Mar 152017
 

The manuscript entitled First International Competition on Runtime Verification – Rules, Benchmarks, Tools, and Final Results of CRV 2014 has been accepted for publication in Software Tools for Technology Transfer, a Springer journal.

Below is an abstract of the paper

The First International Competition on Runtime Verification (CRV) was held in September 2014, in Toronto, Canada, as a satellite event of the 14th international conference on Runtime Verification (RV’14). The event was organized in three tracks: (1) offline monitoring, (2) online monitoring of C programs, and (3) online monitoring of Java programs. In this paper we report on the phases and rules, a description of the participating teams and their submitted benchmark, the (full) results, as well as the lessons learned from the competition.

Supplementary material, that is the benchmarks and participant’s evaluation scripts on the Inria GitLab repositories available at:

This is joint work with Ezio Bartocci and Borzoo Bonakdarpour, greatly improved by the contributions of the participants to the competition Christian Colombo, Normann Decker, Klaus Havelund, Yogi Joshi, Felix Klaedtke, Reed Milewicz, Giles Reger, Grigore Rosu, Julien Signoles, Daniel Thoma, Eugen Zalinescu, and Yi Zhang.

Acknowledgment

The competition organizers, E. Bartocci, Y. Falcone, and B. Bonakdarpour, are grateful to many people. The competition organizers would like to warmly thank all participants for their hard work, the members of the runtime verification community who encouraged them to initiate this work, the Laboratoire d’Informatique de Grenoble and Christian Seguy for its support, Inria and its GitLab framework, and finally the DataMill team for providing us with such a nice experimentation platform to run all benchmarks.

All the authors acknowledge the support of the ICT COST Action IC1402 Runtime Verification beyond Monitoring (ARVI). Ezio Bartocci  acknowledges also the partial support of the Austrian FFG project HARMONIA (nr. 845631) and the Austrian National Research Network (nr. S 11405-N23) SHiNE funded by the Austrian Science Fund (FWF).

The authors are grateful to the insightful reviewers who helped improving the quality of this paper.


Feb 202017
 

The manuscript entitled Concurrency-preserving and sound monitoring of multi-threaded component-based systems: theory, algorithms, implementation, and evaluation has been accepted for publication in Formal Aspects of Computing, a Springer journal.

The abstract of the paper is below:

This paper addresses the monitoring of logic-independent linear-time user-provided properties in multi-threaded component-based systems. We consider intrinsically independent components that can be executed concurrently with a centralized coordination for multiparty interactions. In this context, the problem that arises is that a global state of the system is not available to the monitor. A naive solution to this problem would be to plug in a monitor which would force the system to synchronize in order to obtain the sequence of global states at runtime. Such a solution would defeat the whole purpose of having concurrent components. Instead, we reconstruct on-the-fly the global states by accumulating the partial states traversed by the system at runtime. We define transformations of components that preserve their semantics and concurrency and, at the same time, allow to monitor global-state properties. Moreover, we present RVMT-BIP, a prototype tool implementing the transformations for monitoring multi-threaded systems described in the Behavior, Interaction, Priority (BIP) framework, an expressive framework for the formal construction of heterogeneous systems. Our experiments on several multi-threaded BIP systems show that RVMT-BIP induces a cheap runtime overhead.

The publisher version is available as Online First and the author version is available on my Publications page.

This is joint work with Hosein Nazarpour, Saddek Bensalem, and Marius Bozga from Verimag.

 

Feb 152017
 

The manuscript entitled Predictive runtime enforcement has been accepted for publication in Formal Methods in System Design, a Springer journal.

Abstract:

Runtime enforcement (RE) is a technique to ensure that the (untrustworthy) output of a black-box system satisfies some desired properties. In RE, the output of the running system, modeled as a sequence of events, is fed into an enforcer. The enforcer ensures that the sequence complies with a certain property, by delaying or modifying events if necessary. This paper deals with predictive runtime enforcement, where the system is not entirely black-box, but we know something about its behavior. This a priori knowledge about the system allows to output some events immediately, instead of delaying them until more events are observed, or even blocking them permanently. This in turn results in better enforcement policies. We also show that if we have no knowledge about the system, then the proposed enforcement mechanism reduces to standard (non-predictive) runtime enforcement. All our results related to predictive RE of untimed properties are also formalized and proved in the Isabelle theorem prover. We also discuss how our predictive runtime enforcement framework can be extended to enforce timed properties.

