SlideShare a Scribd company logo

Runtime Monitoring of a Quantified Temporal Logic (Talk @ UniSA)

Sylvain Hallé
Sylvain Hallé

Slides for a talk given at University of South Australia, september 2009

1 of 174
Download to read offline
Runtime monitoring of a quantified temporal logic An application to interface contracts in web applications Sylvain Hallé University of California Santa Barbara, USA Sylvain Hallé
A technological introduction Sylvain Hallé
A technological introduction + ? Sylvain Hallé
A technological introduction + ? Sylvain Hallé
A technological introduction + ? Sylvain Hallé
A technological introduction + ? Sylvain Hallé
A technological introduction 1. 2. ... Sylvain Hallé
A technological introduction ? Sylvain Hallé
A technological introduction ? Sylvain Hallé
A technological introduction Chapeaux.com ? Sylvain Hallé
A technological introduction Chapeaux.com ? Sylvain Hallé
A technological introduction Chapeaux.com ? Sylvain Hallé
A technological introduction Chapeaux.com ? Sylvain Hallé
A technological introduction Chapeaux.com 1. 2. ... Sylvain Hallé
A technological introduction Chapeaux.com Sylvain Hallé
A technological introduction My research's Chapeaux.com topic Sylvain Hallé
A few examples E-Commerce Service: inventory management + billing Compute Cloud: leasing CPU time PayPal API: billing, express checkout Shopping: like Amazon Google Search, Google Maps, GMail, ... Sylvain Hallé
Web services Sylvain Hallé
Web services Application Service Sylvain Hallé
Web services Web application Web service Sylvain Hallé
Web services ? Web application Web service Sylvain Hallé
Web services Request ? Web application Web service Sylvain Hallé
Web services Request ? Web application 1. 2. Web service ... Sylvain Hallé
Web services Request ? Web application 1. 2. Web service ... Response Sylvain Hallé
Web services XML request <search> Web application <object>hat</object> <type>melon</type> </search> 1. 2. Web service ... Response Sylvain Hallé
Web services XML request <search> Web application <object>hat</object> <type>melon</type> </search> <hats> <hat> <no>123</no> <price>40$</price> </hat> Web service ... XML </hats> response Sylvain Hallé
Web services XML request <search> <object>hat</object> <type>melon</type> </search> <hats> <hat> <no>123</no> <price>40$</price> </hat> ... XML </hats> response Sylvain Hallé
Web services XML request <search> search[ <object>hat</object> object[string], <type>melon</type> type[string] </search> ] <hats> <hat> <no>123</no> <price>40$</price> </hat> ... XML </hats> response Sylvain Hallé
Web services XML request <search> search[ <object>hat</object> object[string], <type>melon</type> type[string] </search> ] hats[ <hats> hat[ <hat> no[integer], <no>123</no> price[float] <price>40$</price> ]{0,?} </hat> ] ... XML </hats> response Sylvain Hallé
Web services XML request search[ object[string], type[string] ] hats[ hat[ no[integer], price[float] ]{0,?} ] XML response Sylvain Hallé
Web services XML request ? search[ object[string], type[string] ] hats[ hat[ ! ] no[integer], price[float] ]{0,?} XML response Sylvain Hallé
Web services WSDL = Web Service Description Language Web service Sylvain Hallé
Web services WSDL = Web Service Description Language hats[ search[ hat[ ? ] object[string], type[string] ! no[integer], price[float] ]{0,?} ] Web service Sylvain Hallé
Web services WSDL = Web Service Description Language hats[ search[ hat[ ? ] object[string], type[string] ! no[integer], price[float] ]{0,?} ] add[ Web service ? ] hat[int], quantity[int] ! ok[] Sylvain Hallé
Web services WSDL = Web Service Description Language hats[ search[ hat[ ? ] object[string], type[string] ! no[integer], price[float] ]{0,?} ] add[ Web service ? ] hat[int], quantity[int] ! ok[] ... Sylvain Hallé
Web services http://webservices.amazon.com/AWSECommerceService/ AWSECommerceService.wsdl https://www.paypal.com/wsdl/PayPalSvc.wsdl http://api.google.com/GoogleSearch.wsdl Sylvain Hallé
Web services Web application Sylvain Hallé
Web services <search> Web application <object>hat</object> <biz>buz</biz> </search> Sylvain Hallé
Web services <search> Web application <object>hat</object> <biz>buz</biz> </search> vs. search[ ? ] object[string], type[string] Sylvain Hallé
Web services <search> Web application <object>hat</object> <biz>buz</biz> </search> vs. search[ ? ] object[string], type[string] Sylvain Hallé
Web services Web service Sylvain Hallé
Web services <hats> <hat> <no>123</no> <price>abc</price> Web service </hat> ... </hats> Sylvain Hallé
Web services hats[ hat[ ! no[integer], price[float] ]{0,?} ] vs. <hats> <hat> <no>123</no> <price>abc</price> Web service </hat> ... </hats> Sylvain Hallé
Web services hats[ hat[ ! no[integer], price[float] ]{0,?} ] vs. <hats> <hat> <no>123</no> <price>abc</price> Web service </hat> ... </hats> Sylvain Hallé
Interface contracts Bouquinerie.com Sylvain Hallé
Interface contracts i ? Bouquinerie.com Sylvain Hallé
Interface contracts i ? Bouquinerie.com Sylvain Hallé
Interface contracts Bouquinerie.com 1. 2. ... Sylvain Hallé
Interface contracts Bouquinerie.com 1. 2. ... Sylvain Hallé
Interface contracts 2 Bouquinerie.com Sylvain Hallé
Interface contracts 2 Bouquinerie.com Sylvain Hallé
Interface contracts Bouquinerie.com c Sylvain Hallé
Interface contracts Bouquinerie.com c Sylvain Hallé
Interface contracts 2 c Bouquinerie.com Sylvain Hallé
Interface contracts 2 c Bouquinerie.com Sylvain Hallé
Interface contracts Bouquinerie.com Sylvain Hallé
Interface contracts Sylvain Hallé
Interface contracts i ? Sylvain Hallé
Interface contracts i ? 1. 2. ... Sylvain Hallé
Interface contracts 2 i ? 1. 2. ... c Sylvain Hallé
Interface contracts 2 2 i ? c 1. 2. ... c Sylvain Hallé
Interface contracts 2 2 i ? c 1. 2. ... c All messages comply with the WSDL but... Sylvain Hallé
Interface contracts You cannot add the same item twice to the shopping cart 2 2 i ? c 1. 2. ... c All messages comply with the WSDL but... Sylvain Hallé
Interface contracts You cannot add the same item twice to the shopping cart 2 2 i ? c ??? 1. 2. ... c All messages comply with the WSDL but... Sylvain Hallé
Interface contracts ??? Sylvain Hallé
Interface contracts ??? Sylvain Hallé
Interface contracts Other constraints (DecSerFlow notation): i c || i || j c c ? || X c c i i || c c Sylvain Hallé
Interface contracts You cannot add the same item twice to the shopping cart 2 2 i ? c 1. 2. ... c Sylvain Hallé
Interface contracts You cannot add the same item twice to the shopping cart 2 2 c ! Express properties on messages Sylvain Hallé
Interface contracts You cannot add the same item twice to the shopping cart G ( 2 Þ ØF 2 c ( ! Express properties on messages ! + message sequences (LTL ops.)... Sylvain Hallé
Interface contracts You cannot add the same item twice to the shopping cart ( G "i i Þ ØF i c ( ! Express properties on messages ! + message sequences (LTL ops.)... ! + quantification on elements Sylvain Hallé
Interface contracts You cannot add the same item twice to the shopping cart ( G "i i Þ ØF i c ( ! Express properties on messages ! + message sequences (LTL ops.)... ! + quantification on elements } LTL-FO+ Sylvain Hallé
Linear Temporal Logic s = infinite sequence (word) of symbols from a (finite) alphabet = trace LTL formula = assertion on the sequence of states in a trace Sylvain Hallé
Linear Temporal Logic s = infinite sequence (word) of symbols from a (finite) alphabet = trace LTL formula = assertion on the sequence of states in a trace Ga "always a" Xa "the next symbol is a" Fa "eventually a" aWb "a until b" Sylvain Hallé
Linear Temporal Logic s = infinite sequence (word) of symbols from a (finite) alphabet = trace LTL formula = assertion on the sequence of states in a trace Ga "always a" Xa "the next symbol is a" Fa "eventually a" aWb "a until b" s = abacdcbaqqtam... Sylvain Hallé
