SlideShare ist ein Scribd-Unternehmen logo

A Runtime Monitoring Framework for Event Streams with Non-Primitive Arguments

Sylvain Hallé
Sylvain Hallé

A runtime monitor is a tool that takes as input a model of some system, and observes in real time that the sequence of events produced by a run of that system follows the specification. While existing monitoring solutions generally use finite-state machines and temporal logic as their model language, the specification is ultimately tangled with hand-written, implementation-specific details which severely limit their range of application. We present a runtime monitoring platform that clearly separates the extraction of events in the running program from the specification and monitoring process. This separation allows one to cleanly monitor first-order properties involving arbitrarily complex native program objects, while still incurring reasonable overhead.

1 von 35
Downloaden Sie, um offline zu lesen
A Runtime Monitoring Framework for Event Streams with Non-Primitive Arguments Jérôme Calvar, Raphaël Tremblay- Lessard, Sylvain Hallé Université du Québec à Chicoutimi CANADA Presented by Roger Villemaire Université du Québec à Montréal Fonds de recherche sur la nature et les technologies NSERC CRSNG Calvar et al.
Presentation overview 1. What is runtime monitoring? 2. Current issues in runtime monitoring 3. Our runtime monitoring framework 4. Experimental results Calvar et al.
What is runtime monitoring? Runtime monitoring is the process of observing an actual run of a system and dynamically checking and enforcing constraints on its execution System Monitor Specification } Event Verifies that Gives conditions on Event sequence of events and ... events follows specification sequences of events allowed to happen in realtime The execution of the system produces events Calvar et al.
Runtime monitoring use cases Web applications: filter out messages sent by a browser when the client-server protocol is not followed - Saves CPU time on server (spared handling of erroneous messages) - Useful for developing/debugging the client - The presence of a monitor compels the server to document its protocol in a machine-readable format Calvar et al.
Runtime monitoring use cases An example, the BeepBeep runtime monitor (Hallé and Villemaire) JavaScript Internet XMLHttpRequest Normal situation: JavaScript object XmlHttpRequest centralizes all communications with the outside world Calvar et al.
Runtime monitoring use cases An example, the BeepBeep runtime monitor (Hallé and Villemaire) JavaScript Internet XMLHttpRequest Runtime monitoring: a new class wraps around this object and checks incoming/outgoing messages before passing them to the original XMLHttpRequest Calvar et al.
Runtime monitoring use cases In object-oriented programs: enforce valid use of objects' methods according to their state start unknown hasnext() == true hasnext() == false next() hasnext() hasnext() more next() none next() error Correct usage of the Java Iterator class (from Jin et al., PLDI 2011) Calvar et al.
Runtime monitoring use cases Example: Rosu et al.'s Java-MOP full-binding HasNext(Iterator i) { event hasnext after(Iterator i) : call(* Iterator.hasNext()) && target(i) {} event next before(Iterator i) : call(* Iterator.next()) && target(i) {} fsm : unsafe [ start [ next -> unsafe next -> unsafe hasnext -> safe hasnext -> safe ] ] safe [ alias match = unsafe next -> start hasnext -> safe @match { ] System.out.println("next called without hasNext!"); } } Calvar et al.
An example: the Bank class A simple (Java) class offering four methods: void open(int act) void close(int act) void withdraw(int act, int amt) boolean isApproved(int act, int amt) Other classes interact with the Bank to perform transactions Calvar et al.
An example: the Bank class As with the Iterator, there are constraints one must follow to use the Bank properly: S1. No operation on an account can be made after close S2. For the same account, the amount cannot change between an approval request and the following call to withdraw Declarative constraints: specify what must be true, but not how to check/enforce it Calvar et al.
Issues in runtime monitoring The properties deal with sequences of method calls AND values of the arguments inside these calls S1: close(x) prevents any other method call, but only for that same x S2: requires that methods isApproved(x,y) and the subsequent withdraw(x,y) have the same value y, but only if they also have the same value x These are called data-aware constraints. Why is it problematic? Calvar et al.
Data-aware constraints These properties cannot be expressed by a simple finite-state automaton withdraw(x,y) How to express constraint open(x) isApproved(x,y) on x and y? close(x) x=1 Calvar et al.
Data-aware constraints Existing runtime monitors extend the representation by tracking multiple instances of an automation, parameterized by some value withdraw(x,y) withdraw(x,y) open(x) isApproved(x,y) open(x) isApproved(x,y) close(x) close(x) x=1 x=2 Calvar et al.
Data-aware constraints If multiples values are involved in the same constraint, one must use nested automata withdraw(x,y) open(x) isApproved isApproved (x,y) withdraw (x,y) withdraw ... (x,y) (x,y) y=1 y=2 x=1 Calvar et al.
Data-aware constraints Issue #1: the same event may (or may not) need to be dispatched to more than one automaton... ...the specification must hence also describe how to combine the (potentially conflicting) decision returned by each automaton m1(x,y) m1(x,y) m2(y,x) m2(y,x) y=2 y=1 x=1 x=2 ERROR OK and? / or? Calvar et al.
Data-aware constraints Issue #2: the specification must describe how and when automata must be instantiated, depending on the events that are observed Consequence: a growing part of the constraints becomes procedural, and amounts to a hand-coding of a monitoring algorithm inside the specification Calvar et al.
Separation of concerns Monitor and specification become tangled: loss of separation of concerns System Monitor Specification } Event Verifies that Gives conditions on Event sequence of events and ... events follows specification sequences of events allowed to happen in realtime The execution of the system produces events Calvar et al.
Data-aware constraints Issue #3: current monitoring frameworks are very language-dependent; the specification contains code in the system's native language Calvar et al.
Separation of concerns Monitor and system become tangled: loss of separation of concerns (again) System Monitor Specification } Event Verifies that Gives conditions on Event sequence of events and ... events follows specification sequences of events allowed to happen in realtime The execution of the system produces events Calvar et al.
Monitoring framework Proposed architecture: framework that clearly separates all three aspects of the process - Separation of the system from the events it produces - Separation of the specification from the algorithm to verify it Calvar et al.
Monitoring framework Pointcut Event m formatter Monitor Advice Outcome execution Program Aspect Program events are declared using a signature Event data is extracted and formatted as an XML structure XML is passed to a general-purpose monitor Specification is expressed as constraints on sequences of XML structures -> system-independent Calvar et al.
Event formatting Example: a call to myBank.withdraw(123, 500) is formatted as <call> Method name <method>withdraw</method> <act>123</act> Method arguments, named as <amt>500</amt> in the method's prototype </call> For a message m, data can be referred to by a path expression π; hence if π = call/method/act, m(π) = "123" Calvar et al.
Properties on event sequences LTL-FO+ is an extension of classical Linear Temporal Logic to express constraints on XML event sequences with data - Ground terms are equalities: between a variable and a constant (x = c) between two variables x = y between a path expression and a constant (a/b/c = d) Calvar et al.
Properties on event sequences - Boolean connectives carry their traditional meaning - Temporal operators express modalities between messages: G φ : all messages from now on satisfy φ F φ : some message in the future will satisfy φ X φ : the next message will satisfy φ φ U ψ : φ holds on every message until some message satisfies ψ Calvar et al.
Properties on event sequences - First-order quantifiers fetch and retain values in a message ∀ x ∈ π : φ(x) In the current message m, for every value c such that m(π) = c, φ(c) is true ∃ x ∈ π : φ(x) In the current message m, for some value c such that m(π) = c, φ(c) is true Calvar et al.
Properties on event sequences S1. No operation on an account can be made after close G (call/method = close → ∀ a ∈ call/act : X G (∀ a' ∈ call/act : a ≠ a' )) Calvar et al.
Writing the specification PROTOTYPES void Bank.open(int act); Method calls to void Bank.close(int ac); intercept void Bank.withdraw(int act, int amount); boolean Bank.isApproved(int act, int amt); SPEC LTL-FO+ G ((call/method/close) -> ([a1 call/act] Property to (X (G ([a2 call/act] (!((a1) = (a2)))))))) monitor @FALSE { Action to take System.out.println("This is forbidden"); if property is } violated PROTOTYPES shields the property from language- specific considerations Calvar et al.
Properties on event sequences For Java, a PHP script converts the PROTOTYPES section into the appropriate event formatter, and the @FALSE section into the appropriate advice executor... Pointcut Event m formatter Monitor Advice Outcome execution Program Aspect ...the monitor itself is always the same! Calvar et al.
Non-primitive objects What if the method's arguments are not primitive types? Example: Account a = new Account(...); myBank.withdraw(a, 500); <call> <method>withdraw</method> <act> What is the account's "value"? </act> <amt>500</amt> </call> Calvar et al.
Non-primitive objects Observation: runtime constraints are expressed about objects' specific properties that ultimately boil down to primitive types Account a = new Account(...); myBank.withdraw(a, 500); The constraint on withdraw only requires account numbers, not full instances of Account Solution: have the event formatter write down member fields of the object (not the full object), but only those necessary for the constraint to monitor Calvar et al.
Non-primitive objects Example: PROTOTYPES void AdvancedBank.getAuthorization (Account a, int amount); <return> <method>getAuthorization</method> Message template used <id>{return.getId()}</id> by event formatter for <amount>{return.getAmount()}</amount> this method call </return> void AdvancedBank.withdraw(Account a, Authorization auth); <call> Code to execute on <method>withdraw</method> callee or its arguments <id>{auth.getId()}</id> to populate element <amount>{auth.getAmount()}</amount> with primitive value <call> Calvar et al.
Pros of this approach 1. Constraints involving non-primitive objects can be expressed and monitored: once events are formatted, they are undistinguishable from "primitive" calls by the runtime monitor 2. The trace of events can be saved to a (plain) XML file and verified a posteriori; would be impossible if events contained references to raw Java objects Calvar et al.
Pros of this approach 3. The monitor does not deal with native objects from the system: preserves separation of concerns discussed earlier 4. Being allowed to query the internal state of objects sometimes simplifies the property to monitor - Surprising finding - See paper, "autonomous" vs. "query" approach in experiments - Work in progress: systematize this observation ("piggyback runtime monitoring") Calvar et al.
Experiments Runtime monitoring framework tested on the "simple" (primitive) and "advanced" (non-primitive) Bank examples, with randomly generated calls 60 Number of traces 50 40 30 20 10 0 [-.08, [-.04,[-.02, [0, [.02,.08) [-.06,-.03) [-.03,0) [0,.02) [.02, [.04,.08) -.04) -.02) 0) .02) .04) S1 S2 Overhead per method call (ms) Simple bank Calvar et al.
Conclusion We proposed a framework for the runtime monitoring of events in a system These events can carry data parameters that are relevant to the constraints to monitor Our framework clearly separates the extraction of event data from the system from the property to monitor Experiments show that the formatting of native events into XML imposes an overhead of 5-10 microseconds per event Calvar et al.

