Runtime Verification and Enforcement, the (Industrial) Application Perspective (Track Introduction)
- 1.6k Downloads
During the last decade, the runtime verification and enforcement (RVE) community has been incredibly prolific in producing many theories, tools and techniques aiming towards the efficient analysis of systems’ executions and guaranteeing their correctness w.r.t. some desired properties. With the major strides made in recent years, much effort is still needed to make RVE attractive and viable methodologies for industrial use. In addition to industry, numerous other domains, such as security, bio-health monitoring, etc., can gain from RVE. The purpose of the “ Runtime Verification and Enforcement: the (industrial) application perspective” track at ISoLA’16 is to bring together RVE experts and potential application domains to try and advance the state-of-the-art on how to make RVE more useable and attractive to industry and other disciplines.
KeywordsRuntime Veriﬁcation (RV) Application Perspective Introduction Tracking Potential Application Domains Viable Methodology
Runtime verification (RV) and runtime enforcement (RE) refer to a class of lightweight yet powerful formal techniques aiming towards the efficient analysis of systems’ executions and guaranteeing their correctness w.r.t. some desired properties.
RV  is concerned with monitoring of software or hardware at execution time. RV is based on extracting information from a running system (instrumentation) and monitoring if the observed behaviors satisfy or violate the properties of interest. These techniques are very important for system correctness, safety, reliability, security, and robustness. Monitoring is generally used when the state-space of the system model is impractical to handle using model checking [8, 30] due to the state-explosion problem, or when the system model is not available and the system appears as a black-box where only outputs are observable.
During the last decade, the RV community has been incredibly prolific in producing many theories, tools and techniques that are now successfully employed in several application domains that go beyond the program verification: streaming processing applications [9, 22], checking interoperability of medical devices , mixed-signal circuit analysis [20, 21, 27, 35], analysis of cyber-physical  and biological systems [1, 3, 5, 17], signal processing [4, 7] and music detection .
RV can be employed before the deployment, for testing, verification, and debugging purposes or after deployment to trigger some system recovery actions when a safety property is violated and for ensuring reliability, safety, and security and for providing fault containment and recovery as well as online system repair.
For example, RV can be used in combination with RE [13, 14, 15, 28, 32], a powerful technique to ensure that a program conforms to a given set of properties. For example, one of the pioneer work on RE is the paper on security automata  where monitors can decide to halt the underlying program whenever its behavior deviates from the desired property. More recently in [28, 32], RE mechanisms have been extended to ensure timed properties.
One of the major challenges in RV and RE is characterising and formally expressing requirements that can be efficiently verified and enforced [11, 29, 33]. With the major strides made in recent years, much effort is still needed to make RV and RE attractive and viable methodologies for industrial use. In addition to industry, numerous other domains, such as security, bio-health monitoring, etc., can gain from RV and RE. The purpose of the “Runtime Verification and Enforcement: the (industrial) application perspective” track at ISoLA’16 is to bring together experts on runtime verification and runtime enforcement and potential application domains to try and advance the state-of-the-art on how to make RV and RE more useable and attractive to industry and other disciplines.
2 Overview of the Track’s Sessions
The track consists of 10 contributed papers presented during three sessions. In the following we provide an overview of the topics discussed during each session.
2.1 Session 1 - RV Core: Reasoning About Traces and Distributed Monitoring
The first session is dedicated to RV foundational problems concerned with the notion of trace and the open challenges on fault-tolerant monitoring of distributed systems.
The first session paper  by Reger et al. provides an important overview on different notions of system’s execution trace used in RV. This study is motivated by the need of a standard representation of system’s execution traces. The paper aims at improving the development and the performance evaluation of offline monitoring tools [2, 16].
Traces are useful models for several types of program analysis, including debugging and performance analysis. For example, assembly traces provide a detailed information about the target program’s behavior, and they can be used to detect the violation of security properties at low-level code execution. The second paper  by Khoury et al. explores the BeepBeep tool, a monitor for the first-order extension of Linear Temporal Logic LTL-FO+, interpreting security properties over assembly traces.
