leveraging dtrace for runtime verification
play

Leveraging DTrace for runtime verification Carl Martin Rosenberg - PowerPoint PPT Presentation

Oct 07, 2022 •16 likes •656 views

Leveraging DTrace for runtime verification Carl Martin Rosenberg June 7th, 2016 Department of Informatics, University of Oslo Context: Runtime verification Desired properties Every request gets an answer System Buffers should never

  1. Leveraging DTrace for runtime verification Carl Martin Rosenberg June 7th, 2016 Department of Informatics, University of Oslo

  2. Context: Runtime verification

  3. Desired properties “Every request gets an answer” System “Buffers should never overflow” “Variables should never enter an inconsistent state” 1

  4. ‘‘Runtime verification is the discipline of computer science that deals with the study, development and application of those verification techniques that allow checking whether a run of a system under scrutiny […] satisfies or violates a given correctness property .’’ [6, p. 36, emphasis mine] 2

  5. … … … … … … … 3

  6. … … … … … … … 4

  7. How to do runtime verification 1. Rigorously specify a correctness property (typically using formal logic). 2. Collect runtime data from the system. 3. Find a way to automatically check if the collected data indicates that the correctness property is violated or satisfied . 5

  8. Key idea: Exploit formal connections between logic and automata theory 5

  9. How to do runtime verification 1. There are ways of deriving automata from logical expressions that accept or reject their input based on whether the input satisfies or falsifies a logical formula. 2. This can be used to create monitors . 6

  10. Monitors A monitor is a program that consumes data from the system under scrutiny, interprets this data as a run of a system and reports whether the specified property is • satisfied by the data, • falsified by the data or • that the data is insufficient to derive a verdict [7, p. 294–295]. 7

  11. System Specification being formula analyzed Monitor Trace extractor generator Trace Monitor ACCEPT REJECT INCONCLUSIVE 8

  12. Specification formula in LTL3 Mapping graphviz2dtrace System being analyzed D script Dtrace ACCEPT REJECT INCONCLUSIVE 9

  13. Specification formalism: LTL 3

  14. LTL 3 is a three-valued variety of Linear Temporal Logic (LTL): Same syntax , different semantics . 9

  15. LTL: Linear Temporal Logic • In the context of formal methods, Temporal Logic is used to reason about the evolution of some system over time. • LTL is based on the notion of time as an infinite sequence of time slices: Time is linear . • The idea of using Linear Temporal Logic for program verification originated with Pnueli [8]. 10

  16. Linear time … p,q r,s p,s 11

  17. LTL Syntax Syntactically, LTL extends the familiar Propositional Logic with temporal operators. The temporal operators are: • � ( always ), • � ( eventually ), • � ( next ), • U ( until ), • R ( release ), • W ( weak until/waiting for ). 12

  18. LTL Semantics • LTL formulas are interpreted on sequences of states, where each state contains a set of atomic propositions that are true in that state. • In the standard view, these sequences of states are considered infinite , and we call such sequences of states traces . 13

  19. LTL Semantics … p,q r,s p,s Some observations: • σ | = p U s , • σ | = � s , • σ | = � r , • σ ̸| = � p and • σ | = p W s . 14

  20. Key idea of LTL 3 : A reasonable way of dealing with finite traces. 14

  21. LTL 3 Semantics • LTL 3 is defined for finite traces, which makes it suitable for runtime verification: We can only observere finite runs. 15

  22. Key idea of LTL 3 : Identify good and bad prefixes [5]. 15

  23. Good prefix • A trace fragment u is a good prefix with respect to some property φ if φ holds in all possible futures following u . 16

  24. Bad prefix • A trace fragment u is a bad prefix with respect to some property φ if φ holds in no possible futures following u . 17

  25. LTL 3 Semantics summarized We can thus state the truth-value of an LTL 3 formula φ with respect to a finite trace u as follows:  if u is a good prefix wrt. φ ⊤    u | if u is a bad prefix wrt. φ = 3 φ = ⊥  otherwise .  ?  18

  26. Foundational idea: For an LTL formula φ , a corresponding Büchi automaton [2] can be derived. 18

  27. • Büchi Automata are defined on infinite traces and accept a trace if and only if the automaton visits some accepting state infinitely often. 19