Empfohlen

Advanced Hibernate
Advanced HibernateAdvanced Hibernate
Advanced HibernateHaitham Raik
 
Advanced Hibernate V2
Advanced Hibernate V2Advanced Hibernate V2
Advanced Hibernate V2Haitham Raik
 
Java 10, Java 11 and beyond
Java 10, Java 11 and beyondJava 10, Java 11 and beyond
Java 10, Java 11 and beyondRafael Winterhalter
 
OS - Deadlock
OS - DeadlockOS - Deadlock
OS - Deadlockvinay arora
 
ASE02.ppt
ASE02.pptASE02.ppt
ASE02.pptPtidej Team
 
Deadlock
DeadlockDeadlock
DeadlockGaurav Singh Chandel
 
Dead lock
Dead lockDead lock
Dead lockM_Javed Ashraf
 
Ch8
Ch8Ch8
Ch8Bilal Arshad
 

Empfohlen

Advanced Hibernate
Advanced HibernateAdvanced Hibernate
Advanced HibernateHaitham Raik
 
Advanced Hibernate V2
Advanced Hibernate V2Advanced Hibernate V2
Advanced Hibernate V2Haitham Raik
 
Java 10, Java 11 and beyond
Java 10, Java 11 and beyondJava 10, Java 11 and beyond
Java 10, Java 11 and beyondRafael Winterhalter
 
OS - Deadlock
OS - DeadlockOS - Deadlock
OS - Deadlockvinay arora
 
ASE02.ppt
ASE02.pptASE02.ppt
ASE02.pptPtidej Team
 
Deadlock
DeadlockDeadlock
DeadlockGaurav Singh Chandel
 
Dead lock
Dead lockDead lock
Dead lockM_Javed Ashraf
 
Ch8
Ch8Ch8
Ch8Bilal Arshad
 
Shiksharth com java_topics
Shiksharth com java_topicsShiksharth com java_topics
Shiksharth com java_topicsRajesh Verma
 
The Java memory model made easy
The Java memory model made easyThe Java memory model made easy
The Java memory model made easyRafael Winterhalter
 
