A DETERMINISTIC EVENT CALCULUS FOR EFFECTIVE RUNTIME VERIFICATION

Davide Ancona, Luca Franceschini, Angelo Ferrando, Viviana Mascardi

20th Italian Conference on Theoretical Computer Science
11 September 2019, Como, Italy

RUNTIME VERIFICATION

Basic idea: do not verify programs, verify executions.

  • Static analysis of dynamic languages can be painful
  • Some properties are hard to enforce statically
  • After-deployment verification
  • Opportunity to recover

Why?

RML LANGUAGE

  • System-independent
  • Programmer-friendly syntax
  • Expressivity
  • JSON-encoded events
  • Both offline and online RV

PROPOSED ARCHITECTURE

EVENTS

The observations made on the monitored system are called events.

  • Function/method calls
  • Instructions execution
  • I/O operations
  • ...

The execution of a program is characterized by a sequence of events.

EVENT TYPES

All the events matching a given pattern constitutes an event type.

  • Method calls on object o
  • Calls of a function f
  • Messages sent from agent a
  • ...

SPECIFICATION EXAMPLE

\mathit{open}\ \mathit{read}\ \mathit{read}
\mathit{open}\ \mathit{read}\ \mathit{read}\ \mathit{close}
open matches {event: "func_call", name: "open"};
rw matches {event: "func_call", name: "read"|"write"};
close matches {event: "func_call", name: "close"};

Main = open rw* close;

BASIC OPERATORS

  • Union
  • Intersection
  • Concatenation
  • Shuffle
  • Recursion
  • Parametricity

Then derived operators, regex-like support, and more...

(NON-)DETERMINISM

RQNR = { let val;
       enq(val)
       (enq(val)* deq(val) | RQNR)
}?;

Data structure: Randomized Queue with No Repetition

enq(1) enq(1) deq(1) deq(1)
(enq(1)* deq(1)) | RQNR
enq(1) deq(1) deq(1)
(enq(1)* deq(1)) | (enq(1)* deq(1))
deq(1) deq(1)
empty | (enq(1)* deq(1))
deq(1)
empty | empty

Accepted! But...

(NON-)DETERMINISM

RQNR = { let val;
       enq(val)
       (enq(val)* deq(val) | RQNR)
}?;

Deterministic semantics

enq(1) enq(1) deq(1) deq(1)
(enq(1)* deq(1)) | RQNR
enq(1) deq(1) deq(1)
(enq(1)* deq(1)) | RQNR
deq(1) deq(1)
empty | RQNR
deq(1)

ERROR!

THE CALCULUS

v ::= x \mathbin{|} \kappa
\theta ::= \tau(v_1, \dotsc, v_n)
t ::= \epsilon
|\ \theta : t
|\ \{x;\ t\}
|\ t_1 \mathbin{|} t_2
|\ t_1 \lor t_2
|\ t_1 \land t_2
|\ t_1 \cdot t_2

(data value)

(event type)

(empty trace)

(prefix)

(concatenation)

(intersection)

(union)

(shuffle)

(parametric expression)

OPERATIONAL SEMANTICS

t \xrightarrow{e} t' ; \sigma
\frac{t_1\ \xrightarrow{e}\ t_1'\ ;\ \sigma}{t_1\ \lor\ t_2\ \xrightarrow{e}\ t_1'\ ;\ \sigma} \qquad \frac{t_2\ \xrightarrow{e}\ t_2'\ ;\ \sigma}{t_1\ \lor\ t_2 \xrightarrow{e}\ t_2'\ ;\ \sigma}

OPERATIONAL SEMANTICS

t \xrightarrow{e} t' ; \sigma \qquad t \xrightarrow{e}
\frac{t_1\ \xrightarrow{e}\ t_1'\ ;\ \sigma}{t_1\ \lor\ t_2\ \xrightarrow{e}\ t_1'\ ;\ \sigma} \qquad \frac{t_1\ \xrightarrow{e} \quad t_2\ \xrightarrow{e}\ t_2'\ ;\ \sigma}{t_1\ \lor\ t_2 \xrightarrow{e}\ t_2'\ ;\ \sigma}

The resulting calculus is deterministic

BENCHMARKS

QUESTIONS?

https://github.com/RMLatDIBRIS/

 

https://rmlatdibris.github.io/

Made with Slides.com