run time verification
play

Run-time Verification Oleg Sokolsky CIS 673 Fall 2006 Outline - PowerPoint PPT Presentation

Nov 05, 2023 •219 likes •952 views

Run-time Verification Oleg Sokolsky CIS 673 Fall 2006 Outline Motivation and overview Why run-time verification Formal methods and run-time verification Property specification Incremental property checking MaC

  1. Run-time Verification Oleg Sokolsky CIS 673 Fall 2006

  2. Outline ► Motivation and overview – Why run-time verification – Formal methods and run-time verification – Property specification – Incremental property checking ► MaC framework ► Applications Run-time verification

  3. Motivation ► Run of a large system – real or simulated – produces lots of observations ► How do we make sense of a simulation run? ► Different aspects may be interesting: – Is it correct? – Does it have the necessary performance, reliability, etc.? – Are simulation parameters and input data suitable? ► Each of these questions is a property that needs to be checked Run-time verification

  4. Properties of runs ► Behavioral – Sequencing of events – Correlation between values • Boolean ► Timing – Duration of interactions and computations – Timeliness • Boolean or quantitative ► Quality of service – Collection of statistics, aggregation of data • Mostly quantitative Run-time verification

  5. Checking properties of runs ► By direct observation – No tools needed – Possible for simple and short traces ► By a custom checker – Checkers can be simple (e.g. PERL scripts) – Works fine if there are few fixed properties to check ► By a checker for a suitable property specification language – Flexible – Can be formal Run-time verification

  6. Formal methods ► Specification – Precisely state what the system should be doing • Based on a language with mathematical semantics ► Verification – Prove that the system does the right thing • Use formal semantics to develop checking algorithms ► Satisfaction relation M P ► Model checking – Algorithms for automatic checking of satisfaction Run-time verification

  7. Temporal logic properties ► Describe evolving systems, that go through sequences of “worlds” ► Behavioral properties – Worlds are characterized by atomic propositions – Operators • Future: “eventually”, “globally”, “until” • Past: “previously”, “since” ► Quantitative properties – Worlds contain quantitative information – Operators • “eventually within interval”, “at least that much throughput” Run-time verification

  8. Model checking Run-time verification

  9. Formal methods drawbacks ► “Garbage in, garbage out” – Large detailed models are almost as hard to craft as code, and have less tool support – Analysis is as good as the model ► Only small models can be exhaustively analyzed – Rather than proving correctness, formal methods provide sophisticated debugging support ► Only simple models can be refined into code – If implementation is not fully automatic, what have we learned from analyzing the model? Run-time verification

  10. Formal methods at run time ► Compared to model checking, there is no model – Execution trace is used as the model ► Trace extraction is easier than model extraction – No overapproximation involved ► Property checking on a trace is easier than over an arbitrary model ► Obviously, a weaker result is proved – Applies to current execution and not all executions • Can be generalized in some restricted cases Run-time verification

  11. Verification vs. runtime verification Run-time verification

  12. Monitoring behavioral properties ► Formulas in a temporal logic ► Always evaluated over a finite execution trace ► Safety properties – “something bad does not happen” • Raise alarm when the bad happens ► Liveness properties – Requires non-traditional interpretation • Check satisfaction at trace end, or • Check if finite trace can be extended to a compliant inifinite trace ► We will consider safety properties only Run-time verification

  13. Checking a property of a trace ► Satisfaction relation t: ► Simple algorithm, linear in the trace length ► At each step, trace becomes longer t’: ► Furthermore, traces are too big to store ► Need a different approach Run-time verification

  14. Incremental checking of a trace ► In fact, we do not need to check the whole trace over and over again ► Keep a checker state – values of all subformulas ► Upon each observation, update checker state checker state ► When a “verdict” state is reached, report property value Run-time verification

  15. What about quantitative properties? ► Checker state need not be all boolean ► Auxiliary variables can store – Time instances and intervals – Event counts – Aggregate values – … ► Predicates over auxiliary variables can be used as new atomic formulas ► “Verdict” states can also report values stored in auxiliary variables Run-time verification

  16. Requirements vs. observations ► Ultimately, properties determine what observations are relevant – Each atomic statement has to be matched to an observation ► System requirements are high-level and independent of an implementation ► Run-time observations are low-level and implementation-specific – Software: variable assignments, function calls, exceptions, etc. – Network: send, receive, route packets, update routing tables, etc. ► Need an abstraction layer to match the two Run-time verification

