-
Monitorability for the Modal mu-Calculus over Systems with Data: From Practice to Theory
Authors:
Luca Aceto,
Antonis Achilleos,
Duncan Paul Attard,
Léo Exibard,
Adrian Francalanza,
Anna Ingólfsdóttir,
Karoliina Lehtinen
Abstract:
Runtime verification, also known as runtime monitoring, consists of checking whether a system satisfies a given specification by observing the trace it produces during its execution. It is used as a lightweight verification technique to complement or substitute costlier methods such as model-checking.
In the regular setting, Hennessy-Milner logic with recursion, a variant of the modal mu-calculu…
▽ More
Runtime verification, also known as runtime monitoring, consists of checking whether a system satisfies a given specification by observing the trace it produces during its execution. It is used as a lightweight verification technique to complement or substitute costlier methods such as model-checking.
In the regular setting, Hennessy-Milner logic with recursion, a variant of the modal mu-calculus, provides a versatile formalism for expressing linear- and branching-time specifications of the control flow of the system.
In this paper, we shift the focus from control to data and study the monitorability of an extension of this logic that allows one to express properties of the data flow. Data values are modelled as values from an infinite domain. They are stored using data variables and manipulated using predicates and first-order quantification.
The resulting logic is closely related to register automata with guessing. This correspondence yields a monitor synthesis algorithm, and allows us to derive a strict monitorability hierarchy between the different fragments of the logic, in stark contrast to the regular setting. In particular, restricting to deterministic monitors strictly reduces the set of monitorable properties.
Last, we exhibit a fragment of the logic that can express all monitorable formulae in the logic without greatest fixed-points but not in the full logic. We finally show that this is unavoidable because, in fact, there is no decidable fragment of the logic that captures all monitorable properties.
△ Less
Submitted 6 June, 2025;
originally announced June 2025.
-
Runtime Instrumentation for Reactive Components (Extended Version)
Authors:
Luca Aceto,
Duncan Paul Attard,
Adrian Francalanza,
Anna Ingólfsdóttir
Abstract:
Reactive software calls for instrumentation methods that uphold the reactive attributes of systems. Runtime verification imposes another demand on the instrumentation, namely that the trace event sequences it reports to monitors are sound -- that is, they reflect actual executions of the system under scrutiny. This paper presents RIARC, a novel decentralised instrumentation algorithm for outline m…
▽ More
Reactive software calls for instrumentation methods that uphold the reactive attributes of systems. Runtime verification imposes another demand on the instrumentation, namely that the trace event sequences it reports to monitors are sound -- that is, they reflect actual executions of the system under scrutiny. This paper presents RIARC, a novel decentralised instrumentation algorithm for outline monitors meeting these two demands. The asynchronous setting of reactive software complicates the instrumentation due to potential trace event loss or reordering. RIARC overcomes these challenges using a next-hop IP routing approach to rearrange and report events soundly to monitors.
RIARC is validated in two ways. We subject its corresponding implementation to rigorous systematic testing to confirm its correctness. In addition, we assess this implementation via extensive empirical experiments, subjecting it to large realistic workloads to ascertain its reactiveness. Our results show that RIARC optimises its memory and scheduler usage to maintain latency feasible for soft real-time applications. We also compare RIARC to inline and centralised monitoring, revealing that it induces comparable latency to inline monitoring in moderate concurrency settings, where software performs long-running, computationally-intensive tasks, such as in Big Data stream processing.
△ Less
Submitted 28 June, 2024;
originally announced June 2024.
-
Special Delivery: Programming with Mailbox Types (Extended Version)
Authors:
Simon Fowler,
Duncan Paul Attard,
Franciszek Sowul,
Simon J. Gay,
Phil Trinder
Abstract:
The asynchronous and unidirectional communication model supported by mailboxes is a key reason for the success of actor languages like Erlang and Elixir for implementing reliable and scalable distributed systems. While many actors may send messages to some actor, only the actor may (selectively) receive from its mailbox. Although actors eliminate many of the issues stemming from shared memory conc…
▽ More
The asynchronous and unidirectional communication model supported by mailboxes is a key reason for the success of actor languages like Erlang and Elixir for implementing reliable and scalable distributed systems. While many actors may send messages to some actor, only the actor may (selectively) receive from its mailbox. Although actors eliminate many of the issues stemming from shared memory concurrency, they remain vulnerable to communication errors such as protocol violations and deadlocks.
Mailbox types are a novel behavioural type system for mailboxes first introduced for a process calculus by de'Liguoro and Padovani in 2018, which capture the contents of a mailbox as a commutative regular expression. Due to aliasing and nested evaluation contexts, moving from a process calculus to a programming language is challenging.
This paper presents Pat, the first programming language design incorporating mailbox types, and describes an algorithmic type system. We make essential use of quasi-linear typing to tame some of the complexity introduced by aliasing. Our algorithmic type system is necessarily co-contextual, achieved through a novel use of backwards bidirectional typing, and we prove it sound and complete with respect to our declarative type system. We implement a prototype type checker, and use it to demonstrate the expressiveness of Pat on a factory automation case study and a series of examples from the Savina actor benchmark suite.
△ Less
Submitted 22 June, 2023;
originally announced June 2023.
-
A Choreographed Outline Instrumentation Algorithm for Asynchronous Components
Authors:
Luca Aceto,
Duncan Paul Attard,
Adrian Francalanza,
Anna Ingólfsdóttir
Abstract:
The runtime analysis of decentralised software requires instrumentation methods that are scalable, but also minimally invasive. This paper presents a new algorithm that instruments choreographed outline monitors. Our instrumentation algorithm scales and reorganises monitors dynamically as the system executes. We demonstrate the implementability of choreographed outline instrumentation and compare…
▽ More
The runtime analysis of decentralised software requires instrumentation methods that are scalable, but also minimally invasive. This paper presents a new algorithm that instruments choreographed outline monitors. Our instrumentation algorithm scales and reorganises monitors dynamically as the system executes. We demonstrate the implementability of choreographed outline instrumentation and compare it to inline instrumentation, subject to rigorous and comprehensive benchmarking. Our results debunk the general notion that outline monitoring is necessarily infeasible, and show that our implementation induces runtime overhead comparable to that of its inline counterpart for many practical cases.
△ Less
Submitted 19 April, 2021;
originally announced April 2021.