Linear Temporal Logic s = infinite sequence (word) of symbols from a (finite) alphabet = trace LTL formula = assertion on the sequence of states in a trace Ga "always a" Xa "the next symbol is a" Fa "eventually a" aWb "a until b" s = abacdcbaqqtam... G (a ® X b) Sylvain Hallé
Linear Temporal Logic s = infinite sequence (word) of symbols from a (finite) alphabet = trace LTL formula = assertion on the sequence of states in a trace Ga "always a" Xa "the next symbol is a" Fa "eventually a" aWb "a until b" s = abacdcbaqqtam... G (a ® X b) FALSE Sylvain Hallé
Linear Temporal Logic s = infinite sequence (word) of symbols from a (finite) alphabet = trace LTL formula = assertion on the sequence of states in a trace Ga "always a" Xa "the next symbol is a" Fa "eventually a" aWb "a until b" s = abacdcbaqqtam... G (a ® X b) FALSE Ø (q Ú t) W c Sylvain Hallé
Linear Temporal Logic s = infinite sequence (word) of symbols from a (finite) alphabet = trace LTL formula = assertion on the sequence of states in a trace Ga "always a" Xa "the next symbol is a" Fa "eventually a" aWb "a until b" s = abacdcbaqqtam... G (a ® X b) FALSE Ø (q Ú t) W c TRUE Sylvain Hallé
Linear Temporal Logic Well-known results: Sylvain Hallé
Linear Temporal Logic Well-known results: 1. For every LTL formula j, there exists a Büchi automaton A j such that for every (infinite) trace s: s |= j Û s Î L(A j) i.e. LTL describes w-regular languages Sylvain Hallé
Linear Temporal Logic Well-known results: 1. For every LTL formula j, there exists a Büchi automaton A j such that for every (infinite) trace s: s |= j Û s Î L(A j) i.e. LTL describes w-regular languages 2. The alphabet symbols can be generalized to finite sets of Boolean propositions Sylvain Hallé
LTL-FO+ What if symbols are XML documents? LTL-FO+ = LTL + first-order quantification on elements Let... p = argument of a function f... filters acceptable values for x... according to the current message s0 Sylvain Hallé
LTL-FO+ What if symbols are XML documents? LTL-FO+ = LTL + first-order quantification on elements Let... p = argument of a function f... filters acceptable values for x... according to the current message s0 $p x : j(x) Sylvain Hallé
LTL-FO+ What if symbols are XML documents? LTL-FO+ = LTL + first-order quantification on elements Let... p = argument of a function f... filters acceptable values for x... according to the current message s0 s |= $p x : j(x) Sylvain Hallé
LTL-FO+ What if symbols are XML documents? LTL-FO+ = LTL + first-order quantification on elements Let... p = argument of a function f... filters acceptable values for x... according to the current message s0 s |= $p x : j(x) Û $k : s |= j(k) Sylvain Hallé
LTL-FO+ What if symbols are XML documents? LTL-FO+ = LTL + first-order quantification on elements Let... p = argument of a function f... filters acceptable values for x... according to the current message s0 s |= $p x : j(x) Û $k : s |= j(k) AND k Îf(s0,p) Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 p = a/b Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 XPath expression p = a/b Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 p = a/b f(s0,p) = Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 p = a/b f(s0,p) = {1,2} Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 p = a/b f(s1,p) = Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 p = a/b f(s1,p) = {} Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 "a/b x : x=1 Ú x=2 Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 TRUE "a/b x : x=1 Ú x=2 Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 TRUE "a/b x : x=1 Ú x=2 "c x : x=5 Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 TRUE "a/b x : x=1 Ú x=2 TRUE "c x : x=5 Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 TRUE "a/b x : x=1 Ú x=2 TRUE "c x : x=5 G "c x : x=5 Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 TRUE "a/b x : x=1 Ú x=2 TRUE "c x : x=5 FALSE G "c x : x=5 Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 TRUE "a/b x : x=1 Ú x=2 TRUE "c x : x=5 FALSE G "c x : x=5 "c x : F $ c y : x=y Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 TRUE "a/b x : x=1 Ú x=2 TRUE "c x : x=5 FALSE G "c x : x=5 TRUE "c x : F $ c y : x=y Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 TRUE? G ("c x : x=5 Ú x=6) Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>3</c> <c>5</c> <c>6</c> s0 s1 s2 X TRUE? / FALSE G ("c x : x=5 Ú x=6) Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 X TRUE? / FALSE G ("c x : x=5 Ú x=6) FALSE? F $c x : x=3 Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>3</c> <c>5</c> <c>6</c> s0 s1 s2 X TRUE? / FALSE G ("c x : x=5 Ú x=6) TRUE / FALSE? F $ x : x=3 X c Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 X TRUE? / FALSE G ("c x : x=5 Ú x=6) TRUE / FALSE? F $c x : x=3 X TRUE? / FALSE? G ( " x : F $ c y : x=y ) c Sylvain Hallé
LTL-FO+ Example: <d> <c>6</c> <a> <e>1</e> <b>1</b> <e>2</e> s2 s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 X TRUE? / FALSE G ("c x : x=5 Ú x=6) TRUE / FALSE? F $c x : x=3 X TRUE? / FALSE? G ( " x : F $ c y : x=y ) X c Sylvain Hallé
LTL-FO+ Example: <d> <c>6</c> <a> <e>1</e> <b>1</b> <e>2</e> s2 s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>3</c> <c>6</c> s0 s1 s3 X TRUE? / FALSE G ("c x : x=5 Ú x=6) TRUE / FALSE? F $c x : x=3 X TRUE? / FALSE? G ( " x : F $ c y : x=y ) X X c Sylvain Hallé
LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 X TRUE? / FALSE G ("c x : x=5 Ú x=6) TRUE / FALSE? F $c x : x=3 X TRUE? / FALSE? G ( " x : F $ c y : x=y ) X X c TRUE? / FALSE? XXX (" x : x=0 ) c Sylvain Hallé
LTL-FO+ Example: (At least) a third value is required UNDETERMINED Necessary only to evaluate a finite prefix X TRUE? / FALSE G ("c x : x=5 Ú x=6) TRUE / FALSE? F $c x : x=3 X TRUE? / FALSE? G ( " x : F $ c y : x=y ) X X c TRUE? / FALSE? XXX (" x : x=0 ) c Sylvain Hallé
LTL-FO+ Example: (At least) a third value is required UNDETERMINED Necessary only to evaluate a finite prefix X UND- TRUE? / FALSE G ("c x : x=5 Ú x=6) UND+ TRUE / FALSE? F $c x : x=3 X UND? TRUE? / FALSE? G ( " x : F $ c y : x=y ) X X c UND TRUE? / FALSE? XXX (" x : x=0 ) c Sylvain Hallé
Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read Sylvain Hallé
Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j Sylvain Hallé
Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j s= Sylvain Hallé
Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j s=a Sylvain Hallé
Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j a s=a Sylvain Hallé
Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j a s = ab Sylvain Hallé
Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j a b s = ab b Sylvain Hallé
Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j a b s = aba b Sylvain Hallé
Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j a b s = aba a b a Sylvain Hallé
Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j a b s = aba a b a Dead end: formula is false Sylvain Hallé
Runtime monitoring Algorithm overview: 1. An LTL formula is decomposed into nodes of the form sub-formulas that sub-formulas that must must be true now be true in the next state Sylvain Hallé
Runtime monitoring Algorithm overview: 1. An LTL formula is decomposed into nodes of the form sub-formulas that sub-formulas that must must be true now be true in the next state Example: Sylvain Hallé
Runtime monitoring 2. Negations pushed inside (classical identities + dual of U = V) Sylvain Hallé
Runtime monitoring 2. Negations pushed inside (classical identities + dual of U = V) 3. At the leaves, G contains atoms + negations of atoms: we evaluate them Verdict: ! All leaves contain FALSE: formula is false ! A leaf is empty: formula is true ! Otherwise: Sylvain Hallé
