Abstract
Techniques for efficiently evaluating future time Linear Temporal Logic (abbreviated LTL) formulae on finite execution traces are presented. While the standard models of LTL are infinite traces, finite traces appear naturally when testing and/or monitoring real applications that only run for limited time periods. A finite trace variant of LTL is formally defined, together with an immediate executable semantics which turns out to be quite inefficient if used directly, via rewriting, as a monitoring procedure. Then three algorithms are investigated. First, a simple synthesis algorithm for monitors based on dynamic programming is presented; despite the efficiency of the generated monitors, they unfortunately need to analyze the trace backwards, thus making them unusable in most practical situations. To circumvent this problem, two rewriting-based practical algorithms are further investigated, one using rewriting directly as a means for online monitoring, and the other using rewriting to generate automata-like monitors, called binary transition tree finite state machines (and abbreviated BTT-FSMs). Both rewriting algorithms are implemented in Maude, an executable specification language based on a very efficient implementation of term rewriting. The first rewriting algorithm essentially consists of a set of equations establishing an executable semantics of LTL, using a simple formula transforming approach. This algorithm is further improved to build automata on-the-fly via caching and reuse of rewrites (called memoization), resulting in a very efficient and small Maude program that can be used to monitor program executions. The second rewriting algorithm builds on the first one and synthesizes provably minimal BTT-FSMs from LTL formulae, which can then be used to analyze execution traces online without the need for a rewriting system. The presented work is part of an ambitious runtime verification and monitoring project at NASA Ames, called PathExplorer, and demonstrates that rewriting can be a tractable and attractive means for experimenting and implementing logics for program monitoring.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Artho, C., Drusinsky, D., Goldberg, A., Havelund, K., Lowry, M., Pasareanu, C., Roşu, G., and Visser, W. 2003. Experiments with test case generation and runtime analysis. In Proc. of ASM’03: Abstract State Machines, Vol. 2589 of Lecture Notes in Computer Science, Taormina, Italy, Springer, pp. 87–107.
Ball, T., Podelski, A., and Rajamani, S. 2001. Boolean and cartesian abstractions for model checking c programs. In Proc. of TACAS’01: Tools and Algorithms for the Construction and Analysis of Systems, Lecture Notes in Computer Science, Genova, Italy.
Bouhoula, A., Jouannaud, J.-P., and Meseguer, J. 2000. Specification and proof in membership equational logic. Theoretical Computer Science, 236:35–132.
Bryant, R.E. 1986. Graph-based algorithms for boolean function manipulation. IEEE Transactions on Computers, C-35(8):677–691.
Chen, F. and Roşu, G. 2003. Towards monitoring-oriented programming: A paradigm combining specification and implementation. In Proc. of RV’03: the Third International Workshop on Runtime Verification, Vol. 89 of Electronic Notes in Theoretical Computer Science, Elsevier Science, Boulder, Colorado, USA, pp. 106–125.
Clavel, M. 2001. The ITP tool. In Logic, Language and Information. Proc. of the First Workshop on Logic and Language, Kronos, pp. 55–62.
Clavel, M., Durán, F.J., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., and Quesada., J.F. 1999. Maude: Specification and programming in rewriting logic, Maude System documentation at http://maude.csl.sri.com/papers.
Clavel, M., Durán, F.J., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., and Quesada., J.F. 2002. Maude: Specification and programming in rewriting logic. Theoretical Computer Science, 285:187–243.
Corbett, J., Dwyer, M.B., Hatcliff, J., Pasareanu, C.S., Robby, Laubach S., and Zheng., H. 2000. Bandera: Extracting finite-state models from java source code. In Proc. of ICSE’00: International Conference on Software Engineering, Limerich, Ireland, ACM Press.
Dahm., M. BCEL. +http://jakarta.apache.org/bcel+.
Demartini, C., Iosif, R., and Sisto., R. 1999. A deadlock detection tool for concurrent java programs. Software Practice and Experience, 29(7):577–603.
Drusinsky, D. 2000. The temporal rover and the atg rover. In Proc. of SPIN’00: SPIN Model Checking and Software Verification, Vol. 1885 of Lecture Notes in Computer Science, Springer Stanford, California, USA, pp. 323–330.
