runtime monitoring of a quantified temporal logic (talk @ unisa)
DESCRIPTION
Slides for a talk given at University of South Australia, september 2009TRANSCRIPT
Sylvain Hallé
Sylvain Hallé
University of CaliforniaSanta Barbara, USA
Runtime monitoring of aquantified temporal logic
An application to interface contracts inweb applications
Sylvain Hallé
A technological introduction
Sylvain Hallé
A technological introduction
+ ?
Sylvain Hallé
A technological introduction
+ ?
Sylvain Hallé
A technological introduction
+ ?
Sylvain Hallé
A technological introduction
+ ?
Sylvain Hallé
A technological introduction
1.
2.
...
Sylvain Hallé
A technological introduction
?
Sylvain Hallé
A technological introduction
?
Sylvain Hallé
Chapeaux.com
A technological introduction
?
Sylvain Hallé
Chapeaux.com
A technological introduction
?
Sylvain Hallé
Chapeaux.com
A technological introduction
?
Sylvain Hallé
Chapeaux.com
A technological introduction
?
Sylvain Hallé
Chapeaux.com
A technological introduction
1.
2.
...
Sylvain Hallé
Chapeaux.com
A technological introduction
Sylvain Hallé
Chapeaux.com
A technological introduction
My research'stopic
Sylvain Hallé
A few examples
E-Commerce Service: inventory management + billingCompute Cloud: leasing CPU time
PayPal API: billing, express checkout
Shopping: like AmazonGoogle Search, Google Maps, GMail, ...
Sylvain Hallé
Web services
Sylvain Hallé
Web services
Service
Application
Sylvain Hallé
Web application
Web service
Web services
Sylvain Hallé
Web services
? Web application
Web service
Sylvain Hallé
Web services
?Request
Web application
Web service
Sylvain Hallé
Web services
?
1.
2.
...
Web application
Web service
Request
Sylvain Hallé
Web services
?
1.
2.
... Response
Web application
Web service
Request
Sylvain Hallé
Web services
Response
<search>
</search>
hat melon<object> </object><type> </type>
1.
2.
...
XML requestWeb application
Web service
Sylvain Hallé
Web services
<search>
</search>
hat melon<object> </object><type> </type>
<hats>
</hats>
123
40$
<hat>
</hat> ...
<no> </no> <price> </price>
XMLresponse
Web application
Web service
XML request
Sylvain Hallé
Web services
<search>
</search>
hat melon<object> </object><type> </type>
<hats>
</hats>
123
40$
<hat>
</hat> ...
<no> </no> <price> </price>
XMLresponse
XML request
Sylvain Hallé
Web services
<search>
</search>
hat melon<object> </object><type> </type>
<hats>
</hats>
123
40$
<hat>
</hat> ...
<no> </no> <price> </price>
search[ [string], [string]]
objecttype
XMLresponse
XML request
Sylvain Hallé
Web services
<search>
</search>
hat melon<object> </object><type> </type>
<hats>
</hats>
123
40$
<hat>
</hat> ...
<no> </no> <price> </price>
search[ [string], [string]]
objecttype
hats[ [ [integer], [float] ]{0, }]
hatnoprice?
XMLresponse
XML request
Sylvain Hallé
Web servicesWeb services
search[ [string], [string]]
objecttype
hats[ [ [integer], [float] ]{0, }]
hatnoprice?
XMLresponse
XML request
Sylvain Hallé
Web servicesWeb services
search[ [string], [string]]
objecttype
hats[ [ [integer], [float] ]{0, }]
hatnoprice?
?
!XMLresponse
XML request
Sylvain Hallé
WSDL = Web Service Description Language
Web services
Web service
Sylvain Hallé
WSDL = Web Service Description Language
Web services
search[ [string], [string]]
objecttype
hats[ [ [integer], [float] ]{0, }]
hatnoprice?
? !
Web service
Sylvain Hallé
WSDL = Web Service Description Language
Web services
search[ [string], [string]]
objecttype
add[ [int], [int]]
hatquantity
hats[ [ [integer], [float] ]{0, }]
hatnoprice?
ok[]
?
?
!