Runtime monitoring 2. Negations pushed inside (classical identities + dual of U = V) 3. At the leaves, G contains atoms + negations of atoms: we evaluate them Verdict: ! All leaves contain FALSE: formula is false ! A leaf is empty: formula is true ! Otherwise: 4. Next event: D copied into G and we continue Sylvain Hallé
Runtime monitoring Example: G (a ® X b) Sylvain Hallé
Runtime monitoring Example: G (a ® X b) G (a ® X b) ’ Sylvain Hallé
Runtime monitoring Example: G (a ® X b) G (a ® X b) ’ a ® X b ’ G (a ® X b) Sylvain Hallé
Runtime monitoring Example: G (a ® X b) G (a ® X b) ’ a ® X b ’ G (a ® X b) Øa ’ G (a ® X b) Sylvain Hallé
Runtime monitoring Example: G (a ® X b) G (a ® X b) ’ a ® X b ’ G (a ® X b) Øa ’ G (a ® X b) a, X b ’ G (a ® X b) Sylvain Hallé
Runtime monitoring Example: G (a ® X b) G (a ® X b) ’ a ® X b ’ G (a ® X b) Øa ’ G (a ® X b) a, X b ’ G (a ® X b) a ’ G (a ® X b), b Sylvain Hallé
Runtime monitoring Example: G (a ® X b) Øa ’ G (a ® X b) a ’ G (a ® X b), b Sylvain Hallé
Runtime monitoring Example: G (a ® X b) Øa ’ G (a ® X b) a ’ G (a ® X b), b s=a Sylvain Hallé
Runtime monitoring Example: G (a ® X b) Øa ’ G (a ® X b) a ’ G (a ® X b), b s=a Sylvain Hallé
Runtime monitoring Example: G (a ® X b) a ’ G (a ® X b), b s=a Sylvain Hallé
Runtime monitoring Example: G (a ® X b) ’ G (a ® X b), b s=a Sylvain Hallé
Runtime monitoring Example: G (a ® X b) G (a ® X b), b ’ ’ G (a ® X b), b s=a Sylvain Hallé
Runtime monitoring Example: G (a ® X b) G (a ® X b), b ’ a ® X b, b ’ G (a ® X b) Øa, b ’ G (a ® X b) a, X b, b ’ G (a ® X b) a, b ’ G (a ® X b), b s=a Sylvain Hallé
Runtime monitoring Example: G (a ® X b) Øa, b ’ G (a ® X b) a, b ’ G (a ® X b), b s=a Sylvain Hallé
Runtime monitoring Example: G (a ® X b) Øa, b ’ G (a ® X b) a, b ’ G (a ® X b), b s=a Sylvain Hallé
Runtime monitoring Example: G (a ® X b) Øa, b ’ G (a ® X b) s=a Sylvain Hallé
Runtime monitoring Example: G (a ® X b) Øa, b ’ G (a ® X b) s = ac Sylvain Hallé
Runtime monitoring Example: G (a ® X b) Øa, b ’ G (a ® X b) s = ac Sylvain Hallé
Runtime monitoring Example: G (a ® X b) No way to extend the trace: formula is false s = ac Sylvain Hallé
Runtime monitoring Hallé & Villemaire, EDOC 2008: adaptation of the algorithm to handle LTL-FO+ 1. Atoms become equality tests (and vice versa) 2. Decomposition rules for quantifiers Sylvain Hallé
The BeepBeep runtime monitor Bouquinerie.com Sylvain Hallé
The BeepBeep runtime monitor Bouquinerie.com Sylvain Hallé
The BeepBeep runtime monitor ( G "i i Þ ØF i c ( Bouquinerie.com Sylvain Hallé
The BeepBeep runtime monitor 2 Bouquinerie.com Sylvain Hallé
The BeepBeep runtime monitor Bouquinerie.com Sylvain Hallé
The BeepBeep runtime monitor 2 Bouquinerie.com Sylvain Hallé
The BeepBeep runtime monitor 2 Bouquinerie.com Sylvain Hallé
The BeepBeep runtime monitor Bouquinerie.com Sylvain Hallé
The BeepBeep runtime monitor Bouquinerie.com ! Sylvain Hallé
Add BeepBeep to an application Sylvain Hallé
Add BeepBeep to an application Œ Copy BeepBeep in the application's directory http://beepbeep.sourceforge.net Sylvain Hallé
Add BeepBeep to an application Œ Copy BeepBeep in the application's directory http://beepbeep.sourceforge.net  Include BeepBeep Sylvain Hallé
Add BeepBeep to an application Œ Copy BeepBeep in the application's directory http://beepbeep.sourceforge.net  Include BeepBeep myapplication.html <html> <head> <title>My Application </title> <script type="text/javascript" href="myapplication.js"/> </head> <body> ... </body> </html> Sylvain Hallé
Add BeepBeep to an application Œ Copy BeepBeep in the application's directory http://beepbeep.sourceforge.net  Include BeepBeep myapplication.html <html> <head> <title>My Application </title> <script type="text/javascript" href="myapplication.js"/> <script type="text/javascript" href="beepbeep.js"/> </head> <body> ... </body> </html> Sylvain Hallé
Add BeepBeep to an application Œ Copy BeepBeep in the application's directory http://beepbeep.sourceforge.net  Include BeepBeep myapplication.html myapplication.js <html> <head> // Initializations <title>My Application ... </title> <script type="text/javascript" req = new XMLHttpRequest(); href="myapplication.js"/> <script type="text/javascript" ... href="beepbeep.js"/> </head> function abc() <body> { ... ... </body> req.send(some_message); </html> } Sylvain Hallé
Add BeepBeep to an application Œ Copy BeepBeep in the application's directory http://beepbeep.sourceforge.net  Include BeepBeep myapplication.html myapplication.js <html> <head> // Initializations <title>My Application ... </title> <script type="text/javascript" req = new XMLHttpRequestBB(); href="myapplication.js"/> <script type="text/javascript" ... href="beepbeep.js"/> </head> function abc() <body> { ... ... </body> req.send(some_message); </html> } Sylvain Hallé
Add BeepBeep to an application Ž Create a contract file with LTL-FO+ formulas # --------------------------------------------------------------- # BeepBeep contract file for the Amazon ECS # --------------------------------------------------------------- % To create a cart, you must put at least one item ; G ([x1 /CartCreate/Operation] (((x1) = ({CartCreate})) -> (<x2 /CartCreate/Items/Item/ASIN> ({TRUE})))) % You can only create a cart once ; G ([x1 /CartCreate/Operation] (((x1) = ({CartCreate})) -> (X (G (!(<x2 /CartCreate/Operation> ((x2) = ({CartCreate})))))))) % No CartAdd can occur before a CartCreate ; (!(<x1 /CartAdd/Operation> ((x1) = ({CartAdd})))) U (<x2 /CartCreate/Operation> ((x2) = ({CartCreate}))) % You cannot add the same item twice to the shopping cart ; G ([i /CartCreate/Items/Item/ASIN] (X (G ([j /CartAdd/Items/Item/ASIN] (!((i) = (j))))))) Sylvain Hallé
A quick demo Sylvain Hallé
Experimental results Sample property: "every car entering a parking lot must go out before entering again" < 5 ms/msg. Time per message (ms) Trace length Hallé & Villemaire, EDOC 2008 Sylvain Hallé
Experimental results Simultaneous monitoring of 11 properties from Amazon's contract 20 < 5% Time difference (%) 10 Average 0 -10 -20 0 20 40 60 80 100 120 140 160 180 200 Trace length Hallé & Villemaire, CAV 2009 Sylvain Hallé
Take-home points Sylvain Hallé
Take-home points 1. Constraints involving temporal operators and quantification on message contents arise naturally in real web applications Sylvain Hallé
Take-home points 1. Constraints involving temporal operators and quantification on message contents arise naturally in real web applications 2. An extension of LTL can formalize them: LTL-FO+ Sylvain Hallé
Take-home points 1. Constraints involving temporal operators and quantification on message contents arise naturally in real web applications 2. An extension of LTL can formalize them: LTL-FO+ 3. Runtime monitoring of these constraints can be done efficiently, even with quantification Sylvain Hallé
Take-home points 1. Constraints involving temporal operators and quantification on message contents arise naturally in real web applications 2. An extension of LTL can formalize them: LTL-FO+ 3. Runtime monitoring of these constraints can be done efficiently, even with quantification 4. BeepBeep is a tool that allows it with minimal modifications on real applications http://beepbeep.sourceforge.net/ Sylvain Hallé
Additional information Quantified temporal logic for web applications Hallé & al.: Model Checking Data-Aware T emporal Web Service Properties. IEEE Trans. Soft. Eng., Sept/Oct 2009. Runtime monitoring of LTL-FO+ Hallé & Villemaire: Runtime Monitoring of Message-Based Workflows with Data. Proc. EDOC 2008, IEEE. Application to Amazon web services Hallé & al.: Model-based Runtime Verification of Web Service Interface Contracts. IEEE Int. Comp., to appear. Sylvain Hallé
Additional information My web page http://www.leduotang.com/sylvain BeepBeep's web site http://beepbeep.sourceforge.net Sylvain Hallé

