Formally Specified Monitoring of Temporal Properties

Slides:



Advertisements
Similar presentations
1 Verification by Model Checking. 2 Part 1 : Motivation.
Advertisements

MaC Monitoring and Checking at Runtime (Continue) Presented By Usa Sammapun CIS 700 Oct 12, 2005.
A Survey of Runtime Verification Jonathan Amir 2004.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
/ PSWLAB Efficient Decentralized Monitoring of Safety in Distributed System K Sen, A Vardhan, G Agha, G Rosu 20 th July 2007 Presented by.
/ PSWLAB Concurrent Bug Patterns and How to Test Them by Eitan Farchi, Yarden Nir, Shmuel Ur published in the proceedings of IPDPS’03 (PADTAD2003)
Run Time Monitoring of Reactive System Models Mikhail Auguston Naval Postgraduate School Mark Trakhtenbrot Holon Academic Institute of.
ISBN Chapter 3 Describing Syntax and Semantics.
MaC Monitoring and Checking at Runtime Presented By Usa Sammapun CIS 700 Oct 10, 2005.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
Testing and Monitoring at Penn Testing and Monitoring Model-based Generated Program Li Tan, Jesung Kim, and Insup Lee July, 2003.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Program Checking Sampath Kannan University of Pennsylvania.
A Type System for Expressive Security Policies David Walker Cornell University.
MaCS: Monitoring, Checking and Steering O. Sokolsky, S. Kannan, I. Lee, U. Sammapun, J. Shin, M. Viswanathan CIS, Penn M. Kim SECUi.com, Korea.
System Design Research Laboratory Model-based Testing and Monitoring for Hybrid Embedded Systems Li Tan Jesung Kim Oleg Sokolsky Insup Lee University of.
Describing Syntax and Semantics
Testing and Monitoring at Penn An Integrated Framework for Validating Model-based Embedded Software Li Tan University of Pennsylvania September, 2003.
SDRL & RTG University of Pennsylvania 5/24/01 1 Run-time Monitoring and Checking Based on Formal Specifications Insup Lee Department of Computer and Information.
Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.
5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.
11/9/041 Bridging the gap between specification and implementation Insup Lee Department of Computer and Information Science University of Pennsylvania.
Lifecycle Verification of the NASA Ames K9 Rover Executive Dimitra Giannakopoulou Mike Lowry Corina Păsăreanu Rich Washington.
Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
Survey on Trace Analyzer (2) Hong, Shin /34Survey on Trace Analyzer (2) KAIST.
Model Based Testing Group 7  Nishanth Chandradas ( )  George Stavrinides ( )  Jeyhan Hizli ( )  Talvinder Judge ( )  Saajan.
5/27/03MDES Supporting Model-Based Validation at Run-time Insup Lee and Oleg Sokolsky Department of Computer and Information Science University of.
Simulation is the process of studying the behavior of a real system by using a model that replicates the behavior of the system under different scenarios.
Communicating Real-Time State Machines (CRSM) State machines that communicate synchronously Unique unidirectional channels are used for the communication.
ISBN Chapter 3 Describing Semantics.
Chapter 3 Part II Describing Syntax and Semantics.
1 Model Checking of Robotic Control Systems Presenting: Sebastian Scherer Authors: Sebastian Scherer, Flavio Lerda, and Edmund M. Clarke.
University of Pennsylvania 7/15/98 Asymmetric Bandwidth Channel (ABC) Architecture Insup Lee University of Pennsylvania July 25, 1998.
HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.
Constraints Assisted Modeling and Validation Presented in CS294-5 (Spring 2007) Thomas Huining Feng Based on: [1]Constraints Assisted Modeling and Validation.
Title 11/5/2000 eSimplex Architecture Using MaCS Insup Lee Oleg Sokolsky Moonjoo Kim Anirban Majumdar Sampath Kannan Mahesh Viswanathan Insik Shin and.
CSCI1600: Embedded and Real Time Software Lecture 28: Verification I Steven Reiss, Fall 2015.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
Automated Formal Verification of PLC (Programmable Logic Controller) Programs
/ PSWLAB Thread Modular Model Checking by Cormac Flanagan and Shaz Qadeer (published in Spin’03) Hong,Shin Thread Modular Model.
4/22/02VU '021 Specification-Based Techniques for Validation at Run-time and Design-time* Insup Lee SDRL (Systems Design Research Lab) RTG (Real-Time Systems.
Real-time Systems Group University of Pennsylvania 5/12/98 Example: Railroad Crossing There are 3 processes: a train, a controller and a gate Safety property.
Today’s Agenda  Quiz 4  Temporal Logic Formal Methods in Software Engineering1.
Reachability Testing of Concurrent Programs1 Reachability Testing of Concurrent Programs Richard Carver, GMU Yu Lei, UTA.
Real-time Systems Group University of Pennsylvania 10/13/98 1 Design-time and Run-time Assurance Insup Lee Department of Computer and Information Science.
11 Making Decisions in a Program Session 2.3. Session Overview  Introduce the idea of an algorithm  Show how a program can make logical decisions based.
HDL simulation and Synthesis (Marks16)
Static Detection of Cross-Site Scripting Vulnerabilities
CPE555A: Real-Time Embedded Systems
Programming Languages and Compilers (CS 421)
Representation, Syntax, Paradigms, Types
Program Synthesis is a Game
runtime verification Brief Overview Grigore Rosu
Monitoring, Checking and Steering of Real-Time Systems
State your reasons or how to keep proofs while optimizing code
Run-time Verification of Software Systems
Software Design Methodology
Concurrency Specification
Shanna-Shaye Forbes Ben Lickly Man-Kit Leung
Transactional Memory Semaphores, monitors, and conditional critical regions all suffer from limitations based on lock semantics Naïve synchronization may.
Model Checking for an Executable Subset of UML
Representation, Syntax, Paradigms, Types
Representation, Syntax, Paradigms, Types
A Refinement Calculus for Promela
Representation, Syntax, Paradigms, Types
Runtime Safety Analysis of Multithreaded Programs
Presentation transcript:

Formally Specified Monitoring of Temporal Properties Moonjoo Kim, M. Viswanathan, H. Ben-Abdallah, S. Kannan, I. Lee and O. Sokolsky Computer and Information Science Department University of Pennsylvania 9/11/2018

Outline Motivation Issues in Run-time Formal Analysis Overview of Monitoring and Checking(MaC) Framework The MaC Language Primitive Event Definition Language (PEDL) Meta Event Definition Language(MEDL) The Current MaC Prototype System Conclusion Current and Future Work 9/11/2018

Problems Safety-critical real-time systems are hard to guarantee correctness. Two traditional approaches to certify correctness of systems Testing can not guarantee correctness of application completely. Formal verification lacks scalability and does not apply to implementation directly gap between models and implementations We need a new approach - run-time formal analysis 9/11/2018

Example Showing Deficiencies of the Traditional Methods Railroad Crossing RRC = (Train | Controller | Gate) \ {nearSig,passSig, lower, raise} Non-deterministic execution of RRC makes complete testing almost impossible. Formal design of RRC assumes communication among a Train, a Controller and a Gate happens instantly. But, communication in actual implementation takes time ! 9/11/2018

Advantages of Run-time Formal Analysis Run-time formal analysis validates properties on current execution of application. The execution is monitored for compliance with formal requirements. The analysis can detect incorrect execution of applications and predict error and steer computation measure statistics of actual execution (ex. a number of times train passes an intersection ) which can not be measured in either testing or formal verification increase the assurance of applications 9/11/2018

Issues in Run-time Formal Analysis An expressive formal language describing correctness criteria A proper granularity of monitoring Automatic v.s. Manual instrumentation Synchronous v.s. Asynchronous monitoring Side effect of instrumentation to a target system Program Execution Abstract View Monitor Sees x=0,y=0 x < 2 x=1,y=0 Information Extraction x=2,y=0 x =2 x=2,y=1 x=3,y=1 x> 2 x=3,y=2 9/11/2018