Keywords

Runtime monitoring; Runtime enforcement; Automata; Timed automata

The publisher version is available as Online First and the author version is available on my Publications page.

This is joint work with Srinivas Pinisetty, Viorel Preoteasa, Stavros Tripakis, Thierry Jéron, and Hervé Marchand.

Nov 112016
 

The paper entitled A high-level modeling language for the efficient design, implementation, and testing of Android applications has been accepted for publication in Software Tools for Technology Transfer, a Springer journal, and is now available for download.

Developing mobile applications remains difficult, time consuming, and error prone, in spite of the number of existing platforms and tools. In this paper, we develop MoDroid, a high-level modeling language to ease the development of Android applications. MoDroid allows developing models representing the core of applications. MoDroid provides Android programmers with the following advantages: (1) models are built using high-level primitives that abstract away several implementation details; (2) it allows the definition of interfaces between models to automatically compose them; (3) a native Android application can be automatically generated along with the required permissions definition; (4) it supports efficient testing execution that operates on models. MoDroid is fully implemented and was used to develop several non-trivial Android applications.

The paper is available as OnlineFirst on Springer Website and can be obtained by following this link. The pre-print can be downloaded by following this link.

This is joint work with Mohamad Jaber, Kinan Dak-Al-Bab, John Abou-Jaoudeh & Mostafa El-Katerji from American University of Beirut, Lebanon.

sttt-logo

Jun 062016
 

The paper entitled “Decentralized Enforcement of Artifact Lifecycles” has been accepted for publication in EDOC 2016, the twentieth Entreprise Computing Conference.

The abstract of the paper is below:

Artifact-centric workflows describe possible executions of a business process through constraints expressed from the point of view of the documents exchanged between principals. A sequence of manipulations is deemed valid as long as every document in the workflow follows its prescribed lifecycle at all steps of the process. So far, establishing that a given workflow complies with artifact lifecycles has mostly been done through static verification, or by assuming a centralized access to all artifacts where these constraints can be monitored and enforced. We present in this paper an alternate method of enforcing document lifecycles that requires neither static verification nor single-point access. Rather, the document itself is designed to carry fragments of its history, protected from tampering using hashing and public-key encryption. Any principal involved in the process can verify at any time that a document’s history complies with a given lifecycle. Moreover, the proposed system also enforces access permissions: not all actions are visible to all principals, and one can only modify and verify what one is allowed to observe.

The pre-print of the paper can be retrieved here.

This is joint work with Sylvain Hallé, Raphaël Khoury from Université du Québec à Chicoutimi, and Antoine El-Hokayem from Univ. Grenoble Alpes.
CS4WW8JUwAAwfCs

Apr 132016
 

The paper entitled “Modularizing Crosscutting Concerns in Component-Based Systems” has been accepted for publication in SEFM 2016, the 14th International Conference on Software Engineering and Formal Methods.

Below is the abstract of the paper:

We define a method to modularize crosscutting concerns in Behavior Interaction Priority (BIP) component-based framework. Our method is inspired from the Aspect Oriented Programming (AOP) paradigm which was initially conceived to support the separation of concerns during the development of monolithic systems. BIP has a formal operational semantics and makes a clear separation between architecture and behavior to allow for compositional and incremental design and analysis of systems. We thus distinguish local from global aspects. Local aspects model concerns at the component level and are used to refine the behavior of components. Global aspects model concerns at the architecture level, and hence refine communications (synchronization and data transfer) between components. We formalize global aspects as well as their integration into a BIP system through rigorous transformation primitives and overview local aspects. We present AOP-BIP, a tool for Aspect-Oriented Programming of BIP systems, and demonstrate its use to modularize logging, security, and fault-tolerance in a network protocol.

This is joint work with Antoine El-Hokayem (Univ. Grenoble Alpes) and Mohamad Jaber (American University of Beirut).

Feb 292016
 

The paper entitled “Monitoring Multi-threaded Component-based Systems” has been accepted for publication in the proceedings of iFM 16, the 12th International Conference on integrated Formal Methods, June 1st – 5th, 2016, Reykjavik, Iceland.