Recommended

Browser-Based Enforcement of Interface Contracts in Web Applications with Bee...
Browser-Based Enforcement of Interface Contracts in Web Applications with Bee...Browser-Based Enforcement of Interface Contracts in Web Applications with Bee...
Browser-Based Enforcement of Interface Contracts in Web Applications with Bee...
Sylvain Hallé
 
Phl111 Schwitzgebel
Phl111 SchwitzgebelPhl111 Schwitzgebel
Phl111 Schwitzgebel
Tobias Louw
 
Piaget
PiagetPiaget
Piaget
hdtruong
 
Automated Generation of Web Service Stubs Using LTL Satisfiability Solving (W...
Automated Generation of Web Service Stubs Using LTL Satisfiability Solving (W...Automated Generation of Web Service Stubs Using LTL Satisfiability Solving (W...
Automated Generation of Web Service Stubs Using LTL Satisfiability Solving (W...
Sylvain Hallé
 
À la chasse aux bugs avec la Laboratoire d'informatique formelle
À la chasse aux bugs avec la Laboratoire d'informatique formelleÀ la chasse aux bugs avec la Laboratoire d'informatique formelle
À la chasse aux bugs avec la Laboratoire d'informatique formelle
Sylvain Hallé
 
Monitoring Business Process Compliance Across Multiple Executions with Stream...
Monitoring Business Process Compliance Across Multiple Executions with Stream...Monitoring Business Process Compliance Across Multiple Executions with Stream...
Monitoring Business Process Compliance Across Multiple Executions with Stream...
Sylvain Hallé
 
A Stream-Based Approach to Intrusion Detection
A Stream-Based Approach to Intrusion DetectionA Stream-Based Approach to Intrusion Detection
A Stream-Based Approach to Intrusion Detection
Sylvain Hallé
 
Event Stream Processing with BeepBeep 3
Event Stream Processing with BeepBeep 3Event Stream Processing with BeepBeep 3
Event Stream Processing with BeepBeep 3
Sylvain Hallé
 

Recommended

Browser-Based Enforcement of Interface Contracts in Web Applications with Bee...
Browser-Based Enforcement of Interface Contracts in Web Applications with Bee...Browser-Based Enforcement of Interface Contracts in Web Applications with Bee...
Browser-Based Enforcement of Interface Contracts in Web Applications with Bee...
Sylvain Hallé
 
Phl111 Schwitzgebel
Phl111 SchwitzgebelPhl111 Schwitzgebel
Phl111 Schwitzgebel
Tobias Louw
 
Piaget
PiagetPiaget
Piaget
hdtruong
 
Automated Generation of Web Service Stubs Using LTL Satisfiability Solving (W...
Automated Generation of Web Service Stubs Using LTL Satisfiability Solving (W...Automated Generation of Web Service Stubs Using LTL Satisfiability Solving (W...
Automated Generation of Web Service Stubs Using LTL Satisfiability Solving (W...
Sylvain Hallé
 
À la chasse aux bugs avec la Laboratoire d'informatique formelle
À la chasse aux bugs avec la Laboratoire d'informatique formelleÀ la chasse aux bugs avec la Laboratoire d'informatique formelle
À la chasse aux bugs avec la Laboratoire d'informatique formelle
Sylvain Hallé
 
Monitoring Business Process Compliance Across Multiple Executions with Stream...
Monitoring Business Process Compliance Across Multiple Executions with Stream...Monitoring Business Process Compliance Across Multiple Executions with Stream...
Monitoring Business Process Compliance Across Multiple Executions with Stream...
Sylvain Hallé
 
A Stream-Based Approach to Intrusion Detection
A Stream-Based Approach to Intrusion DetectionA Stream-Based Approach to Intrusion Detection
A Stream-Based Approach to Intrusion Detection
Sylvain Hallé
 
Event Stream Processing with BeepBeep 3
Event Stream Processing with BeepBeep 3Event Stream Processing with BeepBeep 3
Event Stream Processing with BeepBeep 3
Sylvain Hallé
 
Smart Contracts-Enabled Simulation for Hyperconnected Logistics
Smart Contracts-Enabled Simulation for Hyperconnected LogisticsSmart Contracts-Enabled Simulation for Hyperconnected Logistics
Smart Contracts-Enabled Simulation for Hyperconnected Logistics
Sylvain Hallé
 
Test Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Test Suite Generation for Boolean Conditions with Equivalence Class PartitioningTest Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Test Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Sylvain Hallé
 
Synthia: a Generic and Flexible Data Structure Generator (Long Version)
Synthia: a Generic and Flexible Data Structure Generator (Long Version)Synthia: a Generic and Flexible Data Structure Generator (Long Version)
Synthia: a Generic and Flexible Data Structure Generator (Long Version)
Sylvain Hallé
 
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Sylvain Hallé
 
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)
Sylvain Hallé
 
A Generic Explainability Framework for Function Circuits
A Generic Explainability Framework for Function CircuitsA Generic Explainability Framework for Function Circuits
A Generic Explainability Framework for Function Circuits
Sylvain Hallé
 
Detecting Responsive Web Design Bugs with Declarative Specifications
Detecting Responsive Web Design Bugs with Declarative SpecificationsDetecting Responsive Web Design Bugs with Declarative Specifications
Detecting Responsive Web Design Bugs with Declarative Specifications
Sylvain Hallé
 
Streamlining the Inclusion of Computer Experiments in Research Papers
Streamlining the Inclusion of Computer Experiments in Research PapersStreamlining the Inclusion of Computer Experiments in Research Papers
Streamlining the Inclusion of Computer Experiments in Research Papers
Sylvain Hallé
 
Writing Domain-Specific Languages for BeepBeep
Writing Domain-Specific Languages for BeepBeepWriting Domain-Specific Languages for BeepBeep
Writing Domain-Specific Languages for BeepBeep
Sylvain Hallé
 
Real-Time Data Mining for Event Streams
Real-Time Data Mining for Event StreamsReal-Time Data Mining for Event Streams
Real-Time Data Mining for Event Streams
Sylvain Hallé
 
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
Sylvain Hallé
 
Mining event streams with BeepBeep 3
Mining event streams with BeepBeep 3Mining event streams with BeepBeep 3
Mining event streams with BeepBeep 3
Sylvain Hallé
 
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)
Sylvain Hallé
 
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)
Sylvain Hallé
 
Event Stream Processing with Multiple Threads
Event Stream Processing with Multiple ThreadsEvent Stream Processing with Multiple Threads
Event Stream Processing with Multiple Threads
Sylvain Hallé
 
A Few Things We Heard About RV Tools (Position Paper)
A Few Things We Heard About RV Tools (Position Paper)A Few Things We Heard About RV Tools (Position Paper)
A Few Things We Heard About RV Tools (Position Paper)
Sylvain Hallé
 
Solving Equations on Words with Morphisms and Antimorphisms
Solving Equations on Words with Morphisms and AntimorphismsSolving Equations on Words with Morphisms and Antimorphisms
Solving Equations on Words with Morphisms and Antimorphisms
Sylvain Hallé
 
Runtime monitoring de propriétés temporelles par (streaming) XML
Runtime monitoring de propriétés temporelles par (streaming) XMLRuntime monitoring de propriétés temporelles par (streaming) XML
Runtime monitoring de propriétés temporelles par (streaming) XML
Sylvain Hallé
 
