Formal Methods in System Design

, Volume 46, Issue 3, pp 286–316 | Cite as

The ins and outs of first-order runtime verification

  • Andreas BauerEmail author
  • Jan-Christoph Küster
  • Gil Vegliach


The main purpose of this paper is to introduce a first-order temporal logic, \({{\mathrm{LTL}}}^{{{{{\mathrm{FO}}}}}} \), and a corresponding monitor construction based on a new type of automaton, called spawning automaton. Specifically, we show that monitoring a specification in \({{\mathrm{LTL}}}^{{{{{\mathrm{FO}}}}}} \) boils down to an undecidable decision problem. The proof of this result revolves around specific ideas on what we consider a “proper” monitor. As these ideas are general, we outline them first in the setting of standard LTL, before lifting them to the setting of first-order logic and \({{\mathrm{LTL}}}^{{{{{\mathrm{FO}}}}}} \). Although due to the above result one cannot hope to obtain a complete monitor for \({{\mathrm{LTL}}}^{{{{{\mathrm{FO}}}}}} \), we prove the soundness of our automata-based construction and give experimental results from an implementation. These seem to substantiate our hypothesis that the automata-based construction leads to efficient runtime monitors whose size does not grow with increasing trace lengths (as is often observed in similar approaches). However, we also discuss formulae for which growth is unavoidable, irrespective of the chosen monitoring approach. Specifically, we provide a general categorisation of so called monitorable languages, which is closely related to this notion of “growth-inducing” (that is, trace-length dependent) formulae. It relates to the well-known safety-progress hierarchy, yet is orthogonal to it.


Monitoring Spawning automata Temporal logic  First-order logic Monitorability Trace-length independence 



Our thanks go to Patrik Haslum, Michael Norrish and Peter Baumgartner for helpful comments on earlier drafts of this paper. NICTA is funded by the Australian Government as represented by the Department of Broadband, Communications and the Digital Economy and the Australian Research Council through the ICT Centre of Excellence program.