!Web service
Sylvain Hallé
WSDL = Web Service Description Language
Web services
search[ [string], [string]]
objecttype
add[ [int], [int]]
hatquantity
hats[ [ [integer], [float] ]{0, }]
hatnoprice?
ok[]
?
?
!
!...
Web service
Sylvain Hallé
Web services
http://webservices.amazon.com/AWSECommerceService/AWSECommerceService.wsdl
https://www.paypal.com/wsdl/PayPalSvc.wsdl
http://api.google.com/GoogleSearch.wsdl
Sylvain Hallé
Web services
Web application
Sylvain Hallé
Web services
<search>
</search>
hat buz<object> </object><biz> </biz>
Web application
Sylvain Hallé
Web services
<search>
</search>
hat buz<object> </object><biz> </biz>
search[ [string], [string]]
objecttype?
vs.
Web application
Sylvain Hallé
Web services
<search>
</search>
hat buz<object> </object><biz> </biz>
search[ [string], [string]]
objecttype?
vs.
Web application
Sylvain Hallé
Web services
Web service
Sylvain Hallé
Web services
<hats>
</hats>
123
abc
<hat>
</hat> ...
<no> </no> <price> </price>
Web service
Sylvain Hallé
Web services
<hats>
</hats>
123
abc
<hat>
</hat> ...
<no> </no> <price> </price>
hats[ [ [integer], [float] ]{0, }]
hatnoprice?
!
vs.
Web service
Sylvain Hallé
Web services
<hats>
</hats>
123
abc
<hat>
</hat> ...
<no> </no> <price> </price>
hats[ [ [integer], [float] ]{0, }]
hatnoprice?
!
vs.
Web service
Sylvain Hallé
Interface contracts
Bouquinerie.com
Sylvain Hallé
i ?
Interface contracts
Bouquinerie.com
Sylvain Hallé
i ?
Interface contracts
Bouquinerie.com
Sylvain Hallé
Bouquinerie.com
1.
2.
...
Interface contracts
Sylvain Hallé
1.
2.
...
Interface contracts
Bouquinerie.com
Sylvain Hallé
Interface contracts2
Bouquinerie.com
Sylvain Hallé
Interface contracts2
Bouquinerie.com
Sylvain Hallé
Interface contracts
c
Bouquinerie.com
Sylvain Hallé
Interface contracts
c
Bouquinerie.com
Sylvain Hallé
Interface contracts2
c Bouquinerie.com
Sylvain Hallé
Interface contracts2
c Bouquinerie.com
Sylvain Hallé
Interface contracts
Bouquinerie.com
Sylvain Hallé
Interface contracts
Sylvain Hallé
i ?
Interface contracts
Sylvain Hallé
i ?
1.
2.
...
Interface contracts
Sylvain Hallé
i ?
1.
2.
...
2
c
Interface contracts
Sylvain Hallé
i ?
1.
2.
...
2
c
2
c
Interface contracts
Sylvain Hallé
i ?
1.
2.
...
2
c
2
c
All messages comply with the WSDL but...
Interface contracts
Sylvain Hallé
i ?
1.
2.
...
2
c
2
c
You cannot add the same itemtwice to the shopping cart
Interface contracts
All messages comply with the WSDL but...
Sylvain Hallé
i ?
1.
2.
...
2
c
2
c
Interface contracts
???
You cannot add the same itemtwice to the shopping cart
All messages comply with the WSDL but...
Sylvain Hallé
Interface contracts
???
Sylvain Hallé
???
Interface contracts
Sylvain Hallé
Other constraints (DecSerFlow notation):
? X||
||
||
j
i
i||
i
i
c
c
c
c c
c c
Interface contracts
Sylvain Hallé
i ?
1.
2.
...
2
c
2
c
Interface contracts
i ?
1.
2.
...
2
c
2
c
Interface contracts
You cannot add the same itemtwice to the shopping cart
Sylvain Hallé
2 2
c
Interface contracts
! Express properties on messages
You cannot add the same itemtwice to the shopping cart
Sylvain Hallé
2 2
cG F( (Þ Ø
Interface contracts
! Express properties on messages! + message sequences (LTL ops.)...