  17. Trace extraction ► Too much information is just too much! – Trace is a sequence of observations • A temporal projection of execution – Observation is a projection of system state • Keep only relevant state components ► Too little information is a problem, too – Did you miss anything important? – Can you observe everything you need? • Not an issue with simulations, unless the model is a black box – Can you observe well enough? Run-time verification

  18. Running example ► Simulation of a railroad crossing ► Requirement: train in crossing => gate is down ► Observations: – gateUp, gateDown – changes in gate status – raiseGate, lowerGate – commands to move gate – position – coordinate of the train along the track Run-time verification

  19. Outline ► Motivation and overview ► MaC framework – Architecture – Specification languages – Implementation – Extensions ► Applications Run-time verification

  20. MaC: Monitoring and Checking ► Designed at U. Penn since 1998 ► Components: – Architecture for run-time verification – Languages for monitoring properties and trace abstraction – Steering in response to alarms ► Prototype implementation – Implementation of checking algorithms – Recognition of high-level events – For Java programs: automatic instrumentation Run-time verification

  21. MaC architecture Properties in MaC Language Program PEDL SADL MEDL Instrumentor MaC Compilers Program low-level high-level alarms Filter Monitor Checker information information MaC Verifiers feedback Run-time verification

  22. MaC languages PEDL Abstract state: Run-time state: • events • control locations • conditions • object state • auxiliary variables • local variables SADL MEDL ► PEDL: Primitive Event Definition Language – abstraction ► MEDL: Meta Event Definition Language – abstract transformation ► SADL: Steering Action Definition Language – feedback Run-time verification

  23. Properties: events and conditions ► Natural distinction for monitoring properties: instantaneous vs. durational – Instantaneity depends on time granularity ► Motivations for the distinction: – Specification styles – state vs. event-based – Cannot monitor every time instance ► What is the value between trace states? – If you saw something in an observation, is it still there while you are not looking? • Yes – it is a condition • No – it is an event Run-time verification

  24. Example: hundred years’ war ► The war is a condition ► Battles are events – Battle durations notwithstanding ► Events change the state of conditions – end(War)=FallOfBordeaux – FinalDefeat = [FallOfParis,FallOfBordeaux) Declaration Battle of Battle of Battle of Fall of Fall of of war Crecy Poitiers Agincourt Paris Bordeaux 1337 1346 1356 1415 1436 1453 Run-time verification

  25. Logical foundation ► LEC : 2-sorted logic: events and conditions ► Syntax: = ∨ ∧ E :: e | start ( C ) | end ( C ) | E E | E E | E when C 1 2 1 2 = ¬ ∨ ∧ C :: c | [ E , E ) | C | C C | C C 1 2 1 2 1 2 ► Operator [., .) pairs events to define an interval ► Operators start and end define the events at the instant when conditions change their value [ e 1 , e 2 ) [ e 1 , e 2 ) start([ e 1 , e 2 )) end([ e 1 , e 2 )) e 1 e 2 Run-time verification

  26. Operators ► Interval operator: [e 1 ,e 2 ) – Becomes true when e 1 occurs – Becomes false when e 2 occurs e 1 e 2 [e 1 ,e 2 ) [e 1 ,e 2 ) [e 1 ,e 2 ) false true false Time ► When operator e when c e when c c = true c = false c = false Time e e Run-time verification

  27. Semantic function ► Formally, a model M = ( S , τ , L C , L E ) – S = { s 0 , s 1 , …} is a sequence of states – τ is a mapping from S to a time domain – L C ( s , c ) is a function that assigns to each state s the truth value of primitive condition c – L E ( s , e ) is a partial function defined for each event e that occurs at s ► M , t ╞ c means a condition c being true in a model M at time t ► M , t ╞ e means an event e occurring in a model M at time t Run-time verification

Recommend

A Survey of Classical, Real-Time, and Time-Bounded Verification Jol Ouaknine Department of

A Survey of Classical, Real-Time, and Time-Bounded Verification Jol Ouaknine Department of

A Survey of Classical, Real-Time, and Time-Bounded Verification Jol Ouaknine Department of Computer Science Oxford University Quantitative Model Checking Winter School, February 2012 The Classical Theory of Verification Automata e T t a

