Martin Leucker

A Brief Account of Runtime Verification

In this paper, a brief account of the field of runtime verification is given. Starting with a definition of runtime verification, a comparison to well-known verification techniques like model checking and testing is provided, and applications in which runtime verification brings out its distinguishing features are pointed out. Moreover, extensions of runtime verification such as monitor-oriented programming, and monitor-based runtime reflection are sketched and their similarities and differences are discussed. Finally, the use of runtime verification for contract enforcement is briefly pointed out.

Model-Based Testing of Reactive Systems, Advanced Lectures

Testing of Finite State Machines.- I. Testing of Finite State Machines.- 1 Homing and Synchronizing Sequences.- 2 State Identification.- 3 State Verification.- 4 Conformance Testing.- II. Testing of Labeled Transition Systems.- Testing of Labeled Transition Systems.- 5 Preorder Relations.- 6 Test Generation Algorithms Based on Preorder Relations.- 7 I/O-automata Based Testing.- 8 Test Derivation from Timed Automata.- 9 Testing Theory for Probabilistic Systems.- III. Model-Based Test Case Generation.- Model-Based Test Case Generation.- 10 Methodological Issues in Model-Based Testing.- 11 Evaluating Coverage Based Testing.- 12 Technology of Test-Case Generation.- 13 Real-Time and Hybrid Systems Testing.- IV. Tools and Case Studies.- Tools and Case Studies.- 14 Tools for Test Case Generation.- 15 Case Studies.- V. Standardized Test Notation and Execution Architecture.- Standardized Test Notation and Execution Architecture.- 16 TTCN-3.- 17 UML 2.0 Testing Profile.- VI. Beyond Testing.- Beyond Testing.- 18 Run-Time Verification.- 19 Model Checking.- VII. Appendices.- Appendices.- 20 Model-Based Testing - A Glossary.- 21 Finite State Machines.- 22 Labelled Transition Systems.

Comparing LTL Semantics for Runtime Verification

When monitoring a system w.r.t. a property defined in a temporal logic such as LTL, a major concern is to settle with an adequate interpretation of observable system events; that is, models of temporal logic formulae are usually infinite words of events, whereas at runtime only finite but incrementally expanding prefixes are available. In this work, we review LTL-derived logics for finite traces from a runtime-verification perspective. In doing so, we establish four maxims to be satisfied by any LTL-derived logic aimed at runtime verification. As no pre-existing logic readily satisfies all of them, we introduce a new four-valued logic Runtime Verification Linear Temporal Logic RV-LTL in accordance to these maxims. The semantics of Runtime Verification Linear Temporal Logic (RV-LTL) indicates whether a finite word describes a system behaviour which either (i) satisfies the monitored property, (ii) violates the property, (iii) will presumably violate the property, or (iv) will presumably conform to the property in the future, once the system has stabilized. Notably, (i) and (ii) correspond to the classical semantics of LTL, whereas (iii) and (iv) are chosen whenever an observed system behaviour has not yet lead to a violation or acceptance of the monitored property. Moreover, we present a monitor construction for RV-LTL properties in terms of Moore machines signalizing the semantics of the so far obtained execution trace w.r.t. the monitored property.

Modeling and Model Checking Software Product Lines

Software product line engineering combines the individual developments of systems to the development of a family of systems consisting of common and variable assets.In this paper we introduce the process algebra PL-CCS as a product line extension of CCS and show how to model the overall behavior of an entire family within PL-CCS. PL-CCS models incorporate behavioral variability and allow the derivation of individual systems in a systematic way due to a semantics given in terms of multi-valued modal Kripke structures. Furthermore, we introduce multi-valued modal μ-calculus as a property specification language for system families specified in PL-CCS and show how model checking techniques operate on such structures. In our setting the result of model checking is no longer a simple yesor noanswer but the set of systems of the product line that do meet the specified properties.

