SlideShare une entreprise Scribd logo

Cooperative Runtime Monitoring of LTL Interface Contracts (EDOC 2010)

Sylvain Hallé
Sylvain Hallé

Requirements on message-based interactions can be formalized as an interface contract that specifies constraints on the sequence of possible messages that can be exchanged by multiple parties. At runtime, each peer can monitor incoming messages and check that the contract is correctly being followed by their respective senders. We introduce cooperative runtime monitoring, where a recipient “delegates” its monitoring task to the sender, which is required to provide evidence that the message it sends complies with the contract. In turn, this evidence can be quickly checked by the recipient, which is then guaranteed of the sender’s compliance to the contract without doing the monitoring computation by itself. A particular application of this concept is shown on web services, where service providers can monitor and enforce contract compliance of third-party clients at a small cost on the server side, while avoiding to certify or digitally sign them.

TechnologieFormation
1  sur  127
Télécharger pour lire hors ligne
Fonds de recherche sur la nature et les technologies NSERC CRSNG Sylvain Hallé
For more information Visit my web site www.leduotang.com/sylvain Sylvain Hallé
Context The Client Sylvain Hallé 2
Context The Server The Client Sylvain Hallé 2
Context The Server A The Client Sylvain Hallé 2
Context The Request Server message A The Client Sylvain Hallé 2
Context The Server A B The Client Sylvain Hallé 2
Context The Server A Response message B The Client Sylvain Hallé 2
Context Alphabet (A) Set of possible messages Sylvain Hallé 3
Context Alphabet (A) Set of possible messages Trace (A*) Sequence of messages Sylvain Hallé 3
Context Alphabet (A) Set of possible messages Trace (A*) Sequence of messages State Abstraction of a trace Sylvain Hallé 3
Context Transition function (d ) d Sylvain Hallé 3
Context Transition function (d ) d A Sylvain Hallé 3
Context Transition function (d ) d A s S Sylvain Hallé 3
Context Transition function (d ) d s’ A s S Sylvain Hallé 3
Context Transition function (d ) d s’ Æ A s S Sylvain Hallé 3
Context Transition function (d ) dS ® :A´ S d an) º (... d (a0a1 ... d (s0, a0)...)) (an, d d s’ Æ A s S Sylvain Hallé 3
Context Transition function (d ) dS ® :A´ S d an) º (... d (a0a1 ... d (s0, a0)...)) (an, d Interface contract (k) Defines valid traces d s’ k {T, F} : A* ® Æ A s S Sylvain Hallé 3
Context Transition function (d ) dS ® :A´ S d an) º (... d (a0a1 ... d (s0, a0)...)) (an, d Interface contract (k) Defines valid traces d s’ k {T, F} : A* ® Æ k n)= T (a0a1...a A s S Sylvain Hallé 3
Context Transition function (d ) dS ® :A´ S Û d an) º (... d (a0a1 ... d (s0, a0)...)) (an, d Interface contract (k) Defines valid traces d s’ k {T, F} : A* ® Æ k n)= T (a0a1...a A s S Sylvain Hallé 3
Context Transition function (d ) dS ® :A´ S Û d an) º (... d (a0a1 ... d (s0, a0)...)) (an, d Interface contract (k) Defines valid traces d s’ k {T, F} : A* ® Æ k n)= T (a0a1...a A s S d a n) ¹ (a0a1 ... Æ Sylvain Hallé 3
A general framework Server A Message Client Interface contract Sylvain Hallé 4
A general framework Iterator class Method A call Java program Two calls of the next() method must be separated by at least one occurrence of hasNext(). Sylvain Hallé 4
A general framework web XML service A message Ajax web client If CartClear is invoked, no CartModify or CartRemove can occur before a new CartAdd. Sylvain Hallé 5
Contract violations What happens when the contract is violated? - Error messages - Non-sensical data returned - Compensation mechanisms - Wasted processing time - Security breaches - Etc. Sylvain Hallé 6
The big question Prevent contract violations Sylvain Hallé 7
Current solutions 1. A priori certification A trustworthy authority assesses the client’s compliance to the contract... Testing, static verification etc. Sylvain Hallé 8
Current solutions 1. A priori certification A trustworthy authority assesses the client’s compliance to the contract... ...and grants a digital certificate Sylvain Hallé 8
Current solutions 1. A priori certification A+ The service needs a certificate to start an exchange with a client Sylvain Hallé 8
Current solutions 1. A priori certification A+ The service needs a certificate to start an exchange with a client Example: iPhone app certification Sylvain Hallé 8
Current solutions 1. A priori certification Z+ Problem: the client can change after certification iPhone jailbreaking, Javascript prototype hijacking, ... Sylvain Hallé 8
Current solutions 2. Server-side Runtime Monitoring A separate process checks each incoming message... A Sylvain Hallé 9
Current solutions 2. Server-side Runtime Monitoring A separate process checks A each incoming message... The message is relayed to the application proper when it complies with the contract Sylvain Hallé 9
Current solutions 2. Server-side Runtime Monitoring A separate process checks each incoming message... ...and is discarded when it violates the contract Sylvain Hallé 9
Current solutions 2. Server-side Runtime Monitoring Problem: computational load on the server side Sylvain Hallé 9
Current solutions 3. Client-side Runtime Monitoring Each client has a separate process that validates its messages before sending them A Sylvain Hallé 10
Current solutions 3. Client-side Runtime Monitoring Z Z Z Problem: server has no guarantee that monitoring actually takes place Sylvain Hallé 10
Goal Processing savings of client-side monitoring Guarantees of server-side monitoring Sylvain Hallé 11
Goal COOPERATIVE RUNTIME MONITORING Processing savings of client-side monitoring Guarantees of server-side monitoring Sylvain Hallé 11
Goal Complete Guarantees None 0 Computational 100% savings Sylvain Hallé 12
Goal Complete Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 12
Goal Complete Server-side monitoring Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 12
Goal Complete Server-side monitoring ? Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 12
Goal Complete Server-side monitoring Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 12
Goal No way Complete to preserve complete guarantees Server-side monitoring Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 12
Goal Complete Server-side monitoring Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 12
Goal Potential for cooperation Complete Server-side monitoring Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 12
Cooperative runtime monitoring Both the server- and client- side monitors maintain the current state of the message exchange s s Sylvain Hallé 13
Cooperative runtime monitoring From its current state (s) and new message (A), the client- side monitor computes (g )... A Sylvain Hallé 13
Cooperative runtime monitoring From its current state (s) and new message (A), the client- side monitor computes (g )... s, s’, A) g= ( () s’ The new contract state A ‘‘proof’’ that A is a valid extension of the message exchange Sylvain Hallé 13
Cooperative runtime monitoring The proof is sent with the message A+ Sylvain Hallé 13
Cooperative runtime monitoring From its current state (s), incoming message (A) and proof ( ), the server-side monitor computes (m and n)... Sylvain Hallé 13
Cooperative runtime monitoring From its current state (s), incoming message (A) and proof ( ), the server-side monitor computes (m and n)... A,= m T/F () n s’ s, (= ) T/F If the proof is consistent with the accompanying message s’ The new contract state Sylvain Hallé 13
Cooperative runtime monitoring Both sides agree on the new current state (s’) s’ s’ Sylvain Hallé 14
Cooperative runtime monitoring Both sides agree on the new current state (s’) The client computes s’ it from s and A s’ Sylvain Hallé 14
Cooperative runtime monitoring Both sides agree on the new current state (s’) The client computes s’ it from s and A s’ The server computes it from s and Sylvain Hallé 14
Requirements A+ s , s’, g=A) ( () A , =( = m T/F n s’ () s,) Sylvain Hallé 15
Requirements A+ s , s’, g=A) ( () A , =( = m T/F n s’ () s,) 1. The proof must be unspoofable If A is not a valid continuation from state s, then for any , either m F or n ? A,=s,= () ( ) 2. The proof must be equivalent to contract monitoring If A is a valid continuation from state s to state s’, then , m T and n s’ A,= ( = () s, ) 3. Checking the proof must be easy (i.e. polynomial) Sylvain Hallé 15
Requirements A+ s , s’, g=A) ( () A , =( = m T/F n s’ () s,) 1. The proof must be unspoofable If A is not a valid continuation from state s, then for any , either m F or n ? A,=s,= () ( ) 2. The proof must be equivalent to contract monitoring If A is a valid continuation from state s to state s’, then , m T and n s’ A,= ( = () s, ) 3. Checking the proof must be easy (i.e. polynomial) Sylvain Hallé 15
Requirements A+ s , s’, g=A) ( () A , =( = m T/F n s’ () s,) 1. The proof must be unspoofable If A is not a valid continuation from state s, then for any , either m F or n ? A,=s,= () ( ) 2. The proof must be equivalent to contract monitoring If A is a valid continuation from state s to state s’, then , m T and n s’ A,= ( = () s, ) 3. Checking the proof must be easy (i.e. polynomial) Sylvain Hallé 15
Requirements A+ s , s’, g=A) ( () A , =( = m T/F n s’ () s,) 1. The proof must be unspoofable If A is not a valid continuation from state s (d Æ (s,A) = ), A,=s,= then for any , either m F or n ? () ( ) 2. The proof must be equivalent to contract monitoring If A is a valid continuation from state s to state s’, then , m T and n s’ A,= ( = () s, ) 3. Checking the proof must be easy (i.e. polynomial) Sylvain Hallé 15
Requirements A+ s , s’, g=A) ( () A , =( = m T/F n s’ () s,) 1. The proof must be unspoofable If A is not a valid continuation from state s (d Æ (s,A) = ), A,=s,= then for any , either m F or n ? () ( ) 2. The proof must be equivalent to contract monitoring If A is a valid continuation from state s to state s’, then s , s’, ( ) A) g =, m T and n s’ ( () , = ( = A s, ) 3. Checking the proof must be easy (i.e. polynomial) Sylvain Hallé 15