You cannot add the same itemtwice to the shopping cart
Sylvain Hallé
i i
cG( (Þ"i FØ
! Express properties on messages! + message sequences (LTL ops.)...! + quantification on elements
Interface contracts
You cannot add the same itemtwice to the shopping cart
Sylvain Hallé
i i
cG( (Þ"i FØ
} LTL-FO+
Interface contracts
You cannot add the same itemtwice to the shopping cart
! Express properties on messages! + message sequences (LTL ops.)...! + quantification on elements
Sylvain Hallé
s = infinite sequence (word) of symbols from a(finite) alphabet
=LTL formula = assertion on the of states in a trace
tracesequence
Linear Temporal Logic
Sylvain Hallé
s = infinite sequence (word) of symbols from a(finite) alphabet
=LTL formula = assertion on the of states in a trace
tracesequence
a "always a" a "the next symbol is a" a "eventually a"
a b "a until b"
GXF
W
Linear Temporal Logic
Sylvain Hallé
s = infinite sequence (word) of symbols from a(finite) alphabet
=LTL formula = assertion on the of states in a trace
tracesequence
a "always a" a "the next symbol is a" a "eventually a"
a b "a until b"
GXF
W
Linear Temporal Logic
s = abacdcbaqqtam...
Sylvain Hallé
s = infinite sequence (word) of symbols from a(finite) alphabet
=LTL formula = assertion on the of states in a trace
tracesequence
a "always a" a "the next symbol is a" a "eventually a"
a b "a until b"
GXF
W
Linear Temporal Logic
s = abacdcbaqqtam...G (a ® b)X
Sylvain Hallé
s = infinite sequence (word) of symbols from a(finite) alphabet
=LTL formula = assertion on the of states in a trace
tracesequence
a "always a" a "the next symbol is a" a "eventually a"
a b "a until b"
GXF
W
Linear Temporal Logic
s = abacdcbaqqtam...G (a ® b)X FALSE
Sylvain Hallé
s = infinite sequence (word) of symbols from a(finite) alphabet
=LTL formula = assertion on the of states in a trace
tracesequence
a "always a" a "the next symbol is a" a "eventually a"
a b "a until b"
GXF
W
Linear Temporal Logic
s = abacdcbaqqtam...G (a ® b)X (q cÚ t) WØFALSE
Sylvain Hallé
s = infinite sequence (word) of symbols from a(finite) alphabet
=LTL formula = assertion on the of states in a trace
tracesequence
a "always a" a "the next symbol is a" a "eventually a"
a b "a until b"
GXF
W
Linear Temporal Logic
s = abacdcbaqqtam...G (a ® b)X (q cÚ t) WØFALSE TRUE
Sylvain Hallé
Well-known results:
Linear Temporal Logic
Sylvain Hallé
Well-known results:
1. For every LTL formula j, there exists a Büchi automaton Asuch that for every (infinite) trace s:
i.e. LTL describes languagesw-regular
Linear Temporal Logic
j
s |= j Û s Î L(A )j
Sylvain Hallé
Well-known results:
1. For every LTL formula j, there exists a Büchi automaton Asuch that for every (infinite) trace s:
i.e. LTL describes languages
2. The alphabet symbols can be generalized to finite sets ofBoolean propositions
w-regular
Linear Temporal Logic
j
s |= j Û s Î L(A )j
Sylvain Hallé
LTL-FO+
What if symbols are XML documents?
LTL-FO+ = LTL + first-order quantification onelements
Let...
p = argument of a function f...filters acceptable values for x...according to the current message s0
Sylvain Hallé
$ x : j(x)p
LTL-FO+
What if symbols are XML documents?
LTL-FO+ = LTL + first-order quantification onelements
Let...
p = argument of a function f...filters acceptable values for x...according to the current message s0
Sylvain Hallé
$ x : j(x)p s |=
LTL-FO+
What if symbols are XML documents?
LTL-FO+ = LTL + first-order quantification onelements
Let...
p = argument of a function f...filters acceptable values for x...according to the current message s0
Sylvain Hallé
$ x : j(x) Û $k : s |= j(k)p s |=
LTL-FO+
What if symbols are XML documents?