1.6k views • 137 slides
Test and Verification Solutions The Verification Experts Essentials for Developing and Deploying

Test and Verification Solutions The Verification Experts Essentials for Developing and Deploying

Test and Verification Solutions The Verification Experts Essentials for Developing and Deploying SV-based VIP DV Club Presentation (23 April 2012) NEED FOR VERIFICATION IP Why do we need VIPs? Time To Market Ready-to-integrate models

403 views • 22 slides
Real Time Video & Driver ID Verification From Vehicles Context is Everything Just like

Real Time Video & Driver ID Verification From Vehicles Context is Everything Just like

Real Time Video & Driver ID Verification From Vehicles Context is Everything Just like Mission Impossible, but real We develop TRUE real-time wireless video surveillance solutions to some of the worlds most demanding customers, where

562 views • 18 slides
Run-time firmware integrity verification: what if you cant trust your network card? Loc

Run-time firmware integrity verification: what if you cant trust your network card? Loc

Run-time firmware integrity verification: what if you cant trust your network card? Loc Duflot , Yves-Alexis Perez , Benjamin Morin Agence Nationale de la Scurit des Systmes dInformation Introduction & reminder Last year...

467 views • 44 slides
Specification and verification in the field: Applying formal methods to BPF just-in-time

Specification and verification in the field: Applying formal methods to BPF just-in-time

Specification and verification in the field: Applying formal methods to BPF just-in-time compilers in the Linux kernel Luke Nelson, Jacob Van Geffen, Emina Torlak, and Xi Wang University of Washington Goal: formally verified (e)BPF JITs in the

267 views • 22 slides
Run-time firmware integrity verification: what if you cant trust your network card?

Run-time firmware integrity verification: what if you cant trust your network card?

Run-time firmware integrity verification: what if you cant trust your network card? International Symposium on Recent Advances in Intrusion Detection Menlo Park, September 2011 Loc Duflot, Yves-Alexis Perez, Benjamin Morin ANSSI French

627 views • 37 slides
Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records OVERVIEW 01 04 Scope of Verification Peggys Picks Types of verification, Verifying exam results or parameters, privacy graduation using databases

1.25k views • 81 slides
DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification Projects Birth Record Verification State to State Verification DIVS State to State Verification Service (S2S) Program Benefits Mission

349 views • 8 slides
SYSTEMS USING SOFTWARE VERIFICATION Parasara Sridhar Duggirala UConn Mahesh Viswanathan

SYSTEMS USING SOFTWARE VERIFICATION Parasara Sridhar Duggirala UConn Mahesh Viswanathan

ANALYZING REAL TIME LINEAR CONTROL SYSTEMS USING SOFTWARE VERIFICATION Parasara Sridhar Duggirala UConn Mahesh Viswanathan UIUC Real-Time Systems + Linear Control Systems + Verification Verification Control systems Real Time Systems

452 views • 43 slides
Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

The Center for Verification and Evaluation (CVE) Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive Support Services Agenda What is Re-Verification? o Simplified Reverification Program VIP

320 views • 21 slides
WP verification methodology and tools Paul Jackson School of Informatics University of Edinburgh

WP verification methodology and tools Paul Jackson School of Informatics University of Edinburgh

WP verification methodology and tools Paul Jackson School of Informatics University of Edinburgh Formal Verification Spring 2017 Levels of formal verification Checking freedom from run-time exceptions Dominant level for Spark tools

263 views • 8 slides
Verification & Validation Verification is getting the system right : Verification and

Verification & Validation Verification is getting the system right : Verification and

Verification & Validation Verification is getting the system right : Verification and Validation Does the program you built do what you designed it to do? Dr. James A. Bednar Validation is getting the right system : jbednar@inf.ed.ac.uk

331 views • 8 slides
Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Verification and Validation Steven Zeil February 13, 2013 Verification and Validation Outline The Process 1 Non-Testing V&V 2 Code Review Mathematically-based verification Static analysis tools

790 views • 55 slides
Formal Verification of Real Time Systems Timed Automata Radek Pel anek Basic Concepts

Formal Verification of Real Time Systems Timed Automata Radek Pel anek Basic Concepts

Basic Concepts Theoretical Results Practical Verification Summary Formal Verification of Real Time Systems Timed Automata Radek Pel anek Basic Concepts Theoretical Results Practical Verification Summary Aim of the Lecture knowledge of

