Heisenberg-Effect-Free Runtime Verification of Real-Time Properties
description
Transcript of Heisenberg-Effect-Free Runtime Verification of Real-Time Properties
![Page 1: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/1.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
2009
Heisenberg-Effect-Free Runtime Verification ofReal-Time Properties
Gerardo SchneiderDept. of InformaticsUniversity of Oslo
January 2009
![Page 2: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/2.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
22009
Heisenberg Effect
Observing reality... changes reality
We will see what all these mean in the
context of Runtime Verification
Werner Heisenberg (1901-1976)Nobel Prize in Physics (1932)
![Page 3: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/3.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
32009
Outline
Runtime Verification
The Heisenberg effect in RV
How to solve the Heisenberg effect in RV?
![Page 4: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/4.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
42009
Runtime Verification
----------------------------Specification----------------------------
----------------------------Specification----------------------------
![Page 5: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/5.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
52009
A ’send’ should only be followed by an ’ack’
Runtime Verification
A
!send
?ack
B
?send
!ack
send
ack
send
ack
error
send
ack
else else
M
send
ack
send
ack
A B A B
![Page 6: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/6.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
62009
Heisenberg Effect in RV (with Time)
A
!send
?ack
B
?send
!ack
send
ack
A B
A ’send’ should only be followed by an ’ack’
Any ’send’ must be followed by an ’ack’ within 30 sec
0 1
2628
send
ack
0 2
2730
A B
B ”knows” that there is at most 3 sec delay between sending his ’ack’ and receiving it
![Page 7: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/7.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
72009
Heisenberg Effect in RV (with Time)
A
!send
?ack
B
?send
!ack
error
send; t:=0
ack; t<=30
else else
M
send
ack
A Bsend
ack
A B
2
2730
03
2732
0
B canot rely anymore on his ”knoweldge” of the system!
The monitor ”invalidates” a valid property,
because it slows down the system
![Page 8: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/8.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
82009
Heisenberg Effect in RV (with Time)
Adding a monitor at runtime slows down the system
and may invalidate certain properties which would be valid otherwise
Eliminating a monitor at runtime speeds up the system
and may invalidate certain properties which would be valid otherwise
![Page 9: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/9.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
92009
How to avoid the Heisenberg Effect in RV
![Page 10: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/10.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
102009
Slow-down and Speed-up Truth Preservation
normal
slowed
speeded
![Page 11: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/11.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
112009
Duration Calculus
![Page 12: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/12.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
122009
Duration Calculus - Examples
”For any period any leak should be detectable and stoppable withing 1 sec”
□ (ǁLeakǁ → l ≤ 1)
□ - for any subintervalǁ.ǁ - ”almost everywhere” insidel – ”length” of an interval
”After any leak in this period the gas burner cannot switch on gas for 30 sec”
□ ((ǁLeakǁ ; ǁ¬ Leakǁ ; ǁLeakǁ) → l ≥30)
; - ”chop” operator
![Page 13: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/13.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
132009
Slow-Down Truth Preserving Properties
”The number of bad logins cannot exceed 3 in a period of one hour”
□ (badlog > 3 → l > 3600)
”After any leak in this period the gas burner cannot switch on gas for 30 sec”
□ ((ǁLeakǁ ; ǁ¬ Leakǁ ; ǁLeakǁ) → l ≥ 30)
![Page 14: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/14.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
142009
Speed-Up Truth Preserving Properties
”Any ’send’ must be followed by an ’ack’ within 30 sec”
”For any period any leak should be detectable and stoppable withing 1 sec”
□ (ǁLeakǁ → l ≤ 1)
![Page 15: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/15.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
152009
Slow-down and Speed-up Truth Preservation
Remarks:
- Properties without time (duration) are both slow-down and speed-up truth preserving
- Properties containing both lower and upper bounds are none
![Page 16: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/16.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
162009
How to Avoid the Heisenberg Effect in RV?
Use a monitor at runtime only for
Slow-Down Truth Preserving properties
Use a monitor during testing only for
Speed-Up Truth Preserving properties
![Page 17: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/17.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
172009
What Is Behind the Stage?
Definition of suitable automata for RV with real-time (DATE)
A sound translation from Phase Automata into DATEs•There exists a translation from DC into Phase Automata (characterize ”implementable” DC) ([Bouajjani et al.95], [Hoenicke06])
Formal definition and theoretical results on time transformation•Time stretching and compressing•Slow-down and speed-up invariance
Theory applied to Duration Calculus•Syntactic characterization of sdtp and sutp•Semantic characterization of time stretching and compressing
![Page 18: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/18.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
182009
DATE: Dynamic Automata with Timers & Events
![Page 19: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/19.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
192009
What All These Mean in Practice?
Slowdown Truth Preserving prop.
(DC)
Monitor(DATE)
Monitor the System
(Java program)
At Runtime
Speedup Truth Preserving prop.
(DC)
Monitor(DATE)
Monitor the System
(Java program)
During Testing
![Page 20: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/20.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
202009
*
AspectJMatching method names
AspectJMatching method names
USERUSER
* Logical Automata for Runtime Verification and Analysis (http://www.cs.um.edu.mt/svrg/Tools/LARVA/)
![Page 21: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/21.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
212009
Conclusions
![Page 22: Heisenberg-Effect-Free Runtime Verification of Real-Time Properties](https://reader035.fdocuments.in/reader035/viewer/2022081515/56814781550346895db4b254/html5/thumbnails/22.jpg)
Gerardo Schneider
Department of InformaticsUniversity of Oslo
222009
Credits
Joint work with Christian Colombo and Gordon Pace
C. Colombo, G. Pace and G. Schneider. Dynamic event-based runtime monitoring of real-time and contextual properties. In FMICS’08. LNCS, to appear
C. Colombo, G. Pace and G. Schneider. Heisenberg-effect-free Runtime Verification of Java Programs with Real-Time Properties. To be submitted soon
LARVA: http://www.cs.um.edu.mt/svrg/Tools/LARVA/