Three-valued abstraction for continuous-time Markov chains

This paper proposes a novel abstraction technique for continuous-time Markov chains (CTMCs). Our technique fits within the realm of three-valued abstraction methods that have been used successfully for traditional model checking. The key idea is to apply abstraction on uniform CTMCs that are readily obtained from general CTMCs, and to abstract transition probabilities by intervals. It is shown that this provides a conservative abstraction for both true and false for a three-valued semantics of the branching-time logic CSL (Continuous Stochastic Logic). Experiments on an infinite-state CTMC indicate the feasibility of our abstraction technique.

Don’t know in probabilistic systems

In this paper the abstraction-refinement paradigm based on 3-valued logics is extended to the setting of probabilistic systems. We define a notion of abstraction for Markov chains. To be able to relate the behavior of abstract and concrete systems, we equip the notion of abstraction with the concept of simulation. Furthermore, we present model checking for abstract probabilistic systems (abstract Markov chains) with respect to specifications in probabilistic temporal logics, interpreted over a 3-valued domain. More specifically, we introduce a 3-valued version of probabilistic computation-tree logic (PCTL) and give a model checking algorithm w.r.t. abstract Markov chains.

The shortest path problem revisited: optimal routing for electric vehicles

Electric vehicles (EV) powered by batteries will play a significant role in the road traffic of the future. The unique characteristics of such EVs - limited cruising range, long recharge times, and the ability to regain energy during deceleration - require novel routing algorithms, since the task is now to determine the most economical route rather than just the shortest one. This paper proposes extensions to general shortestpath algorithms that address the problem of energy-optimal routing. Specifically, we (i) formalize energy-efficient routing in the presence of rechargeable batteries as a special case of the constrained shortest path problem (CSPP) with hard and soft constraints, and (ii) present an adaption of a general shortest path algorithm (using an energy graph, i.e., a graph with a weight function representing the energy consumption) that respects the given constraints and has a worst case complexity of O(n3). The presented algorithms have been implemented and evaluated within a prototypic navigation system for energy-efficient routing.

The good, the bad, and the ugly, but how ugly is ugly?

When monitoring a system wrt. a property defined in some temporal logic, e. g., LTL, a major concern is to settle with an adequate interpretation of observable system events; that is, models of temporal logic formulae are usually infinite streams of events, whereas at runtime only prefixes are available. This work defines a four-valued semantics for LTL over finite traces, which extends the classical semantics, and allows to infer whether a system behaves (1) according to the monitored property, (2) violates the property, (3) will possibly violate the property in the future, or (4) will possibly conform to the property in the future, once the system has stabilised. Notably, (1) and (2) correspond to the classical semantics of LTL, whereas (3) and (4) are chosen whenever an observed system behaviour has not yet lead to a violation or acceptance of the monitored property. Moreover, we present a monitor construction for RV-LTL properties in terms of a Moore machine signalising the semantics of the so far obtained execution trace.

Local Parallel Model Checking for the Alternation-Free µ-Calculus

We describe the design of (several variants of) a local parallel model-checking algorithm for the alternation-free fragment of the µ-calculus. It exploits a characterisation of the problem for this fragment in terms of two-player games. For the corresponding winner, our algorithm determines in parallel a winning strategy, which may be employed for debugging the underlying system interactively, and is designed to run on a network of workstations. Depending on the variant, its complexity is linear or quadratic. A prototype implementation within the verification tool Truth shows promising results in practice.

libalf: the automata learning framework

This paper presents libalf, a comprehensive, open-source library for learning formal languages libalf covers various well-known learning techniques for finite automata (e.g Angluins L*, Biermann, RPNI etc.) as well as novel learning algorithms (such as for NFA and visibly one-counter automata) libalf is flexible and allows facilely interchanging learning algorithms and combining domain-specific features in a plug-and-play fashion Its modular design and C++ implementation make it a suitable platform for adding and engineering further learning algorithms for new target models (e.g., Buchi automata).