  1. 1.
    Bauer A, Leucker M, Schallhart C (2011) Runtime verification for LTL and TLTL. ACM Trans Softw Eng Methodol 20(4):14CrossRefGoogle Scholar
  2. 2.
    Dong W, Leucker M, Schallhart C (2008) Impartial anticipation in runtime-verification. In: Proc. 6th Intl. Symp. on automated technology for verification and analysis (ATVA), vol 5311. LNCS, Springer, pp 386–396Google Scholar
  3. 3.
    Halle S, Villemaire R (2008) Runtime monitoring of message-based workflows with data. In: Proc. 12th Enterprise Distr. Object Comp. Conf. (EDOC), pp 63–72, IEEE. doi: 10.1109/EDOC.2008.32
  4. 4.
    Havelund K, Rosu G (2004) Efficient monitoring of safety properties. Softw Tools Technol Transf 6(2):158–173CrossRefGoogle Scholar
  5. 5.
    Basin D, Klaedtke F, Müller S (2010) Policy monitoring in first-order temporal logic. In: Proc. 22nd Intl. Conf. on computer aided verification (CAV), vol 6174. LNCS, Springer, pp 1–18Google Scholar
  6. 6.
    Bauer A, Gore R, Tiu A (2009) A first-order policy language for history-based transaction monitoring. In: Proc. 6th Intl. Colloq. on theoretical aspects of computing (ICTAC), vol 5684. LNCS, Springer, pp 96–111Google Scholar
  7. 7.
    Chomicki J (1995) Efficient checking of temporal integrity constraints using bounded history encoding. ACM Trans Database Syst 20(2):149–186CrossRefGoogle Scholar
  8. 8.
    Chomicki J, Niwinski D (1995) On the feasibility of checking temporal integrity constraints. J Comput Syst Sci 51(3):523–535zbMATHMathSciNetCrossRefGoogle Scholar
  9. 9.
    Sistla AP, Wolfson O (1995) Temporal triggers in active databases. IEEE Trans Knowl Data Eng 7(3):471–486CrossRefGoogle Scholar
  10. 10.
    Bauer A, Küster JC, Vegliach G (2012) Runtime verification meets android security. In: Proc. 4th NASA formal methods symp. (NFM), vol 7226. LNCS, Springer, pp 174–180Google Scholar
  11. 11.
    Manna Z, Pnueli A (1987) A hierarchy of temporal properties. In: Proc. 6th Annual ACM Symp. on principles of distributed computing (PODC), ACM, pp 205–205Google Scholar
  12. 12.
    Bauer A, Küster JC, Vegliach G (2013) From propositional to first-order monitoring. In: Proc. 4th Intl. Conf. on runtime verification (RV), vol 8174. LNCS, Springer, pp 59–75Google Scholar
  13. 13.
    Baier C, Katoen JP (2008) Principles of model checking. MIT Press, CambridgezbMATHGoogle Scholar
  14. 14.
    Clarke EM, Grumberg O, Peled DA (1999) Model checking. The MIT Press, CambridgeGoogle Scholar
  15. 15.
    Markey N, Schnoebelen P (2003) Model checking a path. In: Proc. 14th Int. Conf. on concurrency theory (CONCUR), vol 2761. LNCS, Springer, pp 248–262 SpringerGoogle Scholar
  16. 16.
    Sistla AP, Clarke EM (1985) The complexity of propositional linear temporal logics. J ACM 32(3):733–749zbMATHMathSciNetCrossRefGoogle Scholar
  17. 17.
    Genon A, Massart T, Meuter C (2006) Monitoring distributed controllers: When an efficient LTL algorithm on sequences is needed to model-check traces. In: Proc. 14th Intl. Symp. on formal methods (FM), vol 4085. LNCS, Springer, pp 557–572Google Scholar
  18. 18.
    Kuhtz L, Finkbeiner B (2012) Efficient parallel path checking for linear-time temporal logic with past and bounds. Log Methods Comput Sci 8(4)Google Scholar
  19. 19.
    Eisner C, Fisman D, Havlicek J, Lustig Y, McIsaac A, Campenhout DV (2003) Reasoning with temporal logic on truncated paths. In: Proc. 15th Intl. Conf. on Computer Aided Verification (CAV), vol 2725. LNCS, Springer, pp 27–39Google Scholar
  20. 20.
    Libkin L (2004) Elements of finite model theory. Springer, New YorkzbMATHCrossRefGoogle Scholar
  21. 21.
    Gerth R, Peled D, Vardi MY, Wolper P (1996) Simple on-the-fly automatic verification of linear temporal logic. In: Proc. 15th IFIP WG6.1 Intl. Symp. on protocol specification, testing and verification XV (IFIP). Chapman & Hall, pp 3–18Google Scholar
  22. 22.
    Hopcroft JE, Ullman JD (1979) Introduction to automata theory, languages and computation, 1st edn. Addison-Wesley, ReadingzbMATHGoogle Scholar
  23. 23.
    Bacchus F, Kabanza F (1998) Planning for temporally extended goals. Ann Math Artif Intell 22:5–27. doi: 10.1023/A:1018985923441.
  24. 24.
    Dwyer M, Avrunin G, Corbett J (1999) Patterns in property specifications for finite-state verification. In: Proc. 21st Intl. Conf. on Softw. Eng. (ICSE), IEEE, pp 411–420Google Scholar
  25. 25.
    Pnueli A, Zaks A (2006) PSL model checking and run-time verification via testers. In: Proc. 14th Intl. Symp. on formal methods (FM), vol 4085. LNCS, Springer, pp 573–586Google Scholar
  26. 26.
    Bauer A (2010) Monitorability of \(\omega \)-regular languages. Comput Res Repos (CoRR/arXive) abs/1006.3638, ACMGoogle Scholar
  27. 27.
    Allan C, Avgustinov P, Christensen AS, Hendren L, Kuzins S, Lhoták O, de Moor O, Sereni D, Sittampalam G, Tibble J (2005) Adding trace matching with free variables to aspect J. In: Proc. 20th ACM SIGPLAN Conf. on object-oriented programming, systems, languages, and applications (OOPSLA), ACM, pp 345–364Google Scholar
  28. 28.
    Chen F, Roşu G (2009) Parametric trace slicing and monitoring. In: Proc. 15th Intl. Conf. on tools and algorithms for the construction and analysis of systems (TACAS), vol 5505. LNCS, Springer, pp 246–261Google Scholar
  29. 29.
    Stolz V (2010) Temporal assertions with parametrized propositions. J. Log. Comp. 20(3):743–757zbMATHMathSciNetCrossRefGoogle Scholar
  30. 30.
    Jin D, Meredith PO, Lee C, Rosu G (2012) JavaMOP: efficient parametric runtime monitoring framework. In: Proc. 34th Intl. Conf. on Softw. Eng. (ICSE), IEEE, pp 1427–1430Google Scholar
  31. 31.
    Medhat R, Joshi Y, Bonakdarpour B, Fischmeister S (2014) Parallelized runtime verification of first-order LTL specifications. Technical Report CS-2014-11, University of WaterlooGoogle Scholar
  32. 32.
    Dean J, Ghemawat S (2010) Map reduce: a flexible data processing tool. Commun ACM 53(1):72–77CrossRefGoogle Scholar
  33. 33.
    Decker N, Leucker M, Thoma D (2014) Monitoring modulo theories. In: Proc. 20th Intl. Conf. on tools and algorithms for the construction and analysis of systems, vol 8413. Springer, LNCS, pp 341–356Google Scholar
  34. 34.
    Nieuwenhuis R, Oliveras A, Tinelli C (2006) Solving SAT and SAT modulo theories: from an abstract davis–putnam–logemann–loveland procedure to dpll(T). J ACM 53(6):937–977. doi: 10.1145/1217856.1217859 MathSciNetCrossRefGoogle Scholar
  35. 35.
    Garey MR, Johnson DS (1979) Computers and intractability: a guide to the theory of NP-completeness. W. H. Freeman & Co., New YorkzbMATHGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  • Andreas Bauer
    • 1
    • 2
    Email author
  • Jan-Christoph Küster
    • 1
    • 3
  • Gil Vegliach
    • 1
  1. 1.Software Systems Research GroupNICTACanberraAustralia
  2. 2.Software & Systems Engineering GroupTU MünchenGarchingGermany
  3. 3.Logic & Computation GroupAustralian National UniversityCanberraAustralia

Personalised recommendations