Drd secr final1_3
Drd secr final1_3Drd secr final1_3
Drd secr final1_3Devexperts
 
Java- Concurrent programming - Synchronization (part 1)
Java- Concurrent programming - Synchronization (part 1)Java- Concurrent programming - Synchronization (part 1)
Java- Concurrent programming - Synchronization (part 1)Riccardo Cardin
 
Test Blueprints
Test BlueprintsTest Blueprints
Test Blueprintslienhard
 
Java - Concurrent programming - Thread's basics
Java - Concurrent programming - Thread's basicsJava - Concurrent programming - Thread's basics
Java - Concurrent programming - Thread's basicsRiccardo Cardin
 
Java tips
Java tipsJava tips
Java tipsViswanath Lekshmanan
 
Mca ii os u-3 dead lock & io systems
Mca ii os u-3 dead lock & io systemsMca ii os u-3 dead lock & io systems
Mca ii os u-3 dead lock & io systemsRai University
 
Dead Lock In Operating Systems
Dead Lock In Operating SystemsDead Lock In Operating Systems
Dead Lock In Operating Systemstotallooser
 
Lect05
Lect05Lect05
Lect05Vin Voro
 
Inter threadcommunication.38
Inter threadcommunication.38Inter threadcommunication.38
Inter threadcommunication.38myrajendra
 
Java and OpenJDK: disecting the ecosystem
Java and OpenJDK: disecting the ecosystemJava and OpenJDK: disecting the ecosystem
Java and OpenJDK: disecting the ecosystemRafael Winterhalter
 
Java 5 concurrency
Java 5 concurrencyJava 5 concurrency
Java 5 concurrencypriyank09
 
Gp1242 007 oer ppt
Gp1242 007 oer pptGp1242 007 oer ppt
Gp1242 007 oer pptNivedita Kasturi
 
Deadlock
DeadlockDeadlock
DeadlockMohd Arif
 
Logic-based program transformation in symbiosis with Eclipse
Logic-based program transformation in symbiosis with EclipseLogic-based program transformation in symbiosis with Eclipse
Logic-based program transformation in symbiosis with EclipseCoen De Roover
 
Java Exception Handling, Assertions and Logging
Java Exception Handling, Assertions and LoggingJava Exception Handling, Assertions and Logging
Java Exception Handling, Assertions and LoggingRiccardo Cardin
 
Thread syncronization
Thread syncronizationThread syncronization
Thread syncronizationpriyabogra1
 
Java Concurrency by Example
Java Concurrency by ExampleJava Concurrency by Example
Java Concurrency by ExampleGanesh Samarthyam
 
Inter thread communication &amp; runnable interface
Inter thread communication &amp; runnable interfaceInter thread communication &amp; runnable interface
Inter thread communication &amp; runnable interfacekeval_thummar
 
Solving Equations on Words with Morphisms and Antimorphisms
Solving Equations on Words with Morphisms and AntimorphismsSolving Equations on Words with Morphisms and Antimorphisms
Solving Equations on Words with Morphisms and AntimorphismsSylvain Hallé
 
Chasing Bugs with the BeepBeep Event Stream Processor
Chasing Bugs with the BeepBeep Event Stream ProcessorChasing Bugs with the BeepBeep Event Stream Processor
Chasing Bugs with the BeepBeep Event Stream ProcessorSylvain Hallé
 

Weitere ähnliche Inhalte

Was ist angesagt?

Shiksharth com java_topics
Shiksharth com java_topicsShiksharth com java_topics
Shiksharth com java_topicsRajesh Verma
 
Drd secr final1_3
Drd secr final1_3Drd secr final1_3
Drd secr final1_3Devexperts
 
Java- Concurrent programming - Synchronization (part 1)
Java- Concurrent programming - Synchronization (part 1)Java- Concurrent programming - Synchronization (part 1)
Java- Concurrent programming - Synchronization (part 1)Riccardo Cardin
 
Test Blueprints
Test BlueprintsTest Blueprints
Test Blueprintslienhard
 
Java - Concurrent programming - Thread's basics
Java - Concurrent programming - Thread's basicsJava - Concurrent programming - Thread's basics
Java - Concurrent programming - Thread's basicsRiccardo Cardin
 
Mca ii os u-3 dead lock & io systems
Mca ii os u-3 dead lock & io systemsMca ii os u-3 dead lock & io systems
Mca ii os u-3 dead lock & io systemsRai University
 
Dead Lock In Operating Systems
Dead Lock In Operating SystemsDead Lock In Operating Systems
Dead Lock In Operating Systemstotallooser
 
Inter threadcommunication.38
Inter threadcommunication.38Inter threadcommunication.38
Inter threadcommunication.38myrajendra
 
Java and OpenJDK: disecting the ecosystem
Java and OpenJDK: disecting the ecosystemJava and OpenJDK: disecting the ecosystem
Java and OpenJDK: disecting the ecosystemRafael Winterhalter
 
Java 5 concurrency
Java 5 concurrencyJava 5 concurrency
Java 5 concurrencypriyank09
 
Logic-based program transformation in symbiosis with Eclipse
Logic-based program transformation in symbiosis with EclipseLogic-based program transformation in symbiosis with Eclipse
Logic-based program transformation in symbiosis with EclipseCoen De Roover
 
Java Exception Handling, Assertions and Logging
Java Exception Handling, Assertions and LoggingJava Exception Handling, Assertions and Logging
Java Exception Handling, Assertions and LoggingRiccardo Cardin
 
Thread syncronization
Thread syncronizationThread syncronization
Thread syncronizationpriyabogra1
 
Inter thread communication &amp; runnable interface
Inter thread communication &amp; runnable interfaceInter thread communication &amp; runnable interface
Inter thread communication &amp; runnable interfacekeval_thummar
 

Was ist angesagt? (20)

Shiksharth com java_topics
Shiksharth com java_topicsShiksharth com java_topics
Shiksharth com java_topics
 
The Java memory model made easy
The Java memory model made easyThe Java memory model made easy
The Java memory model made easy
 
Drd secr final1_3
Drd secr final1_3Drd secr final1_3
Drd secr final1_3
 
Java- Concurrent programming - Synchronization (part 1)
Java- Concurrent programming - Synchronization (part 1)Java- Concurrent programming - Synchronization (part 1)
Java- Concurrent programming - Synchronization (part 1)
 
Test Blueprints
Test BlueprintsTest Blueprints
Test Blueprints
 
Java - Concurrent programming - Thread's basics
Java - Concurrent programming - Thread's basicsJava - Concurrent programming - Thread's basics
Java - Concurrent programming - Thread's basics
 
