1 / 35

Program Monitoring with LTL in EAGLE

Explore how EAGLE, with Linear Temporal Logic, offers a robust framework for program monitoring and runtime verification, overcoming limitations of model-checking. Understand the algorithm and its implications.

delva
Download Presentation

Program Monitoring with LTL in EAGLE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Program Monitoring with LTL in EAGLE H Barringer, A Goldberg, K Havelund, K Sen 8th August 2007 Presented by Shin Hong at PSWLAB, KAIST 2019-12-19 Program Monitoring with LTL in EAGLE Program Monitoring with LTL in EAGLE 1

  2. Contents Introduction EAGLE Linear Temporal Logic in EAGLE Algorithm Conclusion References Program Monitoring with LTL in EAGLE

  3. Introduction (1/4) • The correctness of a software is very important today. • Verification tools have been developed. • Model-checking technologies have been used successfully for relatively small-scale models. 2019-12-19 Program Monitoring with LTL in EAGLE Program Monitoring with LTL in EAGLE 3

  4. Introduction (2/4) • But model-checking technologies have serious limitation for their application to full-scale models. • Shift in the way model checking technologies are being applied  from full state space coverage to bounded use for sophisticated testing.  from static application to dynamic application.  Runtime Verification Program Monitoring with LTL in EAGLE

  5. Introduction (3/4) • In runtime verification, an observer monitors the execution of a program and checks its conformity with a requirement specification. • A variety of runtime verification systems have been proposed. • Also a wide variety of monitoring logics to specify requirement specifications have been proposed. Program Monitoring with LTL in EAGLE

  6. Introduction (4/4) • Each monitoring logic is specialized to specify certain requirement specifications. • The monitoring logic that user can specify with depends on the runtime verification system user chose.  EAGLE is proposed to support a general framework for defining monitoring logics. Program Monitoring with LTL in EAGLE

  7. Contents • Introduction • EAGLE • LTLogic in EAGLE • Algorithm • Conclusion • References Program Monitoring with LTL in EAGLE

  8. EAGLE (1/7) • EAGLE has been designed specially as a general purpose kernel temporal logic for runtime-monitoring. • Users can define some monitoring logics using this set of primitives. Program Monitoring with LTL in EAGLE

  9. EAGLE (2/7) • EAGLE offers a succinct but powerful set of primitives that supports • Recursive parameterized equations • Minimal/maximal fix-point semantics • Three temporal operators: next-time, previous-time, and concatenation. Program Monitoring with LTL in EAGLE

  10. EAGLE (3/7) • Ex. • Some temporal logics can be expressed as recursive equations. □F ≡ F ∧ ○(□F) ◇F ≡ F ∨ ○(◇F) In EAGLE, maxAlways(Form F) = F ∧ ○Always(F) minSometime(Form F) = F ∨○Sometime(F) Program Monitoring with LTL in EAGLE

  11. EAGLE (4/7) • Example Requirement specification: Whenever we reach a state where x=k>0 For some value k, then eventually we will reach a state at which y==k. In LTL, □(x > 0  ∃k.(k=x∧ ◇(y=k))) In EAGLE, minR(int k) = Sometime(y==k) monM = Always(x>0  R(x)) Program Monitoring with LTL in EAGLE

  12. EAGLE (5/7) • Syntax • Parameters are typed, such as int, long, float, etc. • Monitor can not have a recursive definition. Program Monitoring with LTL in EAGLE

  13. EAGLE (6/7) • Semantics For 0 ≤ i ≤ |σ| + 1 Program Monitoring with LTL in EAGLE

  14. EAGLE (7/7) Program Monitoring with LTL in EAGLE

  15. Contents • Introduction • EAGLE • LTL in EAGLE • Algorithm • Conclusion • References Program Monitoring with LTL in EAGLE

  16. LTL in EAGLE (1/3) • Semantic definitions for LTL Program Monitoring with LTL in EAGLE

  17. LTL in EAGLE (2/3) • We can define a corresponding EAGLE rule for each LTL temporal operator. • Future time temporal operators min Next(Form F) = ○F max Always(Form F) = F ∧ ○(Always(F)) min Sometime(Form F) = F ∨ ○(Sometime(F)) min Until(Form F1, Form F2) = F2 ∨(F1 ∧ ○(Until(F1,F2))) max Unless(Form F1, Form F2)=F2∨(F1 ∧ ○(Until(F1,F2))) Program Monitoring with LTL in EAGLE

  18. LTL in EAGLE (3/3) • Past time temporal operators min Previous(Form F ) = ⊙F max AlwaysPast(Form F) = F ∧ ⊙(Always(F)) min SometimePast(Form F) = F ∨ ⊙(SometimePast(F)) min Since(Form F1, Form F2) = F2 ∨(F1 ∧ ⊙(Until(F1,F2))) max Zince(Form F1, Form F2) = F2∨(F1 ∧ ⊙(Until(F1,F2))) • User can transform LTL into EAGLE monitor mechanically. Program Monitoring with LTL in EAGLE

  19. Contents • Introduction • EAGLE • LTL in EAGLE • Algorithm • Conclusion • References Program Monitoring with LTL in EAGLE

  20. Algorithm (1/13) • EAGLE uses three major functions to determine whether a monitoring formula holds for some sequences of states. • eval, update, value functions. • For each state, EAGLE continuously evaluates the formula which must be satisfied in next state. Program Monitoring with LTL in EAGLE

