. 8.
    Bodden E (2010) Efficient hybrid typestate analysis by determining continuation-equivalent states. In: International conference on software engineering (ICSE), pp 5–14 Google Scholar
  9. 9.
    Bodden E, Hendren L, Lam P, Lhoták O, Naeem N (2007) Collaborative runtime verification with tracematches. In: Proceedings of the 7th international conference on runtime verification, RV’07, pp 22–37 CrossRefGoogle Scholar
  10. 10.
    Bodden E, Hendren L, Lhoták O (2007) A staged static program analysis to improve the performance of runtime monitoring. In: Proceedings of the 21st European conference on object-oriented programming, ECOOP’07, pp 525–549 Google Scholar
  11. 11.
    Bodden E, Lam P, Hendren L (2008) Finding programming errors earlier by evaluating runtime monitors ahead-of-time. In: Proceedings of the 16th ACM SIGSOFT international symposium on foundations of software engineering, FSE’08, pp 36–47 CrossRefGoogle Scholar
  12. 12.
    Bonakdarpour B, Navabpour S, Fischmeister S (2011) Sampling-based runtime verification. In: Formal methods (FM), pp 88–102 Google Scholar
  13. 13.
    Chang EY, Manna Z, Pnueli A (1992) Characterization of temporal property classes. In: Automata, languages and programming (ICALP), pp 474–486 CrossRefGoogle Scholar
  14. 14.
    Chen F, Roşu G (2005) Java-MOP: a monitoring oriented programming environment for Java. In: Tools and algorithms for the construction and analysis of systems (TACAS), pp 546–550 CrossRefGoogle Scholar
  15. 15.
    Chen F, Roşu G (2005) Java-mop: a monitoring oriented programming environment for Java. In: Proceedings of the 11th international conference on tools and algorithms for the construction and analysis of systems, TACAS’05, pp 546–550 CrossRefGoogle Scholar
  16. 16.
    Colin S, Mariani L (2005) Run-time verification. LNCS, vol 3472. Springer, Berlin. Chapter 18 Google Scholar
  17. 17.
    d’Amorim M, Rosu G (2005) Efficient monitoring of omega-languages. In: Computer aided verification (CAV), pp 364–378 CrossRefGoogle Scholar
  18. 18.
    Dwyer MB, Kinneer A, Elbaum S (2007) Adaptive online program analysis. In: Proceedings of the 29th international conference on software engineering, ICSE ’07, pp 220–229 Google Scholar
  19. 19.
    Falcone Y, Fernandez J-C, Mounier L (2009) Runtime verification of safety-progress properties. In: Runtime verification (RV), pp 40–59 CrossRefGoogle Scholar
  20. 20.
    Fischmeister S, Ba Y (2010) Sampling-based program execution monitoring. In: ACM international conference on languages, compilers, and tools for embedded systems (LCTES), pp 133–142 Google Scholar
  21. 21.
    Giannakopoulou D, Havelund K (2001) Automata-based verification of temporal properties on running programs. In: Automated software engineering (ASE), pp 412–416 Google Scholar
  22. 22.
    Havelund K (2008) Runtime verification of C programs. In: Proceedings of the 20th IFIP TC 6/WG 6.1 international conference on testing of software and communicating systems: 8th international workshop, TestCom ’08/FATES ’08 Google Scholar
  23. 23.
    Havelund K, Goldberg A (2008) Verify your runs, pp 374–383 Google Scholar
  24. 24.
    Havelund K, Rosu G (2001) Monitoring Java programs with Java PathExplorer. Electron Notes Theor Comput Sci 55(2):200–217 CrossRefGoogle Scholar
  25. 25.
    Havelund K, Rosu G (2001) Monitoring programs using rewriting. In: Automated software engineering (ASE), pp 135–143 Google Scholar
  26. 26.
    Havelund K, Rosu G (2002) Synthesizing monitors for safety properties. In: Tools and algorithms for the construction and analysis of systems (TACAS), pp 342–356 CrossRefGoogle Scholar
  27. 27.
    Havelund K, Rosu G (2004) Efficient monitoring of safety properties. Softw Tools Technol Transf 6(2):158–173 CrossRefGoogle Scholar
  28. 28.
    Huang X, Seyster J, Callanan S, Dixit K, Grosu R, Smolka SA, Stoller SD, Zadok E (2012) Software monitoring with controllable overhead. Softw Tools Technol Transf 14(3):327–347 CrossRefGoogle Scholar
  29. 29.
    Karp RM (1972) Reducibility among combinatorial problems. In: Symposium on complexity of computer computations, pp 85–103 CrossRefGoogle Scholar
  30. 30.