Requirements A+ s , s’, g=A) ( () A , =( = m T/F n s’ () s,) 1. The proof must be unspoofable If A is not a valid continuation from state s (d Æ (s,A) = ), A,=s,= then for any , either m F or n ? () ( ) 2. The proof must be equivalent to contract monitoring If A is a valid continuation from state s to state s’, then s , s’, ( ) A) g =, m T and n s’ ( () , = ( = A s, ) 3. Checking the proof must be easy (i.e. polynomial) Þ be in NP mmust and n Sylvain Hallé 15
Expressing an interface contract LTL formula = assertion on a trace (of messages) Ga "always a" Xa "the next message is a" Fa "eventually a" aWb "a until b abacdcbaqqtam... G (a ® X b) FALSE ØW c (q Ú t) TRUE Gerth, Peled, Vardi, Wolper (PSTV 1995): on-the-fly runtime monitoring algorithm for LTL Sylvain Hallé 16
Classical LTL runtime monitoring Algorithm overview: 1. An LTL formula is decomposed into nodes of the form sub-formulas that sub-formulas that must must be true now be true in the next state Sylvain Hallé 17
Classical LTL runtime monitoring Algorithm overview: 1. An LTL formula is decomposed into nodes of the form sub-formulas that sub-formulas that must must be true now be true in the next state Example: Sylvain Hallé 17
Classical LTL runtime monitoring 2. Negations pushed inside (classical identities + dual of U = V) 3. At the leaves, G atoms + negations of atoms: contains we evaluate them Verdict: ! All leaves contain FALSE: formula is false ! A leaf is empty: formula is true ! Otherwise: 4. Next event: D into G continue copied and we Sylvain Hallé 18
Classical LTL runtime monitoring Example: G G (p Ù F s)) (X q Ú 1 2 X p F1 F2 p Sylvain Hallé 19
Classical LTL runtime monitoring Example: G G (p Ù F s)) (X q Ú If p is true and s is false in the 1 current message m, then... 2 X p p F1 F2 p s p Sylvain Hallé 20
Intuition for g s 1. This algorithm computes G d s’ (s,A) = 1 2 X p p s’ F1 F2 p s p s’ Sylvain Hallé 21
Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = 2 X p p F1 F2 p s p Sylvain Hallé 21
Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = G 2 X p p F1 F2 p s p Sylvain Hallé 21
Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = G, Ù 2 X p p F1 F2 p s p Sylvain Hallé 21
Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = G, Ù ,Ú 1 2 X p p F1 F2 p s p Sylvain Hallé 21
Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = G, Ù ,Ú 1, X 2 X p p F1 F2 p s p Sylvain Hallé 21
Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = G, Ù p ,Ú 1, X, 2 X p p F1 F2 p s p Sylvain Hallé 21
Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = G, Ù p ,Ú1, X, 2 X {q, G (p Ù F s))} (X q Ú p p F1 F2 p s p Sylvain Hallé 21
Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = G, Ù p ,Ú1, X, 2 X {q, G (p Ù F s))} (X q Ú p + p G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú F1 F2 p s p Sylvain Hallé 21
Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = G, Ù p ,Ú1, X, 2 X {q, G (p Ù F s))} (X q Ú p + p G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú F1 F2 p 3. The combination gives us s p s , s’, g= A) ( () Sylvain Hallé 21
Intuition for m A+ s , s’, g=A) ( () A , =( = m T/F n s’ () s,) Given a message (A) and a proof ( ), one can check that the atoms in the paths are indeed true in the message... = G, Ùp,Ú, X, 1 {q, G (p Ù F s))} (X q Ú Is p true in A? + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú ...this computes m ()A, Sylvain Hallé 22
Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... G (p Ù F s)) (X q Ú = G, Ù p ,Ú1, X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... G (p Ù F s)) G (X q Ú = G Ùp G, , Ú , X, 1 {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... G (p Ù F s)) (X q Ú = G, Ù p ,Ú1, X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... G (p Ùs)) ÙF (X q Ú = G, Ù Ùp,Ú1, X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... ,qÚ G (p Ù F s)) (X = G, Ù p ,Ú1, X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... , qÚ G (p Ù F s)) (X Ú = ,Ú G, Ù pÚ1, X, 1 {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... ,q G (p Ù (X = G, Ù p ,Ú1, X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... ,q G (p ÙX (X = G, Ù p ,Ú1, X X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... G (p Ù (X q q = G, Ù p ,Ú1, X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... p q = G, Ùp,Ú1, X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... q = G, Ù ,Ú1, X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... q = G, Ù,Ú , X, 1 ...if the operation comes to {q, G (p Ù F s))} (X q Ú an end, we accept the leaf + G, Ù p ,Ú given in as the resulting 2, F2, {F q, G (p Ù F s))} (X q Ú end state s’ ...this computes n s’ s, (= ) Sylvain Hallé 23
What about complexity? number of witnesses < total number of leaves < s, (n < () < (g) ) (s,A) Does not expand ‘‘dead-end’’ branches Sylvain Hallé 24
What about complexity? number of witnesses < total number of leaves < s, (n < () < (g) ) (s,A) number of witnesses total number of leaves (n s, () ) (g)(s,A) Sylvain Hallé 24
What about complexity? number of witnesses < total number of leaves < s, (n < () < (g) ) (s,A) number of witnesses total number of leaves (n s, () ) (g)(s,A) check the proof compute the proof Þ Sylvain Hallé { Non-branching LTL No gain... Solution: restrict LTL to fragment that produces at most one witness at every step 24
Non-branching LTL Follows three conditions: Sylvain Hallé 25
Non-branching LTL Follows three conditions: 1. ( Ú . ( . . . . ) . ) Sylvain Hallé 25
Non-branching LTL Follows three conditions: No temporal operator 1. ( Ú . ( . . . . ) . ) Sylvain Hallé 25
Non-branching LTL Follows three conditions: No temporal operator 1. ( Ú . ( . . . . ) . ) 2. F ( ... ) Sylvain Hallé 25
Non-branching LTL Follows three conditions: No temporal operator 1. ( Ú . ( . . . . ) . ) 2. F ( ... ) Sylvain Hallé 25
Non-branching LTL Follows three conditions: No temporal operator 1. ( Ú . ( . . . . ) . ) 2. F ( ... ) 3. ( U ( . . . . . ) . ) Sylvain Hallé 25
Non-branching LTL Follows three conditions: No temporal operator 1. ( Ú . ( . . . . ) . ) 2. F ( ... ) 3. ( U ( . . . . . ) . ) Sylvain Hallé 25
Non-branching LTL Follows three conditions: No temporal operator 1. ( Ú . ( . . . . ) . ) 2. F ( ... ) 3. ( U ( . . . . . ) . ) Sylvain Hallé 25
Non-branching LTL Follows three conditions: No temporal operator 1. ( Ú . ( . . . . ) . ) 2. F ( ... ) 3. ( U ( . . . . . ) . ) Theorem: a non-branching LTL formula produces a proof ( ) linear in the length of the interface contract (see the paper!) Sylvain Hallé 25
Non-branching LTL Follows three conditions: No temporal operator 1. ( Ú . ( . . . . ) . ) 2. F ( ... ) 3. ( U ( . . . . . ) . ) Theorem: a non-branching LTL formula produces a proof ( ) linear in the length of the interface contract (see the paper!) Non-branching LTL contracts can be efficiently enforced Þ through cooperative runtime monitoring Sylvain Hallé 25
Experimental results Sylvain Hallé 26
Experimental results A Sylvain Hallé 26
Experimental results s, s’, A) g= ( () Sylvain Hallé 26
Experimental results s, s’, A) g= ( () = 5.08 ms Sylvain Hallé 26
Experimental results A+ = 5.08 ms Sylvain Hallé 26
Experimental results A,= m T/F () n s’ s, (= ) = 5.08 ms Sylvain Hallé 26
Experimental results A,= m T/F () n s’ s, (= ) = 0.35 ms = 5.08 ms Sylvain Hallé 26
Experimental results = 0.35 ms = 5.08 ms Server is spared of 90% of the computation Sylvain Hallé 26
Experimental results Complete Server-side monitoring Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 27
Experimental results Complete Cooperative Server-side monitoring monitoring Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 27
Experimental results Expressiveness Complete Cooperative Server-side monitoring monitoring Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 27
Experimental results Expressiveness Complete Cooperative Server-side monitoring monitoring Guarantees Non- branching LTL Client-side None monitoring 0 Computational 100% savings Sylvain Hallé 27
Experimental results Expressiveness Complete Cooperative Server-side monitoring monitoring Guarantees LTL Non- branching LTL Client-side None monitoring 0 Computational 100% savings Sylvain Hallé 27
Experimental results Expressiveness Complete Cooperative Server-side monitoring First- monitoring order logic Guarantees LTL Non- branching LTL Client-side None monitoring 0 Computational 100% savings Sylvain Hallé 27
Experimental results Theoretical upper bound Expressiveness Complete Cooperative Server-side monitoring First- monitoring order logic Guarantees LTL Non- branching LTL Client-side None monitoring 0 Computational 100% savings Sylvain Hallé 27
Take-home points Sylvain Hallé 28
Take-home points 1. An interface contract specifies valid sequences of ‘‘messages’’ between a client and a server . Sylvain Hallé 28
Take-home points 1. An interface contract specifies valid sequences of ‘‘messages’’ between a client and a server . 2. Cooperative runtime monitoring allows the enforcement of the contract to be split between both parties . Sylvain Hallé 28
Take-home points 1. An interface contract specifies valid sequences of ‘‘messages’’ between a client and a server . 2. Cooperative runtime monitoring allows the enforcement of the contract to be split between both parties .. 3. For a fragment of Linear Temporal Logic, empirical tests show that 90% of the work can be outsourced to the client... Sylvain Hallé 28
Take-home points 1. An interface contract specifies valid sequences of ‘‘messages’’ between a client and a server . 2. Cooperative runtime monitoring allows the enforcement of the contract to be split between both parties .. 3. For a fragment of Linear Temporal Logic, empirical tests show that 90% of the work can be outsourced to the client... . 4. ...while preserving the same guarantees as with server-side monitoring Sylvain Hallé 28
Take-home points 1. An interface contract specifies valid sequences of ‘‘messages’’ between a client and a server . 2. Cooperative runtime monitoring allows the enforcement of the contract to be split between both parties .. 3. For a fragment of Linear Temporal Logic, empirical tests show that 90% of the work can be outsourced to the client... . 4. ...while preserving the same guarantees as with server-side monitoring . 5. This is a 3D problem: guarantees, computational load and expressiveness can be modulated Sylvain Hallé 28
For more information Visit my web site www.leduotang.com/sylvain Sylvain Hallé