  21. Algorithm (2/13) eval function Definitioneval : Form X State Form The evaluation of a formula F on a state s=σ(i) in a trace σ results in another formula eval(F,s) with the property that σ,i⊨F if and only if σ,i+1 ⊨eval(F,s) e.g. mon M1 = Next(x==1) mon M2 = Always(y==1) σ = s1 s2 s3 s4… eval(Next(x==1), s1) = x==1 eval(Always(y==1), s1) = if s1⊨ y==1,, Always(y==1) otherwise, false Program Monitoring with LTL in EAGLE

  22. Algorithm (3/13) Program Monitoring with LTL in EAGLE

  23. Algorithm (4/13) update function • Definition of function update • Form X State Form • Role of the function update • Pre-evaluate a formula if it is guarded by a previous operator. • σ,i ⊨○F if and only if σ,i+1 ⊨ update(F,s) Program Monitoring with LTL in EAGLE

  24. Algorithm (5/13) Program Monitoring with LTL in EAGLE

  25. Algorithm (6/13) value function • Definition value : Form {true, false} • The value of a formula F at the end of a trace is given by value(F). • Given a sequence of states s1 s2 … sn, an LTL formula F is said to be satisfied if and only if value(eval(…eval (eval (F, s1), s2) … sn)) is true. Program Monitoring with LTL in EAGLE

  26. Algorithm (7/13) Program Monitoring with LTL in EAGLE

  27. Algorithm (8/13) • Modifying general EAGLE slightly, eval, update, and value functions can be defined a priori for all LTL operators. • Future Time Operators - Next eval(Next(F), s) = eval(○F, s) update(Next(F), s) = Next(update(F,s)) - Always eval(Always(F), s) = eval(F∧○Always(F),s) update(Always(F), s) = Always(update(F, s)) Program Monitoring with LTL in EAGLE

  28. Algorithm (9/13) • Past Time Operators If a rule contains a formula F guarded by a previous operator on its right hand side then we evaluate F at every event and use the result of the evaluation in the next state. For every formula guarded by a previous operator, We introduce an additional argument in the rule and use these arguments in the definition of eval and update for this rule Program Monitoring with LTL in EAGLE

  29. Algorithm (10/13) • Previous Previous(F)  Previous’(F, false) eval(Previous’(F,past1), s) = eval(past1, s) update(Previous’(F,past1), s)=Previous’(update(F,s), eval(F,s)) • AlwaysPast AlwaysPast(F)  AlwaysPast’(F, true) eval(AlwaysPast’(F, past1), s) = eval(F∧past1, s) update(AlwaysPast’(F, past1),s) = AlwaysPast’(update(F,s),eval(AlwaysPast’(F,past1), s)) Program Monitoring with LTL in EAGLE

  30. Algorithm (11/13) Ex. ◇(x > 0 ∧ ▣(y == 0)) mon M = Sometime((x>0) ∧ AlwaysPast(y==0)) s1 = (x,y) = (0, 0) M = Sometime((x>0) ∧ AlwaysPast’(y==0, true)) eval(M,s1)=eval( ((x>0) ∧ AlwaysPast’(y==0, true)) ∨ ○Sometime((x>0) ∧ AlwaysPast’(y==0, true),s1) = false∨eval(○Sometime((x>0)∧AlwaysPast’(y==0, true)), s1) =update(Sometime((x>0) ∧ AlwaysPast’(y==0, true)), s1) = Sometime(update( (x>0) ∧AlwaysPast’(y==0, true))) Program Monitoring with LTL in EAGLE

  31. Algorithm (12/13) eval(M,s1) = Sometime(update( (x>0) ∧AlwaysPast’(y==0, true), s1)) = Sometime( (x>0)∧update(AlwaysPast’(y==0, true),s1)) = Sometime( (x > 0) ∧ AlwaysPast’(update(y==0), eval(AlwaysPast’(y==0, true), s1)) = Sometime((x >0) ^ AlwaysPast’(y==0, eval(y==0 ^true, s1)) = Sometime((x>0) ^ AlwaysPast’(y==0, true)) Program Monitoring with LTL in EAGLE

  32. Algorithm (13/13) s2 = (1, 0) eval(Sometime((x>0) ^ AlwaysPast’(y==0, true)), s2) =eval((x>0) ^ AlwaysPast’(y==0, true) ∨ ○Sometime((x>0) ^ AlwaysPast’(y==0, true)), s2) = eval(x>0) ^ eval(AlwaysPast’(y==0, true)) ∨ eval(○Sometime((x>0) ^ AlwaysPast’(y==0, true)), s2)) = true∨eval(○Sometime((x>0) ^ AlwaysPast’(y==0, true)), s2)) = true Program Monitoring with LTL in EAGLE

  33. Conclusion • EAGLE can express LTL like monitoring logics such as Past Time LTL, Future Time LTL, MTL, interval logics, ERE, etc. • HAWK – Event-based RV on EAGLE. Program Monitoring with LTL in EAGLE

  34. References [1] Program Monitoring with LTL in EAGLE, H Barringer, A Goldberg, K Havelund, K Sen, PADTAD’04. [2] Rule-based Runtime Verification H Barringer, A Goldberg, K Havelund, K Sen, VMCAI’04. Program Monitoring with LTL in EAGLE

  35. max Always(Form F) = F ∧ ○Always(F) mon M = Always(F1) eval(Always(F1), s) = eval(F1∧○Always(F1), s) = eval(F1,s) ∧ eval(○Always(F1), s) eval(○Always(F1), s) = update(Always(F1),s) =update(F1∧○Always(F1),s) =update(F1) ∧○update(Always(F1),s) …  update(○Always(F1), s) = update(F1)∧○Always(F1) Program Monitoring with LTL in EAGLE

More Related