LTL-FO+ = LTL + first-order quantification onelements
Let...
p = argument of a function f...filters acceptable values for x...according to the current message s0
Sylvain Hallé
What if symbols are XML documents?
LTL-FO+ = LTL + first-order quantification onelements
Let...
p = argument of a function f...filters acceptable values for x...according to the current message s0
$ x : j(x) Û $k : s |= j(k) AND k Îf(s ,p) p 0s |=
LTL-FO+
Sylvain Hallé
Example:
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
s =
s0 s1
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
LTL-FO+
Sylvain Hallé
Example:
p = a/b
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
s =
s0 s1
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
LTL-FO+
Sylvain Hallé
Example:
p = a/b
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
s =
s0 s1
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
XPath expression
LTL-FO+
Sylvain Hallé
Example:
0
p = a/bf(s ,p) =
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
s =
s0 s1
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
LTL-FO+
Sylvain Hallé
Example:
0
p = a/bf(s ,p) = {1,2}
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
s =
s0 s1
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
LTL-FO+
Sylvain Hallé
Example:
1
p = a/bf(s ,p) =
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
s =
s0 s1
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
LTL-FO+
Sylvain Hallé
Example:
1
p = a/bf(s ,p) = {}
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
s =
s0 s1
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
LTL-FO+
Sylvain Hallé
Example:
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
s =
s0 s1
"a/b x : x=1 x=2Ú
LTL-FO+
Sylvain Hallé
Example:
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
s =
s0 s1
"a/b x : x=1 x=2ÚTRUE
LTL-FO+
Sylvain Hallé
Example:
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
s =
s0 s1
"a/b x : x=1 x=2Ú
"c x : x=5TRUE
LTL-FO+
Sylvain Hallé
Example:
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
s =
s0 s1
"a/b x : x=1 x=2Ú
"c x : x=5TRUE
TRUE
LTL-FO+
Sylvain Hallé
Example:
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
s =
s0 s1
"a/b x : x=1 x=2Ú
"c x : x=5"c x : x=5G
TRUE
TRUE
LTL-FO+
Sylvain Hallé
Example:
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
s =
s0 s1
"a/b x : x=1 x=2Ú
"c x : x=5"c x : x=5G
TRUE
TRUE
FALSE
LTL-FO+
Sylvain Hallé
Example:
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
s =
s0 s1
"a/b x : x=1 x=2Ú
"c x : x=5
"c cx : F $ y : x=y"c x : x=5G
TRUE
TRUE
FALSE
LTL-FO+
Sylvain Hallé
Example:
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
s =
s0 s1
"a/b x : x=1 x=2Ú
"c x : x=5
"c cx : F $ y : x=y"c x : x=5G
TRUE
TRUE
TRUE
FALSE
LTL-FO+
Sylvain Hallé
Example:
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
s =
s0 s1
LTL-FO+
"c x : x=5 x=6ÚG ( )TRUE?
Sylvain Hallé
Example:
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
<c> </c>3s =
s0 s1 s2
LTL-FO+
"c x : x=5 x=6ÚG ( )TRUE? FALSE/X
Sylvain Hallé
Example:
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
s =
s0 s1
cF $ x : x=3
LTL-FO+
"c x : x=5 x=6ÚG ( )
FALSE?