Drusinsky, D. 2003. Monitoring temporal rules combined with time series. In Proc. of CAV’03: Computer Aided Verification, Vol. 2725 of Lecture Notes in Computer Science, Springer-Verlag, Boulder, Colorado, USA, pp. 114–118.
Fidge, C.J. 1988. Partial orders for parallel debugging. In Proc. of the 1988 ACM SIGPLAN and SIGOPS workshop on Parallel and Distributed Debugging, ACM, pp. 183–194.
Finkbeiner, B., Sankaranarayanan, S., and Sipma, H. 2002. Collecting statistics over runtime executions. In Proc. of RV’02: The Second International Workshop on Runtime Verification, volume 70 of Electronic Notes in Theoretical Computer Science, Elsevier, Paris, France.
Finkbeiner, B. and Sipma, H. 2001. Checking finite traces using alternating automata. In Proc. of RV’01: The First International Workshop on Runtime Verification, Vol. 55(2) of Electronic Notes in Theoretical Computer Science, Elsevier Science, Paris, France.
Giannakopoulou, D. and Havelund, K. 2001. Automata-based verification of temporal properties on running programs. In Proc. of ASE’01: International Conference on Automated Software Engineering, Institute of Electrical and Electronics Engineers, Coronado Island, California, pp. 412–416.
Godefroid, P. 1997. Model checking for programming languages using verisoft. In Proc. of POPL’97: the 24th ACM Symposium on Principles of Programming Languages, Paris, France, pp. 174–186.
Goguen, J., Lin, K., Roşu, G., Mori, A., and Warinschi, B. 2000. An overview of the Tatami project. In Cafe: An Industrial-Strength Algebraic Formal Method, Elsevier, pp. 61–78.
Goguen, J., Thatcher, J., Wagner, E., and Wright, J. 1977. Initial algebra semantics and continuous algebras. Journal of the Association for Computing Machinery, 24(1):68–95.
Goguen, J., Winkler, T., Meseguer, J., Futatsugi, K., and Jouannaud, J.-P. 2000. Introducing OBJ. In Software Engineering with OBJ: Algebraic Specification in Action, Kluwer.
Gunter, E. and Peled, D. 2002. Tracing the executions of concurrent programs. In Proc. of RV’02: Second International Workshop on Runtime Verification, volume 70 of Electronic Notes in Theoretical Computer Science, Elsevier, Copenhagen, Denmark.
Gunter, E.L., Kurshan, R.P., and Peled, D. 2003. PET: An interactive software testing tool. In Proc. of CAV’00: Computer Aided Verification, Vol. 1885 of Lecture Notes in Computer Science, Springer-Verlag, Chicago, Illinois, USA, pp. 552–556.
Gunter, E.L. and Peled, D. 2000. Using functional languages in formal methods: The PET system. In Parallel and Distributed Processing Techniques and Applications, CSREA, pp. 2981–2986.
Havelund, K., Johnson, S., and Roşu, G. 2001. Specification and error pattern based program monitoring. In Proc. of the European Space Agency workshop on On-Board Autonomy, Noordwijk, The Netherlands.
Havelund, K., Lowry, M.R., and Penix, J. 2001. Formal analysis of a space craft controller using SPIN. IEEE Transactions on Software Engineering, 27(8):749–765, An earlier version occurred in the Proc. of SPIN’98: the fourth SPIN workshop, Paris, France, 1998.
Havelund, K. and Pressburger, T. 2000. Model checking Java programs using Java PathFinder. International Journal on Software Tools for Technology Transfer, 2(4):366–381, Special issue containing selected submissions to SPIN’98: the fourth SPIN workshop, Paris, France, 1998.
Havelund, K. and Roşu, G. 2001. Java PathExplorer—A Runtime verification tool. In Proc. of i-SAIRAS’01: the 6th International Symposium on Artificial Intelligence, Robotics and Automation in Space, Montreal, Canada.