Java tips
Java tipsJava tips
Java tips
 
Mca ii os u-3 dead lock & io systems
Mca ii os u-3 dead lock & io systemsMca ii os u-3 dead lock & io systems
Mca ii os u-3 dead lock & io systems
 
Dead Lock In Operating Systems
Dead Lock In Operating SystemsDead Lock In Operating Systems
Dead Lock In Operating Systems
 
Lect05
Lect05Lect05
Lect05
 
Inter threadcommunication.38
Inter threadcommunication.38Inter threadcommunication.38
Inter threadcommunication.38
 
Java and OpenJDK: disecting the ecosystem
Java and OpenJDK: disecting the ecosystemJava and OpenJDK: disecting the ecosystem
Java and OpenJDK: disecting the ecosystem
 
Java 5 concurrency
Java 5 concurrencyJava 5 concurrency
Java 5 concurrency
 
Gp1242 007 oer ppt
Gp1242 007 oer pptGp1242 007 oer ppt
Gp1242 007 oer ppt
 
Deadlock
DeadlockDeadlock
Deadlock
 
Logic-based program transformation in symbiosis with Eclipse
Logic-based program transformation in symbiosis with EclipseLogic-based program transformation in symbiosis with Eclipse
Logic-based program transformation in symbiosis with Eclipse
 
Java Exception Handling, Assertions and Logging
Java Exception Handling, Assertions and LoggingJava Exception Handling, Assertions and Logging
Java Exception Handling, Assertions and Logging
 
Thread syncronization
Thread syncronizationThread syncronization
Thread syncronization
 
Java Concurrency by Example
Java Concurrency by ExampleJava Concurrency by Example
Java Concurrency by Example
 
Inter thread communication &amp; runnable interface
Inter thread communication &amp; runnable interfaceInter thread communication &amp; runnable interface
Inter thread communication &amp; runnable interface
 

Andere mochten auch

Solving Equations on Words with Morphisms and Antimorphisms
Solving Equations on Words with Morphisms and AntimorphismsSolving Equations on Words with Morphisms and Antimorphisms
Solving Equations on Words with Morphisms and AntimorphismsSylvain Hallé
 
Chasing Bugs with the BeepBeep Event Stream Processor
Chasing Bugs with the BeepBeep Event Stream ProcessorChasing Bugs with the BeepBeep Event Stream Processor
Chasing Bugs with the BeepBeep Event Stream ProcessorSylvain Hallé
 
When RV Meets CEP (RV 2016 Tutorial)
When RV Meets CEP (RV 2016 Tutorial)When RV Meets CEP (RV 2016 Tutorial)
When RV Meets CEP (RV 2016 Tutorial)Sylvain Hallé
 
Runtime monitoring de propriétés temporelles par (streaming) XML
Runtime monitoring de propriétés temporelles par (streaming) XMLRuntime monitoring de propriétés temporelles par (streaming) XML
Runtime monitoring de propriétés temporelles par (streaming) XMLSylvain Hallé
 
Runtime Monitoring of Stream Logic Formulae (Talk @ FPS 2015)
Runtime Monitoring of Stream Logic Formulae (Talk @ FPS 2015)Runtime Monitoring of Stream Logic Formulae (Talk @ FPS 2015)
Runtime Monitoring of Stream Logic Formulae (Talk @ FPS 2015)Sylvain Hallé
 
A formalization of complex event stream processing
A formalization of complex event stream processingA formalization of complex event stream processing
A formalization of complex event stream processingSylvain Hallé
 
BeepBeep 3: A declarative event stream query engine (EDOC 2015)
BeepBeep 3: A declarative event stream query engine (EDOC 2015)BeepBeep 3: A declarative event stream query engine (EDOC 2015)
BeepBeep 3: A declarative event stream query engine (EDOC 2015)Sylvain Hallé
 
Activity Recognition Through Complex Event Processing: First Findings
Activity Recognition Through Complex Event Processing: First Findings Activity Recognition Through Complex Event Processing: First Findings
Activity Recognition Through Complex Event Processing: First Findings Sylvain Hallé
 
Graph Methods for Generating Test Cases with Universal and Existential Constr...
Graph Methods for Generating Test Cases with Universal and Existential Constr...Graph Methods for Generating Test Cases with Universal and Existential Constr...
Graph Methods for Generating Test Cases with Universal and Existential Constr...Sylvain Hallé
 
A Case for "Piggyback" Runtime Monitoring
A Case for "Piggyback" Runtime MonitoringA Case for "Piggyback" Runtime Monitoring
A Case for "Piggyback" Runtime MonitoringSylvain Hallé
 
Causality in Message-Based Interface Contracts: A Temporal Logic "Whodunit"
Causality in Message-Based Interface Contracts: A Temporal Logic "Whodunit"Causality in Message-Based Interface Contracts: A Temporal Logic "Whodunit"
Causality in Message-Based Interface Contracts: A Temporal Logic "Whodunit"Sylvain Hallé
 
Distributed Firewall Anomaly Detection Through LTL Model Checking
Distributed Firewall Anomaly Detection Through LTL Model CheckingDistributed Firewall Anomaly Detection Through LTL Model Checking
Distributed Firewall Anomaly Detection Through LTL Model CheckingSylvain Hallé
 
Decentralized Enforcement of Artifact Lifecycles
Decentralized Enforcement of Artifact LifecyclesDecentralized Enforcement of Artifact Lifecycles
Decentralized Enforcement of Artifact LifecyclesSylvain Hallé
 
MapReduce for Parallel Trace Validation of LTL Properties
MapReduce for Parallel Trace Validation of LTL PropertiesMapReduce for Parallel Trace Validation of LTL Properties
MapReduce for Parallel Trace Validation of LTL PropertiesSylvain Hallé
 
Testing Web Applications Through User Interface Constraints (CASCON 2015 Talk)
Testing Web Applications Through User Interface Constraints (CASCON 2015 Talk)Testing Web Applications Through User Interface Constraints (CASCON 2015 Talk)
Testing Web Applications Through User Interface Constraints (CASCON 2015 Talk)Sylvain Hallé
 
À la chasse aux bugs avec la Laboratoire d'informatique formelle
À la chasse aux bugs avec la Laboratoire d'informatique formelleÀ la chasse aux bugs avec la Laboratoire d'informatique formelle
À la chasse aux bugs avec la Laboratoire d'informatique formelleSylvain Hallé
 
Qui gardera les gardiens? (Présentation FUQAC 2012)
Qui gardera les gardiens? (Présentation FUQAC 2012)Qui gardera les gardiens? (Présentation FUQAC 2012)
Qui gardera les gardiens? (Présentation FUQAC 2012)Sylvain Hallé
 