TRUE? FALSE/X
Sylvain Hallé
Example:
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
s =
s0 s1
cF $ x : x=3
LTL-FO+
"c x : x=5 x=6ÚG ( )
TRUE FALSE?/
TRUE? FALSE/X
X
<c> </c>3
s2
Sylvain Hallé
Example:
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
s =
s0 s1
cF $ x : x=3
"c cx : F $ y : x=yG ( )
LTL-FO+
"c x : x=5 x=6ÚG ( )
TRUE? FALSE?/
TRUE? FALSE/X
TRUE FALSE?/ X
Sylvain Hallé
Example:
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
s =
s0 s1
cF $ x : x=3
"c cx : F $ y : x=yG ( )
LTL-FO+
"c x : x=5 x=6ÚG ( )
TRUE? FALSE?/
TRUE? FALSE/X
TRUE FALSE?/ X
X
<c> </c>6
s2
Sylvain Hallé
Example:
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
s =
s0 s1
LTL-FO+
"c x : x=5 x=6ÚG ( )TRUE? FALSE/X
cF $ x : x=3TRUE FALSE?/ X
"c cx : F $ y : x=yG ( )TRUE? FALSE?/X X
<c> </c>6
s2
<c> </c>3
s3
Sylvain Hallé
Example:
<a>
</a>
12
5
<b> </b><b> </b>
<c> </c>
<d>
</d>
<e> </e><e> </e>
<c> </c><c> </c>
12
56
s =
s0 s1
LTL-FO+
"c x : x=5 x=6ÚG ( )TRUE? FALSE/X
cF $ x : x=3TRUE FALSE?/ X
"c cx : F $ y : x=yG ( )TRUE? FALSE?/X X
"c x : x=0XXX ( ) TRUE? FALSE?/
Sylvain Hallé
Example:
LTL-FO+
(At least) a third value is required
Necessary only to evaluate afinite prefix
UNDETERMINED
"c x : x=5 x=6ÚG ( )TRUE? FALSE/X
cF $ x : x=3TRUE FALSE?/ X
"c cx : F $ y : x=yG ( )TRUE? FALSE?/X X
"c x : x=0XXX ( ) TRUE? FALSE?/
Sylvain Hallé
Example:
cF $ x : x=3
"c cx : F $ y : x=yG ( )
LTL-FO+
"c x : x=5 x=6ÚG ( )
TRUE? FALSE?/
TRUE? FALSE/X
X
TRUE FALSE?/ X
X
UND-
UND+
UND?
UND "c x : x=0XXX ( ) TRUE? FALSE?/
(At least) a third value is required
Necessary only to evaluate afinite prefix
UNDETERMINED
Sylvain Hallé
Runtime monitoring
Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j
Benefit:
" ": automaton states are built as thetrace is readon-the-fly
Sylvain Hallé
Runtime monitoring
j
Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j
Benefit:
" ": automaton states are built as thetrace is readon-the-fly
Sylvain Hallé
Runtime monitoring
s =
j
Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j
Benefit:
" ": automaton states are built as thetrace is readon-the-fly
Sylvain Hallé
Runtime monitoring
s = a
j
Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j
Benefit:
" ": automaton states are built as thetrace is readon-the-fly
Sylvain Hallé
Runtime monitoring
s = a
ja
Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j
Benefit:
" ": automaton states are built as thetrace is readon-the-fly
Sylvain Hallé
Runtime monitoring
s = ab
ja
Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j
Benefit:
" ": automaton states are built as thetrace is readon-the-fly
Sylvain Hallé
Runtime monitoring
s = ab
ja b
b
Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j
Benefit:
" ": automaton states are built as thetrace is readon-the-fly
Sylvain Hallé
Runtime monitoring
s = aba
ja b
b
Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j
Benefit:
" ": automaton states are built as thetrace is readon-the-fly
Sylvain Hallé
Runtime monitoring
s = aba
ja
a
a
b
b
Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j
Benefit:
" ": automaton states are built as thetrace is readon-the-fly
Sylvain Hallé
Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j
Benefit:
" ": automaton states are built as thetrace is read
Dead end: formula is false
on-the-fly
Runtime monitoring
s = aba
ja
a
a
b
b
Sylvain Hallé
Runtime monitoring
Algorithm overview:
1. An LTL formula is decomposed into nodes of the form
sub-formulas thatmust be true now
sub-formulas that mustbe true in the next state
Sylvain Hallé
Algorithm overview:
1. An LTL formula is decomposed into nodes of the form
Example:
sub-formulas thatmust be true now
sub-formulas that mustbe true in the next state
Runtime monitoring
Sylvain Hallé
Runtime monitoring
2. Negations pushed inside (classical identities + dual of U = V)
Sylvain Hallé
Runtime monitoring
2. Negations pushed inside (classical identities + dual of U = V)
3. At the leaves, G contains atoms + negations of atoms:we evaluate them
Verdict:
! All leaves contain : formula is false! A leaf is : formula is true! Otherwise:
FALSEempty
Sylvain Hallé
2. Negations pushed inside (classical identities + dual of U = V)
3. At the leaves, G contains atoms + negations of atoms:we evaluate them
Verdict:
! All leaves contain : formula is false! A leaf is : formula is true! Otherwise:
4. Next event: D copied into G and we continue
FALSEempty
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
G (a ® b)X �
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
G (a ® b)X �
a ® bX G (a ® b)X�
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
G (a ® b)X �
Øa G (a ® b)X�
a ® bX G (a ® b)X�
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
G (a ® b)X �
a, X b G (a ® b)X�Øa G (a ® b)X�
a ® bX G (a ® b)X�
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
G (a ® b)X �
a, X b G (a ® b)X�
a G (a ® b), bX�
Øa G (a ® b)X�
a ® bX G (a ® b)X�
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
a G (a ® b), bX�
Øa G (a ® b)X�
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
s = a
a G (a ® b), bX�
Øa G (a ® b)X�
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
s = a
a G (a ® b), bX�
Øa G (a ® b)X�
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
s = a
a G (a ® b), bX�
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
s = a
G (a ® b), bX�
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
s = a
�G (a ® b), bX
G (a ® b), bX�
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
s = a
a, X b, b G (a ® b)X�
a, b G (a ® b), bX�
Øa, b G (a ® b)X�
a ® b, bX G (a ® b)X�
�G (a ® b), bX
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
s = a
a, b G (a ® b), bX�
Øa, b G (a ® b)X�
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
s = a
a, b G (a ® b), bX�
Øa, b G (a ® b)X�
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
s = a
Øa, b G (a ® b)X�
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
s = ac
Øa, b G (a ® b)X�
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
s = ac
Øa, b G (a ® b)X�
Runtime monitoring
Sylvain Hallé
Example: G (a ® b)X
s = ac
No way to extend the trace:formula is false
Runtime monitoring
Sylvain Hallé
Hallé & Villemaire, EDOC 2008: adaptation of the algorithm to handle LTL-FO+
1. Atoms become equality tests
2. Decomposition rules for quantifiers
(and vice versa)
Runtime monitoring
Sylvain Hallé
The BeepBeep runtime monitor
Bouquinerie.com
Sylvain Hallé
The BeepBeep runtime monitor
Bouquinerie.com
Sylvain Hallé
ii ii
ccGG(( ((ÞÞ""ii FFØØ
The BeepBeep runtime monitor
Bouquinerie.com
Sylvain Hallé
The BeepBeep runtime monitor2
Bouquinerie.com
Sylvain Hallé
The BeepBeep runtime monitor
Bouquinerie.com
Sylvain Hallé
The BeepBeep runtime monitor2
Bouquinerie.com
Sylvain Hallé
The BeepBeep runtime monitor2
Bouquinerie.com
Sylvain Hallé
The BeepBeep runtime monitor
Bouquinerie.com
Sylvain Hallé
The BeepBeep runtime monitor
!
Bouquinerie.com
Sylvain Hallé
Add BeepBeep to an application
Sylvain Hallé
Add BeepBeep to an application
� Copy BeepBeep in the application's directoryhttp://beepbeep.sourceforge.net
Sylvain Hallé
Add BeepBeep to an application
�
� Include BeepBeep
Copy BeepBeep in the application's directoryhttp://beepbeep.sourceforge.net
Sylvain Hallé
Add BeepBeep to an application
myapplication.html
<html><head><title></title><script type=" " href=" "/>
</head><body>
</body></html>
My Application
...
text/javascriptmyapplication.js
�
� Include BeepBeep
Copy BeepBeep in the application's directoryhttp://beepbeep.sourceforge.net
Sylvain Hallé
Add BeepBeep to an application
myapplication.html
<html><head><title></title><script type=" " href=" "/>
</head><body>
</body></html>
My Application
...
text/javascriptmyapplication.js
<script type="text/javascript" href="beepbeep.js"/>
�
� Include BeepBeep
Copy BeepBeep in the application's directoryhttp://beepbeep.sourceforge.net
Sylvain Hallé
Add BeepBeep to an application
myapplication.html myapplication.js
<html><head><title></title><script type=" " href=" "/>
</head><body>
</body></html>
My Application
...