Havelund, K. and Roşu, G. 2001. Monitoring Java programs with java pathexplorer. In Proc. of RV’01: the First International Workshop on Runtime Verification, volume 55 of Electronic Notes in Theoretical Computer Science, Paris, France, Elsevier Science, pp. 97–114.
Havelund, K. and Roşu, G. 2001. Monitoring programs using rewriting. In Proc. of ASE’01: International Conference on Automated Software Engineering, Institute of Electrical and Electronics Engineers, Coronado Island, California, USA, pp. 135–143.
Havelund, K. and Roşu, G. 2001. Testing linear temporal logic formulae on finite execution traces. Technical Report TR 01-08, RIACS, Written 20.
Havelund, K. and Roşu, G. to appear Efficient monitoring of safety properties. Software Tools and Technology Transfer.
Havelund, K. and Roşu, G. 2002. Synthesizing monitors for safety properties. In Proc. of TACAS’02: Tools and Algorithms for Construction and Analysis of Systems, Vol. 2280 of Lecture Notes in Computer Science, Springer, Grenoble, France, pp. 342–356.
Havelund, K. and Shankar, N. 1996. Experiments in theorem proving and model checking for protocol verification. In Proc. of FME’96: Industrial Benefit and Advances in Formal Methods, Vol. 1051 of Lecture Notes in Computer Science, Springer, Oxford, England, pp. 662–681
Holzmann, G.J. and Smith, M.H. 1999. A practical method for verifying event-driven software. In Proc. of ICSE’99: International Conference on Software Engineering, IEEE/ACM, Los Angeles, California, USA.
Hopcroft, J. and Ullman, J. 1979. Introduction to Automata Theory, Languages, and Computation. Reading, Massachusetts: Addison-Wesley.
Hsiang, J. 1985. Refutational theorem proving using term rewriting systems. Artificial Intelligence, 25:255–300.
Kim, M., Kannan, S., Lee, I., and Sokolsky, O. 2001. Java-MaC: A Run-time assurance tool for Java. In Proc. of RV’01: First International Workshop on Runtime Verification, Vol. 55 of Electronic Notes in Theoretical Computer Science, Elsevier Science, Paris, France.
Kortenkamp, D., Milam, T., Simmons, R., and Fernandez, J. 2001. Collecting and analyzing data from distributed control programs. In Proc. of RV’01: First International Workshop on Runtime Verification, volume 55 of Electronic Notes in Theoretical Computer Science, Elsevier Science, Paris, France.
Kupferman, O. and Vardi, M.Y. 1998. Freedom, weakness, and determinism: From linear-time to branching-Time. In Proc. of the IEEE Symposium on Logic in Computer Science, pp. 81–92.
Kupferman, O. and Vardi, M.Y. 1999. Model checking of safety properties. In Proc. of CAV’99: Conference on Computer-Aided Verification, Trento, Italy.
Kupferman, O. and Zuhovitzky, S. 2002. An improved algorithm for the membership problem for extended regular expressions. In Proc. of the International Symposium on Mathematical Foundations of Computer Science, Vol. 2420 of Lecture Notes in Computer Science.
Lee, I., Kannan, S., Kim, M., Sokolsky, O., and Viswanathan, M. 1999. Runtime assurance based on formal specifications. In Proc. of PDPTA’99: International Conference on Parallel and Distributed Processing Techniques and Applications, Las Vegas, Nevada, USA.
Manna, Z. and Pnueli, A. 1992. The Temporal Logic of Reactive and Concurrent Systems. New York: Springer.
Manna, Z. and Pnueli, 1995. Temporal Verification of Reactive Systems: Safety. New York: Springer.
Markey, N. and Schnoebelen, P. 2003. Model checking a path (Preliminary Report). In Proc. of CONCUR’03: International Conference on Concurrency Theory, Vol. 2761 of Lecture Notes in Computer Science, Springer, Marseille, France, pp. 251–265.
Meseguer, J. 1992. Conditional rewriting logic as a unified model of concurrency. Theoretical Computer Science, 73–155.