Andere mochten auch (17)

Solving Equations on Words with Morphisms and Antimorphisms
Solving Equations on Words with Morphisms and AntimorphismsSolving Equations on Words with Morphisms and Antimorphisms
Solving Equations on Words with Morphisms and Antimorphisms
 
Chasing Bugs with the BeepBeep Event Stream Processor
Chasing Bugs with the BeepBeep Event Stream ProcessorChasing Bugs with the BeepBeep Event Stream Processor
Chasing Bugs with the BeepBeep Event Stream Processor
 
When RV Meets CEP (RV 2016 Tutorial)
When RV Meets CEP (RV 2016 Tutorial)When RV Meets CEP (RV 2016 Tutorial)
When RV Meets CEP (RV 2016 Tutorial)
 
Runtime monitoring de propriétés temporelles par (streaming) XML
Runtime monitoring de propriétés temporelles par (streaming) XMLRuntime monitoring de propriétés temporelles par (streaming) XML
Runtime monitoring de propriétés temporelles par (streaming) XML
 
Runtime Monitoring of Stream Logic Formulae (Talk @ FPS 2015)
Runtime Monitoring of Stream Logic Formulae (Talk @ FPS 2015)Runtime Monitoring of Stream Logic Formulae (Talk @ FPS 2015)
Runtime Monitoring of Stream Logic Formulae (Talk @ FPS 2015)
 
A formalization of complex event stream processing
A formalization of complex event stream processingA formalization of complex event stream processing
A formalization of complex event stream processing
 
BeepBeep 3: A declarative event stream query engine (EDOC 2015)
BeepBeep 3: A declarative event stream query engine (EDOC 2015)BeepBeep 3: A declarative event stream query engine (EDOC 2015)
BeepBeep 3: A declarative event stream query engine (EDOC 2015)
 
Activity Recognition Through Complex Event Processing: First Findings
Activity Recognition Through Complex Event Processing: First Findings Activity Recognition Through Complex Event Processing: First Findings
Activity Recognition Through Complex Event Processing: First Findings
 
Graph Methods for Generating Test Cases with Universal and Existential Constr...
Graph Methods for Generating Test Cases with Universal and Existential Constr...Graph Methods for Generating Test Cases with Universal and Existential Constr...
Graph Methods for Generating Test Cases with Universal and Existential Constr...
 
A Case for "Piggyback" Runtime Monitoring
A Case for "Piggyback" Runtime MonitoringA Case for "Piggyback" Runtime Monitoring
A Case for "Piggyback" Runtime Monitoring
 
Causality in Message-Based Interface Contracts: A Temporal Logic "Whodunit"
Causality in Message-Based Interface Contracts: A Temporal Logic "Whodunit"Causality in Message-Based Interface Contracts: A Temporal Logic "Whodunit"
Causality in Message-Based Interface Contracts: A Temporal Logic "Whodunit"
 
Distributed Firewall Anomaly Detection Through LTL Model Checking
Distributed Firewall Anomaly Detection Through LTL Model CheckingDistributed Firewall Anomaly Detection Through LTL Model Checking
Distributed Firewall Anomaly Detection Through LTL Model Checking
 
Decentralized Enforcement of Artifact Lifecycles
Decentralized Enforcement of Artifact LifecyclesDecentralized Enforcement of Artifact Lifecycles
Decentralized Enforcement of Artifact Lifecycles
 
MapReduce for Parallel Trace Validation of LTL Properties
MapReduce for Parallel Trace Validation of LTL PropertiesMapReduce for Parallel Trace Validation of LTL Properties
MapReduce for Parallel Trace Validation of LTL Properties
 
Testing Web Applications Through User Interface Constraints (CASCON 2015 Talk)
Testing Web Applications Through User Interface Constraints (CASCON 2015 Talk)Testing Web Applications Through User Interface Constraints (CASCON 2015 Talk)
Testing Web Applications Through User Interface Constraints (CASCON 2015 Talk)
 
À la chasse aux bugs avec la Laboratoire d'informatique formelle
À la chasse aux bugs avec la Laboratoire d'informatique formelleÀ la chasse aux bugs avec la Laboratoire d'informatique formelle
À la chasse aux bugs avec la Laboratoire d'informatique formelle
 
Qui gardera les gardiens? (Présentation FUQAC 2012)
Qui gardera les gardiens? (Présentation FUQAC 2012)Qui gardera les gardiens? (Présentation FUQAC 2012)
Qui gardera les gardiens? (Présentation FUQAC 2012)
 

Ähnlich wie A Runtime Monitoring Framework for Event Streams with Non-Primitive Arguments

Java basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiaJava basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiaSanjeev Tripathi
 
Java basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiaJava basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiasanjeeviniindia1186
 
Synapseindia reviews.odp.
Synapseindia reviews.odp.Synapseindia reviews.odp.
Synapseindia reviews.odp.Tarunsingh198
 
Java if and else
Java if and elseJava if and else
Java if and elsepratik8897
 
How to Think in RxJava Before Reacting
How to Think in RxJava Before ReactingHow to Think in RxJava Before Reacting
How to Think in RxJava Before ReactingIndicThreads
 
Java Tutorial | My Heart
Java Tutorial | My HeartJava Tutorial | My Heart
Java Tutorial | My HeartBui Kiet
 
Java tut1 Coderdojo Cahersiveen
Java tut1 Coderdojo CahersiveenJava tut1 Coderdojo Cahersiveen
Java tut1 Coderdojo CahersiveenGraham Royce
 
Building Scalable Stateless Applications with RxJava
Building Scalable Stateless Applications with RxJavaBuilding Scalable Stateless Applications with RxJava
Building Scalable Stateless Applications with RxJavaRick Warren
 
4Developers 2015: Programowanie synchroniczne i asynchroniczne - dwa światy k...
4Developers 2015: Programowanie synchroniczne i asynchroniczne - dwa światy k...4Developers 2015: Programowanie synchroniczne i asynchroniczne - dwa światy k...
4Developers 2015: Programowanie synchroniczne i asynchroniczne - dwa światy k...PROIDEA
 

Ähnlich wie A Runtime Monitoring Framework for Event Streams with Non-Primitive Arguments (20)

Java basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiaJava basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini india
 
Java basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiaJava basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini india
 
Rx workshop
Rx workshopRx workshop
Rx workshop
 
Java tutorials
Java tutorialsJava tutorials
Java tutorials
 
Synapseindia reviews.odp.
Synapseindia reviews.odp.Synapseindia reviews.odp.
Synapseindia reviews.odp.
 
