Abstract
This article addresses the question of what properties can be monitored over an unreliable communication channel. We model unreliable communications as mutations to finite traces and define what it means for a property to be immune to such a mutation. We also introduce the idea of a trustworthy verdict, which is a verdict guaranteed to be correct in the presence of a trace mutation. We show that the trustworthiness of a verdict or immunity of a property for a single mutation is equivalent to the trustworthiness or immunity for any number of mutations. We classify trustworthy verdicts on \(\omega \)-regular properties by updating a recently proposed monitorability-focused refinement of the safety-liveness taxonomy. The article also includes a fixed-parameter tractable algorithm to test an \(\omega \)-regular property for immunity to a trace mutation. Our results show that many of the most common properties can be monitored over unreliable channels.
Similar content being viewed by others
References
Abdulla, P., Baier, C., Iyer, P., Jonsson, B.: Reasoning about probabilistic lossy channel systems. In: International Conference on Concurrency Theory (CONCUR’20), LNCS, vol. 1877, pp. 320–333. Springer (2000)
Abdulla, P.A., Jonsson, B.: Verifying programs with unreliable channels. Inf. Comput. 127(2), 91–101 (1996). https://doi.org/10.1006/inco.1996.0053
Aceto, L., Achilleos, A., Francalanza, A., Ingólfsdóttir, A., Lehtinen, K. (2019). Adventures in monitorability: from branching to linear time and back again. In: Symposium on Principles of Programming Languages (POPL’19), vol. 3. ACM Press. https://doi.org/10.1145/3290365
Agrawal, S., Bonakdarpour, B.: Runtime verification of k-safety hyperproperties in HyperLTL. In: Computer Security Foundations Symposium (CSF’16), pp. 239–252. IEEE (2016). https://doi.org/10.1109/CSF.2016.24
Alpern, B., Demers, A.J., Schneider, F.B.: Safety without stuttering. Inf. Process. Lett. 23(4), 177–180 (1986). https://doi.org/10.1016/0020-0190(86)90132-8
ARM Limited (2019) Embedded trace macrocell architecture specification.http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ihi0014q/
Baader, F., Bauer, A., Tiu, A.: Matching trace patterns with regular policies. In: International Conference on Language and Automata Theory and Applications (LATA’09), LNAI, vol .5457, pp. 105–116. Springer (2009). https://doi.org/10.1007/978-3-642-00982-2_9
Baier, C., Engelen, B.: Establishing Qualitative Properties for Probabilistic Lossy Channel Systems, LNCS, vol. 1601, pp 34–52. Springer (1999) https://doi.org/10.1007/3-540-48778-6_3
Barringer, H., Goldberg, A., Havelund, K., Sen, K.: Rule-based runtime verification. In: Verification, Model Checking, and Abstract Interpretation (VMCAI’04), LNCS, vol. 2937, pp. 44–57. Springer (2009)
Bartlett, K.A., Scantlebury, R.A., Wilkinson, P.T.: A note on reliable full-duplex transmission over half-duplex links. Commun. ACM 12(5), 260–261 (1969). https://doi.org/10.1145/362946.362970
Basin, D., Klaedtke, F., Zălinescu, E.: Runtime verification of temporal properties over out-of-order data streams. In: Computer Aided Verification (CAV’17), LNCS, vol. 10426, pp. 356–376. Springer(2017). https://doi.org/10.1007/978-3-319-63387-9_18
Basin, D.A., Klaedtke, F., Marinovic, S., Zalinescu, E.: Monitoring compliance policies over incomplete and disagreeing logs. In: International Conference on Runtime Verification (RV’12), LNCS, vol. 7687, pp. 151–167. Springer (2012). https://doi.org/10.1007/978-3-642-35632-2_17
Bauer, A., Leucker, M., Schallhart, C.: Monitoring of real-time properties. In: Foundations of Software Technology and Theoretical Computer Science (FSTTCS’06), LNCS, vol. 4337, pp. 260–272. Springer (2006). https://doi.org/10.1007/11944836_25
