Advertisement

Runtime Verification and Enforcement, the (Industrial) Application Perspective (Track Introduction)

  • Ezio BartocciEmail author
  • Ylies Falcone
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9953)

Abstract

During the last decade, the runtime verification and enforcement (RVE) community has been incredibly prolific in producing many theories, tools and techniques aiming towards the efficient analysis of systems’ executions and guaranteeing their correctness w.r.t. some desired properties. With the major strides made in recent years, much effort is still needed to make RVE attractive and viable methodologies for industrial use. In addition to industry, numerous other domains, such as security, bio-health monitoring, etc., can gain from RVE. The purpose of the “ Runtime Verification and Enforcement: the (industrial) application perspective” track at ISoLA’16 is to bring together RVE experts and potential application domains to try and advance the state-of-the-art on how to make RVE more useable and attractive to industry and other disciplines.

Keywords

Runtime Verification (RV) Application Perspective Introduction Tracking Potential Application Domains Viable Methodology 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

1 Introduction

Runtime verification (RV) and runtime enforcement (RE) refer to a class of lightweight yet powerful formal techniques aiming towards the efficient analysis of systems’ executions and guaranteeing their correctness w.r.t. some desired properties.

RV [12] is concerned with monitoring of software or hardware at execution time. RV is based on extracting information from a running system (instrumentation) and monitoring if the observed behaviors satisfy or violate the properties of interest. These techniques are very important for system correctness, safety, reliability, security, and robustness. Monitoring is generally used when the state-space of the system model is impractical to handle using model checking [8, 30] due to the state-explosion problem, or when the system model is not available and the system appears as a black-box where only outputs are observable.

During the last decade, the RV community has been incredibly prolific in producing many theories, tools and techniques that are now successfully employed in several application domains that go beyond the program verification: streaming processing applications [9, 22], checking interoperability of medical devices [25], mixed-signal circuit analysis [20, 21, 27, 35], analysis of cyber-physical [19] and biological systems [1, 3, 5, 17], signal processing [4, 7] and music detection [10].

RV can be employed before the deployment, for testing, verification, and debugging purposes or after deployment to trigger some system recovery actions when a safety property is violated and for ensuring reliability, safety, and security and for providing fault containment and recovery as well as online system repair.

For example, RV can be used in combination with RE [13, 14, 15, 28, 32], a powerful technique to ensure that a program conforms to a given set of properties. For example, one of the pioneer work on RE is the paper on security automata [33] where monitors can decide to halt the underlying program whenever its behavior deviates from the desired property. More recently in [28, 32], RE mechanisms have been extended to ensure timed properties.

One of the major challenges in RV and RE is characterising and formally expressing requirements that can be efficiently verified and enforced [11, 29, 33]. With the major strides made in recent years, much effort is still needed to make RV and RE attractive and viable methodologies for industrial use. In addition to industry, numerous other domains, such as security, bio-health monitoring, etc., can gain from RV and RE. The purpose of the “Runtime Verification and Enforcement: the (industrial) application perspective” track at ISoLA’16 is to bring together experts on runtime verification and runtime enforcement and potential application domains to try and advance the state-of-the-art on how to make RV and RE more useable and attractive to industry and other disciplines.

2 Overview of the Track’s Sessions

The track consists of 10 contributed papers presented during three sessions. In the following we provide an overview of the topics discussed during each session.

2.1 Session 1 - RV Core: Reasoning About Traces and Distributed Monitoring

The first session is dedicated to RV foundational problems concerned with the notion of trace and the open challenges on fault-tolerant monitoring of distributed systems.

The first session paper [31] by Reger et al. provides an important overview on different notions of system’s execution trace used in RV. This study is motivated by the need of a standard representation of system’s execution traces. The paper aims at improving the development and the performance evaluation of offline monitoring tools [2, 16].

Traces are useful models for several types of program analysis, including debugging and performance analysis. For example, assembly traces provide a detailed information about the target program’s behavior, and they can be used to detect the violation of security properties at low-level code execution. The second paper [23] by Khoury et al. explores the BeepBeep tool, a monitor for the first-order extension of Linear Temporal Logic LTL-FO+, interpreting security properties over assembly traces.

The third session paper [6] by Bonakdarpour et al. provides an interesting and useful insight on the current open research problems on RV techniques for distributed systems, where a set of monitors have only a partial view of a large system and may be exposed to different types of faults.