La quantification du premier ordre en logique temporelle
La quantification du premier ordre en logique temporelleLa quantification du premier ordre en logique temporelle
La quantification du premier ordre en logique temporelle
Sylvain Hallé
 
When RV Meets CEP (RV 2016 Tutorial)
When RV Meets CEP (RV 2016 Tutorial)When RV Meets CEP (RV 2016 Tutorial)
When RV Meets CEP (RV 2016 Tutorial)
Sylvain Hallé
 

More Related Content

More from Sylvain Hallé

Smart Contracts-Enabled Simulation for Hyperconnected Logistics
Smart Contracts-Enabled Simulation for Hyperconnected LogisticsSmart Contracts-Enabled Simulation for Hyperconnected Logistics
Smart Contracts-Enabled Simulation for Hyperconnected Logistics
Sylvain Hallé
 
Test Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Test Suite Generation for Boolean Conditions with Equivalence Class PartitioningTest Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Test Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Sylvain Hallé
 
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Sylvain Hallé
 
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
Sylvain Hallé
 
Solving Equations on Words with Morphisms and Antimorphisms
Solving Equations on Words with Morphisms and AntimorphismsSolving Equations on Words with Morphisms and Antimorphisms
Solving Equations on Words with Morphisms and Antimorphisms
Sylvain Hallé
 

More from Sylvain Hallé (20)

Smart Contracts-Enabled Simulation for Hyperconnected Logistics
Smart Contracts-Enabled Simulation for Hyperconnected LogisticsSmart Contracts-Enabled Simulation for Hyperconnected Logistics
Smart Contracts-Enabled Simulation for Hyperconnected Logistics
 
Test Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Test Suite Generation for Boolean Conditions with Equivalence Class PartitioningTest Suite Generation for Boolean Conditions with Equivalence Class Partitioning
Test Suite Generation for Boolean Conditions with Equivalence Class Partitioning
 
Synthia: a Generic and Flexible Data Structure Generator (Long Version)
Synthia: a Generic and Flexible Data Structure Generator (Long Version)Synthia: a Generic and Flexible Data Structure Generator (Long Version)
Synthia: a Generic and Flexible Data Structure Generator (Long Version)
 
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)
 
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)
 
A Generic Explainability Framework for Function Circuits
A Generic Explainability Framework for Function CircuitsA Generic Explainability Framework for Function Circuits
A Generic Explainability Framework for Function Circuits
 
Detecting Responsive Web Design Bugs with Declarative Specifications
Detecting Responsive Web Design Bugs with Declarative SpecificationsDetecting Responsive Web Design Bugs with Declarative Specifications
Detecting Responsive Web Design Bugs with Declarative Specifications
 
Streamlining the Inclusion of Computer Experiments in Research Papers
Streamlining the Inclusion of Computer Experiments in Research PapersStreamlining the Inclusion of Computer Experiments in Research Papers
Streamlining the Inclusion of Computer Experiments in Research Papers
 
Writing Domain-Specific Languages for BeepBeep
Writing Domain-Specific Languages for BeepBeepWriting Domain-Specific Languages for BeepBeep
Writing Domain-Specific Languages for BeepBeep
 
Real-Time Data Mining for Event Streams
Real-Time Data Mining for Event StreamsReal-Time Data Mining for Event Streams
Real-Time Data Mining for Event Streams
 
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)
 
Mining event streams with BeepBeep 3
Mining event streams with BeepBeep 3Mining event streams with BeepBeep 3
Mining event streams with BeepBeep 3
 
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)
LabPal: Repeatable Computer Experiments Made Easy (ACM Workshop Talk)
 
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)
 
Event Stream Processing with Multiple Threads
Event Stream Processing with Multiple ThreadsEvent Stream Processing with Multiple Threads
Event Stream Processing with Multiple Threads
 
A Few Things We Heard About RV Tools (Position Paper)
A Few Things We Heard About RV Tools (Position Paper)A Few Things We Heard About RV Tools (Position Paper)
A Few Things We Heard About RV Tools (Position Paper)
 
Solving Equations on Words with Morphisms and Antimorphisms
Solving Equations on Words with Morphisms and AntimorphismsSolving Equations on Words with Morphisms and Antimorphisms
Solving Equations on Words with Morphisms and Antimorphisms
 
Runtime monitoring de propriétés temporelles par (streaming) XML
Runtime monitoring de propriétés temporelles par (streaming) XMLRuntime monitoring de propriétés temporelles par (streaming) XML
Runtime monitoring de propriétés temporelles par (streaming) XML
 
La quantification du premier ordre en logique temporelle
La quantification du premier ordre en logique temporelleLa quantification du premier ordre en logique temporelle
La quantification du premier ordre en logique temporelle
 
When RV Meets CEP (RV 2016 Tutorial)
When RV Meets CEP (RV 2016 Tutorial)When RV Meets CEP (RV 2016 Tutorial)
When RV Meets CEP (RV 2016 Tutorial)
 

Runtime Monitoring of a Quantified Temporal Logic (Talk @ UniSA)