The third session paper  by Bonakdarpour et al. provides an interesting and useful insight on the current open research problems on RV techniques for distributed systems, where a set of monitors have only a partial view of a large system and may be exposed to different types of faults.
2.2 Session 2 - an Application Perspective of Runtime Verification
The second session provides an application perspective of RV tools and techniques used in industrial case studies and within recent national and European projects.
The first session paper  by Nguyen et al. focuses on the problem of verification and validation (V & V) of complex mixed-analog integrated circuit that in industrial practice accounts for 60–70% of project development time. Simulation, which is the dominant method for pre-silicon verification, is the main bottleneck in this process because immense computing requirements prevents scaling. The increasing trend to overcome this issue is to complement simulation techniques with an emulation-based approach where the designed system is replaced by an early prototype implemented on Field Programmable Gate Array (FPGA) allowing long-term/stress testing and whole-range parameter variations, which are impractical with simulation-based verification. The authors provide an overview about their experience in the Austrian FFG-funded HARMONIA project whose goal is to improve the verification techniques of the emulation-based approach by combining RV with design emulation.
The second session paper  by Pastore et al. focuses on important problems in software engineering such as the dynamic analysis of regression problems, where software upgrades, may introduce also side-effects that break existing functionalities. Localizing and understanding the causes of regression failures are extremely challenging. The authors show how they address automatic detection of regression problems by integrating runtime verification, testing and static analysis.
The third session paper  by Leucker et al. shows the relevance of RV techniques application on ensuring the interoperability among interconnected medical devices. The authors present a software development kit (SDK) for the Open Surgical Communication Protocol (OSCP) supporting the development of interconnected medical devices according to the IEEE 11073 standards for interoperable medical communication.
2.3 Session 3 - Stream Processing and Runtime Enforcement Applications
The third session is dedicated to stream processing and RE techniques with a special focus on online social networks as potential application domain.
Online social networks are nowadays so popular that according to a recent survey  almost 70 % of the internet users are active on them. In this scenario, ensuring the desired privacy is one key challenges of these nowadays so pervasive technologies. One common problem is that the current state-of-the-art in privacy settings do not take in consideration the fact the networks evolve as well as the privacy preferences of the users. The first session paper  by Pace et al. proposes an automata-based approach to define and to enforce such policies using runtime verification techniques.
With the ever growing information available in online social network, the number of businesses that would like to exploit this huge stream of data available (i.e. the post and the likes on social media) is dramatically increasing. The third session paper  by Colombo et al. show how RV technology can be used not only for verification, but also to easily develop stream-processing applications using monitor-oriented programming.
On the same line of research on stream processing applications is also the fourth session paper by Kaufmann et al.  addressing the problem of software comprehension, where a user provides a formal specification to annotate a given event stream with contextual information that enables to build tools for visualizing and analyzing the trace. This work is motivated by the need to quickly process on the ground event streams with millions of events that are generated by a spacecraft.
The authors acknowledge the support of the ICT COST Action IC1402 Runtime Verification beyond Monitoring (ARVI). Ezio Bartocci acknowledges also the partial support of the Austrian Science Fund (FWF) and the IKT der Zukunft of Austrian FFG project HARMONIA (nr. 845631).