Recommandé

Compliance Legal Framework Review snapshot
Compliance Legal Framework Review snapshotCompliance Legal Framework Review snapshot
Compliance Legal Framework Review snapshotJohn Osborne
 
Crocker.lori
Crocker.loriCrocker.lori
Crocker.loriNASAPMC
 
Sand.steven
Sand.stevenSand.steven
Sand.stevenNASAPMC
 
Contract Monitoring
Contract MonitoringContract Monitoring
Contract MonitoringDavid Way
 
Monitoring_Subcontracts
Monitoring_SubcontractsMonitoring_Subcontracts
Monitoring_SubcontractsTodd McAdams, CPA, CGMA, MAcc
 
Contract management from creation through execution and monitoring 26 july 2011
Contract management from creation through execution and monitoring 26 july 2011 Contract management from creation through execution and monitoring 26 july 2011
Contract management from creation through execution and monitoring 26 july 2011 Alfresco Software
 
Graph Methods for Generating Test Cases with Universal and Existential Constr...
Graph Methods for Generating Test Cases with Universal and Existential Constr...Graph Methods for Generating Test Cases with Universal and Existential Constr...
Graph Methods for Generating Test Cases with Universal and Existential Constr...Sylvain Hallé
 
NOC Powerpoint dashboard
NOC Powerpoint dashboardNOC Powerpoint dashboard
NOC Powerpoint dashboardRonald Bartels
 

Recommandé

Compliance Legal Framework Review snapshot
Compliance Legal Framework Review snapshotCompliance Legal Framework Review snapshot
Compliance Legal Framework Review snapshotJohn Osborne
 
Crocker.lori
Crocker.loriCrocker.lori
Crocker.loriNASAPMC
 
Sand.steven
Sand.stevenSand.steven
Sand.stevenNASAPMC
 
Contract Monitoring
Contract MonitoringContract Monitoring
Contract MonitoringDavid Way
 
Monitoring_Subcontracts
Monitoring_SubcontractsMonitoring_Subcontracts
Monitoring_SubcontractsTodd McAdams, CPA, CGMA, MAcc
 
Contract management from creation through execution and monitoring 26 july 2011
Contract management from creation through execution and monitoring 26 july 2011 Contract management from creation through execution and monitoring 26 july 2011
Contract management from creation through execution and monitoring 26 july 2011 Alfresco Software
 
Graph Methods for Generating Test Cases with Universal and Existential Constr...
Graph Methods for Generating Test Cases with Universal and Existential Constr...Graph Methods for Generating Test Cases with Universal and Existential Constr...
Graph Methods for Generating Test Cases with Universal and Existential Constr...Sylvain Hallé
 
NOC Powerpoint dashboard
NOC Powerpoint dashboardNOC Powerpoint dashboard
NOC Powerpoint dashboardRonald Bartels
 
Addressing Contract Management Needs with SharePoint
Addressing Contract Management Needs with SharePointAddressing Contract Management Needs with SharePoint
Addressing Contract Management Needs with SharePointOptimus BT
 
Construction contracts and claims management
Construction contracts and claims managementConstruction contracts and claims management
Construction contracts and claims managementHaytham Baraka, PMP, CCP, SP, RMP,APC-RICS Candidate.
 
