一种运行时验证监控器的构造方法

本文结合作者课题内容,介绍了一种运行时验证技术中的监控器构造方法。该方法完整涵盖了从性质规约到监控器模型再到监控程序的全过程,过程中使用了相关开源的第三方软件使得该方法的自动化程度较高。同时由于该监控器的构造是基于三值语义,使得该监控器在一定意义上具有预测性。     

一种嵌入式操作系统运行时验证方法

作为测试、模型检验等开发阶段所用技术的有效补充,运行时验证技术越来越受到广泛的关注。然而,当前的运行时验证技术主要用于应用软件,很少专门针对操作系统进行研究。对面向嵌入式操作系统的运行时验证框架和关键技术进行了研究,并结合一个开源嵌入式操作系统FreeRTOS进行了设计与实现。首先提出了一种面向嵌入式操作系统的运行时验证和反馈调整框架,然后针对框架中的关键技术部分,完成了规约语言的设计、三值语义监控器的生成、FreeRTOS嵌入式操作系统相关接口的实现等主要工作。     

基于部件设计的运行时验证

研究软部件设计中的可靠性问题,对这一问题主要诉是,当一个已存软部件的正确性无法得到确认时,在具具体实现不可知的情况下,如何提高它的运行时可靠性？为解决这一问题,该文首先构造一个能够用于软部件动态语义检测的抽象模型;然后通过在设计中系统地引入一些运行时技术以保证基于部件软件的可靠性。这些运行时技术包括：（１）包裹部件。作为额外的一层设计,根据软部件的接口说明自动生成,用于检测运行时错误;（２）虚拟部     

基于三值语义的软件运行时验证方法

运行时验证技术是对传统的程序正确性保证技术如模型检验和测试的有效补充。模型检验和测试都试图验证系统的所有可能执行路径的正确性,而运行时验证关注的是系统的当前执行路径。本文提出一种基于三值语义的软件运行时验证方法,一方面该方法提供了从代码插装、系统底层信息提取到监控器生成、验证系统运行轨迹是否满足性质规约的完整的解决方案;另一方面基于三值语义的监控器有发现一条无穷运行轨迹的最小好(坏)前缀的能力,从而使得监控器能尽可能早的发现性质违背。同时,我们开发了基于三值语义的软件运行时验证原型工具并针对案例进行了分析。     

一种基于预测的运行时验证开销控制方法

  针对运行时验证中,监控模块对软件系统运行效率产生影响的问题,提出一种基于预测的控制运行时验证开销的方法。该方法主要是通过建立马尔可夫链（Markov Chain）和隐马尔可夫模型（Hidden Markov Model, HMM）对软件行为进行有限步的预测,并判断被验证的性质约束被违反的风险,依此对软件监控行为进行调整,从而实现将运行时验证所产生的额外开销控制在一定范围内的目标。这种方法能够有效地控制监控开销,但仍然需要进一步的研究。     

一种基于活性顺序图的运行时验证研究

运行时验证是一种轻量级的形式化验证方法,使用可视化的需求规约描述语言建模需求规约场景是运行时验证领域的研究热点。针对目前基于活性顺序图的运行时验证方法中容易产生冗余性质、二值语义的验证结果不准确、基于Maude工具引擎的重写逻辑验证算法效率较低等问题,提出一种基于活性顺序图的运行时验证的改进方法,以支持现有的运行时验证技术。实验表明,改进方法验证结果准确,且验证过程开销较小。     

普适计算应用时空性质的运行时验证

运行时验证是提升普适计算应用可靠性的重要手段.这类应用的很多性质同时涉及时间关系和空间位置关系,这样的时空性质给运行时验证带来了特有的挑战.一方面,传统的时态逻辑难以描述空间性质;另一方面,适合描述空间性质的Ambient Logic在真值不确定等情况下不能很好支持有限轨迹中时间性质的描述.为支持普适计算应用时空性质的运行时验证,本文引入三值逻辑语义,提出了AL₃（3-valued Ambient Logic）;并在此基础上设计实现了基于AL₃的性质检验算法和运行时监控器.最后,通过案例分析和运行效率实验阐明了所提方法的有效性和可行性.     