  28. • Bauer et al. give an algorithm for creating LTL 3 -monitors [1, 14:10-14:13] • This algorithm is implemented in LamaConv [9], which we make use of in the thesis. 20

  29. 21

  30. System Specification being formula analyzed Monitor Trace extractor generator Trace Monitor ACCEPT REJECT INCONCLUSIVE 22

  31. Specification formula in LTL3 System being analyzed Monitor Trace extractor generator Trace Monitor ACCEPT REJECT INCONCLUSIVE 23

  32. DTrace

  33. • DTrace is an operating system technology for monitoring running software systems. • Originally written by Bryan Cantrill, Adam Leventhal and Mike Shapiro for the Sun Solaris 10 operating system, DTrace is now available for Mac OS X, FreeBSD and other systems [4] • If a running system has DTrace installed, an administrative user can log into the system, write a DTrace script and get insights about the system without having to reboot, stop or alter the system in any way. 24

  34. DTrace’s two most compelling features 1. DTrace gives a unified view of the whole system: Events within the kernel and in userland processes can be analyzed simultaneously. 2. DTrace provides facilities for dynamic tracing : Instrumentation which does not rely on static artifacts in the source code. 25

  35. Using DTrace: The D scripting language • Users interact with the DTrace framework via a domain-specific AWK-like scripting language called D. • D is an event-driven programming langauge, where users specify actions that DTrace should take when an event of interest occurs. 26

  36. Using DTrace: The D scripting language #!/usr/sbin/dtrace -qs syscall :: read:entry / execname != "dtrace" / { printf("%s\n", execname); } 27

  37. Main components of D • Probes (4-tuples) • Action blocks • Predicates • Probe clauses 28

  38. DTrace Probes • DTrace provides the user with an enormous list of possible instrumentation points representing events of interest. These instrumentation points are called probes . • The available probes reflect aspects of the system that can be monitored at the current point in time. • Probes are identified by a four-tuple <provider:module:function:name> . • When the event a probe represents occurs, one says that the probe ‘‘fires’’). 29

  39. Design and Implementation of graphviz2dtrace

  40. Basic idea: Associate atomic propositions in LTL specifications with DTrace probe specifications (with optional predicates). 29

  41. push → pid$target::push:entry pop → pid$target::pop:return empty → pid$target::empty:return/arg1 == 1/ 30

  42. Mapping graphviz2dtrace D script 31

  43. graphviz2dtrace • In essence, graphviz2dtrace is a source-to-source compiler which takes LTL 3 -based automata and creates corresponding D scripts. • The resulting scripts have the automaton’s transition function encoded in an array, and the automaton state stored in a variable. • When an event occurs, the state of the automaton is updated according to the transition function. 32

  44. Anticipation • graphviz2dtrace creates monitors that terminate immediately upon finding a good or bad prefix: They are anticipatory . • The scripts achieve this by understanding which state it is about to enter. 33

  45. Anticipation pid$target :: empty: return / (arg1 == 1) && (state == 1) / { trace("REJECTED"); HAS_VERDICT = 1; exit(0); } 34

  46. Implementation • The essential implemenation concern is creating three types of probe clauses: rejecting , accepting and neutral clauses. • Rejecting clauses are clauses dealing with situations where bad prefixes are found. • Accepting clauses are clauses dealing with situations where good prefixes are found. • Neutral clauses simply update the state of the automaton. 35

  47. 36

  48. Implementation • Since all clauses use predicates to reason about the automaton states, and since probes are processed top to bottom, neutral clauses must be placed last in the script. 37

  49. Key limitation: Race conditions occur if two neutral probe clauses fire simultaneously. 37

  50. Specification formula in LTL3 System being analyzed Monitor Trace extractor generator Trace Monitor ACCEPT REJECT INCONCLUSIVE 38

  51. Specification formula in LTL3 Mapping graphviz2dtrace System being analyzed D script Dtrace ACCEPT REJECT INCONCLUSIVE 39