Pmp procurement rev
Pmp procurement revPmp procurement rev
Pmp procurement revM Maged Hegazy, LLM, MBA, CCP, P3O
 
Earned Value Management - Leading & Misleading in Project Control
Earned Value Management - Leading & Misleading in Project ControlEarned Value Management - Leading & Misleading in Project Control
Earned Value Management - Leading & Misleading in Project ControlM Maged Hegazy, LLM, MBA, CCP, P3O
 
ENGINEERING CONTRACTS العقود الهندسية
ENGINEERING CONTRACTS العقود الهندسية ENGINEERING CONTRACTS العقود الهندسية
ENGINEERING CONTRACTS العقود الهندسيةAbdullah Ahmed, PMP, RMP
 
Enhancing performance using a programme dashboard
Enhancing performance using a programme dashboard Enhancing performance using a programme dashboard
Enhancing performance using a programme dashboard Association for Project Management
 
Apm portfolio management in local government - Tim Hopkins
Apm portfolio management in local government - Tim HopkinsApm portfolio management in local government - Tim Hopkins
Apm portfolio management in local government - Tim HopkinsAssociation for Project Management
 
Portfolio Management by Stuart Westgate - Shaping your portfolio to realise O...
Portfolio Management by Stuart Westgate - Shaping your portfolio to realise O...Portfolio Management by Stuart Westgate - Shaping your portfolio to realise O...
Portfolio Management by Stuart Westgate - Shaping your portfolio to realise O...Association for Project Management
 
Construction KPIs & Dashboards
Construction KPIs & DashboardsConstruction KPIs & Dashboards
Construction KPIs & DashboardsMohamed ElSaadany, PMP, CCP, PMI-RMP, SCE-PE
 
Project Monitoring & Evaluation
Project Monitoring & EvaluationProject Monitoring & Evaluation
Project Monitoring & EvaluationSrinivasan Rengasamy
 
Bureaucracy management
Bureaucracy managementBureaucracy management
Bureaucracy managementBusiness Management
 
Contracts classification
Contracts classificationContracts classification
Contracts classificationM Maged Hegazy, LLM, MBA, CCP, P3O
 
Project Management Concepts (from PMBOK 5th Ed)
Project Management Concepts (from PMBOK 5th Ed)Project Management Concepts (from PMBOK 5th Ed)
Project Management Concepts (from PMBOK 5th Ed)Jeremy Jay Lim
 
Fundamentals of Project Management
Fundamentals of Project ManagementFundamentals of Project Management
Fundamentals of Project ManagementRodolfo Siles
 
Project management
Project managementProject management
Project managementbostonredsoxsux
 
Monitoring Business Process Compliance Across Multiple Executions with Stream...
Monitoring Business Process Compliance Across Multiple Executions with Stream...Monitoring Business Process Compliance Across Multiple Executions with Stream...
Monitoring Business Process Compliance Across Multiple Executions with Stream...Sylvain Hallé
 
A Stream-Based Approach to Intrusion Detection
A Stream-Based Approach to Intrusion DetectionA Stream-Based Approach to Intrusion Detection
A Stream-Based Approach to Intrusion DetectionSylvain Hallé
 
Event Stream Processing with BeepBeep 3
Event Stream Processing with BeepBeep 3Event Stream Processing with BeepBeep 3
Event Stream Processing with BeepBeep 3Sylvain Hallé
 
Smart Contracts-Enabled Simulation for Hyperconnected Logistics
Smart Contracts-Enabled Simulation for Hyperconnected LogisticsSmart Contracts-Enabled Simulation for Hyperconnected Logistics
Smart Contracts-Enabled Simulation for Hyperconnected LogisticsSylvain Hallé
 
Test Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Test Suite Generation for Boolean Conditions with Equivalence Class PartitioningTest Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Test Suite Generation for Boolean Conditions with Equivalence Class PartitioningSylvain Hallé
 
Synthia: a Generic and Flexible Data Structure Generator (Long Version)
Synthia: a Generic and Flexible Data Structure Generator (Long Version)Synthia: a Generic and Flexible Data Structure Generator (Long Version)
Synthia: a Generic and Flexible Data Structure Generator (Long Version)Sylvain Hallé
 
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)Sylvain Hallé
 

Contenu connexe

En vedette

Addressing Contract Management Needs with SharePoint
Addressing Contract Management Needs with SharePointAddressing Contract Management Needs with SharePoint
Addressing Contract Management Needs with SharePointOptimus BT
 
Earned Value Management - Leading & Misleading in Project Control
Earned Value Management - Leading & Misleading in Project ControlEarned Value Management - Leading & Misleading in Project Control
Earned Value Management - Leading & Misleading in Project ControlM Maged Hegazy, LLM, MBA, CCP, P3O
 
ENGINEERING CONTRACTS العقود الهندسية
ENGINEERING CONTRACTS العقود الهندسية ENGINEERING CONTRACTS العقود الهندسية
ENGINEERING CONTRACTS العقود الهندسيةAbdullah Ahmed, PMP, RMP
 
Portfolio Management by Stuart Westgate - Shaping your portfolio to realise O...
Portfolio Management by Stuart Westgate - Shaping your portfolio to realise O...Portfolio Management by Stuart Westgate - Shaping your portfolio to realise O...
Portfolio Management by Stuart Westgate - Shaping your portfolio to realise O...Association for Project Management
 
Project Management Concepts (from PMBOK 5th Ed)
Project Management Concepts (from PMBOK 5th Ed)Project Management Concepts (from PMBOK 5th Ed)
Project Management Concepts (from PMBOK 5th Ed)Jeremy Jay Lim
 
Fundamentals of Project Management
Fundamentals of Project ManagementFundamentals of Project Management
Fundamentals of Project ManagementRodolfo Siles
 

En vedette (15)

Addressing Contract Management Needs with SharePoint
Addressing Contract Management Needs with SharePointAddressing Contract Management Needs with SharePoint
Addressing Contract Management Needs with SharePoint
 
Construction contracts and claims management
Construction contracts and claims managementConstruction contracts and claims management
Construction contracts and claims management
 
Pmp procurement rev
Pmp procurement revPmp procurement rev
Pmp procurement rev
 
Earned Value Management - Leading & Misleading in Project Control
Earned Value Management - Leading & Misleading in Project ControlEarned Value Management - Leading & Misleading in Project Control
Earned Value Management - Leading & Misleading in Project Control
 
ENGINEERING CONTRACTS العقود الهندسية
ENGINEERING CONTRACTS العقود الهندسية ENGINEERING CONTRACTS العقود الهندسية
ENGINEERING CONTRACTS العقود الهندسية
 
Enhancing performance using a programme dashboard
Enhancing performance using a programme dashboard Enhancing performance using a programme dashboard
Enhancing performance using a programme dashboard
 
Apm portfolio management in local government - Tim Hopkins
Apm portfolio management in local government - Tim HopkinsApm portfolio management in local government - Tim Hopkins
Apm portfolio management in local government - Tim Hopkins
 
Portfolio Management by Stuart Westgate - Shaping your portfolio to realise O...
Portfolio Management by Stuart Westgate - Shaping your portfolio to realise O...Portfolio Management by Stuart Westgate - Shaping your portfolio to realise O...
Portfolio Management by Stuart Westgate - Shaping your portfolio to realise O...
 