2.2 Session 2 - an Application Perspective of Runtime Verification

The second session provides an application perspective of RV tools and techniques used in industrial case studies and within recent national and European projects.

The first session paper [27] by Nguyen et al. focuses on the problem of verification and validation (V & V) of complex mixed-analog integrated circuit that in industrial practice accounts for 60–70% of project development time. Simulation, which is the dominant method for pre-silicon verification, is the main bottleneck in this process because immense computing requirements prevents scaling. The increasing trend to overcome this issue is to complement simulation techniques with an emulation-based approach where the designed system is replaced by an early prototype implemented on Field Programmable Gate Array (FPGA) allowing long-term/stress testing and whole-range parameter variations, which are impractical with simulation-based verification. The authors provide an overview about their experience in the Austrian FFG-funded HARMONIA project whose goal is to improve the verification techniques of the emulation-based approach by combining RV with design emulation.

The second session paper [26] by Pastore et al. focuses on important problems in software engineering such as the dynamic analysis of regression problems, where software upgrades, may introduce also side-effects that break existing functionalities. Localizing and understanding the causes of regression failures are extremely challenging. The authors show how they address automatic detection of regression problems by integrating runtime verification, testing and static analysis.

The third session paper [25] by Leucker et al. shows the relevance of RV techniques application on ensuring the interoperability among interconnected medical devices. The authors present a software development kit (SDK) for the Open Surgical Communication Protocol (OSCP) supporting the development of interconnected medical devices according to the IEEE 11073 standards for interoperable medical communication.

2.3 Session 3 - Stream Processing and Runtime Enforcement Applications

The third session is dedicated to stream processing and RE techniques with a special focus on online social networks as potential application domain.

Online social networks are nowadays so popular that according to a recent survey [24] almost 70 % of the internet users are active on them. In this scenario, ensuring the desired privacy is one key challenges of these nowadays so pervasive technologies. One common problem is that the current state-of-the-art in privacy settings do not take in consideration the fact the networks evolve as well as the privacy preferences of the users. The first session paper [18] by Pace et al. proposes an automata-based approach to define and to enforce such policies using runtime verification techniques.

Another important issue is to enable the user to verify that his/her own privacy policy conforms to the terms of service of a certain social network or smart phone app that generally a user must agree before getting the right to install and/or use their services. The second session paper [34] by Schneider presents such challenge by providing an interesting perspective of how to combine RV with RE in this application domain.

With the ever growing information available in online social network, the number of businesses that would like to exploit this huge stream of data available (i.e. the post and the likes on social media) is dramatically increasing. The third session paper [9] by Colombo et al. show how RV technology can be used not only for verification, but also to easily develop stream-processing applications using monitor-oriented programming.

On the same line of research on stream processing applications is also the fourth session paper by Kaufmann et al. [22] addressing the problem of software comprehension, where a user provides a formal specification to annotate a given event stream with contextual information that enables to build tools for visualizing and analyzing the trace. This work is motivated by the need to quickly process on the ground event streams with millions of events that are generated by a spacecraft.

Notes

Acknowledgements

The authors acknowledge the support of the ICT COST Action IC1402 Runtime Verification beyond Monitoring (ARVI). Ezio Bartocci acknowledges also the partial support of the Austrian Science Fund (FWF) and the IKT der Zukunft of Austrian FFG project HARMONIA (nr. 845631).