Java if and else
Java if and elseJava if and else
Java if and else
 
How to Think in RxJava Before Reacting
How to Think in RxJava Before ReactingHow to Think in RxJava Before Reacting
How to Think in RxJava Before Reacting
 
bluespec talk
bluespec talkbluespec talk
bluespec talk
 
Java tut1
Java tut1Java tut1
Java tut1
 
Tutorial java
Tutorial javaTutorial java
Tutorial java
 
Java Tut1
Java Tut1Java Tut1
Java Tut1
 
Java Tutorial
Java TutorialJava Tutorial
Java Tutorial
 
Java Tutorial | My Heart
Java Tutorial | My HeartJava Tutorial | My Heart
Java Tutorial | My Heart
 
Java tut1
Java tut1Java tut1
Java tut1
 
Java tut1 Coderdojo Cahersiveen
Java tut1 Coderdojo CahersiveenJava tut1 Coderdojo Cahersiveen
Java tut1 Coderdojo Cahersiveen
 
Javatut1
Javatut1 Javatut1
Javatut1
 
Java tut1
Java tut1Java tut1
Java tut1
 
Building Scalable Stateless Applications with RxJava
Building Scalable Stateless Applications with RxJavaBuilding Scalable Stateless Applications with RxJava
Building Scalable Stateless Applications with RxJava
 
Java Tutorial
Java TutorialJava Tutorial
Java Tutorial
 
4Developers 2015: Programowanie synchroniczne i asynchroniczne - dwa światy k...
4Developers 2015: Programowanie synchroniczne i asynchroniczne - dwa światy k...4Developers 2015: Programowanie synchroniczne i asynchroniczne - dwa światy k...
4Developers 2015: Programowanie synchroniczne i asynchroniczne - dwa światy k...
 

Mehr von Sylvain Hallé

Monitoring Business Process Compliance Across Multiple Executions with Stream...
Monitoring Business Process Compliance Across Multiple Executions with Stream...Monitoring Business Process Compliance Across Multiple Executions with Stream...
Monitoring Business Process Compliance Across Multiple Executions with Stream...Sylvain Hallé
 
A Stream-Based Approach to Intrusion Detection
A Stream-Based Approach to Intrusion DetectionA Stream-Based Approach to Intrusion Detection
A Stream-Based Approach to Intrusion DetectionSylvain Hallé
 
Event Stream Processing with BeepBeep 3
Event Stream Processing with BeepBeep 3Event Stream Processing with BeepBeep 3
Event Stream Processing with BeepBeep 3Sylvain Hallé
 
Smart Contracts-Enabled Simulation for Hyperconnected Logistics
Smart Contracts-Enabled Simulation for Hyperconnected LogisticsSmart Contracts-Enabled Simulation for Hyperconnected Logistics
Smart Contracts-Enabled Simulation for Hyperconnected LogisticsSylvain Hallé
 
Test Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Test Suite Generation for Boolean Conditions with Equivalence Class PartitioningTest Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Test Suite Generation for Boolean Conditions with Equivalence Class PartitioningSylvain Hallé
 
Synthia: a Generic and Flexible Data Structure Generator (Long Version)
Synthia: a Generic and Flexible Data Structure Generator (Long Version)Synthia: a Generic and Flexible Data Structure Generator (Long Version)
Synthia: a Generic and Flexible Data Structure Generator (Long Version)Sylvain Hallé
 
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)Sylvain Hallé
 
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)Sylvain Hallé
 
A Generic Explainability Framework for Function Circuits
A Generic Explainability Framework for Function CircuitsA Generic Explainability Framework for Function Circuits
A Generic Explainability Framework for Function CircuitsSylvain Hallé
 
Detecting Responsive Web Design Bugs with Declarative Specifications
Detecting Responsive Web Design Bugs with Declarative SpecificationsDetecting Responsive Web Design Bugs with Declarative Specifications
Detecting Responsive Web Design Bugs with Declarative SpecificationsSylvain Hallé
 
Streamlining the Inclusion of Computer Experiments in Research Papers
Streamlining the Inclusion of Computer Experiments in Research PapersStreamlining the Inclusion of Computer Experiments in Research Papers
Streamlining the Inclusion of Computer Experiments in Research PapersSylvain Hallé
 
Writing Domain-Specific Languages for BeepBeep
Writing Domain-Specific Languages for BeepBeepWriting Domain-Specific Languages for BeepBeep
Writing Domain-Specific Languages for BeepBeepSylvain Hallé
 
Real-Time Data Mining for Event Streams
Real-Time Data Mining for Event StreamsReal-Time Data Mining for Event Streams
Real-Time Data Mining for Event StreamsSylvain Hallé
 
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)Sylvain Hallé
 
Mining event streams with BeepBeep 3
Mining event streams with BeepBeep 3Mining event streams with BeepBeep 3
Mining event streams with BeepBeep 3Sylvain Hallé
 
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)Sylvain Hallé
 
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)Sylvain Hallé
 
Event Stream Processing with Multiple Threads
Event Stream Processing with Multiple ThreadsEvent Stream Processing with Multiple Threads
Event Stream Processing with Multiple ThreadsSylvain Hallé
 
A Few Things We Heard About RV Tools (Position Paper)
A Few Things We Heard About RV Tools (Position Paper)A Few Things We Heard About RV Tools (Position Paper)
A Few Things We Heard About RV Tools (Position Paper)Sylvain Hallé
 
La quantification du premier ordre en logique temporelle
La quantification du premier ordre en logique temporelleLa quantification du premier ordre en logique temporelle
La quantification du premier ordre en logique temporelleSylvain Hallé
 

Mehr von Sylvain Hallé (20)

Monitoring Business Process Compliance Across Multiple Executions with Stream...
Monitoring Business Process Compliance Across Multiple Executions with Stream...Monitoring Business Process Compliance Across Multiple Executions with Stream...
Monitoring Business Process Compliance Across Multiple Executions with Stream...
 