Bauer, A., Leucker, M., Schallhart, C.: Comparing LTL semantics for runtime verification. J. Logic Comput. 20(3), 651–674 (2010). https://doi.org/10.1093/logcom/exn075
Bauer, A., Leucker, M., Schallhart, C.: Runtime verification for LTL and TLTL. ACM Trans. Softw. Eng. Methodol. 20(4), 14:1-14:64 (2011). https://doi.org/10.1145/2000799.2000800
Belina, F., Hogrefe, D., Sarma, A.: SDL with Applications from Protocol Specification. Prentice-Hall, Inc (1991)
Brand, D., Zafiropulo, P.: On communicating finite-state machines. J. ACM 30(2), 323–342 (1983). https://doi.org/10.1145/322374.322380
Budkowski, S., Dembinski, P.: An introduction to Estelle: a specification language for distributed systems. Comput. Netw. ISDN Syst. 14(1), 3–23 (1987). https://doi.org/10.1016/0169-7552(87)90084-5
Cécé, G., Finkel, A., Iyer, S.P.: Unreliable channels are easier to verify than perfect channels. Inf. Comput. 124(1), 20–31 (1996). https://doi.org/10.1006/inco.1996.0003
Chang, E., Manna, Z., Pnueli, A.: Characterization of temporal property classes. In: International Colloquium on Automata, Languages and Programming (ICALP’92), LNCS, vol. 623, pp. 474–486. Springer (1992)
Chen, Z., Wu. Y., Wei. O., Sheng. B.: Deciding weak monitorability for runtime verification. In: International Conference on Software Engineering (ICSE’18), pp. 163–164. ACM Press (2018). https://doi.org/10.1145/3183440.3195077
Cimatti, A., Tian, C., Tonetta, S.: Assumption-based runtime verification with partial observability and resets. In: International Conference on Runtime Verification (RV’19), LNCS, vol. 11757, pp. 165–184. Springer (2019). https://doi.org/10.1007/978-3-030-32079-9_10
Clarkson, M.R., Finkbeiner, B., Koleini, M., Micinski, K.K., Rabe, M.N., Sánchez, C.: Temporal logics for hyperproperties. In: International Conference on Principles of Security and Trust (POST’14), LNCS, vol. 8414, pp. 265–284. Springer (2014). https://doi.org/10.1007/978-3-642-54792-8_15
d’Amorim, M., Roşu, G.: Efficient monitoring of \(\omega \)-languages. In: Computer Aided Verification (CAV’05), LNCS, vol. 3576, pp. 364–378. Springer (2005). https://doi.org/10.1007/11513988_36
Diekert, V., Gastin, P.: First-Order Definable Languages, pp. 261–306. Amsterdam University Press (2008). https://doi.org/10.2307/j.ctt46mv83.12
Diekert, V., Leucker, M.: Topology, monitorable properties and runtime verification. Theoret. Comput. Sci. 537, 29–41 (2014). https://doi.org/10.1016/j.tcs.2014.02.052
Diekert, V., Muscholl, A., Walukiewicz, I.: A note on monitors and büchi automata. In: International Colloquium on Theoretical Aspects of Computing (ICTAC’15), LNCS, vol. 9399, pp. 39–57. Springer (2015).https://doi.org/10.1007/978-3-319-25150-9_3
Dwyer, M., Avrunin, G., Corbett, J.: Patterns in property specifications for finite-state verification. In: International Conference on Software Engineering (ICSE’99), pp. 411–420. ACM Press (1999)
Edwards, C.D., Bell, D.J., Gladden, R.E., Ilott, P.A., Jedrey, T.C., Johnston, M.D., Maxwell, J.L., Mendoza, R., McSmith, G.W., Potts, C.L., Schratz, B.C., Shihabi, M.M., Srinivasan, J.M., Varghese, P., Sanders, S.S., Denis, M.: Relay support for the mars science laboratory mission. In: Conference on Aerospace, pp. 1–14. IEEE (2013). https://doi.org/10.1109/AERO.2013.6497325
Falcone, Y., Fernandez, J.C., Mounier, L.: Runtime verification of safety-progress properties. In: International Conference on Runtime Verification (RV’09), LNCS, vol. 5779, pp. 40–59. Springer (2009). https://doi.org/10.1007/978-3-642-04694-0_4
Falcone, Y., Fernandez, J.C., Mounier, L.: What can you verify and enforce at runtime? Int. J. Softw. Tools Technol. Transf. 14(3), 349–382 (2012). https://doi.org/10.1007/s10009-011-0196-8