  • 1. Runtime monitoring of a quantified temporal logic An application to interface contracts in web applications Sylvain Hallé University of California Santa Barbara, USA Sylvain Hallé
  • 3. A technological introduction + ? Sylvain Hallé
  • 4. A technological introduction + ? Sylvain Hallé
  • 5. A technological introduction + ? Sylvain Hallé
  • 6. A technological introduction + ? Sylvain Hallé
  • 7. A technological introduction 1. 2. ... Sylvain Hallé
  • 8. A technological introduction ? Sylvain Hallé
  • 9. A technological introduction ? Sylvain Hallé
  • 10. A technological introduction Chapeaux.com ? Sylvain Hallé
  • 11. A technological introduction Chapeaux.com ? Sylvain Hallé
  • 12. A technological introduction Chapeaux.com ? Sylvain Hallé
  • 13. A technological introduction Chapeaux.com ? Sylvain Hallé
  • 14. A technological introduction Chapeaux.com 1. 2. ... Sylvain Hallé
  • 15. A technological introduction Chapeaux.com Sylvain Hallé
  • 16. A technological introduction My research's Chapeaux.com topic Sylvain Hallé
  • 17. A few examples E-Commerce Service: inventory management + billing Compute Cloud: leasing CPU time PayPal API: billing, express checkout Shopping: like Amazon Google Search, Google Maps, GMail, ... Sylvain Hallé
  • 19. Web services Application Service Sylvain Hallé
  • 20. Web services Web application Web service Sylvain Hallé
  • 21. Web services ? Web application Web service Sylvain Hallé
  • 22. Web services Request ? Web application Web service Sylvain Hallé
  • 23. Web services Request ? Web application 1. 2. Web service ... Sylvain Hallé
  • 24. Web services Request ? Web application 1. 2. Web service ... Response Sylvain Hallé
  • 25. Web services XML request <search> Web application <object>hat</object> <type>melon</type> </search> 1. 2. Web service ... Response Sylvain Hallé
  • 26. Web services XML request <search> Web application <object>hat</object> <type>melon</type> </search> <hats> <hat> <no>123</no> <price>40$</price> </hat> Web service ... XML </hats> response Sylvain Hallé
  • 27. Web services XML request <search> <object>hat</object> <type>melon</type> </search> <hats> <hat> <no>123</no> <price>40$</price> </hat> ... XML </hats> response Sylvain Hallé
  • 28. Web services XML request <search> search[ <object>hat</object> object[string], <type>melon</type> type[string] </search> ] <hats> <hat> <no>123</no> <price>40$</price> </hat> ... XML </hats> response Sylvain Hallé
  • 29. Web services XML request <search> search[ <object>hat</object> object[string], <type>melon</type> type[string] </search> ] hats[ <hats> hat[ <hat> no[integer], <no>123</no> price[float] <price>40$</price> ]{0,?} </hat> ] ... XML </hats> response Sylvain Hallé
  • 30. Web services XML request search[ object[string], type[string] ] hats[ hat[ no[integer], price[float] ]{0,?} ] XML response Sylvain Hallé
  • 31. Web services XML request ? search[ object[string], type[string] ] hats[ hat[ ! ] no[integer], price[float] ]{0,?} XML response Sylvain Hallé
  • 32. Web services WSDL = Web Service Description Language Web service Sylvain Hallé
  • 33. Web services WSDL = Web Service Description Language hats[ search[ hat[ ? ] object[string], type[string] ! no[integer], price[float] ]{0,?} ] Web service Sylvain Hallé
  • 34. Web services WSDL = Web Service Description Language hats[ search[ hat[ ? ] object[string], type[string] ! no[integer], price[float] ]{0,?} ] add[ Web service ? ] hat[int], quantity[int] ! ok[] Sylvain Hallé
  • 35. Web services WSDL = Web Service Description Language hats[ search[ hat[ ? ] object[string], type[string] ! no[integer], price[float] ]{0,?} ] add[ Web service ? ] hat[int], quantity[int] ! ok[] ... Sylvain Hallé
  • 36. Web services http://webservices.amazon.com/AWSECommerceService/ AWSECommerceService.wsdl https://www.paypal.com/wsdl/PayPalSvc.wsdl http://api.google.com/GoogleSearch.wsdl Sylvain Hallé
  • 37. Web services Web application Sylvain Hallé
  • 38. Web services <search> Web application <object>hat</object> <biz>buz</biz> </search> Sylvain Hallé
  • 39. Web services <search> Web application <object>hat</object> <biz>buz</biz> </search> vs. search[ ? ] object[string], type[string] Sylvain Hallé
  • 40. Web services <search> Web application <object>hat</object> <biz>buz</biz> </search> vs. search[ ? ] object[string], type[string] Sylvain Hallé
  • 41. Web services Web service Sylvain Hallé
  • 42. Web services <hats> <hat> <no>123</no> <price>abc</price> Web service </hat> ... </hats> Sylvain Hallé
  • 43. Web services hats[ hat[ ! no[integer], price[float] ]{0,?} ] vs. <hats> <hat> <no>123</no> <price>abc</price> Web service </hat> ... </hats> Sylvain Hallé
  • 44. Web services hats[ hat[ ! no[integer], price[float] ]{0,?} ] vs. <hats> <hat> <no>123</no> <price>abc</price> Web service </hat> ... </hats> Sylvain Hallé
  • 45. Interface contracts Bouquinerie.com Sylvain Hallé
  • 46. Interface contracts i ? Bouquinerie.com Sylvain Hallé
  • 47. Interface contracts i ? Bouquinerie.com Sylvain Hallé
  • 48. Interface contracts Bouquinerie.com 1. 2. ... Sylvain Hallé
  • 49. Interface contracts Bouquinerie.com 1. 2. ... Sylvain Hallé
  • 50. Interface contracts 2 Bouquinerie.com Sylvain Hallé
  • 51. Interface contracts 2 Bouquinerie.com Sylvain Hallé
  • 52. Interface contracts Bouquinerie.com c Sylvain Hallé
  • 53. Interface contracts Bouquinerie.com c Sylvain Hallé
  • 54. Interface contracts 2 c Bouquinerie.com Sylvain Hallé
  • 55. Interface contracts 2 c Bouquinerie.com Sylvain Hallé
  • 56. Interface contracts Bouquinerie.com Sylvain Hallé
  • 58. Interface contracts i ? Sylvain Hallé
  • 59. Interface contracts i ? 1. 2. ... Sylvain Hallé
  • 60. Interface contracts 2 i ? 1. 2. ... c Sylvain Hallé
  • 61. Interface contracts 2 2 i ? c 1. 2. ... c Sylvain Hallé
  • 62. Interface contracts 2 2 i ? c 1. 2. ... c All messages comply with the WSDL but... Sylvain Hallé
  • 63. Interface contracts You cannot add the same item twice to the shopping cart 2 2 i ? c 1. 2. ... c All messages comply with the WSDL but... Sylvain Hallé
  • 64. Interface contracts You cannot add the same item twice to the shopping cart 2 2 i ? c ??? 1. 2. ... c All messages comply with the WSDL but... Sylvain Hallé
  • 65. Interface contracts ??? Sylvain Hallé
  • 66. Interface contracts ??? Sylvain Hallé
  • 67. Interface contracts Other constraints (DecSerFlow notation): i c || i || j c c ? || X c c i i || c c Sylvain Hallé
  • 68. Interface contracts You cannot add the same item twice to the shopping cart 2 2 i ? c 1. 2. ... c Sylvain Hallé
  • 69. Interface contracts You cannot add the same item twice to the shopping cart 2 2 c ! Express properties on messages Sylvain Hallé
  • 70. Interface contracts You cannot add the same item twice to the shopping cart G ( 2 Þ ØF 2 c ( ! Express properties on messages ! + message sequences (LTL ops.)... Sylvain Hallé
  • 71. Interface contracts You cannot add the same item twice to the shopping cart ( G "i i Þ ØF i c ( ! Express properties on messages ! + message sequences (LTL ops.)... ! + quantification on elements Sylvain Hallé
  • 72. Interface contracts You cannot add the same item twice to the shopping cart ( G "i i Þ ØF i c ( ! Express properties on messages ! + message sequences (LTL ops.)... ! + quantification on elements } LTL-FO+ Sylvain Hallé
  • 73. Linear Temporal Logic s = infinite sequence (word) of symbols from a (finite) alphabet = trace LTL formula = assertion on the sequence of states in a trace Sylvain Hallé
  • 74. Linear Temporal Logic s = infinite sequence (word) of symbols from a (finite) alphabet = trace LTL formula = assertion on the sequence of states in a trace Ga "always a" Xa "the next symbol is a" Fa "eventually a" aWb "a until b" Sylvain Hallé
  • 75. Linear Temporal Logic s = infinite sequence (word) of symbols from a (finite) alphabet = trace LTL formula = assertion on the sequence of states in a trace Ga "always a" Xa "the next symbol is a" Fa "eventually a" aWb "a until b" s = abacdcbaqqtam... Sylvain Hallé