Construction KPIs & Dashboards
Construction KPIs & DashboardsConstruction KPIs & Dashboards
Construction KPIs & Dashboards
 
Project Monitoring & Evaluation
Project Monitoring & EvaluationProject Monitoring & Evaluation
Project Monitoring & Evaluation
 
Bureaucracy management
Bureaucracy managementBureaucracy management
Bureaucracy management
 
Contracts classification
Contracts classificationContracts classification
Contracts classification
 
Project Management Concepts (from PMBOK 5th Ed)
Project Management Concepts (from PMBOK 5th Ed)Project Management Concepts (from PMBOK 5th Ed)
Project Management Concepts (from PMBOK 5th Ed)
 
Fundamentals of Project Management
Fundamentals of Project ManagementFundamentals of Project Management
Fundamentals of Project Management
 
Project management
Project managementProject management
Project management
 

Plus de Sylvain Hallé

Monitoring Business Process Compliance Across Multiple Executions with Stream...
Monitoring Business Process Compliance Across Multiple Executions with Stream...Monitoring Business Process Compliance Across Multiple Executions with Stream...
Monitoring Business Process Compliance Across Multiple Executions with Stream...Sylvain Hallé
 
A Stream-Based Approach to Intrusion Detection
A Stream-Based Approach to Intrusion DetectionA Stream-Based Approach to Intrusion Detection
A Stream-Based Approach to Intrusion DetectionSylvain Hallé
 
Event Stream Processing with BeepBeep 3
Event Stream Processing with BeepBeep 3Event Stream Processing with BeepBeep 3
Event Stream Processing with BeepBeep 3Sylvain Hallé
 
Smart Contracts-Enabled Simulation for Hyperconnected Logistics
Smart Contracts-Enabled Simulation for Hyperconnected LogisticsSmart Contracts-Enabled Simulation for Hyperconnected Logistics
Smart Contracts-Enabled Simulation for Hyperconnected LogisticsSylvain Hallé
 
Test Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Test Suite Generation for Boolean Conditions with Equivalence Class PartitioningTest Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Test Suite Generation for Boolean Conditions with Equivalence Class PartitioningSylvain Hallé
 
Synthia: a Generic and Flexible Data Structure Generator (Long Version)
Synthia: a Generic and Flexible Data Structure Generator (Long Version)Synthia: a Generic and Flexible Data Structure Generator (Long Version)
Synthia: a Generic and Flexible Data Structure Generator (Long Version)Sylvain Hallé
 
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)Sylvain Hallé
 
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)Sylvain Hallé
 
A Generic Explainability Framework for Function Circuits
A Generic Explainability Framework for Function CircuitsA Generic Explainability Framework for Function Circuits
A Generic Explainability Framework for Function CircuitsSylvain Hallé
 
Detecting Responsive Web Design Bugs with Declarative Specifications
Detecting Responsive Web Design Bugs with Declarative SpecificationsDetecting Responsive Web Design Bugs with Declarative Specifications
Detecting Responsive Web Design Bugs with Declarative SpecificationsSylvain Hallé
 
Streamlining the Inclusion of Computer Experiments in Research Papers
Streamlining the Inclusion of Computer Experiments in Research PapersStreamlining the Inclusion of Computer Experiments in Research Papers
Streamlining the Inclusion of Computer Experiments in Research PapersSylvain Hallé
 
Writing Domain-Specific Languages for BeepBeep
Writing Domain-Specific Languages for BeepBeepWriting Domain-Specific Languages for BeepBeep
Writing Domain-Specific Languages for BeepBeepSylvain Hallé
 
Real-Time Data Mining for Event Streams
Real-Time Data Mining for Event StreamsReal-Time Data Mining for Event Streams
Real-Time Data Mining for Event StreamsSylvain Hallé
 
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)Sylvain Hallé
 
Mining event streams with BeepBeep 3
Mining event streams with BeepBeep 3Mining event streams with BeepBeep 3
Mining event streams with BeepBeep 3Sylvain Hallé
 
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)Sylvain Hallé
 
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)Sylvain Hallé
 
Event Stream Processing with Multiple Threads
Event Stream Processing with Multiple ThreadsEvent Stream Processing with Multiple Threads
Event Stream Processing with Multiple ThreadsSylvain Hallé
 
A Few Things We Heard About RV Tools (Position Paper)
A Few Things We Heard About RV Tools (Position Paper)A Few Things We Heard About RV Tools (Position Paper)
A Few Things We Heard About RV Tools (Position Paper)Sylvain Hallé
 
Solving Equations on Words with Morphisms and Antimorphisms
Solving Equations on Words with Morphisms and AntimorphismsSolving Equations on Words with Morphisms and Antimorphisms
Solving Equations on Words with Morphisms and AntimorphismsSylvain Hallé
 

Plus de Sylvain Hallé (20)

Monitoring Business Process Compliance Across Multiple Executions with Stream...
Monitoring Business Process Compliance Across Multiple Executions with Stream...Monitoring Business Process Compliance Across Multiple Executions with Stream...
Monitoring Business Process Compliance Across Multiple Executions with Stream...
 
A Stream-Based Approach to Intrusion Detection
A Stream-Based Approach to Intrusion DetectionA Stream-Based Approach to Intrusion Detection
A Stream-Based Approach to Intrusion Detection
 
Event Stream Processing with BeepBeep 3
Event Stream Processing with BeepBeep 3Event Stream Processing with BeepBeep 3
Event Stream Processing with BeepBeep 3
 
Smart Contracts-Enabled Simulation for Hyperconnected Logistics
Smart Contracts-Enabled Simulation for Hyperconnected LogisticsSmart Contracts-Enabled Simulation for Hyperconnected Logistics
Smart Contracts-Enabled Simulation for Hyperconnected Logistics
 
Test Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Test Suite Generation for Boolean Conditions with Equivalence Class PartitioningTest Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Test Suite Generation for Boolean Conditions with Equivalence Class Partitioning
 
Synthia: a Generic and Flexible Data Structure Generator (Long Version)
Synthia: a Generic and Flexible Data Structure Generator (Long Version)Synthia: a Generic and Flexible Data Structure Generator (Long Version)
Synthia: a Generic and Flexible Data Structure Generator (Long Version)
 
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
 
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)
 
A Generic Explainability Framework for Function Circuits
A Generic Explainability Framework for Function CircuitsA Generic Explainability Framework for Function Circuits
A Generic Explainability Framework for Function Circuits
 
Detecting Responsive Web Design Bugs with Declarative Specifications
Detecting Responsive Web Design Bugs with Declarative SpecificationsDetecting Responsive Web Design Bugs with Declarative Specifications
Detecting Responsive Web Design Bugs with Declarative Specifications
 
Streamlining the Inclusion of Computer Experiments in Research Papers
Streamlining the Inclusion of Computer Experiments in Research PapersStreamlining the Inclusion of Computer Experiments in Research Papers
Streamlining the Inclusion of Computer Experiments in Research Papers
 
Writing Domain-Specific Languages for BeepBeep
Writing Domain-Specific Languages for BeepBeepWriting Domain-Specific Languages for BeepBeep
Writing Domain-Specific Languages for BeepBeep
 