A Stream-Based Approach to Intrusion Detection
A Stream-Based Approach to Intrusion DetectionA Stream-Based Approach to Intrusion Detection
A Stream-Based Approach to Intrusion Detection
 
Event Stream Processing with BeepBeep 3
Event Stream Processing with BeepBeep 3Event Stream Processing with BeepBeep 3
Event Stream Processing with BeepBeep 3
 
Smart Contracts-Enabled Simulation for Hyperconnected Logistics
Smart Contracts-Enabled Simulation for Hyperconnected LogisticsSmart Contracts-Enabled Simulation for Hyperconnected Logistics
Smart Contracts-Enabled Simulation for Hyperconnected Logistics
 
Test Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Test Suite Generation for Boolean Conditions with Equivalence Class PartitioningTest Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Test Suite Generation for Boolean Conditions with Equivalence Class Partitioning
 
Synthia: a Generic and Flexible Data Structure Generator (Long Version)
Synthia: a Generic and Flexible Data Structure Generator (Long Version)Synthia: a Generic and Flexible Data Structure Generator (Long Version)
Synthia: a Generic and Flexible Data Structure Generator (Long Version)
 
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
 
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)
 
A Generic Explainability Framework for Function Circuits
A Generic Explainability Framework for Function CircuitsA Generic Explainability Framework for Function Circuits
A Generic Explainability Framework for Function Circuits
 
Detecting Responsive Web Design Bugs with Declarative Specifications
Detecting Responsive Web Design Bugs with Declarative SpecificationsDetecting Responsive Web Design Bugs with Declarative Specifications
Detecting Responsive Web Design Bugs with Declarative Specifications
 
Streamlining the Inclusion of Computer Experiments in Research Papers
Streamlining the Inclusion of Computer Experiments in Research PapersStreamlining the Inclusion of Computer Experiments in Research Papers
Streamlining the Inclusion of Computer Experiments in Research Papers
 
Writing Domain-Specific Languages for BeepBeep
Writing Domain-Specific Languages for BeepBeepWriting Domain-Specific Languages for BeepBeep
Writing Domain-Specific Languages for BeepBeep
 
Real-Time Data Mining for Event Streams
Real-Time Data Mining for Event StreamsReal-Time Data Mining for Event Streams
Real-Time Data Mining for Event Streams
 
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
 
Mining event streams with BeepBeep 3
Mining event streams with BeepBeep 3Mining event streams with BeepBeep 3
Mining event streams with BeepBeep 3
 
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)
 
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)
 
Event Stream Processing with Multiple Threads
Event Stream Processing with Multiple ThreadsEvent Stream Processing with Multiple Threads
Event Stream Processing with Multiple Threads
 
A Few Things We Heard About RV Tools (Position Paper)
A Few Things We Heard About RV Tools (Position Paper)A Few Things We Heard About RV Tools (Position Paper)
A Few Things We Heard About RV Tools (Position Paper)
 
La quantification du premier ordre en logique temporelle
La quantification du premier ordre en logique temporelleLa quantification du premier ordre en logique temporelle
La quantification du premier ordre en logique temporelle
 