一种基于运行时验证的Web服务选择方法

为了确保用户选择的Web服务的运行时行为与用户需求之间的一致性,提出了一种基于运行时验证的服务选择方法。首先基于自动机原理,对Web服务进行运行时验证。其次,定义了3种程度的行为匹配关系,基于运行时验证结果,量化Web服务运行时行为与用户需求之间的匹配程度,并使用AHP理论计算用户偏好。方法综合考虑行为匹配程度和用户偏好对服务选择的影响,提出服务选择策略。最后通过实验分析和比较说明了该方法的合理性。     

运行时验证技术的研究进展

运行时验证是一种轻量级的验证方法,通过实时地监测系统的行为,验证系统的正确性,及时发现冲突,并发出警告或作出反应。运行时验证技术已经得到了越来越多的应用,以确保软件系统的正确性。总结了近年来运行时验证技术的研究进展,首先介绍了运行时验证的概念、原理和分类,接着深入分析了现有的几种解决方案,并对该领域中的研究热点进行了深入探讨,最后分析了运行时验证技术面临的主要挑战,并对未来该领域的研究方向进行了展望。     

运行时验证及其应用

计算机软件在日常生活、工业、军事、国家安全领域已占有重要地位,软件的正确性、可靠性、安全性、可用性和可维护性已经受到广泛关注和深入研究。传统的验证技术包括定理证明、模型检测、以及测试,这些方法受到程序的运行以及程序所在环境的不可控等因素的限制。运行时验证的验证过程基于被监控系统的实际运行过程进行,从而有效地避免这些限制,是传统验证技术的有效补充。     

多核处理器架构下面向监控的软件运行时验证方法研究

面向监控的软件运行时验证(Monitor-oriented Runtime Verification:MRV)方法可以有效的提高系统可靠性,但是在传统基于单核处理器架构的嵌入式系统中采用MRV方法会给目标系统性能造成较大的影响.本文对基于多核处理器架构的MRV方法进行了初步研究,分析并设计了在线验证、离线验证以及单监视器设计与多监视器设计等多种模式的MRV方法,给出了相应的MRV实现方案,并在几个开源项目中进行了MRV实例应用.实验数据分析表明,在不同模式下,基于多核处理器架构的MRV方法能够从不同程度上有效提高系统运行时验证的性能.本文工作为进一步设计有效的多核架构下MRV方法提供了基础.     

Rewriting-Based Techniques for Runtime Verification

Techniques for efficiently evaluating future time Linear Temporal Logic (abbreviated LTL) formulae on finite execution traces are presented. While the standard models of LTL are infinite traces, finite traces appear naturally when testing and/or monitoring real applications that only run for limited time periods. A finite trace variant of LTL is formally defined, together with an immediate executable semantics which turns out to be quite inefficient if used directly, via rewriting, as a monitoring procedure. Then three algorithms are investigated. First, a simple synthesis algorithm for monitors based on dynamic programming is presented; despite the efficiency of the generated monitors, they unfortunately need to analyze the trace backwards, thus making them unusable in most practical situations. To circumvent this problem, two rewriting-based practical algorithms are further investigated, one using rewriting directly as a means for online monitoring, and the other using rewriting to generate automata-like monitors, called binary transition tree finite state machines (and abbreviated BTT-FSMs). Both rewriting algorithms are implemented in Maude, an executable specification language based on a very efficient implementation of term rewriting. The first rewriting algorithm essentially consists of a set of equations establishing an executable semantics of LTL, using a simple formula transforming approach. This algorithm is further improved to build automata on-the-fly via caching and reuse of rewrites (called memoization), resulting in a very efficient and small Maude program that can be used to monitor program executions. The second rewriting algorithm builds on the first one and synthesizes provably minimal BTT-FSMs from LTL formulae, which can then be used to analyze execution traces online without the need for a rewriting system. The presented work is part of an ambitious runtime verification and monitoring project at NASA Ames, called PathExplorer, and demonstrates that rewriting can be a tractable and attractive means for experimenting and implementing logics for program monitoring.Supported in part by joint NSF/NASA grant CCR-0234524.     