    Kim M, Lee I, Sammapun U, Shin J, Sokolsky O (2002) Monitoring, checking, and steering of real-time systems. Electron Notes Theor Comput Sci 70(4):95–111 CrossRefGoogle Scholar
  31. 31.
    Kim M, Viswanathan M, Ben-Abdallah H, Kannan S, Lee I, Sokolsky O (1999) Formally specified monitoring of temporal properties. In: Euromicro conference on real-time systems (ECRTS), pp 114–122 Google Scholar
  32. 32.
    Kim M, Viswanathan M, Kannan S, Lee I, Sokolsky O (2004) Java-mac: a run-time assurance approach for Java programs. Form Methods Syst Des 24(2):129–155 MATHCrossRefGoogle Scholar
  33. 33.
    Kim M, Viswanathan M, Kannan S, Lee I, Sokolsky O (2004) Java-MaC: a run-time assurance approach for Java programs. Form Methods Syst Des 24(2):129–155 MATHCrossRefGoogle Scholar
  34. 34.
    Kupferman O, Vardi MY (1999) Model checking of safety properties. In: Computer aided verification (CAV), pp 172–183 CrossRefGoogle Scholar
  35. 35.
    Lattner C, Adve V (2004) LLVM: a compilation framework for lifelong program analysis and transformation. In: International symposium on code generation and optimization: feedback directed and runtime optimization, p 75 Google Scholar
  36. 36.
    Lee I, Kannan S, Kim M, Sokolsky O, Viswanathan M (1999) Runtime assurance based on formal specifications. In: Parallel and distributed processing techniques and applications (PDPTA), pp 279–287 Google Scholar
  37. 37.
  38. 38.
    Manna Z, Pnueli A (1990) A hierarchy of temporal properties. In: Principles of distributed computing (PODC), pp 377–410 Google Scholar
  39. 39.
    Meredith P, Jin D, Chen F, Roşu G (2010) Efficient monitoring of parametric context-free patterns. Autom Softw Eng 17(2):149–180 CrossRefGoogle Scholar
  40. 40.
    Navabpour S, Wu CW, Bonakdarpour B, Fischmeister S (2011) Efficient techniques for near-optimal instrumentation in time-triggered runtime verification. In: International conference on runtime verification (RV), pp 208–222 Google Scholar
  41. 41.
    Pike L, Goodloe A, Morisset R, Niller S (2010) Copilot: a hard real-time runtime monitor. In: Runtime verification (RV), pp 345–359 CrossRefGoogle Scholar
  42. 42.
    Pnueli A (1977) The temporal logic of programs. In: Symposium on foundations of computer science (FOCS), pp 46–57 Google Scholar
  43. 43.
    Pnueli A, Zaks A (2006) PSL model checking and run-time verification via testers. In: Symposium on formal methods (FM), pp 573–586 Google Scholar
  44. 44.
    Raskin J-F, Schobbens P-Y (1999) The logic of event clocks—decidability, complexity and expressiveness. J Autom Lang Comb 4(3):247–286 MathSciNetMATHGoogle Scholar
  45. 45.
    Rosu G, Chen F, Ball T (2008) Synthesizing monitors for safety properties: this time with calls and returns. In: Runtime verification (RV), pp 51–68 CrossRefGoogle Scholar
  46. 46.
    Seyster J, Dixit K, Huang X, Grosu R, Havelund K, Smolka SA, Stoller SD, Zadok E (2010) Aspect-oriented instrumentation with GCC. In: Runtime verification (RV), pp 405–420 CrossRefGoogle Scholar
  47. 47.
    Stoller SD, Bartocci E, Seyster J, Grosu R, Havelund K, Smolka SA, Zadok E (2011) Runtime verification with state estimation. In: Runtime verification (RV), pp 193–207 Google Scholar
  48. 48.
    Stolz V, Bodden E (2006) Temporal assertions using AspectJ. Electron Notes Theor Comput Sci 144(4):109–124 CrossRefGoogle Scholar
  49. 49.
    Zhou W, Sokolsky O, Loo BT, Lee I (2009) MaC: distributed monitoring and checking. In: Runtime verification (RV), pp 184–201 CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  • Borzoo Bonakdarpour
    • 1
  • Samaneh Navabpour
    • 2
  • Sebastian Fischmeister
    • 2
  1. 1.School of Computer ScienceUniversity of WaterlooWaterlooCanada
  2. 2.Department of Electrical and Computer EngineeringUniversity of WaterlooWaterlooCanada

Personalised recommendations