  52. Case study 1: The stack

  53. Demo time! https://vimeo.com/169470067 (03:00) 39

  54. Gregg’s dictum Brendan Gregg [10] • ‘‘Don’t worry too much about pid provider probe cost at < 1000 events/sec.’’ • ‘‘At > 10,000 events/sec, pid provider probe cost will be noticeable.’’ • ‘‘At > 100,000 events/sec, pid provider probe cost may be painful.’’ [3] 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Integration of Runtime Verification into Metamodeling F. Macias T. Scheffel M. Schmitz R. Wang

Integration of Runtime Verification into Metamodeling F. Macias T. Scheffel M. Schmitz R. Wang

Integration of Runtime Verification into Metamodeling F. Macias T. Scheffel M. Schmitz R. Wang M. Leucker A. Rutle V. Stolz 28th Nordic Workshop on Programming Theory (NWPT16), Denmark 1 / 23 Why Runtime Verification? DSML do not

1.43k views • 23 slides
DTrace Topics: xclock 20 xntpd 25

DTrace Topics: xclock 20 xntpd 25

# dtrace -n 'syscall:::entry { @[exe dtrace: description 'syscall:::entry ^C iscsitgtd 1 nscd 1 operapluginclean 3 screen-4.0.2 3 devfsadm

739 views • 56 slides
Techniques for Evolution-Aware Runtime Verification Owolabi Legunsen, Yi Zhang, Milica

Techniques for Evolution-Aware Runtime Verification Owolabi Legunsen, Yi Zhang, Milica

Techniques for Evolution-Aware Runtime Verification Owolabi Legunsen, Yi Zhang, Milica Hadi-Tanovi, Grigore Rou, Darko Marinov ICST 2019 4/26/2019 CCF-1421503, CCF-1421575, CCF-1763788, CNS-1619275, CNS-1646305, CNS-1740916 Runtime

448 views • 30 slides
What is a Trace? A Runtime Verification Perspective Giles Reger 1 Klaus Havelund 2 1 University of

What is a Trace? A Runtime Verification Perspective Giles Reger 1 Klaus Havelund 2 1 University of

What is a Trace? A Runtime Verification Perspective Giles Reger 1 Klaus Havelund 2 1 University of Manchester, Manchester, UK 2 Jet Propulsion Laboratory, California Inst. of Technology, USA ISoLa 2016 Corfu, October 12, 2016 1/19 Runtime

421 views • 25 slides
PROGRAM YOUR OWN RV SYSTEM an exercise in DSL design Klaus Havelund Jet Propulsion Laboratory,

PROGRAM YOUR OWN RV SYSTEM an exercise in DSL design Klaus Havelund Jet Propulsion Laboratory,

PROGRAM YOUR OWN RV SYSTEM an exercise in DSL design Klaus Havelund Jet Propulsion Laboratory, USA Summer School on Cyber-Physical Systems July 7-10, 2014 Definition of Runtime Verification Definition (Runtime Verification) Runtime

1.23k views • 109 slides
Scribble, Runtime Verification and Multiparty Session Types http://mrg.doc.ic.ac.uk/ Nobuko

Scribble, Runtime Verification and Multiparty Session Types http://mrg.doc.ic.ac.uk/ Nobuko

Scribble, Runtime Verification and Multiparty Session Types http://mrg.doc.ic.ac.uk/ Nobuko Yoshida Imperial College London 1 In collaboration with: Matthew Arrott (OOI) Gary Brown (Red Hat) Stephen Henrie (OOI) Bippin Makoond

1.38k views • 80 slides
Scribble, Runtime Verification and Multiparty Session Types http://mrg.doc.ic.ac.uk/ Nobuko

Scribble, Runtime Verification and Multiparty Session Types http://mrg.doc.ic.ac.uk/ Nobuko

Scribble, Runtime Verification and Multiparty Session Types http://mrg.doc.ic.ac.uk/ Nobuko Yoshida Imperial College London 1 In collaboration with: Matthew Arrott (OOI) Gary Brown (Red Hat) Stephen Henrie (OOI) Bippin Makoond

1.38k views • 78 slides
Leveraging Automatic Deduction for Verification Antoine Defourn 11-14 th of June, 2019 Antoine

Leveraging Automatic Deduction for Verification Antoine Defourn 11-14 th of June, 2019 Antoine