Real-Time Data Mining for Event Streams
Real-Time Data Mining for Event StreamsReal-Time Data Mining for Event Streams
Real-Time Data Mining for Event Streams
 
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
 
Mining event streams with BeepBeep 3
Mining event streams with BeepBeep 3Mining event streams with BeepBeep 3
Mining event streams with BeepBeep 3
 
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)
 
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)
 
Event Stream Processing with Multiple Threads
Event Stream Processing with Multiple ThreadsEvent Stream Processing with Multiple Threads
Event Stream Processing with Multiple Threads
 
A Few Things We Heard About RV Tools (Position Paper)
A Few Things We Heard About RV Tools (Position Paper)A Few Things We Heard About RV Tools (Position Paper)
A Few Things We Heard About RV Tools (Position Paper)
 
Solving Equations on Words with Morphisms and Antimorphisms
Solving Equations on Words with Morphisms and AntimorphismsSolving Equations on Words with Morphisms and Antimorphisms
Solving Equations on Words with Morphisms and Antimorphisms
 

Dernier

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 

Dernier (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 

Cooperative Runtime Monitoring of LTL Interface Contracts (EDOC 2010)

  • 1. Fonds de recherche sur la nature et les technologies NSERC CRSNG Sylvain Hallé
  • 2. For more information Visit my web site www.leduotang.com/sylvain Sylvain Hallé
  • 3. Context The Client Sylvain Hallé 2
  • 4. Context The Server The Client Sylvain Hallé 2
  • 5. Context The Server A The Client Sylvain Hallé 2
  • 6. Context The Request Server message A The Client Sylvain Hallé 2
  • 7. Context The Server A B The Client Sylvain Hallé 2
  • 8. Context The Server A Response message B The Client Sylvain Hallé 2
  • 9. Context Alphabet (A) Set of possible messages Sylvain Hallé 3
  • 10. Context Alphabet (A) Set of possible messages Trace (A*) Sequence of messages Sylvain Hallé 3
  • 11. Context Alphabet (A) Set of possible messages Trace (A*) Sequence of messages State Abstraction of a trace Sylvain Hallé 3
  • 12. Context Transition function (d ) d Sylvain Hallé 3
  • 13. Context Transition function (d ) d A Sylvain Hallé 3
  • 14. Context Transition function (d ) d A s S Sylvain Hallé 3
  • 15. Context Transition function (d ) d s’ A s S Sylvain Hallé 3
  • 16. Context Transition function (d ) d s’ Æ A s S Sylvain Hallé 3
  • 17. Context Transition function (d ) dS ® :A´ S d an) º (... d (a0a1 ... d (s0, a0)...)) (an, d d s’ Æ A s S Sylvain Hallé 3
  • 18. Context Transition function (d ) dS ® :A´ S d an) º (... d (a0a1 ... d (s0, a0)...)) (an, d Interface contract (k) Defines valid traces d s’ k {T, F} : A* ® Æ A s S Sylvain Hallé 3
  • 19. Context Transition function (d ) dS ® :A´ S d an) º (... d (a0a1 ... d (s0, a0)...)) (an, d Interface contract (k) Defines valid traces d s’ k {T, F} : A* ® Æ k n)= T (a0a1...a A s S Sylvain Hallé 3
  • 20. Context Transition function (d ) dS ® :A´ S Û d an) º (... d (a0a1 ... d (s0, a0)...)) (an, d Interface contract (k) Defines valid traces d s’ k {T, F} : A* ® Æ k n)= T (a0a1...a A s S Sylvain Hallé 3
  • 21. Context Transition function (d ) dS ® :A´ S Û d an) º (... d (a0a1 ... d (s0, a0)...)) (an, d Interface contract (k) Defines valid traces d s’ k {T, F} : A* ® Æ k n)= T (a0a1...a A s S d a n) ¹ (a0a1 ... Æ Sylvain Hallé 3
  • 22. A general framework Server A Message Client Interface contract Sylvain Hallé 4
  • 23. A general framework Iterator class Method A call Java program Two calls of the next() method must be separated by at least one occurrence of hasNext(). Sylvain Hallé 4
  • 24. A general framework web XML service A message Ajax web client If CartClear is invoked, no CartModify or CartRemove can occur before a new CartAdd. Sylvain Hallé 5
  • 25. Contract violations What happens when the contract is violated? - Error messages - Non-sensical data returned - Compensation mechanisms - Wasted processing time - Security breaches - Etc. Sylvain Hallé 6
  • 26. The big question Prevent contract violations Sylvain Hallé 7
  • 27. Current solutions 1. A priori certification A trustworthy authority assesses the client’s compliance to the contract... Testing, static verification etc. Sylvain Hallé 8
  • 28. Current solutions 1. A priori certification A trustworthy authority assesses the client’s compliance to the contract... ...and grants a digital certificate Sylvain Hallé 8
  • 29. Current solutions 1. A priori certification A+ The service needs a certificate to start an exchange with a client Sylvain Hallé 8
  • 30. Current solutions 1. A priori certification A+ The service needs a certificate to start an exchange with a client Example: iPhone app certification Sylvain Hallé 8
  • 31. Current solutions 1. A priori certification Z+ Problem: the client can change after certification iPhone jailbreaking, Javascript prototype hijacking, ... Sylvain Hallé 8
  • 32. Current solutions 2. Server-side Runtime Monitoring A separate process checks each incoming message... A Sylvain Hallé 9
  • 33. Current solutions 2. Server-side Runtime Monitoring A separate process checks A each incoming message... The message is relayed to the application proper when it complies with the contract Sylvain Hallé 9
  • 34. Current solutions 2. Server-side Runtime Monitoring A separate process checks each incoming message... ...and is discarded when it violates the contract Sylvain Hallé 9
  • 35. Current solutions 2. Server-side Runtime Monitoring Problem: computational load on the server side Sylvain Hallé 9
  • 36. Current solutions 3. Client-side Runtime Monitoring Each client has a separate process that validates its messages before sending them A Sylvain Hallé 10
  • 37. Current solutions 3. Client-side Runtime Monitoring Z Z Z Problem: server has no guarantee that monitoring actually takes place Sylvain Hallé 10
  • 38. Goal Processing savings of client-side monitoring Guarantees of server-side monitoring Sylvain Hallé 11
  • 39. Goal COOPERATIVE RUNTIME MONITORING Processing savings of client-side monitoring Guarantees of server-side monitoring Sylvain Hallé 11
  • 40. Goal Complete Guarantees None 0 Computational 100% savings Sylvain Hallé 12
  • 41. Goal Complete Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 12
  • 42. Goal Complete Server-side monitoring Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 12
  • 43. Goal Complete Server-side monitoring ? Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 12
  • 44. Goal Complete Server-side monitoring Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 12
  • 45. Goal No way Complete to preserve complete guarantees Server-side monitoring Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 12
  • 46. Goal Complete Server-side monitoring Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 12
  • 47. Goal Potential for cooperation Complete Server-side monitoring Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 12
  • 48. Cooperative runtime monitoring Both the server- and client- side monitors maintain the current state of the message exchange s s Sylvain Hallé 13
  • 49. Cooperative runtime monitoring From its current state (s) and new message (A), the client- side monitor computes (g )... A Sylvain Hallé 13
  • 50. Cooperative runtime monitoring From its current state (s) and new message (A), the client- side monitor computes (g )... s, s’, A) g= ( () s’ The new contract state A ‘‘proof’’ that A is a valid extension of the message exchange Sylvain Hallé 13