849 views • 67 slides
Robustness in real-time systems Nicolas Markey LSV, CNRS & ENS Cachan, France SIES11

Robustness in real-time systems Nicolas Markey LSV, CNRS & ENS Cachan, France SIES11

Robustness in real-time systems Nicolas Markey LSV, CNRS & ENS Cachan, France SIES11 June 15, 2011 Verification of (real-time) computerized systems system: property: Always safe model-checking algorithm yes/no Verification of

1.38k views • 90 slides
Modeling and Verification OUTLINE of Real Time Systems A Brief Introduction Historical

Modeling and Verification OUTLINE of Real Time Systems A Brief Introduction Historical

Modeling and Verification OUTLINE of Real Time Systems A Brief Introduction Historical remarks, what are the problems to solve Untimed Systems Transition systems, and composition Basic model-checking algorithms: CTL and

309 views • 10 slides
ESP - - Path Path- -Sensitive Sensitive ESP Program Verification in Program Verification in

ESP - - Path Path- -Sensitive Sensitive ESP Program Verification in Program Verification in

ESP - - Path Path- -Sensitive Sensitive ESP Program Verification in Program Verification in Polynomial Time Polynomial Time M. Das, S. Lerner, M. Seigle M. Das, S. Lerner, M. Seigle PLDI '02 PLDI '02 Partial program verification

705 views • 24 slides
An Overview of The Time Triggered Architecture (TTA) And its Formal Verification John Rushby

An Overview of The Time Triggered Architecture (TTA) And its Formal Verification John Rushby

An Overview of The Time Triggered Architecture (TTA) And its Formal Verification John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I TTA Overview: 1 The Time-Triggered Architecture: What

838 views • 71 slides
Guarded Kleene Algebra with Tests Verification of Uninterpreted Programs in Nearly Linear Time

Guarded Kleene Algebra with Tests Verification of Uninterpreted Programs in Nearly Linear Time

Guarded Kleene Algebra with Tests Verification of Uninterpreted Programs in Nearly Linear Time Steffen Smolka 1 Nate Foster 1 Justin Hsu 2 e 3 Dexter Kozen 1 Alexandra Silva 3 Tobias Kapp 1 Cornell University 2 University of Wisconsin-Madison 3

1.15k views • 80 slides
Modeling and Verification of Real-time/Hybrid/Cyber-Physical Systems via Concurrent Co-inductive

Modeling and Verification of Real-time/Hybrid/Cyber-Physical Systems via Concurrent Co-inductive

Motivation Background Contribution Summary Modeling and Verification of Real-time/Hybrid/Cyber-Physical Systems via Concurrent Co-inductive Constraint Logic Programming Neda Saeedloei Department of Computer Science University of Texas at

929 views • 77 slides
Towards Run-time Verification in Access Control Fatih Turkmen 1 , EJ Jung 2 , Bruno Crispo 1 1

Towards Run-time Verification in Access Control Fatih Turkmen 1 , EJ Jung 2 , Bruno Crispo 1 1

Towards Run-time Verification in Access Control Fatih Turkmen 1 , EJ Jung 2 , Bruno Crispo 1 1 DISI, University of Trento, Italy 2 CS dept, University of San Francisco, USA Motivation How can we exploit existing software model checking tools

328 views • 19 slides
Verification regulations: Description Draft to define model for meeting verification

Verification regulations: Description Draft to define model for meeting verification

Verification regulations: Description Draft to define model for meeting verification regulations Verification Code Extension (draft-gould-eppext-verificationcode) Purpose Separate verification details from registry interface

167 views • 6 slides
Formal Verification of UML Statecharts with Real-Time Extensions M. Oliver M Alexandre David

Formal Verification of UML Statecharts with Real-Time Extensions M. Oliver M Alexandre David

Formal Verification of UML Statecharts with Real-Time Extensions M. Oliver M Alexandre David oller Wang Yi Uppsala University BRICS Arhus

356 views • 25 slides
FTRTFT Oldenburg Sep 12, 2002 An Overview of Formal Verification For The Time Triggered

FTRTFT Oldenburg Sep 12, 2002 An Overview of Formal Verification For The Time Triggered

FTRTFT Oldenburg Sep 12, 2002 An Overview of Formal Verification For The Time Triggered Architecture John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I FTRTFT02: 1

826 views • 69 slides

More recommend