Context Projects Leveraging Automatic Deduction for Verification Antoine Defourn 11-14 th of June, 2019 Antoine Defourn Leveraging Automatic Deduction for Verification Context Projects Summary Supervisors: Stephan Merz, Pascal Fontaine

379 views • 16 slides
A Look Inside FreeBSD with DTrace Introduction and Tutorial Overview George V. Neville-Neil

A Look Inside FreeBSD with DTrace Introduction and Tutorial Overview George V. Neville-Neil

A Look Inside FreeBSD with DTrace Introduction and Tutorial Overview George V. Neville-Neil Robert N. M. Watson June 8, 2016 1 Objectives Understand key kernel concepts Become comfortable with DTrace Terminology Basic Usage

1.48k views • 135 slides
Some Thoughts on Runtime Verification Oded Maler VERIMAG CNRS and the University of Grenoble

Some Thoughts on Runtime Verification Oded Maler VERIMAG CNRS and the University of Grenoble

Some Thoughts on Runtime Verification Oded Maler VERIMAG CNRS and the University of Grenoble (UGA) France RV, September 2016 Madrid Before Dinner Speech I like long and general introductions in my papers and talks Not everybody does:

544 views • 39 slides
Runtime Monitoring, Verification, Enforcement and Control of C Programs (From Tool to Semantics)

Runtime Monitoring, Verification, Enforcement and Control of C Programs (From Tool to Semantics)

Introduction Preliminaries Semantics of Runtime Control Semantics of Synthesis of Controlling Programs Expressiveness of Controlling Runtime Monitoring, Verification, Enforcement and Control of C Programs (From Tool to Semantics) Zhe Chen

558 views • 55 slides
Runtime Model Predictive Verification on Embedded Platforms 1 Pei Zhang, Jianwen Li, Joseph

Runtime Model Predictive Verification on Embedded Platforms 1 Pei Zhang, Jianwen Li, Joseph

Runtime Model Predictive Verification on Embedded Platforms 1 Pei Zhang, Jianwen Li, Joseph Zambreno, Phillip H. Jones, Kristin Yvonne Rozier Presenter: Pei Zhang Iowa State University peizhang@iastate.edu September 28, 2018 1 Work supported

487 views • 32 slides
Runtime Verification of P4 Switches with Reinforcement Learning Apoorv Shukla (TU Berlin) with

Runtime Verification of P4 Switches with Reinforcement Learning Apoorv Shukla (TU Berlin) with

Runtime Verification of P4 Switches with Reinforcement Learning Apoorv Shukla (TU Berlin) with Kevin Nico Hudemann (TU Berlin), Artur Hecker (Huawei), Stefan Schmid (Vienna Uni.) Apoorv Shukla| NetAI19 P4 [1] : Data plane Programming Language

644 views • 25 slides
Using BDDs to capture data in Runtime verification (RV) [HP18] Per Ove Ringdal November 29, 2019

Using BDDs to capture data in Runtime verification (RV) [HP18] Per Ove Ringdal November 29, 2019

Using BDDs to capture data in Runtime verification (RV) [HP18] Per Ove Ringdal November 29, 2019 Contents Motivation Syntax and semantics of QTL QTL Example An Efficient Algorithm Using BDDs Summary References Verifying file operations

622 views • 35 slides
A Scala API for Runtime Verification Klaus Havelund Jet Propulsion Laboratory Pasadena,

A Scala API for Runtime Verification Klaus Havelund Jet Propulsion Laboratory Pasadena,

A Scala API for Runtime Verification Klaus Havelund Jet Propulsion Laboratory Pasadena, California A Scala API for Runtime Verification DSL Klaus Havelund Jet Propulsion Laboratory Pasadena, California understanding complex systems by

469 views • 32 slides
Three-Valued Asynchronous Distributed Runtime Verification Torben Scheffel Institute for

Three-Valued Asynchronous Distributed Runtime Verification Torben Scheffel Institute for

Three-Valued Asynchronous Distributed Runtime Verification Torben Scheffel Institute for Software Engineering and Programming Languages University of Lbeck, Germany scheffel@isp.uni-luebeck.de October 19, 2014 Torben Scheffel Three-Valued

531 views • 27 slides
QUANT-Question Answering Benchmark Curator Ria Hari Gusmita, Rricha Jalota, Daniel Vollmers, Jan