Meseguer, J. 1998. Membership algebra as a logical framework for equational specification. In Proc. of WADT’97: Workshop on Algebraic Development Techniques, Vol. 1376 of Lecture Notes in Computer Science, Springer, Tarquinia, Italy, pp. 18–61.
O’Malley, T., Richardson, D., and Dillon, L. 1996. Efficient specification-based oracles for critical systems. In Proc. of the California Software Symposium.
Park, D.Y., Stern, U., and Dill, D.L. 2000. Java model checking. In Proc. of the First International Workshop on Automated Program Analysis, Testing and Verification, Limerick, Ireland.
Pnueli, A. 1977. The temporal logic of programs. In Proc. of the 18th IEEE Symposium on Foundations of Computer Science, pp. 46–77.
Richardson, D.J., Aha, S.L., and O’Malley, T.O. 1992. Specification-based test oracles for reactive systems. In Proc. of ICSE’92: International Conference on Software Engineering, Melbourne, Australia, pp. 105–118.
Roşu, G. and Havelund, K. 2001. Synthesizing dynamic programming algorithms from linear temporal logic formulae. RIACS Technical report TR 01-08.
Roşu, G. and Viswanathan, M. 2003. Testing extended regular language membership incrementally by rewriting. In Proc. of RTA’03: Rewriting Techniques and Applications, Vol. 2706 of Lecture Notes in Computer Science, Valencia, Spain, Springer-Verlag, pp. 499–514.
Savage, S., Burrows, M., Nelson, G., Sobalvarro, P., and Anderson, T. 1997. Eraser: A dynamic data race detector for multithreaded programs. ACM Transactions on Computer Systems, 15(4):391–411.
Sen, A. and Garg, V.K. 2003. Partial order trace analyzer (POTA) for distrubted programs. In Proc. of RV’03: the Third International Workshop on Runtime Verification, Vol. 89 of Electronic Notes in Theoretical Computer Science, Boulder, Elsevier Science, Colorado, USA.
Sen, K. and Roşu, G. 2003. Generating optimal monitors for extended regular expressions. In Proc. of RV’03: the Third International Workshop on Runtime Verification, volume 89 of Electronic Notes in Theoretical Computer Science, Elsevier Science, Boulder, Colorado, USA, pp. 162–181.
Sen, K., Roşu, G., and Agha, G. 2003. Runtime safety analysis of multithreaded programs. In Proc. of ESEC/FSE’03: European Software Engineering Conference and ACM SIGSOFT International Symposium on the Foundations of Software Engineering. ACM, Helsinki, Finland.
Shankar, N., Owre, S., and Rushby, J.M. 1993. PVS Tutorial. Computer science laboratory, SRI International, Menlo Park, CA, 1993. Also appears in Tutorial Notes, Formal Methods Europe ‘93: Industrial-Strength Formal Methods, Odense, Denmark, pp. 357–406.
Sistla, A.P. and Clarke, E.M. 1985. The Complexity of propositional linear temporal logics. Journal of the ACM (JACM), 32(3):733–749.
Stoller, S.D. 2000. Model-checking multi-threaded distributed java programs. In Proc. of SPIN’00: SPIN Model Checking and Software Verification, Vol. 1885 of Lecture Notes in Computer Science, Springer, Stanford, California, USA, pp. 224–244.
Visser, W., Havelund, K., Brat, G., and Park, S. 2000. Model checking programs. In Proc. of ASE’00: International Conference on Automated Software Engineering, IEEE CS Press, Grenoble, France.
Yamamoto, H. 2000. An automata-based recognition algorithm for semi-extended regular expressions. In Proc. of the International Symposium on Mathematical Foundations of Computer Science, Vol. 1893 of Lecture Notes in Computer Science, pp. 699–708.
Author information
Authors and Affiliations
Corresponding author
Additional information
Supported in part by joint NSF/NASA grant CCR-0234524.
Rights and permissions
About this article
Cite this article
Roşu, G., Havelund, K. Rewriting-Based Techniques for Runtime Verification. Autom Software Eng 12, 151–197 (2005). https://doi.org/10.1007/s10515-005-6205-y
Issue Date:
DOI: https://doi.org/10.1007/s10515-005-6205-y