Monitoring and Checking(MaC) Framework Java Program Requirement Spec Human Input Automatic Instrumentation Monitoring Script low level description high level Event Recognizer Automatic Translation Run-time Checker Automatic Translation Static Process System Filter low-level events high-level Run-time Process 9/11/2018

The MaC Language Primitive Event Definition Language (PEDL) The language maps the low-level state information of the system to high-level events used in describing the requirements. Provides primitives to refer to values of variables and to certain points in the execution of the program Meta Event Definition Language(MEDL) Expresses requirements using the events and conditions, sent by event recognizer. Describes the safety requirements of the system, in terms of conditions that must always be true, and alarms (events) that must never be raised. 9/11/2018

Primitive Event Definition Language (PEDL) Information about the system comes in two different forms: Conditions, which are true or false for a finite duration of time (e.g., is variable x >5?), and Events, which are either present or absent at some instant of time (e.g., is the control right now at the end of method f?) Provides primitives to refer to values of variables and to certain points in the execution of the program. condition IC = (50<train_position) && (train_position<100); Event endGD = start_m(Gate.gu()); Provides primitive “time” to refer to time when events happen condition slowTrain = (time(endIC)-time(startIC)) > 3000; 9/11/2018

Meta Event Definition Language (MEDL) Expresses requirements using the events and conditions, sent by event recognizer. Describes the safety requirements of the system, in terms of conditions that must always be true, and alarms (events) that must never be raised. SafeProp safeRRC = IC -> GD; alarm violation = start (!safeRRC); Auxilliary variables may be used to store history. endIC-> { num_train_pass++; } 9/11/2018

Railroad Crossing Example MonScr RailRoadCrossing export event startIC, endIC, startGD, endGD; MonVarDcl : float RRC.train_x; int RRC.train_length; int RRC.cross_x; int RRC.cross_length; MonMethodDcl: Gate.gd(); Gate.gu(); CondDef: Cond IC = RRC.train_x + RRC.train_length > RRC.cross_x && RRC.train_x <= RRC.cross_x + RRC.cross_length; EventDef: Event startIC = start(IC); Event endIC = end(IC); Event startGD = end_m(Gate.gd()); Event endGD = start_m(Gate.gu()); End ReqSpec RailRoadCrossing import event startIC, endIC, startGD, endGD; AuxVar int num_train_pass = 0; CondDef: Cond IC = [startIC, endIC]; Cond GD = [startGD, endGD]; Cond slowTrain = time(endIC)-time(startIC) > 3000; SafePropDef: SafeProp safeRRC = IC -> GD; endIC -> { num_train_pass ++; } End Legend Green : program variables and methods Blue : event Orange : condition Red : property 9/11/2018

The Current MaC Prototype System MaC instruments Java bytecode, not a source code. Filter resides in the host of target program as a separate thread. Whenever monitored variables are changed or specified execution points are reached, the filter sends updated value and time stamp to the event recognizer. Whenever an event-recognizer receives new information from filter, it evaluates condition and event description and sends evaluation result to the run-time checker. MaC works on multi-threaded applications 9/11/2018

Conclusion A MaC framework conducts a run-time formal analysis based on monitoring script written in PEDL/MEDL. This framework can detect incorrect execution of applications and increase the assurance of applications. Current MaC prototype works on target application written in Java. However, MaC framework can be extended to applications written in any language. Case Studies: Railroad Crossing Systems Web-based Database Client A simulator of Micro Air Vehicle of Naval Research Laboratory 9/11/2018

Current and Future Work Performance Tuning of Prototype Implementation Three Valued Logic Steering Functional Checking Monitoring Distributed Systems Application Area Monitoring security property in mobile program http://www.cis.upenn.edu/~rtg/mac 9/11/2018

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.