  • 51. Cooperative runtime monitoring The proof is sent with the message A+ Sylvain Hallé 13
  • 52. Cooperative runtime monitoring From its current state (s), incoming message (A) and proof ( ), the server-side monitor computes (m and n)... Sylvain Hallé 13
  • 53. Cooperative runtime monitoring From its current state (s), incoming message (A) and proof ( ), the server-side monitor computes (m and n)... A,= m T/F () n s’ s, (= ) T/F If the proof is consistent with the accompanying message s’ The new contract state Sylvain Hallé 13
  • 54. Cooperative runtime monitoring Both sides agree on the new current state (s’) s’ s’ Sylvain Hallé 14
  • 55. Cooperative runtime monitoring Both sides agree on the new current state (s’) The client computes s’ it from s and A s’ Sylvain Hallé 14
  • 56. Cooperative runtime monitoring Both sides agree on the new current state (s’) The client computes s’ it from s and A s’ The server computes it from s and Sylvain Hallé 14
  • 57. Requirements A+ s , s’, g=A) ( () A , =( = m T/F n s’ () s,) Sylvain Hallé 15
  • 58. Requirements A+ s , s’, g=A) ( () A , =( = m T/F n s’ () s,) 1. The proof must be unspoofable If A is not a valid continuation from state s, then for any , either m F or n ? A,=s,= () ( ) 2. The proof must be equivalent to contract monitoring If A is a valid continuation from state s to state s’, then , m T and n s’ A,= ( = () s, ) 3. Checking the proof must be easy (i.e. polynomial) Sylvain Hallé 15
  • 59. Requirements A+ s , s’, g=A) ( () A , =( = m T/F n s’ () s,) 1. The proof must be unspoofable If A is not a valid continuation from state s, then for any , either m F or n ? A,=s,= () ( ) 2. The proof must be equivalent to contract monitoring If A is a valid continuation from state s to state s’, then , m T and n s’ A,= ( = () s, ) 3. Checking the proof must be easy (i.e. polynomial) Sylvain Hallé 15
  • 60. Requirements A+ s , s’, g=A) ( () A , =( = m T/F n s’ () s,) 1. The proof must be unspoofable If A is not a valid continuation from state s, then for any , either m F or n ? A,=s,= () ( ) 2. The proof must be equivalent to contract monitoring If A is a valid continuation from state s to state s’, then , m T and n s’ A,= ( = () s, ) 3. Checking the proof must be easy (i.e. polynomial) Sylvain Hallé 15
  • 61. Requirements A+ s , s’, g=A) ( () A , =( = m T/F n s’ () s,) 1. The proof must be unspoofable If A is not a valid continuation from state s (d Æ (s,A) = ), A,=s,= then for any , either m F or n ? () ( ) 2. The proof must be equivalent to contract monitoring If A is a valid continuation from state s to state s’, then , m T and n s’ A,= ( = () s, ) 3. Checking the proof must be easy (i.e. polynomial) Sylvain Hallé 15
  • 62. Requirements A+ s , s’, g=A) ( () A , =( = m T/F n s’ () s,) 1. The proof must be unspoofable If A is not a valid continuation from state s (d Æ (s,A) = ), A,=s,= then for any , either m F or n ? () ( ) 2. The proof must be equivalent to contract monitoring If A is a valid continuation from state s to state s’, then s , s’, ( ) A) g =, m T and n s’ ( () , = ( = A s, ) 3. Checking the proof must be easy (i.e. polynomial) Sylvain Hallé 15
  • 63. Requirements A+ s , s’, g=A) ( () A , =( = m T/F n s’ () s,) 1. The proof must be unspoofable If A is not a valid continuation from state s (d Æ (s,A) = ), A,=s,= then for any , either m F or n ? () ( ) 2. The proof must be equivalent to contract monitoring If A is a valid continuation from state s to state s’, then s , s’, ( ) A) g =, m T and n s’ ( () , = ( = A s, ) 3. Checking the proof must be easy (i.e. polynomial) Þ be in NP mmust and n Sylvain Hallé 15
  • 64. Expressing an interface contract LTL formula = assertion on a trace (of messages) Ga "always a" Xa "the next message is a" Fa "eventually a" aWb "a until b abacdcbaqqtam... G (a ® X b) FALSE ØW c (q Ú t) TRUE Gerth, Peled, Vardi, Wolper (PSTV 1995): on-the-fly runtime monitoring algorithm for LTL Sylvain Hallé 16
  • 65. Classical LTL runtime monitoring Algorithm overview: 1. An LTL formula is decomposed into nodes of the form sub-formulas that sub-formulas that must must be true now be true in the next state Sylvain Hallé 17
  • 66. Classical LTL runtime monitoring Algorithm overview: 1. An LTL formula is decomposed into nodes of the form sub-formulas that sub-formulas that must must be true now be true in the next state Example: Sylvain Hallé 17
  • 67. Classical LTL runtime monitoring 2. Negations pushed inside (classical identities + dual of U = V) 3. At the leaves, G atoms + negations of atoms: contains we evaluate them Verdict: ! All leaves contain FALSE: formula is false ! A leaf is empty: formula is true ! Otherwise: 4. Next event: D into G continue copied and we Sylvain Hallé 18
  • 68. Classical LTL runtime monitoring Example: G G (p Ù F s)) (X q Ú 1 2 X p F1 F2 p Sylvain Hallé 19
  • 69. Classical LTL runtime monitoring Example: G G (p Ù F s)) (X q Ú If p is true and s is false in the 1 current message m, then... 2 X p p F1 F2 p s p Sylvain Hallé 20
  • 70. Intuition for g s 1. This algorithm computes G d s’ (s,A) = 1 2 X p p s’ F1 F2 p s p s’ Sylvain Hallé 21
  • 71. Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = 2 X p p F1 F2 p s p Sylvain Hallé 21
  • 72. Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = G 2 X p p F1 F2 p s p Sylvain Hallé 21
  • 73. Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = G, Ù 2 X p p F1 F2 p s p Sylvain Hallé 21
  • 74. Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = G, Ù ,Ú 1 2 X p p F1 F2 p s p Sylvain Hallé 21
  • 75. Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = G, Ù ,Ú 1, X 2 X p p F1 F2 p s p Sylvain Hallé 21
  • 76. Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = G, Ù p ,Ú 1, X, 2 X p p F1 F2 p s p Sylvain Hallé 21
  • 77. Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = G, Ù p ,Ú1, X, 2 X {q, G (p Ù F s))} (X q Ú p p F1 F2 p s p Sylvain Hallé 21
  • 78. Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = G, Ù p ,Ú1, X, 2 X {q, G (p Ù F s))} (X q Ú p + p G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú F1 F2 p s p Sylvain Hallé 21
  • 79. Intuition for g 1. This algorithm computes G d s’ (s,A) = 2. The proof is the path to each valid leaf 1 = G, Ù p ,Ú1, X, 2 X {q, G (p Ù F s))} (X q Ú p + p G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú F1 F2 p 3. The combination gives us s p s , s’, g= A) ( () Sylvain Hallé 21
  • 80. Intuition for m A+ s , s’, g=A) ( () A , =( = m T/F n s’ () s,) Given a message (A) and a proof ( ), one can check that the atoms in the paths are indeed true in the message... = G, Ùp,Ú, X, 1 {q, G (p Ù F s))} (X q Ú Is p true in A? + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú ...this computes m ()A, Sylvain Hallé 22
  • 81. Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... G (p Ù F s)) (X q Ú = G, Ù p ,Ú1, X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
  • 82. Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... G (p Ù F s)) G (X q Ú = G Ùp G, , Ú , X, 1 {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
  • 83. Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... G (p Ù F s)) (X q Ú = G, Ù p ,Ú1, X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
  • 84. Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... G (p Ùs)) ÙF (X q Ú = G, Ù Ùp,Ú1, X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
