Three-Valued Asynchronous Distributed Runtime Verification Torben - PowerPoint PPT Presentation

Three-Valued Asynchronous Distributed Runtime Verification Torben Scheffel Institute for Software Engineering and Programming Languages University of Lübeck, Germany scheffel@isp.uni-luebeck.de October 19, 2014 Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 1/21

Table of Contents Introduction System Model Distributed Temporal Logic Case Study Conclusion Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 2/21

Table of Contents Introduction System Model Distributed Temporal Logic Case Study Conclusion Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 3/21

Introduction Model Checking Complexity Runtime Verification (RV) Testing Expressiveness Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 4/21

Challenges of Distributed RV in Asynchronous Systems There are various encountered when doing RV in asynchronous distributed systems, for example: ◮ different execution speed of agents ◮ inherent non-determinism in execution order ◮ information have to reach the monitor (communication overhead) ◮ one centralized or many decentralized monitors? Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 5/21

Table of Contents Introduction System Model Distributed Temporal Logic Case Study Conclusion Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 6/21

System Model a 3 a 1 a 2 Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 7/21

System Model a 3 i 2 i 1 a 1 a 2 Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 7/21

System Model a 3 ( v a 2 , i 2 ) ( v a 1 , i 1 ) a 1 a 2 Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 7/21

System Model µ 4 a 3 ( v a 2 , i 2 ) ( v a 1 , i 1 ) a 1 a 2 Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 7/21

System Model µ 4 a 3 ( v a µ 2 2 , i 2 ) ( v a 1 , i 1 ) µ 1 a 1 a 2 µ 3 Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 7/21

System Model µ 4 v a 1 ( 2 ) v a 2 ( 3 ) a 3 ( v a µ 2 2 , i 2 ) ( v a 1 , i 1 ) µ 1 a 1 a 2 µ 3 Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 7/21

Table of Contents Introduction System Model Distributed Temporal Logic Case Study Conclusion Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 8/21

Linear Temporal Logic (LTL) and Past Operators w = w 0 w 1 w 2 w 3 w 4 · · · ∈ Σ ω execution trace (word) Set of propositions and boolean operators negation ( ¬ ) and or ( ∨ ). Future operators: Past operators: ◮ Next ( ◮ Previous ( ) ) ◮ Until ( U ) ◮ Since ( S ) Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 9/21

Three-valued LTL over finite traces (LTL 3 ) A. Bauer, M. Leucker, and C. Schallhart, “Runtime Verification for LTL and TLTL”  if ∀ u ∈ Σ ω : wu | ⊤ = LTL ϕ       if ∀ u ∈ Σ ω : wu �| � w | = ϕ � LTL 3 = ⊥ = LTL ϕ     ? else   The output of the LTL 3 semantics is only ⊤ or ⊥ if every infinite extension of the trace is a model (not a model resp.) of the formula in LTL. Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 10/21

Past-Time Distributed Temporal Logic (ptDTL) K. Sen, A. Vardhan, G. Agha, and G. Rosu, “Efficient Decentralized Monitoring of Safety in Distributed Systems” An Additional @ -operator is used to spread properties over different agents. Example: @ a 1 ( p S @ a 2 q ) a 1 : { p } { p } { p } {} { p } a 2 : {} { q } { q } { q } { q } Only safety properties monitorable with ptDTL Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 11/21

Distributed Temporal Logic (DTL) DTL LTL 3 ptLTL @ ptDTL Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 12/21

DTL syntax @ pt @ ft χ ::= a 1 ϕ | a 1 ψ ϕ ::= true | | ¬ ϕ | ϕ ∨ ϕ | p @ pt @ ft ϕ | ϕ U ϕ | a 2 ϕ | a 2 ψ Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 13/21

DTL semantics @ pt a ϕ formulas are evaluated with ptDTL semantics. @ ft a ϕ formulas are evaluated similar to LTL 3 with DTL ω replacing LTL. DTL ω works as follows: a and @ pt ◮ all operators besides @ ft a are evaluated as in LTL ◮ a subformula surrounded by @ pt a is evaluated on agent a as in ptDTL ◮ a subformula surrounded by @ ft a is evaluated on agent a as in DTL Values from other agents are delivered using messages whose send and receiving points are marked in the runs of the agents. Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 14/21

DTL Advantages The main advantages of DTL are: ◮ future and past operators ⇒ higher succinctness ◮ three-valued semantics ⇒ many more properties monitorable ◮ knowledge-vector and message symbols ⇒ precise theoretical evaluation possible Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 15/21

Monitor Construction Monitors for past formulas of DTL: algorithm from K. Havelund and G. Rosu, “Synthesizing monitors for safety properties” Monitors for future formulas of DTL: deterministic Moore machines (DMM) constructed as follows: LTL ABA NBA NFA DFA DMM ˜ ϕ ˆ A ϕ A ϕ A ϕ A ϕ ϕ D ϕ ¬ ϕ ˆ ˜ A ¬ ϕ A ¬ ϕ A ¬ ϕ A ¬ ϕ Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 16/21

Table of Contents Introduction System Model Distributed Temporal Logic Case Study Conclusion Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 17/21

Case Study C C agent a 3 agent a 2 A 2 B A 1 C 3 C 2 T S B 1 agent a 1 C C 1 A Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 18/21

Case Study C C agent a 3 agent a 2 A 2 B A 1 C 3 C 2 T S B 1 Example: a 3 ( ¬ s 1 U @ pt @ pt ϕ = @ ft agent a 1 a 2 ( m A ∧ s 1 )) C C 1 a 1 A Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 18/21

Benchmark µ 1 ping . µ m . a 1 a 2 . pong µ n ◮ Main monitor µ m evaluates a formula of the form a 1 ( ϕ 1 U ( ϕ 2 U ( . . . U ϕ n ))) or @ pt @ ft a 1 ( ϕ 1 S ( ϕ 2 S ( . . . S ϕ n ))) for future or past case respectively. ◮ Every ϕ i has the form @ pt a 2 ( p i 0 S ( p i 1 S p i 2 )) with the atomic propositions p i 0 , p i 1 and p i 2 and is evaluated by µ i . Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 19/21

Benchmark 0.3 pt 3 time (s) ft 3 pt 2 ft 2 0.2 pt 1 ft 1 0.1 0 2 4 6 8 10 12 14 remote monitors Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 20/21

Conclusion We ◮ developed a system model which describes the distribution of monitoring data through messages, ◮ developed a new temporal logic DTL for distributed RV with a greater set of monitorable properties as ptDTL, ◮ programmed the transformation of DTL formulas into DMMs, ◮ used the created monitors for a case study to monitor a LEGO Mindstorms assembly line. Torben Scheffel Three-Valued Asynchronous Distributed Runtime Verification 21/21