  • 76. Linear Temporal Logic s = infinite sequence (word) of symbols from a (finite) alphabet = trace LTL formula = assertion on the sequence of states in a trace Ga "always a" Xa "the next symbol is a" Fa "eventually a" aWb "a until b" s = abacdcbaqqtam... G (a ® X b) Sylvain Hallé
  • 77. Linear Temporal Logic s = infinite sequence (word) of symbols from a (finite) alphabet = trace LTL formula = assertion on the sequence of states in a trace Ga "always a" Xa "the next symbol is a" Fa "eventually a" aWb "a until b" s = abacdcbaqqtam... G (a ® X b) FALSE Sylvain Hallé
  • 78. Linear Temporal Logic s = infinite sequence (word) of symbols from a (finite) alphabet = trace LTL formula = assertion on the sequence of states in a trace Ga "always a" Xa "the next symbol is a" Fa "eventually a" aWb "a until b" s = abacdcbaqqtam... G (a ® X b) FALSE Ø (q Ú t) W c Sylvain Hallé
  • 79. Linear Temporal Logic s = infinite sequence (word) of symbols from a (finite) alphabet = trace LTL formula = assertion on the sequence of states in a trace Ga "always a" Xa "the next symbol is a" Fa "eventually a" aWb "a until b" s = abacdcbaqqtam... G (a ® X b) FALSE Ø (q Ú t) W c TRUE Sylvain Hallé
  • 80. Linear Temporal Logic Well-known results: Sylvain Hallé
  • 81. Linear Temporal Logic Well-known results: 1. For every LTL formula j, there exists a Büchi automaton A j such that for every (infinite) trace s: s |= j Û s Î L(A j) i.e. LTL describes w-regular languages Sylvain Hallé
  • 82. Linear Temporal Logic Well-known results: 1. For every LTL formula j, there exists a Büchi automaton A j such that for every (infinite) trace s: s |= j Û s Î L(A j) i.e. LTL describes w-regular languages 2. The alphabet symbols can be generalized to finite sets of Boolean propositions Sylvain Hallé
  • 83. LTL-FO+ What if symbols are XML documents? LTL-FO+ = LTL + first-order quantification on elements Let... p = argument of a function f... filters acceptable values for x... according to the current message s0 Sylvain Hallé
  • 84. LTL-FO+ What if symbols are XML documents? LTL-FO+ = LTL + first-order quantification on elements Let... p = argument of a function f... filters acceptable values for x... according to the current message s0 $p x : j(x) Sylvain Hallé
  • 85. LTL-FO+ What if symbols are XML documents? LTL-FO+ = LTL + first-order quantification on elements Let... p = argument of a function f... filters acceptable values for x... according to the current message s0 s |= $p x : j(x) Sylvain Hallé
  • 86. LTL-FO+ What if symbols are XML documents? LTL-FO+ = LTL + first-order quantification on elements Let... p = argument of a function f... filters acceptable values for x... according to the current message s0 s |= $p x : j(x) Û $k : s |= j(k) Sylvain Hallé
  • 87. LTL-FO+ What if symbols are XML documents? LTL-FO+ = LTL + first-order quantification on elements Let... p = argument of a function f... filters acceptable values for x... according to the current message s0 s |= $p x : j(x) Û $k : s |= j(k) AND k Îf(s0,p) Sylvain Hallé
  • 88. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 Sylvain Hallé
  • 89. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 p = a/b Sylvain Hallé
  • 90. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 XPath expression p = a/b Sylvain Hallé
  • 91. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 p = a/b f(s0,p) = Sylvain Hallé
  • 92. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 p = a/b f(s0,p) = {1,2} Sylvain Hallé
  • 93. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 p = a/b f(s1,p) = Sylvain Hallé
  • 94. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 p = a/b f(s1,p) = {} Sylvain Hallé
  • 95. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 "a/b x : x=1 Ú x=2 Sylvain Hallé
  • 96. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 TRUE "a/b x : x=1 Ú x=2 Sylvain Hallé
  • 97. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 TRUE "a/b x : x=1 Ú x=2 "c x : x=5 Sylvain Hallé
  • 98. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 TRUE "a/b x : x=1 Ú x=2 TRUE "c x : x=5 Sylvain Hallé
  • 99. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 TRUE "a/b x : x=1 Ú x=2 TRUE "c x : x=5 G "c x : x=5 Sylvain Hallé
  • 100. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 TRUE "a/b x : x=1 Ú x=2 TRUE "c x : x=5 FALSE G "c x : x=5 Sylvain Hallé
  • 101. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 TRUE "a/b x : x=1 Ú x=2 TRUE "c x : x=5 FALSE G "c x : x=5 "c x : F $ c y : x=y Sylvain Hallé
  • 102. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 TRUE "a/b x : x=1 Ú x=2 TRUE "c x : x=5 FALSE G "c x : x=5 TRUE "c x : F $ c y : x=y Sylvain Hallé
  • 103. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 TRUE? G ("c x : x=5 Ú x=6) Sylvain Hallé
  • 104. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>3</c> <c>5</c> <c>6</c> s0 s1 s2 X TRUE? / FALSE G ("c x : x=5 Ú x=6) Sylvain Hallé
  • 105. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 X TRUE? / FALSE G ("c x : x=5 Ú x=6) FALSE? F $c x : x=3 Sylvain Hallé
  • 106. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>3</c> <c>5</c> <c>6</c> s0 s1 s2 X TRUE? / FALSE G ("c x : x=5 Ú x=6) TRUE / FALSE? F $ x : x=3 X c Sylvain Hallé
  • 107. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 X TRUE? / FALSE G ("c x : x=5 Ú x=6) TRUE / FALSE? F $c x : x=3 X TRUE? / FALSE? G ( " x : F $ c y : x=y ) c Sylvain Hallé
  • 108. LTL-FO+ Example: <d> <c>6</c> <a> <e>1</e> <b>1</b> <e>2</e> s2 s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 X TRUE? / FALSE G ("c x : x=5 Ú x=6) TRUE / FALSE? F $c x : x=3 X TRUE? / FALSE? G ( " x : F $ c y : x=y ) X c Sylvain Hallé
  • 109. LTL-FO+ Example: <d> <c>6</c> <a> <e>1</e> <b>1</b> <e>2</e> s2 s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>3</c> <c>6</c> s0 s1 s3 X TRUE? / FALSE G ("c x : x=5 Ú x=6) TRUE / FALSE? F $c x : x=3 X TRUE? / FALSE? G ( " x : F $ c y : x=y ) X X c Sylvain Hallé
  • 110. LTL-FO+ Example: <d> <a> <e>1</e> <b>1</b> <e>2</e> s= <b>2</b> </a> </d> <c>5</c> <c>5</c> <c>6</c> s0 s1 X TRUE? / FALSE G ("c x : x=5 Ú x=6) TRUE / FALSE? F $c x : x=3 X TRUE? / FALSE? G ( " x : F $ c y : x=y ) X X c TRUE? / FALSE? XXX (" x : x=0 ) c Sylvain Hallé
  • 111. LTL-FO+ Example: (At least) a third value is required UNDETERMINED Necessary only to evaluate a finite prefix X TRUE? / FALSE G ("c x : x=5 Ú x=6) TRUE / FALSE? F $c x : x=3 X TRUE? / FALSE? G ( " x : F $ c y : x=y ) X X c TRUE? / FALSE? XXX (" x : x=0 ) c Sylvain Hallé
  • 112. LTL-FO+ Example: (At least) a third value is required UNDETERMINED Necessary only to evaluate a finite prefix X UND- TRUE? / FALSE G ("c x : x=5 Ú x=6) UND+ TRUE / FALSE? F $c x : x=3 X UND? TRUE? / FALSE? G ( " x : F $ c y : x=y ) X X c UND TRUE? / FALSE? XXX (" x : x=0 ) c Sylvain Hallé
  • 113. Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read Sylvain Hallé
  • 114. Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j Sylvain Hallé
  • 115. Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j s= Sylvain Hallé
  • 116. Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j s=a Sylvain Hallé
  • 117. Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j a s=a Sylvain Hallé
  • 118. Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j a s = ab Sylvain Hallé
  • 119. Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j a b s = ab b Sylvain Hallé
  • 120. Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j a b s = aba b Sylvain Hallé
  • 121. Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j a b s = aba a b a Sylvain Hallé
  • 122. Runtime monitoring Gerth, Peled, Vardi, Wolper (PSTV 1995): construction of a Büchi automaton from a given LTL formula j Benefit: "on-the-fly": automaton states are built as the trace is read j a b s = aba a b a Dead end: formula is false Sylvain Hallé
  • 123. Runtime monitoring Algorithm overview: 1. An LTL formula is decomposed into nodes of the form sub-formulas that sub-formulas that must must be true now be true in the next state Sylvain Hallé
  • 124. Runtime monitoring Algorithm overview: 1. An LTL formula is decomposed into nodes of the form sub-formulas that sub-formulas that must must be true now be true in the next state Example: Sylvain Hallé