  • 85. Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... ,qÚ G (p Ù F s)) (X = G, Ù p ,Ú1, X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
  • 86. Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... , qÚ G (p Ù F s)) (X Ú = ,Ú G, Ù pÚ1, X, 1 {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
  • 87. Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... ,q G (p Ù (X = G, Ù p ,Ú1, X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
  • 88. Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... ,q G (p ÙX (X = G, Ù p ,Ú1, X X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
  • 89. Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... G (p Ù (X q q = G, Ù p ,Ú1, X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
  • 90. Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... p q = G, Ùp,Ú1, X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
  • 91. Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... q = G, Ù ,Ú1, X, {q, G (p Ù F s))} (X q Ú + G, Ù p ,Ú2, F2, {F q, G (p Ù F s))} (X q Ú Sylvain Hallé 23
  • 92. Intuition for n From an initial state (s), one can ‘‘peel off’’ the formula according to the path given by the proof... q = G, Ù,Ú , X, 1 ...if the operation comes to {q, G (p Ù F s))} (X q Ú an end, we accept the leaf + G, Ù p ,Ú given in as the resulting 2, F2, {F q, G (p Ù F s))} (X q Ú end state s’ ...this computes n s’ s, (= ) Sylvain Hallé 23
  • 93. What about complexity? number of witnesses < total number of leaves < s, (n < () < (g) ) (s,A) Does not expand ‘‘dead-end’’ branches Sylvain Hallé 24
  • 94. What about complexity? number of witnesses < total number of leaves < s, (n < () < (g) ) (s,A) number of witnesses total number of leaves (n s, () ) (g)(s,A) Sylvain Hallé 24
  • 95. What about complexity? number of witnesses < total number of leaves < s, (n < () < (g) ) (s,A) number of witnesses total number of leaves (n s, () ) (g)(s,A) check the proof compute the proof Þ Sylvain Hallé { Non-branching LTL No gain... Solution: restrict LTL to fragment that produces at most one witness at every step 24
  • 96. Non-branching LTL Follows three conditions: Sylvain Hallé 25
  • 97. Non-branching LTL Follows three conditions: 1. ( Ú . ( . . . . ) . ) Sylvain Hallé 25
  • 98. Non-branching LTL Follows three conditions: No temporal operator 1. ( Ú . ( . . . . ) . ) Sylvain Hallé 25
  • 99. Non-branching LTL Follows three conditions: No temporal operator 1. ( Ú . ( . . . . ) . ) 2. F ( ... ) Sylvain Hallé 25
  • 100. Non-branching LTL Follows three conditions: No temporal operator 1. ( Ú . ( . . . . ) . ) 2. F ( ... ) Sylvain Hallé 25
  • 101. Non-branching LTL Follows three conditions: No temporal operator 1. ( Ú . ( . . . . ) . ) 2. F ( ... ) 3. ( U ( . . . . . ) . ) Sylvain Hallé 25
  • 102. Non-branching LTL Follows three conditions: No temporal operator 1. ( Ú . ( . . . . ) . ) 2. F ( ... ) 3. ( U ( . . . . . ) . ) Sylvain Hallé 25
  • 103. Non-branching LTL Follows three conditions: No temporal operator 1. ( Ú . ( . . . . ) . ) 2. F ( ... ) 3. ( U ( . . . . . ) . ) Sylvain Hallé 25
  • 104. Non-branching LTL Follows three conditions: No temporal operator 1. ( Ú . ( . . . . ) . ) 2. F ( ... ) 3. ( U ( . . . . . ) . ) Theorem: a non-branching LTL formula produces a proof ( ) linear in the length of the interface contract (see the paper!) Sylvain Hallé 25
  • 105. Non-branching LTL Follows three conditions: No temporal operator 1. ( Ú . ( . . . . ) . ) 2. F ( ... ) 3. ( U ( . . . . . ) . ) Theorem: a non-branching LTL formula produces a proof ( ) linear in the length of the interface contract (see the paper!) Non-branching LTL contracts can be efficiently enforced Þ through cooperative runtime monitoring Sylvain Hallé 25
  • 107. Experimental results A Sylvain Hallé 26
  • 108. Experimental results s, s’, A) g= ( () Sylvain Hallé 26
  • 109. Experimental results s, s’, A) g= ( () = 5.08 ms Sylvain Hallé 26
  • 110. Experimental results A+ = 5.08 ms Sylvain Hallé 26
  • 111. Experimental results A,= m T/F () n s’ s, (= ) = 5.08 ms Sylvain Hallé 26
  • 112. Experimental results A,= m T/F () n s’ s, (= ) = 0.35 ms = 5.08 ms Sylvain Hallé 26
  • 113. Experimental results = 0.35 ms = 5.08 ms Server is spared of 90% of the computation Sylvain Hallé 26
  • 114. Experimental results Complete Server-side monitoring Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 27
  • 115. Experimental results Complete Cooperative Server-side monitoring monitoring Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 27
  • 116. Experimental results Expressiveness Complete Cooperative Server-side monitoring monitoring Guarantees None Client-side monitoring 0 Computational 100% savings Sylvain Hallé 27
  • 117. Experimental results Expressiveness Complete Cooperative Server-side monitoring monitoring Guarantees Non- branching LTL Client-side None monitoring 0 Computational 100% savings Sylvain Hallé 27
  • 118. Experimental results Expressiveness Complete Cooperative Server-side monitoring monitoring Guarantees LTL Non- branching LTL Client-side None monitoring 0 Computational 100% savings Sylvain Hallé 27
  • 119. Experimental results Expressiveness Complete Cooperative Server-side monitoring First- monitoring order logic Guarantees LTL Non- branching LTL Client-side None monitoring 0 Computational 100% savings Sylvain Hallé 27
  • 120. Experimental results Theoretical upper bound Expressiveness Complete Cooperative Server-side monitoring First- monitoring order logic Guarantees LTL Non- branching LTL Client-side None monitoring 0 Computational 100% savings Sylvain Hallé 27
  • 122. Take-home points 1. An interface contract specifies valid sequences of ‘‘messages’’ between a client and a server . Sylvain Hallé 28
  • 123. Take-home points 1. An interface contract specifies valid sequences of ‘‘messages’’ between a client and a server . 2. Cooperative runtime monitoring allows the enforcement of the contract to be split between both parties . Sylvain Hallé 28
  • 124. Take-home points 1. An interface contract specifies valid sequences of ‘‘messages’’ between a client and a server . 2. Cooperative runtime monitoring allows the enforcement of the contract to be split between both parties .. 3. For a fragment of Linear Temporal Logic, empirical tests show that 90% of the work can be outsourced to the client... Sylvain Hallé 28
  • 125. Take-home points 1. An interface contract specifies valid sequences of ‘‘messages’’ between a client and a server . 2. Cooperative runtime monitoring allows the enforcement of the contract to be split between both parties .. 3. For a fragment of Linear Temporal Logic, empirical tests show that 90% of the work can be outsourced to the client... . 4. ...while preserving the same guarantees as with server-side monitoring Sylvain Hallé 28
  • 126. Take-home points 1. An interface contract specifies valid sequences of ‘‘messages’’ between a client and a server . 2. Cooperative runtime monitoring allows the enforcement of the contract to be split between both parties .. 3. For a fragment of Linear Temporal Logic, empirical tests show that 90% of the work can be outsourced to the client... . 4. ...while preserving the same guarantees as with server-side monitoring . 5. This is a 3D problem: guarantees, computational load and expressiveness can be modulated Sylvain Hallé 28
  • 127. For more information Visit my web site www.leduotang.com/sylvain Sylvain Hallé