A Runtime Monitoring Framework for Event Streams with Non-Primitive Arguments

  • 1. A Runtime Monitoring Framework for Event Streams with Non-Primitive Arguments Jérôme Calvar, Raphaël Tremblay- Lessard, Sylvain Hallé Université du Québec à Chicoutimi CANADA Presented by Roger Villemaire Université du Québec à Montréal Fonds de recherche sur la nature et les technologies NSERC CRSNG Calvar et al.
  • 2. Presentation overview 1. What is runtime monitoring? 2. Current issues in runtime monitoring 3. Our runtime monitoring framework 4. Experimental results Calvar et al.
  • 3. What is runtime monitoring? Runtime monitoring is the process of observing an actual run of a system and dynamically checking and enforcing constraints on its execution System Monitor Specification } Event Verifies that Gives conditions on Event sequence of events and ... events follows specification sequences of events allowed to happen in realtime The execution of the system produces events Calvar et al.
  • 4. Runtime monitoring use cases Web applications: filter out messages sent by a browser when the client-server protocol is not followed - Saves CPU time on server (spared handling of erroneous messages) - Useful for developing/debugging the client - The presence of a monitor compels the server to document its protocol in a machine-readable format Calvar et al.
  • 5. Runtime monitoring use cases An example, the BeepBeep runtime monitor (Hallé and Villemaire) JavaScript Internet XMLHttpRequest Normal situation: JavaScript object XmlHttpRequest centralizes all communications with the outside world Calvar et al.
  • 6. Runtime monitoring use cases An example, the BeepBeep runtime monitor (Hallé and Villemaire) JavaScript Internet XMLHttpRequest Runtime monitoring: a new class wraps around this object and checks incoming/outgoing messages before passing them to the original XMLHttpRequest Calvar et al.
  • 7. Runtime monitoring use cases In object-oriented programs: enforce valid use of objects' methods according to their state start unknown hasnext() == true hasnext() == false next() hasnext() hasnext() more next() none next() error Correct usage of the Java Iterator class (from Jin et al., PLDI 2011) Calvar et al.
  • 8. Runtime monitoring use cases Example: Rosu et al.'s Java-MOP full-binding HasNext(Iterator i) { event hasnext after(Iterator i) : call(* Iterator.hasNext()) && target(i) {} event next before(Iterator i) : call(* Iterator.next()) && target(i) {} fsm : unsafe [ start [ next -> unsafe next -> unsafe hasnext -> safe hasnext -> safe ] ] safe [ alias match = unsafe next -> start hasnext -> safe @match { ] System.out.println("next called without hasNext!"); } } Calvar et al.
  • 9. An example: the Bank class A simple (Java) class offering four methods: void open(int act) void close(int act) void withdraw(int act, int amt) boolean isApproved(int act, int amt) Other classes interact with the Bank to perform transactions Calvar et al.
  • 10. An example: the Bank class As with the Iterator, there are constraints one must follow to use the Bank properly: S1. No operation on an account can be made after close S2. For the same account, the amount cannot change between an approval request and the following call to withdraw Declarative constraints: specify what must be true, but not how to check/enforce it Calvar et al.
  • 11. Issues in runtime monitoring The properties deal with sequences of method calls AND values of the arguments inside these calls S1: close(x) prevents any other method call, but only for that same x S2: requires that methods isApproved(x,y) and the subsequent withdraw(x,y) have the same value y, but only if they also have the same value x These are called data-aware constraints. Why is it problematic? Calvar et al.
  • 12. Data-aware constraints These properties cannot be expressed by a simple finite-state automaton withdraw(x,y) How to express constraint open(x) isApproved(x,y) on x and y? close(x) x=1 Calvar et al.
  • 13. Data-aware constraints Existing runtime monitors extend the representation by tracking multiple instances of an automation, parameterized by some value withdraw(x,y) withdraw(x,y) open(x) isApproved(x,y) open(x) isApproved(x,y) close(x) close(x) x=1 x=2 Calvar et al.
  • 14. Data-aware constraints If multiples values are involved in the same constraint, one must use nested automata withdraw(x,y) open(x) isApproved isApproved (x,y) withdraw (x,y) withdraw ... (x,y) (x,y) y=1 y=2 x=1 Calvar et al.
  • 15. Data-aware constraints Issue #1: the same event may (or may not) need to be dispatched to more than one automaton... ...the specification must hence also describe how to combine the (potentially conflicting) decision returned by each automaton m1(x,y) m1(x,y) m2(y,x) m2(y,x) y=2 y=1 x=1 x=2 ERROR OK and? / or? Calvar et al.
  • 16. Data-aware constraints Issue #2: the specification must describe how and when automata must be instantiated, depending on the events that are observed Consequence: a growing part of the constraints becomes procedural, and amounts to a hand-coding of a monitoring algorithm inside the specification Calvar et al.
  • 17. Separation of concerns Monitor and specification become tangled: loss of separation of concerns System Monitor Specification } Event Verifies that Gives conditions on Event sequence of events and ... events follows specification sequences of events allowed to happen in realtime The execution of the system produces events Calvar et al.
  • 18. Data-aware constraints Issue #3: current monitoring frameworks are very language-dependent; the specification contains code in the system's native language Calvar et al.
  • 19. Separation of concerns Monitor and system become tangled: loss of separation of concerns (again) System Monitor Specification } Event Verifies that Gives conditions on Event sequence of events and ... events follows specification sequences of events allowed to happen in realtime The execution of the system produces events Calvar et al.
  • 20. Monitoring framework Proposed architecture: framework that clearly separates all three aspects of the process - Separation of the system from the events it produces - Separation of the specification from the algorithm to verify it Calvar et al.
  • 21. Monitoring framework Pointcut Event m formatter Monitor Advice Outcome execution Program Aspect Program events are declared using a signature Event data is extracted and formatted as an XML structure XML is passed to a general-purpose monitor Specification is expressed as constraints on sequences of XML structures -> system-independent Calvar et al.
  • 22. Event formatting Example: a call to myBank.withdraw(123, 500) is formatted as <call> Method name <method>withdraw</method> <act>123</act> Method arguments, named as <amt>500</amt> in the method's prototype </call> For a message m, data can be referred to by a path expression π; hence if π = call/method/act, m(π) = "123" Calvar et al.
  • 23. Properties on event sequences LTL-FO+ is an extension of classical Linear Temporal Logic to express constraints on XML event sequences with data - Ground terms are equalities: between a variable and a constant (x = c) between two variables x = y between a path expression and a constant (a/b/c = d) Calvar et al.
  • 24. Properties on event sequences - Boolean connectives carry their traditional meaning - Temporal operators express modalities between messages: G φ : all messages from now on satisfy φ F φ : some message in the future will satisfy φ X φ : the next message will satisfy φ φ U ψ : φ holds on every message until some message satisfies ψ Calvar et al.
  • 25. Properties on event sequences - First-order quantifiers fetch and retain values in a message ∀ x ∈ π : φ(x) In the current message m, for every value c such that m(π) = c, φ(c) is true ∃ x ∈ π : φ(x) In the current message m, for some value c such that m(π) = c, φ(c) is true Calvar et al.
  • 26. Properties on event sequences S1. No operation on an account can be made after close G (call/method = close → ∀ a ∈ call/act : X G (∀ a' ∈ call/act : a ≠ a' )) Calvar et al.
  • 27. Writing the specification PROTOTYPES void Bank.open(int act); Method calls to void Bank.close(int ac); intercept void Bank.withdraw(int act, int amount); boolean Bank.isApproved(int act, int amt); SPEC LTL-FO+ G ((call/method/close) -> ([a1 call/act] Property to (X (G ([a2 call/act] (!((a1) = (a2)))))))) monitor @FALSE { Action to take System.out.println("This is forbidden"); if property is } violated PROTOTYPES shields the property from language- specific considerations Calvar et al.
  • 28. Properties on event sequences For Java, a PHP script converts the PROTOTYPES section into the appropriate event formatter, and the @FALSE section into the appropriate advice executor... Pointcut Event m formatter Monitor Advice Outcome execution Program Aspect ...the monitor itself is always the same! Calvar et al.
  • 29. Non-primitive objects What if the method's arguments are not primitive types? Example: Account a = new Account(...); myBank.withdraw(a, 500); <call> <method>withdraw</method> <act> What is the account's "value"? </act> <amt>500</amt> </call> Calvar et al.
  • 30. Non-primitive objects Observation: runtime constraints are expressed about objects' specific properties that ultimately boil down to primitive types Account a = new Account(...); myBank.withdraw(a, 500); The constraint on withdraw only requires account numbers, not full instances of Account Solution: have the event formatter write down member fields of the object (not the full object), but only those necessary for the constraint to monitor Calvar et al.
  • 31. Non-primitive objects Example: PROTOTYPES void AdvancedBank.getAuthorization (Account a, int amount); <return> <method>getAuthorization</method> Message template used <id>{return.getId()}</id> by event formatter for <amount>{return.getAmount()}</amount> this method call </return> void AdvancedBank.withdraw(Account a, Authorization auth); <call> Code to execute on <method>withdraw</method> callee or its arguments <id>{auth.getId()}</id> to populate element <amount>{auth.getAmount()}</amount> with primitive value <call> Calvar et al.
  • 32. Pros of this approach 1. Constraints involving non-primitive objects can be expressed and monitored: once events are formatted, they are undistinguishable from "primitive" calls by the runtime monitor 2. The trace of events can be saved to a (plain) XML file and verified a posteriori; would be impossible if events contained references to raw Java objects Calvar et al.
  • 33. Pros of this approach 3. The monitor does not deal with native objects from the system: preserves separation of concerns discussed earlier 4. Being allowed to query the internal state of objects sometimes simplifies the property to monitor - Surprising finding - See paper, "autonomous" vs. "query" approach in experiments - Work in progress: systematize this observation ("piggyback runtime monitoring") Calvar et al.
  • 34. Experiments Runtime monitoring framework tested on the "simple" (primitive) and "advanced" (non-primitive) Bank examples, with randomly generated calls 60 Number of traces 50 40 30 20 10 0 [-.08, [-.04,[-.02, [0, [.02,.08) [-.06,-.03) [-.03,0) [0,.02) [.02, [.04,.08) -.04) -.02) 0) .02) .04) S1 S2 Overhead per method call (ms) Simple bank Calvar et al.
  • 35. Conclusion We proposed a framework for the runtime monitoring of events in a system These events can carry data parameters that are relevant to the constraints to monitor Our framework clearly separates the extraction of event data from the system from the property to monitor Experiments show that the formatting of native events into XML imposes an overhead of 5-10 microseconds per event Calvar et al.