Finkel, A.: Decidability of the termination problem for completely specified protocols. Distrib. Comput. 7(3), 129–135 (1994). https://doi.org/10.1007/BF02277857
Francalanza, A., Aceto, L., Ingolfsdottir, A.: Monitorability for the Hennessy-Milner logic with recursion. Formal Methods Syst. Des. 51(1), 87–116 (2017). https://doi.org/10.1007/s10703-017-0273-z
Garg, D., Jia, L., Datta, A.: olicy auditing over incomplete logs: Theory, implementation and applications. In: Conference on Computer and Communications Security (CCS’11), pp. 151–162. ACM Press (2011). https://doi.org/10.1145/2046707.2046726
Gondi, K., Patel, Y., Sistla, A.P.: Monitoring the full range of \(\omega \)-regular properties of stochastic systems. In: Verification, Model Checking, and Abstract Interpretation (VMCAI’09), LNCS, vol. 5403, pp. 105–119. Springer (2009). https://doi.org/10.1007/978-3-540-93900-9_12
Halbwachs, N., Héry, J.F., Laleuf, J.C., Nicollin, X.: Stability of discrete sampled systems. In: International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems (FTRTFT’20), LNCS, vol. 1926, pp. 1–11. Springer (2000). https://doi.org/10.1007/3-540-45352-0_1
Hopcroft, J.E., Karp, R.M.: A Linear Algorithm for Testing Equivalence of Finite Automata, Technical Report. Cornell University (1971)
ISO, IEC 13239:2002, : Information Technology—Telecommunications and Information Exchange Between Systems—High-Level Data Link Control (HDLC) Procedures Standard, International Organization for Standardization, Geneva, CH (2002)
Iyer, P., Narasimha, M.: Probabilistic lossy channel systems. In: International Joint Conference on Theory and Practice of Software Development (TAPSOFT’97), LNCS, vol. 1214, pp. 667–681. Springer(1997). https://doi.org/10.1007/BFb0030633
Joshi, Y., Tchamgoue, G.M., Fischmeister, S.: Runtime verification of LTL on lossy traces. In: Symposium on Applied Computing (SAC’17), pp. 1379–1386. ACM Press (2017). https://doi.org/10.1145/3019612.3019827
Kauffman, S., Havelund, K., Fischmeister, S.: Monitorability over unreliable channels. In: International Conference on Runtime Verification (RV’19), LNCS, vol. 11757, pp. 256–272. Springer (2019).https://doi.org/10.1007/978-3-030-32079-9_15
Kupferman, O., Vardi, M.Y.: Model checking of safety properties. Formal Methods Syst. Des. 19(3), 291–314 (2001a). https://doi.org/10.1023/A:1011254632723
Kupferman, O., Vardi, M.Y.: Weak alternating automata are not that weak. ACM Trans. Comput. Logic 2(3), 408–429 (2001b). https://doi.org/10.1145/377978.377993
Lamport, L.: What good is temporal logic? IFIP Congress Elsevier Inf. Process. 83, 657–668 (1983)
Leucker, M., Sánchez, C., Scheffel, T., Schmitz, M., Thoma, D.: Runtime verification for timed event streams with partial information. In: International Conference on Runtime Verification (RV’19), LNCS, vol. 11757, pp. 273–291. Springer (2019). https://doi.org/10.1007/978-3-030-32079-9_16
Li, M., Liu, M., Ding, L., Rundensteiner, E.A., Mani, M.: Event stream processing with out-of-order data arrival. In: International Conference on Distributed Computing Systems Workshops (ICDCSW’07), pp. 67–67. IEEE(2007). https://doi.org/10.1109/ICDCSW.2007.35
Lomuscio, A., Penczek, W., Qu, H.: Partial order reductions for model checking temporal epistemic logics over interleaved multi-agent systems. In: Interantional Conference on Autonomous Agents and Multiagent Systems (AAMAS’10), pp. 659–666. ACM Press (2010). https://doi.org/10.3233/FI-2010-276
Lozes, É., Villard, J.L.: Reliable contracts for unreliable half-duplex communications. In: Web Services and Formal Methods (WS-FM’12), LNCS, vol. 7176, pp. 2–16. Springer (2012). https://doi.org/10.1007/978-3-642-29834-9_2