text/javascriptmyapplication.js
<script type="text/javascript" href="beepbeep.js"/>
// Initializations
= ();
(){
( );}
...
req XMLHttpRequest
...
abc
... req. some_message
new
function
send
�
� Include BeepBeep
Copy BeepBeep in the application's directoryhttp://beepbeep.sourceforge.net
Sylvain Hallé
Add BeepBeep to an application
myapplication.html myapplication.js
<html><head><title></title><script type=" " href=" "/>
</head><body>
</body></html>
My Application
...
text/javascriptmyapplication.js
<script type="text/javascript" href="beepbeep.js"/>
// Initializations
= ();
(){
( );}
...
req
...
abc
... req. some_message
new
function
send
XMLHttpRequestBB
Include BeepBeep
�
�
Copy BeepBeep in the application's directoryhttp://beepbeep.sourceforge.net
Sylvain Hallé
Create a with LTL-FO+ formulascontract file �
Add BeepBeep to an application
# ---------------------------------------------------------------# BeepBeep contract file for the Amazon ECS# ---------------------------------------------------------------
% To create a cart, you must put at least one item
% You can only create a cart once
% No CartAdd can occur before a CartCreate
% You cannot add the same item twice to the shopping cart
; G ([x1 /CartCreate/Operation] (((x1) = ({CartCreate})) -> (<x2 /CartCreate/Items/Item/ASIN> ({TRUE}))))
; G ([x1 /CartCreate/Operation] (((x1) = ({CartCreate})) -> (X (G (!(<x2 /CartCreate/Operation> ((x2) = ({CartCreate}))))))))
; (!(<x1 /CartAdd/Operation> ((x1) = ({CartAdd})))) U (<x2 /CartCreate/Operation> ((x2) = ({CartCreate})))
; G ([i /CartCreate/Items/Item/ASIN] (X (G ([j /CartAdd/Items/Item/ASIN] (!((i) = (j)))))))
Sylvain Hallé
A quick demo
Sylvain Hallé
Sample property: "every car entering a parking lot must go out before entering again"
Tim
e pe
r m
essa
ge (
ms)
Trace length
Experimental results
Hallé & Villemaire, EDOC 2008
< 5 ms/msg.
Sylvain Hallé
Simultaneous monitoring of 11 properties from Amazon's contract
Hallé & Villemaire, CAV 2009
-20
0 20 40 60 80 100 120 140 160 180 200
-10
0
10
20
Average
Tim
e d
iffe
ren
ce (
%)
< 5%
Trace length
Experimental results
Sylvain Hallé
Take-home points
Sylvain Hallé
Take-home points
1. Constraints involving operators and on message contents arise naturally in web applications
temporal quantificationreal
Sylvain Hallé
Take-home points
1. Constraints involving operators and on message contents arise naturally in web applications
2. An extension of LTL can formalize them:
temporal quantificationreal
LTL-FO+
Sylvain Hallé
Take-home points
1. Constraints involving operators and on message contents arise naturally in web applications
2. An extension of LTL can formalize them:
3. of these constraints can be doneefficiently, even with quantification
temporal quantificationreal
LTL-FO+
Runtime monitoring
Sylvain Hallé
1. Constraints involving operators and on message contents arise naturally in web applications
2. An extension of LTL can formalize them:
3. of these constraints can be doneefficiently, even with quantification
4. BeepBeep is a tool that allows it with on real applications
temporal quantificationreal
LTL-FO+
Runtime monitoring
minimal modifications
http://beepbeep.sourceforge.net/
Take-home points
Sylvain Hallé
Additional information
Quantified temporal logic for web applications
Hallé & al.: Model Checking Data-Aware Temporal Web Service Properties. IEEE Trans. Soft. Eng., Sept/Oct 2009.
Runtime monitoring of LTL-FO+
Hallé & Villemaire: Runtime Monitoring of Message-Based Workflows with Data. Proc. EDOC 2008, IEEE.
Application to Amazon web services
Hallé & al.: Model-based Runtime Verification of Web Service Interface Contracts. IEEE Int. Comp., to appear.
Sylvain Hallé
My web page
BeepBeep's web site
http://www.leduotang.com/sylvain
http://beepbeep.sourceforge.net
Additional information