1 / 22

Heisenberg-Effect-Free Runtime Verification of Real-Time Properties

Gerardo Schneider Dept. of Informatics University of Oslo. Heisenberg-Effect-Free Runtime Verification of Real-Time Properties. January 2009. Heisenberg Effect. Observing reality... changes reality. We will see what all these mean in the context of Runtime Verification.

waneta
Télécharger la présentation

Heisenberg-Effect-Free Runtime Verification of Real-Time Properties

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Gerardo Schneider Dept. of Informatics University of Oslo Heisenberg-Effect-Free Runtime Verification ofReal-Time Properties January 2009

  2. Heisenberg Effect Observing reality... changes reality We will see what all these mean in the context of Runtime Verification Werner Heisenberg(1901-1976) Nobel Prize in Physics (1932)

  3. Outline Runtime Verification The Heisenberg effect in RV How to solve the Heisenberg effect in RV?

  4. Runtime Verification Monitored System Monitoring SYSTEM FEEDBACK EVENTS ----------------------------Specification ----------------------------

  5. Runtime Verification !send ?send M send ack A ’send’ should only be followed by an ’ack’ A B else else error ?ack !ack A A B B send send ack send ack send ack ack

  6. Heisenberg Effect in RV (with Time) !send ?send A ’send’ should only be followed by an ’ack’ A B Any ’send’ must be followed by an ’ack’ within 30 sec ?ack !ack B A A B send send 0 2 0 B ”knows” that there is at most 3 sec delay between sending his ’ack’ and receiving it 1 27 ack 26 ack 30 28

  7. Heisenberg Effect in RV (with Time) !send ?send M send; t:=0 ack; t<=30 A B else else error ?ack !ack The monitor ”invalidates” a valid property, because it slows down the system B A A B send send 0 2 0 1 0 0 3 2 B canot rely anymore on his ”knoweldge” of the system! 27 ack 26 ack 30 27 27 28 32 30

  8. Heisenberg Effect in RV (with Time) Adding a monitor at runtime slows down the system and may invalidate certain properties which would be valid otherwise Eliminating a monitor at runtime speeds up the system and may invalidate certain properties which would be valid otherwise

  9. How to avoid the Heisenberg Effect in RV

  10. Slow-down and Speed-up Truth Preservation normal slowed speeded

  11. Duration Calculus

  12. Duration Calculus - Examples ”For any period any leak should be detectable and stoppable withing 1 sec” □ (ǁLeakǁ → l ≤ 1) □ - for any subinterval ǁ.ǁ - ”almost everywhere” inside l – ”length” of an interval ”After any leak in this period the gas burner cannot switch on gas for 30 sec” □ ((ǁLeakǁ ; ǁ¬ Leakǁ ; ǁLeakǁ) → l ≥30) ; - ”chop” operator

  13. Slow-Down Truth Preserving Properties ”After any leak in this period the gas burner cannot switch on gas for 30 sec” □ ((ǁLeakǁ ; ǁ¬ Leakǁ ; ǁLeakǁ) → l ≥ 30) ”The number of bad logins cannot exceed 3 in a period of one hour” □ (badlog > 3 → l > 3600)

  14. Speed-Up Truth Preserving Properties ”For any period any leak should be detectable and stoppable withing 1 sec” □ (ǁLeakǁ → l ≤ 1) ”Any ’send’ must be followed by an ’ack’ within 30 sec”

  15. Slow-down and Speed-up Truth Preservation • Remarks: • - Properties without time (duration) are both slow-down and speed-up truth preserving • - Properties containing both lower and upper bounds are none

  16. How to Avoid the Heisenberg Effect in RV? Use a monitor at runtime only for Slow-Down Truth Preserving properties Use a monitor during testing only for Speed-Up Truth Preserving properties

  17. What Is Behind the Stage? Definition of suitable automata for RV with real-time (DATE) A sound translation from Phase Automata into DATEs • There exists a translation from DC into Phase Automata (characterize ”implementable” DC) ([Bouajjani et al.95], [Hoenicke06]) Formal definition and theoretical results on time transformation • Time stretching and compressing • Slow-down and speed-up invariance Theory applied to Duration Calculus • Syntactic characterization of sdtp and sutp • Semantic characterization of time stretching and compressing

  18. DATE: Dynamic Automata with Timers & Events

  19. What All These Mean in Practice? At Runtime Monitor the System (Java program) Monitor (DATE) Slowdown Truth Preserving prop. (DC) During Testing Monitor the System (Java program) Monitor (DATE) Speedup Truth Preserving prop. (DC)

  20. * System Monitoring SYSTEM (DATE: Dynamic Automata with Timers and Events) FEEDBACK AspectJ Matching method names EVENTS Report USER * Logical Automata for Runtime Verification and Analysis (http://www.cs.um.edu.mt/svrg/Tools/LARVA/)

  21. Conclusions

  22. Credits • Joint work with Christian Colomboand Gordon Pace • C. Colombo, G. Pace and G. Schneider. Dynamic event-based runtime monitoring of real-time and contextual properties. In FMICS’08. LNCS, to appear • C. Colombo, G. Pace and G. Schneider. Heisenberg-effect-free Runtime Verification of Java Programs with Real-Time Properties.To be submitted soon • LARVA: http://www.cs.um.edu.mt/svrg/Tools/LARVA/

More Related