Below is the abstract of the paper:

This paper addresses the monitoring of logic-independent linear-time user-provided properties on multi-threaded component-based systems. We consider intrinsically independent components that can be executed concurrently with a centralized coordination for multiparty interactions. In this context, the problem that arises is that a global state of the system is not available to the monitor. A naive solution to this problem would be to plug a monitor which would force the system to synchronize in order to obtain the sequence of global states at runtime. Such solution would defeat the whole purpose of having concurrent components. Instead, we reconstruct on-the-fly the global states by accumulating the partial states traversed by the system at runtime. We define formal transformations of components that preserve the semantics and the concurrency and, at the same time, allow to monitor global-state properties. Moreover, we present RVMT-BIP, a prototype tool implementing the transformations for monitoring multi-threaded systems described in the BIP (Behavior, Interaction, Priority) framework, an expressive framework for the formal construction of hetero- geneous systems. Our experiments on several multi-threaded BIP systems show that RVMT-BIP induces a cheap runtime overhead.

This is joint work with Hosein Nazarpour, Saddek Bensalem, Marius Bozga and Jacques Combaz, from Vérimag, Grenoble, France.

A pre-print of the paper can be found here.

One can find the necessary information to download and play with RVMT-BIP by following this link to Hosein’s webpage.

Feb 292016
 

The paper entitled “Runtime Enforcement of Regular Timed Properties by Suppressing and Delaying Events” has been accepted for publication in SCP, Science of Computer Programming, an Elsevier journal.

Here is the abstract of the paper:

Runtime enforcement is a verification/validation technique aiming at correcting possibly incorrect executions of a system of interest. In this paper, we consider enforcement monitoring for systems where the physical time elapsing between actions matters. Executions are thus modelled as timed words (i.e., sequences of actions with dates). We consider runtime enforcement for timed specifications modelled as timed automata. Our enforcement mechanisms have the power of both delaying events to match timing constraints, and suppressing events when no delaying is appropriate, thus possibly allowing for longer executions. To ease their design and their correctness-proof, enforcement mechanisms are described at several levels: enforcement functions that specify the input-output behaviour in terms of transformations of timed words, constraints that should be satisfied by such functions, enforcement monitors that describe the operational behaviour of enforcement functions, and enforcement algorithms that describe the implementation of enforcement monitors. The feasibility of enforcement monitoring for timed properties is validated by prototyping the synthesis of enforcement monitors from timed automata.

This is joint work with T. Jéron, H. Marchand, and S. Pinisetty.

Online version at Elsevier can be found here.

A pre-print of the paper can be found here.

1-s2.0-S0167642316X00081-cov150h

Feb 032016
 

The paper entitled “Fully-automated Runtime Enforcement of Component-based Systems with Formal and Sound Recovery” has been accepted for publication in the Springer journal Software Tools for Technology Transfer.

Abstract

We introduce runtime enforcement of specifications on component-based systems (CBS) modeled in the behavior, interaction and priority (BIP) framework. Runtime enforcement is an increasingly popular and effective dynamic validation technique aiming to ensure the correct runtime behavior (w.r.t. a formal specification) of a system using a so-called enforcement monitor. BIP is a powerful and expressive component-based framework for the formal construction of heterogeneous systems. Because of BIP expressiveness, however, it is difficult to enforce complex behavioral properties at design-time. We first introduce a theoretical runtime enforcement framework for component-based systems where we delineate a hierarchy of enforceable properties (i.e., properties that can be enforced) according to the number of observational steps a system is allowed to deviate from the property (i.e., the notion of k-step enforceability). To ensure the observational equivalence between the correct executions of the initial system and the monitored system, we show that (i) only stutter-invariant properties should be enforced on CBS with our monitors, and (ii) safety properties are 1-step enforceable. Second, given an abstract enforcement monitor for some 1-step enforceable property, we define a series of formal transformations to instrument (at relevant locations) a CBS described in the BIP framework to integrate the monitor. At runtime, the monitor observes and automatically avoids any error in the behavior of the system w.r.t. the property. Third, our approach is fully implemented in RE-BIP, an available tool integrated in the BIP tool suite. Fourth, to validate our approach, we use RE-BIP to (i) enforce deadlock-freedom on a dining philosophers benchmark, and (ii) ensure the correct placement of robots on a map.

Keywords

Runtime enforcement Component-based systems Monitoring k-step enforceability BIP

Online version at Springer available here.

This is joint work with Mohamad Jaber from American University of Beirut, Lebanon.

sttt-logo