Crash-Resilient Decentralized Synchronous Runtime Verification

Abstract

<italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Runtime verification</i> is a technique, where a <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">monitor</i> process extracts information from a running system in order to evaluate whether system executions violate or satisfy a given correctness specification. In this paper, we consider runtime verification of synchronous distributed systems, where a set of decentralized monitors that only have a partial view of the system are subject to <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">crash failures</i> . In this context, it is unavoidable that monitors may have different views of the underlying system, and, therefore, have different opinions about the correctness property. We propose an automata-based synchronous monitoring algorithm that copes with <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$t$</tex-math></inline-formula> crash monitor failures. In our proposed approach, local monitors do not communicate their explicit reading of the underlying system. Rather, they emit a <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">symbolic verdict</i> that efficiently encodes their partial views. This significantly reduces the communication overhead. To this end, we also introduce an (offline) SMT-based monitor synthesis algorithm, which results in minimizing the size of monitoring messages. We evaluate our algorithm on a wide range of formulas and observe an average of 2.5 times increase in the number of states of the monitor automaton.