Collecting Statistics Over Runtime Executions

We present an extension to linear-time temporal logic (LTL) that combines the temporal specification with the collection of statistical data. By collecting statistics over runtime executions of a program we can answer complex queries, such as “what is the average number of packet transmissions' in a communication protocol, or “how often does a particular process enter the critical section while another process remains waiting' in a mutual exclusion algorithm. To decouple the evaluation strategy of the queries from the definition of the temporal operators, we introduce algebraic alternating automata as an automata-based intermediate representation. Algebraic alternating automata are an extension of alternating automata that produce a value instead of acceptance or rejection for each trace. Based on the translation of the formulas from the query language to algebraic alternating automata, we obtain a simple and efficient query evaluation algorithm. The approach is illustrated with examples and experimental results.     

An Overview of the Runtime Verification Tool Java PathExplorer

We present an overview of the Java PathExplorer runtime verification tool, in short referred to as JPAX. JPAX can monitor the execution of a Java program and check that it conforms with a set of user provided properties formulated in temporal logic. JPAX can in addition analyze the program for concurrency errors such as deadlocks and data races. The concurrency analysis requires no user provided specification. The tool facilitates automated instrumentation of a program's bytecode, which when executed will emit an event stream, the execution trace, to an observer. The observer dispatches the incoming event stream to a set of observer processes, each performing a specialized analysis, such as the temporal logic verification, the deadlock analysis and the data race analysis. Temporal logic specifications can be formulated by the user in the Maude rewriting logic, where Maude is a high-speed rewriting system for equational logic, but here extended with executable temporal logic. The Maude rewriting engine is then activated as an event driven monitoring process. Alternatively, temporal specifications can be translated into automata or algorithms that can efficiently check the event stream. JPAX can be used during program testing to gain increased information about program executions, and can potentially furthermore be applied during operation to survey safety critical systems.     

A Verification Framework for Agent Communication

In this paper, we introduce a verification method for the correctness of multiagent systems as described in the framework of ACPL (Agent Communication Programming Language). The computational model of ACPL consists of an integration of the two different paradigms of CCP (Concurrent Constraint Programming) and CSP (Communicating Sequential Processes). The constraint programming techniques are used to represent and process information, whereas the communication mechanism of ACPL is described in terms of the synchronous handshaking mechanism of CSP. Consequently, we show how to define a verification method for ACPL in terms of an integration of the verification methods for CCP and CSP. We prove formally the soundness of the method and discuss its completeness.     

Model-based Runtime Verification Framework for Self-optimizing Systems

This paper describes a novel on-line model checking approach offered as service of a real-time operating system (RTOS). The verification system is intended especially for self-optimizing component-based real-time systems where self-optimization is performed by dynamically exchanging components. The verification is performed at the level of (RT-UML) models. The properties to be checked are expressed by RT-OCL terms where the underlying temporal logic is restricted to either time-annotated ACTL or LTL formulae. The on-line model checking runs interleaved with the execution of the component to be checked in a pipelined manner. The technique applied is based on on-the-fly model checking. More specifically for ACTL formulae this means on-the-fly solution of the NHORNSAT problem while in the case of LTL the emptiness checking method is applied.     

A Translation-Facilitated Comparison Between the Common Language Runtime and the Java Virtual Machine

We describe how programs can be converted from the Common Language Runtime to the Java Virtual Machine, based on our experience of writing an application to do so. We also recount what this experience has taught us about the differences between these two architectures.     

基于类文件的Java程序运行时异常分析技术

提出一种基于类文件的Java运行时异常分析技术.它可在没有Java源代码文件的情况下,直接对类文件进行处理,分析可能抛出的异常信息,并根据分析结果在类文件中添加适当的异常追踪代码.这种处理后的类文件可无缝替换原类文件运行,并在运行中抛出异常时,能够给出详尽的异常分析报告,从而提高技术人员调试和开发的效率.