References

  1. 1.
    Bartocci, E., Bortolussi, L., Nenzi, L.: A temporal logic approach to modular design of synthetic biological circuits. In: Gupta, A., Henzinger, T.A. (eds.) CMSB 2013. LNCS, vol. 8130, pp. 164–177. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40708-6_13 CrossRefGoogle Scholar
  2. 2.
    Bartocci, E., Bonakdarpour, B., Falcone, Y.: First international competition on software for runtime verification. In: Bonakdarpour, B., Smolka, S.A. (eds.) RV 2014. LNCS, vol. 8734, pp. 1–9. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-11164-3_1 Google Scholar
  3. 3.
    Bartocci, E., Bortolussi, L., Nenzi, L., Sanguinetti, G.: System design of stochastic models using robustness of temporal properties. Theor. Comput. Sci. 587, 3–25 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Bartocci, E., Bortolussi, L., Sanguinetti, G.: Data-driven statistical learning of temporal logic properties. In: Legay, A., Bozga, M. (eds.) FORMATS 2014. LNCS, vol. 8711, pp. 23–37. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-10512-3_3 Google Scholar
  5. 5.
    Bartocci, E., Liò, P.: Computational modeling, formal analysis, and tools for systems biology. PLoS Comput. Biol. 12(1) (2016)Google Scholar
  6. 6.
    Bonakdarpour, B., Rajsbaum, S., Fraigniaud, P., Travers, C.: Challenges in fault-tolerant distributed runtime verification. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 363–370. Springer, Cham (2016)Google Scholar
  7. 7.
    Bufo, S., Bartocci, E., Sanguinetti, G., Borelli, M., Lucangelo, U., Bortolussi, L.: Temporal logic based monitoring of assisted ventilation in intensive care patients. In: Margaria, T., Steffen, B. (eds.) ISoLA 2014. LNCS, vol. 8803, pp. 391–403. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-45231-8_30 Google Scholar
  8. 8.
    Clarke, E.M., Emerson, E.A.: Design and synthesis of synchronization skeletons using branching time temporal logic. In: Kozen, D. (ed.) Logic of Programs 1981. LNCS, vol. 131, pp. 52–71. Springer, Heidelberg (1982). doi: 10.1007/BFb0025774 CrossRefGoogle Scholar
  9. 9.
    Colombo, C., Pace, G., Camilleri, L., Dimech, C.F.R., Grech, J.P., Magro, A., Sammut, A.C., Adami, K.Z.: Runtime verification for stream processing applications. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 400–406. Springer, Cham (2016)Google Scholar
  10. 10.
    Donzé, A., Maler, O., Bartocci, E., Nickovic, D., Grosu, R., Smolka, S.A.: On temporal logic and signal processing. In: Chakraborty, S., Mukund, M. (eds.) ATVA 2012. LNCS, vol. 7561, pp. 92–106. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  11. 11.
    Falcone, Y., Fernandez, J., Mounier, L.: What can you verify and enforce at runtime? STTT 14(3), 349–382 (2012)CrossRefGoogle Scholar
  12. 12.
    Falcone, Y., Havelund, K., Reger, G.: A tutorial on runtime verification. In: Broy, M., Peled, D., Kalus, G. (eds.) Engineering Dependable Software Systems, NATO Science for Peace and Security Series, D: Information and Communication Security, vol. 34, pp. 141–175. IOS Press (2013)Google Scholar
  13. 13.
    Falcone, Y., Jéron, T., Marchand, H., Pinisetty, S.: Runtime enforcement of regular timed properties by suppressing and delaying events. Syst. Control Lett. 123, 2–41 (2016)Google Scholar
  14. 14.
    Falcone, Y., Marchand, H.: Enforcement and validation (at runtime) of various notions of opacity. Discrete Event Dyn. Syst. 25(4), 531–570 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Falcone, Y., Mounier, L., Fernandez, J., Richier, J.: Runtime enforcement monitors: composition, synthesis, and enforcement abilities. Formal Methods Syst. Des. 38(3), 223–262 (2011)CrossRefzbMATHGoogle Scholar
  16. 16.
    Falcone, Y., Ničković, D., Reger, G., Thoma, D.: Second international competition on runtime verification. In: Bartocci, E., Majumdar, R. (eds.) RV 2015. LNCS, vol. 9333, pp. 405–422. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-23820-3_27 CrossRefGoogle Scholar
  17. 17.
    Gol, E.A., Bartocci, E., Belta, C.: A formal methods approach to pattern synthesis in reaction diffusion systems. In: Proceedings of 53rd IEEE Conference on Decision and Control, CDC 2014, Los Angeles, CA, USA, 15–17 December 2014, pp. 108–113. IEEE (2014)Google Scholar
  18. 18.