- 5.Bartocci, E., Liò, P.: Computational modeling, formal analysis, and tools for systems biology. PLoS Comput. Biol. 12(1) (2016)Google Scholar
- 6.Bonakdarpour, B., Rajsbaum, S., Fraigniaud, P., Travers, C.: Challenges in fault-tolerant distributed runtime verification. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 363–370. Springer, Cham (2016)Google Scholar
- 7.Bufo, S., Bartocci, E., Sanguinetti, G., Borelli, M., Lucangelo, U., Bortolussi, L.: Temporal logic based monitoring of assisted ventilation in intensive care patients. In: Margaria, T., Steffen, B. (eds.) ISoLA 2014. LNCS, vol. 8803, pp. 391–403. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-45231-8_30 Google Scholar
- 9.Colombo, C., Pace, G., Camilleri, L., Dimech, C.F.R., Grech, J.P., Magro, A., Sammut, A.C., Adami, K.Z.: Runtime verification for stream processing applications. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 400–406. Springer, Cham (2016)Google Scholar
- 12.Falcone, Y., Havelund, K., Reger, G.: A tutorial on runtime verification. In: Broy, M., Peled, D., Kalus, G. (eds.) Engineering Dependable Software Systems, NATO Science for Peace and Security Series, D: Information and Communication Security, vol. 34, pp. 141–175. IOS Press (2013)Google Scholar
- 13.Falcone, Y., Jéron, T., Marchand, H., Pinisetty, S.: Runtime enforcement of regular timed properties by suppressing and delaying events. Syst. Control Lett. 123, 2–41 (2016)Google Scholar
- 17.Gol, E.A., Bartocci, E., Belta, C.: A formal methods approach to pattern synthesis in reaction diffusion systems. In: Proceedings of 53rd IEEE Conference on Decision and Control, CDC 2014, Los Angeles, CA, USA, 15–17 December 2014, pp. 108–113. IEEE (2014)Google Scholar
- 18.Gordon, P., Pardo, R., Schneider, G.: On the runtime enforcement of evolving privacy policies in online social networks. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 407–412. Springer, Cham (2016)Google Scholar
- 19.Haghighi, I., Jones, A., Kong, Z., Bartocci, E., Grosu, R., Belta, C.: Spatel: a novel spatial-temporal logic and its applications to networked systems. In: Proceedings of HSCC 2015: The 18th International Conference on Hybrid Systems: Computation and Control, pp. 189–198. ACM (2015)Google Scholar
- 20.Jaksic, S., Bartocci, E., Grosu, R., Kloibhofer, R., Nguyen, T., Ničković, D.: From signal temporal logic to FPGA monitors. In: Proceedings of MEMOCODE 2015: The ACM/IEEE International Conference on Formal Methods and Models for Codesign, pp. 218–227. IEEE (2015)Google Scholar
- 22.Joshi, R., Kauffman, S., Havelund, K.: Towards a logic for inferring properties of event streams. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 394–399. Springer, Cham (2016)Google Scholar
- 23.Khoury, R., Hallé, S., Waldmann, O.: Execution trace analysis using LTL-FO+. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 356–362. Springer, Cham (2016)Google Scholar
- 24.Lenhart, A., Purcell, K., Smith, A., Zickur, K.: Social media & mobile internet use among teens and young adults. Pew Internet & American Life Project (2010)Google Scholar
- 25.Leucker, M., Schmitz, M., Tellinghusen, D.A.: Runtime verification for interconnected medical devices. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 380–387. Springer, Cham (2016)Google Scholar
- 26.Mariani, L., Pastore, F.: Dynamic analysis of regression problems in industrial systems: challenges and solutions. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 388–393. Springer, Cham (2016)Google Scholar
- 27.Nguyen, T., Bartocci, E., Ničković, D., Grosu, R., Jaksic, S., Selyunin, K.: The HARMONIA project: hardware monitoring for automotive systems-of-systems. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 371–379. Springer, Cham (2016)Google Scholar
- 31.Reger, G., Havelund, K.: What is a trace? A runtime verification perspective. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 339–355. Springer, Cham (2016)Google Scholar
- 32.Renard, M., Falcone, Y., Rollet, A., Pinisetty, S., Jéron, T., Marchand, H.: Enforcement of (Timed) properties with uncontrollable events. In: Leucker, M., Rueda, C., Valencia, F.D. (eds.) ICTAC 2015. LNCS, vol. 9399, pp. 542–560. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-25150-9_31 CrossRefGoogle Scholar
- 34.Schneider, G.: On the specification and enforcement of privacy-preserving contractual agreements. In: Steffen, B., Margaria, T. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 413–419. Springer, Cham (2016)Google Scholar
- 35.Selyunin, K., Nguyen, T., Bartocci, E., Ničković, D., Grosu, R.: Monitoring of MTL specifications with IBM’s spiking-neuron model. In: Proceedings of DATE 2016: The 19th Design, Automation and Test in Europe Conference and Exhibition, pp. 924–929. IEEE (2016)Google Scholar