QUANT-Question Answering Benchmark Curator Ria Hari Gusmita, Rricha Jalota, Daniel Vollmers, Jan

QUANT-Question Answering Benchmark Curator Ria Hari Gusmita, Rricha Jalota, Daniel Vollmers, Jan Reineke, Axel-Cyrille Ngonga Ngomo, and Ricardo Usbeck September 10, 2019 Gusmita et al QUANT September 10, 2019 1 / 33 Outline 1 Motivation 2

717 views • 33 slides
Maintaining Frequent Itemsets over High-Speed Data Streams James Cheng, Yiping Ke, and Wilfred

Maintaining Frequent Itemsets over High-Speed Data Streams James Cheng, Yiping Ke, and Wilfred

Maintaining Frequent Itemsets over High-Speed Data Streams James Cheng, Yiping Ke, and Wilfred Ng Department of Computer Science, Hong Kong University of Science and Technology, Clear Water Bay, Kowloon, Hong Kong, China { csjames, keyiping,

341 views • 6 slides
Maintaining Frequent Itemsets over High-Speed Data Streams James Cheng, Yiping Ke, and Wilfred

Maintaining Frequent Itemsets over High-Speed Data Streams James Cheng, Yiping Ke, and Wilfred

Maintaining Frequent Itemsets over High-Speed Data Streams James Cheng, Yiping Ke, and Wilfred Ng Department of Computer Science Hong Kong University of Science and Technology Clear Water Bay, Kowloon, Hong Kong, China { csjames, keyiping,

633 views • 12 slides
SDR OFDM Waveform design for a UGV/UAV communication scenario SDR11 -WInnComm-Europe Christian

SDR OFDM Waveform design for a UGV/UAV communication scenario SDR11 -WInnComm-Europe Christian

EADS Innovation Works SDR OFDM Waveform design for a UGV/UAV communication scenario SDR11 -WInnComm-Europe Christian Blmm 22nd June 2011 8 July, 2011 EADS Innovation Works Content Introduction Scenario Hardware Platform

389 views • 24 slides
2016 Americas Forum ABA Section of International Law Mandarin Oriental Miami March 1, 2016

2016 Americas Forum ABA Section of International Law Mandarin Oriental Miami March 1, 2016

2016 Americas Forum ABA Section of International Law Mandarin Oriental Miami March 1, 2016 www.gray-robinson.com CAFTA v. NAFTA or the TPP? Which is the better deal? Peter Quinter, Attorney Customs &amp; International Trade Law Group

166 views • 16 slides
LHCONE status and future Alice workshop Tsukuba, 7 th March 2014 Edoardo.Martelli@cern.ch CERN

LHCONE status and future Alice workshop Tsukuba, 7 th March 2014 Edoardo.Martelli@cern.ch CERN

LHCONE status and future Alice workshop Tsukuba, 7 th March 2014 Edoardo.Martelli@cern.ch CERN IT Department CH-1211 Genve 23 Switzerland www.cern.ch/i t 1 Summary - Networking for WLCG - LHCOPN - LHCONE - services - how to join -

703 views • 52 slides
Web Content Cartography Bernhard Ager uhlbauer Wolfgang M Georgios Smaragdakis Steve

Web Content Cartography Bernhard Ager uhlbauer Wolfgang M Georgios Smaragdakis Steve

Web Content Cartography Bernhard Ager uhlbauer Wolfgang M Georgios Smaragdakis Steve Uhlig Technische Universtit at Berlin / T-Labs ETH Z urich Internet Measurement Conference 2011 Ager, M uhlbauer, Smaragdakis,

302 views • 28 slides
Deploying IPv6 in OpenStack Environments Shannon McFarland - CCIE #5245 Distinguished Engineer

Deploying IPv6 in OpenStack Environments Shannon McFarland - CCIE #5245 Distinguished Engineer

Deploying IPv6 in OpenStack Environments Shannon McFarland - CCIE #5245 Distinguished Engineer Cloud Platform &amp; Services Group @eyepv6 Agenda General OpenStack + IPv6 Stuff Tenant IPv6 Address Assignment: SLAAC, Stateless

872 views • 51 slides

More recommend