    Gordon, P., Pardo, R., Schneider, G.: On the runtime enforcement of evolving privacy policies in online social networks. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 407–412. Springer, Cham (2016)Google Scholar
  19. 19.
    Haghighi, I., Jones, A., Kong, Z., Bartocci, E., Grosu, R., Belta, C.: Spatel: a novel spatial-temporal logic and its applications to networked systems. In: Proceedings of HSCC 2015: The 18th International Conference on Hybrid Systems: Computation and Control, pp. 189–198. ACM (2015)Google Scholar
  20. 20.
    Jaksic, S., Bartocci, E., Grosu, R., Kloibhofer, R., Nguyen, T., Ničković, D.: From signal temporal logic to FPGA monitors. In: Proceedings of MEMOCODE 2015: The ACM/IEEE International Conference on Formal Methods and Models for Codesign, pp. 218–227. IEEE (2015)Google Scholar
  21. 21.
    Jaksic, S., Bartocci, E., Grosu, R., Ničković, D.: Quantitative monitoring of STL with edit distance. In: Falcone, Y., Sánchez, C. (eds.) RV 2016. LNCS, vol. 10012, pp. 201–218. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-46982-9_13 CrossRefGoogle Scholar
  22. 22.
    Joshi, R., Kauffman, S., Havelund, K.: Towards a logic for inferring properties of event streams. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 394–399. Springer, Cham (2016)Google Scholar
  23. 23.
    Khoury, R., Hallé, S., Waldmann, O.: Execution trace analysis using LTL-FO+. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 356–362. Springer, Cham (2016)Google Scholar
  24. 24.
    Lenhart, A., Purcell, K., Smith, A., Zickur, K.: Social media & mobile internet use among teens and young adults. Pew Internet & American Life Project (2010)Google Scholar
  25. 25.
    Leucker, M., Schmitz, M., Tellinghusen, D.A.: Runtime verification for interconnected medical devices. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 380–387. Springer, Cham (2016)Google Scholar
  26. 26.
    Mariani, L., Pastore, F.: Dynamic analysis of regression problems in industrial systems: challenges and solutions. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 388–393. Springer, Cham (2016)Google Scholar
  27. 27.
    Nguyen, T., Bartocci, E., Ničković, D., Grosu, R., Jaksic, S., Selyunin, K.: The HARMONIA project: hardware monitoring for automotive systems-of-systems. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 371–379. Springer, Cham (2016)Google Scholar
  28. 28.
    Pinisetty, S., Falcone, Y., Jéron, T., Marchand, H., Rollet, A., Nguena-Timo, O.: Runtime enforcement of timed properties revisited. Formal Methods Syst. Des. 45(3), 381–422 (2014)CrossRefzbMATHGoogle Scholar
  29. 29.
    Pnueli, A., Zaks, A.: PSL model checking and run-time verification via testers. In: Misra, J., Nipkow, T., Sekerinski, E. (eds.) FM 2006. LNCS, vol. 4085, pp. 573–586. Springer, Heidelberg (2006). doi: 10.1007/11813040_38 CrossRefGoogle Scholar
  30. 30.
    Queille, J.P., Sifakis, J.: Specification and verification of concurrent systems in CESAR. In: Dezani-Ciancaglini, M., Montanari, U. (eds.) Programming 1982. LNCS, vol. 137, pp. 337–351. Springer, Heidelberg (1982). doi: 10.1007/3-540-11494-7_22 CrossRefGoogle Scholar
  31. 31.
    Reger, G., Havelund, K.: What is a trace? A runtime verification perspective. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 339–355. Springer, Cham (2016)Google Scholar
  32. 32.
    Renard, M., Falcone, Y., Rollet, A., Pinisetty, S., Jéron, T., Marchand, H.: Enforcement of (Timed) properties with uncontrollable events. In: Leucker, M., Rueda, C., Valencia, F.D. (eds.) ICTAC 2015. LNCS, vol. 9399, pp. 542–560. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-25150-9_31 CrossRefGoogle Scholar
  33. 33.
    Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)CrossRefGoogle Scholar
  34. 34.
    Schneider, G.: On the specification and enforcement of privacy-preserving contractual agreements. In: Steffen, B., Margaria, T. (eds.) ISoLA 2016, Part II. LNCS, vol. 9953, pp. 413–419. Springer, Cham (2016)Google Scholar
  35. 35.
    Selyunin, K., Nguyen, T., Bartocci, E., Ničković, D., Grosu, R.: Monitoring of MTL specifications with IBM’s spiking-neuron model. In: Proceedings of DATE 2016: The 19th Design, Automation and Test in Europe Conference and Exhibition, pp. 924–929. IEEE (2016)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Vienna University of TechnologyViennaAustria
  2. 2.Univ. Grenoble Alpes, Inria, LIGGrenobleFrance

Personalised recommendations