A Formally Verified, Optimized Monitor for Metric First-Order Dynamic Logic

Basin, David; Dardinier, Thibault; Heimes, Lukas; Krstić, Srđan; Raszyk, Martin; Schneider, Joshua; Traytel, Dmitriy

doi:10.1007/978-3-030-51074-9_25

Cited by 22 publications

(9 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This precludes the possibility of weaving the monitor within the client component. To achieve a model that can handle these requirements, we restrict ourselves to outline monitors [8,4], which are decoupled from the process-under-scrutiny as concurrent units of code that can be more readily deployed over a black-box component; outline monitors are also easier to verify for correctness via compositional techniques [16,18,19,9,23,20]. Our model focusses on the communication occurring on the channel between the client and the server -and we assume such communication to be synchronous and reliable.…”

Section: Monitor and Instrumentation Designmentioning

confidence: 99%

On the Monitorability of Session Types, in Theory and Practice (Extended Version)

Burlò,

Francalanza,

Scalas

2021

Preprint

View full text Add to dashboard Cite

Software components are expected to communicate according to predetermined protocols and APIs. Numerous methods have been proposed to check the correctness of communicating systems against such protocols/APIs. Session types are one such method, used both for static type-checking as well as for run-time monitoring. This work takes a fresh look at the run-time verification of communicating systems using session types, in theory and in practice. On the theoretical side, we develop a formal model of session-monitored processes. We then use this model to formulate and prove new results on the monitorability of session types, defined in terms of soundness (i.e., whether monitors only flag ill-typed processes) and completeness (i.e., whether all ill-typed processes can be flagged by a monitor). On the practical side, we show that our monitoring theory is indeed realisable: we instantiate our formal model as a Scala toolkit (called STMonitor) for the automatic generation of session monitors. These executable monitors can be used as proxies to instrument communication across black-box processes written in any programming language. Finally, we evaluate the viability of our approach through a series of benchmarks. ACM Subject ClassificationSoftware and its engineering → Development frameworks and environments; Software and its engineering → Software verification and validation; Theory of computation → Concurrency Keywords and phrases Session types, monitorability, monitor correctness, Scala

show abstract

Section: Monitor and Instrumentation Designmentioning

confidence: 99%

On the Monitorability of Session Types, in Theory and Practice (Extended Version)

Burlò,

Francalanza,

Scalas

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…A similar result can be achieved without external code by moving the global memory to the heap and using the standard Rust thread logic. 3 The correctness of this approach is an immediate consequence of the correctness of the evaluation order and memory locality of streams. In particular, the independence of streams within the same evaluation layer and the pureness of the functions are crucial.…”

Section: Concurrent Evaluationmentioning

confidence: 99%

“…The ModelPlex [19] framework translates such a specification into several verified components monitoring both the environment with respect to the assumed model and the controller decisions. Lastly, there is work on verifying monitors for metric first-order temporal [30] and dynamic logic [3].…”

Section: Related Workmentioning

confidence: 99%

Verified Rust Monitors for Lola Specifications

Finkbeiner

Oswald

Passing

et al. 2020

Runtime Verification

View full text Add to dashboard Cite

The safety of cyber-physical systems rests on the correctness of their monitoring mechanisms. This is problematic if the specification of the monitor is implemented manually or interpreted by unreliable software. We present a verifying compiler that translates specifications given in the stream-based monitoring language Lola to implementations in Rust. The generated code contains verification annotations that enable the Viper toolkit to automatically prove functional correctness, absence of memory faults, and guaranteed termination. The compiler parallelizes the evaluation of different streams in the monitor based on a dependency analysis of the specification. We present encouraging experimental results obtained with monitor specifications found in the literature. For every specification, our approach was able to either produce a correctness proof or to uncover errors in the specification.

show abstract

“…The R2U2 [27,35] tool in particular implements mtl monitors on fpga while allowing for future-time specifications. Further, there are approaches for generating verified monitors for logics [2,34].…”

Section: Bibliographic Remarksmentioning

confidence: 99%

Monitoring Cyber-Physical Systems: From Design to Integration

Schwenger

2020

Runtime Verification

View full text Add to dashboard Cite

Cyber-physical systems are inherently safety-critical. The deployment of a runtime monitor significantly increases confidence in their safety. The effectiveness of the monitor can be maximized by considering it an integral component during its development. Thus, in this paper, I given an overview over recent work regarding a development process for runtime monitors alongside a cyber-physical system. This process includes the transformation of desirable safety properties into the formal specification language RTLola. A compiler then generates an executable artifact for monitoring the specification. This artifact can then be integrated into the system.

show abstract

A Formally Verified, Optimized Monitor for Metric First-Order Dynamic Logic

Cited by 22 publications

References 39 publications

On the Monitorability of Session Types, in Theory and Practice (Extended Version)

On the Monitorability of Session Types, in Theory and Practice (Extended Version)

Verified Rust Monitors for Lola Specifications

Monitoring Cyber-Physical Systems: From Design to Integration

Contact Info

Product

Resources

About