Peled, D., Havelund, K.: Refining the safety–liveness classification of temporal properties according to monitorability. In: Models, Mindsets, Meta: The What, the How, and the Why Not? Essays Dedicated to Bernhard Steffen on the Occasion of His 60th Birthday, LNCS, vol. 11200, pp. 218–234. Springer (2019). https://doi.org/10.1007/978-3-030-22348-9_14
Peled, D., Wilke, T.: Stutter-invariant temporal properties are expressible without the next-time operator. Inf. Process. Lett. 63(5), 243–246 (1997). https://doi.org/10.1016/S0020-0190(97)00133-6
Peng, W., Makki, K.: Lossy communicating finite state machines. Telecommun. Syst. 25(3), 433–448 (2004). https://doi.org/10.1023/B:TELS.0000014793.19622.0e
Pnueli, A., Zaks, A.: PSL model checking and run-time verification via testers. In: Formal Methods (FM’06), LNCS, vol. 4085, pp. 573–586. Springer (2006). https://doi.org/10.1007/11813040_38
Purandare, R., Dwyer, M.B., Elbaum, S.: Monitor optimization via stutter-equivalent loop transformation. In: International Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA’10), pp. 270–285. ACM Press (2010). https://doi.org/10.1145/1869459.1869483
Safra, S.: On the complexity of \(\omega \)-automata. In: Annual Symposium on Foundations of Computer Science, pp. 319–327. IEEE (1988). https://doi.org/10.1109/SFCS.1988.21948
Sistla, A.P.: Safety, liveness and fairness in temporal logic. Formal Aspects Comput. 6(5), 495–511 (1994). https://doi.org/10.1007/BF01211865
Sistla, A.P., Clarke, E.M.: The complexity of propositional linear temporal logics. J. ACM 32(3), 733–749 (1985). https://doi.org/10.1145/3828.3837
Sistla, A.P., Žefran, M., Feng, Y.: Monitorability of stochastic dynamical systems. In: Computer Aided Verification (CAV’11), LNCS, vol. 6806, pp. 720–736. Springer (2011). https://doi.org/10.1007/978-3-642-22110-1_58
Stoller, S.D., Bartocci, E., Seyster, J., Grosu, R., Havelund, K., Smolka, S.A., Zadok, E.: Runtime verification with state estimation. In: International Conference on Runtime Verification (RV’11), LNCS, vol. 7186, pp. 193–207. Springer (2011). https://doi.org/10.1007/978-3-642-29860-8_15
Stucki, S., Sánchez, C., Schneider, G., Bonakdarpour, B.: Gray-box monitoring of hyperproperties. In: Formal Methods (FM’19), LNCS, vol. 11800, pp. 406–424. Springer (2019). https://doi.org/10.1007/978-3-030-30942-8_25
Wang, Z., Zaki, M.H., Tahar, S.: Statistical runtime verification of analog and mixed signal designs. In: International Conference on Signals, Circuits and Systems (SCS’09), pp. 1–6. IEEE (2009). https://doi.org/10.1109/ICSCS.2009.5412620
Wolper, P.: Expressing interesting properties of programs in propositional temporal logic. In: Symposium on Principles of Programming Languages (POPL’86), pp. 184–193. ACM Press (1986). https://doi.org/10.1145/512644.512661
Wu, E., Diao, Y., Rizvi, S.: High-performance complex event processing over streams. In: International Conference on Management of Data (SIGMOD’06), pp. 407–418. ACM Press (2006). https://doi.org/10.1145/1142473.1142520
Acknowledgements
The authors would like to thank Rajeev Joshi for his early contributions to the work and the reviewers for their many helpful suggestions.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
The research performed by the second author was carried out at Jet Propulsion Laboratory, California Institute of Technology, under a contract with the National Aeronautics and Space Administration.
Rights and permissions
About this article
Cite this article
Kauffman, S., Havelund, K. & Fischmeister, S. What can we monitor over unreliable channels?. Int J Softw Tools Technol Transfer 23, 579–600 (2021). https://doi.org/10.1007/s10009-021-00625-z
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10009-021-00625-z