Abstract
This paper establishes a comprehensive theory of runtime monitorability for Hennessy-Milner logic with recursion, a very expressive variant of the modal µ-calculus. It investigates the monitorability of that logic with a linear-time semantics and then compares the obtained results with ones that were previously presented in the literature for a branching-time setting. Our work establishes an expressiveness hierarchy of monitorable fragments of Hennessy-Milner logic with recursion in a linear-time setting and exactly identifies what kinds of guarantees can be given using runtime monitors for each fragment in the hierarchy. Each fragment is shown to be complete, in the sense that it can express all properties that can be monitored under the corresponding guarantees. The study is carried out using a principled approach to monitoring that connects the semantics of the logic and the operational semantics of monitors. The proposed framework supports the automatic, compositional synthesis of correct monitors from monitorable properties.
Highlights
The ubiquitous proliferation of softwareÐfrom high-frequency stock market trading and autonomous vehicles, down to mundane objects such as mobile phones and household appliancesÐ makes a strong case for stringent software correctness requirements
We show that, compared to branching time, linear time allows for a much stronger notion of monitorability requiring that a monitor correctly report both the satisfaction and the violation of the property it checks on all system executions
We provide a synthesis function that automates the generation of the corresponding monitors, whose correctness proofs depend on delicate arguments about the monitor semantics
Summary
The ubiquitous proliferation of softwareÐfrom high-frequency stock market trading and autonomous vehicles, down to mundane objects such as mobile phones and household appliancesÐ makes a strong case for stringent software correctness requirements. From these specifications, (online) RV generates computational entities called monitors that are instrumented to run with the system so as to incrementally analyse its execution (expressed as a trace of captured events) and reach (irrevocable) judgements relating to system violations or satisfactions for these specifications These characteristics make RV an ideal candidate to be used in a multi-pronged approach towards ensuring software correctness: it can verify the correctness of components that are either not available for inspection prior to deployment, or are too expensive to check via more exhaustive and less scalable verification techniques such as model checking [Baier et al 2008; Clarke et al 1999]. The modal μ-calculus has a well-established linear-time semantics, which can be adapted to recHML This provides us with an opportunity to extend the principled framework developed in Aceto et al [2017a] and Francalanza et al [2015, 2017b] to a linear-time setting, offering an ideal basis to better understand the connections between monitorability for branching-time and linear-time specifications. The proofs of all the results in the paper may be found in the extended version available at http://icetcs.ru.is/theofomon/POPL2019.pdf
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.