  • 125. Runtime monitoring 2. Negations pushed inside (classical identities + dual of U = V) Sylvain Hallé
  • 126. Runtime monitoring 2. Negations pushed inside (classical identities + dual of U = V) 3. At the leaves, G contains atoms + negations of atoms: we evaluate them Verdict: ! All leaves contain FALSE: formula is false ! A leaf is empty: formula is true ! Otherwise: Sylvain Hallé
  • 127. Runtime monitoring 2. Negations pushed inside (classical identities + dual of U = V) 3. At the leaves, G contains atoms + negations of atoms: we evaluate them Verdict: ! All leaves contain FALSE: formula is false ! A leaf is empty: formula is true ! Otherwise: 4. Next event: D copied into G and we continue Sylvain Hallé
  • 128. Runtime monitoring Example: G (a ® X b) Sylvain Hallé
  • 129. Runtime monitoring Example: G (a ® X b) G (a ® X b) ’ Sylvain Hallé
  • 130. Runtime monitoring Example: G (a ® X b) G (a ® X b) ’ a ® X b ’ G (a ® X b) Sylvain Hallé
  • 131. Runtime monitoring Example: G (a ® X b) G (a ® X b) ’ a ® X b ’ G (a ® X b) Øa ’ G (a ® X b) Sylvain Hallé
  • 132. Runtime monitoring Example: G (a ® X b) G (a ® X b) ’ a ® X b ’ G (a ® X b) Øa ’ G (a ® X b) a, X b ’ G (a ® X b) Sylvain Hallé
  • 133. Runtime monitoring Example: G (a ® X b) G (a ® X b) ’ a ® X b ’ G (a ® X b) Øa ’ G (a ® X b) a, X b ’ G (a ® X b) a ’ G (a ® X b), b Sylvain Hallé
  • 134. Runtime monitoring Example: G (a ® X b) Øa ’ G (a ® X b) a ’ G (a ® X b), b Sylvain Hallé
  • 135. Runtime monitoring Example: G (a ® X b) Øa ’ G (a ® X b) a ’ G (a ® X b), b s=a Sylvain Hallé
  • 136. Runtime monitoring Example: G (a ® X b) Øa ’ G (a ® X b) a ’ G (a ® X b), b s=a Sylvain Hallé
  • 137. Runtime monitoring Example: G (a ® X b) a ’ G (a ® X b), b s=a Sylvain Hallé
  • 138. Runtime monitoring Example: G (a ® X b) ’ G (a ® X b), b s=a Sylvain Hallé
  • 139. Runtime monitoring Example: G (a ® X b) G (a ® X b), b ’ ’ G (a ® X b), b s=a Sylvain Hallé
  • 140. Runtime monitoring Example: G (a ® X b) G (a ® X b), b ’ a ® X b, b ’ G (a ® X b) Øa, b ’ G (a ® X b) a, X b, b ’ G (a ® X b) a, b ’ G (a ® X b), b s=a Sylvain Hallé
  • 141. Runtime monitoring Example: G (a ® X b) Øa, b ’ G (a ® X b) a, b ’ G (a ® X b), b s=a Sylvain Hallé
  • 142. Runtime monitoring Example: G (a ® X b) Øa, b ’ G (a ® X b) a, b ’ G (a ® X b), b s=a Sylvain Hallé
  • 143. Runtime monitoring Example: G (a ® X b) Øa, b ’ G (a ® X b) s=a Sylvain Hallé
  • 144. Runtime monitoring Example: G (a ® X b) Øa, b ’ G (a ® X b) s = ac Sylvain Hallé
  • 145. Runtime monitoring Example: G (a ® X b) Øa, b ’ G (a ® X b) s = ac Sylvain Hallé
  • 146. Runtime monitoring Example: G (a ® X b) No way to extend the trace: formula is false s = ac Sylvain Hallé
  • 147. Runtime monitoring Hallé & Villemaire, EDOC 2008: adaptation of the algorithm to handle LTL-FO+ 1. Atoms become equality tests (and vice versa) 2. Decomposition rules for quantifiers Sylvain Hallé
  • 148. The BeepBeep runtime monitor Bouquinerie.com Sylvain Hallé
  • 149. The BeepBeep runtime monitor Bouquinerie.com Sylvain Hallé
  • 150. The BeepBeep runtime monitor ( G "i i Þ ØF i c ( Bouquinerie.com Sylvain Hallé
  • 151. The BeepBeep runtime monitor 2 Bouquinerie.com Sylvain Hallé
  • 152. The BeepBeep runtime monitor Bouquinerie.com Sylvain Hallé
  • 153. The BeepBeep runtime monitor 2 Bouquinerie.com Sylvain Hallé
  • 154. The BeepBeep runtime monitor 2 Bouquinerie.com Sylvain Hallé
  • 155. The BeepBeep runtime monitor Bouquinerie.com Sylvain Hallé
  • 156. The BeepBeep runtime monitor Bouquinerie.com ! Sylvain Hallé
  • 157. Add BeepBeep to an application Sylvain Hallé
  • 158. Add BeepBeep to an application Œ Copy BeepBeep in the application's directory http://beepbeep.sourceforge.net Sylvain Hallé
  • 159. Add BeepBeep to an application Œ Copy BeepBeep in the application's directory http://beepbeep.sourceforge.net  Include BeepBeep Sylvain Hallé
  • 160. Add BeepBeep to an application Œ Copy BeepBeep in the application's directory http://beepbeep.sourceforge.net  Include BeepBeep myapplication.html <html> <head> <title>My Application </title> <script type="text/javascript" href="myapplication.js"/> </head> <body> ... </body> </html> Sylvain Hallé
  • 161. Add BeepBeep to an application Œ Copy BeepBeep in the application's directory http://beepbeep.sourceforge.net  Include BeepBeep myapplication.html <html> <head> <title>My Application </title> <script type="text/javascript" href="myapplication.js"/> <script type="text/javascript" href="beepbeep.js"/> </head> <body> ... </body> </html> Sylvain Hallé
  • 162. Add BeepBeep to an application Œ Copy BeepBeep in the application's directory http://beepbeep.sourceforge.net  Include BeepBeep myapplication.html myapplication.js <html> <head> // Initializations <title>My Application ... </title> <script type="text/javascript" req = new XMLHttpRequest(); href="myapplication.js"/> <script type="text/javascript" ... href="beepbeep.js"/> </head> function abc() <body> { ... ... </body> req.send(some_message); </html> } Sylvain Hallé
  • 163. Add BeepBeep to an application Œ Copy BeepBeep in the application's directory http://beepbeep.sourceforge.net  Include BeepBeep myapplication.html myapplication.js <html> <head> // Initializations <title>My Application ... </title> <script type="text/javascript" req = new XMLHttpRequestBB(); href="myapplication.js"/> <script type="text/javascript" ... href="beepbeep.js"/> </head> function abc() <body> { ... ... </body> req.send(some_message); </html> } Sylvain Hallé
  • 164. Add BeepBeep to an application Ž Create a contract file with LTL-FO+ formulas # --------------------------------------------------------------- # BeepBeep contract file for the Amazon ECS # --------------------------------------------------------------- % To create a cart, you must put at least one item ; G ([x1 /CartCreate/Operation] (((x1) = ({CartCreate})) -> (<x2 /CartCreate/Items/Item/ASIN> ({TRUE})))) % You can only create a cart once ; G ([x1 /CartCreate/Operation] (((x1) = ({CartCreate})) -> (X (G (!(<x2 /CartCreate/Operation> ((x2) = ({CartCreate})))))))) % No CartAdd can occur before a CartCreate ; (!(<x1 /CartAdd/Operation> ((x1) = ({CartAdd})))) U (<x2 /CartCreate/Operation> ((x2) = ({CartCreate}))) % You cannot add the same item twice to the shopping cart ; G ([i /CartCreate/Items/Item/ASIN] (X (G ([j /CartAdd/Items/Item/ASIN] (!((i) = (j))))))) Sylvain Hallé
  • 166. Experimental results Sample property: "every car entering a parking lot must go out before entering again" < 5 ms/msg. Time per message (ms) Trace length Hallé & Villemaire, EDOC 2008 Sylvain Hallé
  • 167. Experimental results Simultaneous monitoring of 11 properties from Amazon's contract 20 < 5% Time difference (%) 10 Average 0 -10 -20 0 20 40 60 80 100 120 140 160 180 200 Trace length Hallé & Villemaire, CAV 2009 Sylvain Hallé
  • 169. Take-home points 1. Constraints involving temporal operators and quantification on message contents arise naturally in real web applications Sylvain Hallé
  • 170. Take-home points 1. Constraints involving temporal operators and quantification on message contents arise naturally in real web applications 2. An extension of LTL can formalize them: LTL-FO+ Sylvain Hallé
  • 171. Take-home points 1. Constraints involving temporal operators and quantification on message contents arise naturally in real web applications 2. An extension of LTL can formalize them: LTL-FO+ 3. Runtime monitoring of these constraints can be done efficiently, even with quantification Sylvain Hallé
  • 172. Take-home points 1. Constraints involving temporal operators and quantification on message contents arise naturally in real web applications 2. An extension of LTL can formalize them: LTL-FO+ 3. Runtime monitoring of these constraints can be done efficiently, even with quantification 4. BeepBeep is a tool that allows it with minimal modifications on real applications http://beepbeep.sourceforge.net/ Sylvain Hallé
  • 173. Additional information Quantified temporal logic for web applications Hallé & al.: Model Checking Data-Aware T emporal Web Service Properties. IEEE Trans. Soft. Eng., Sept/Oct 2009. Runtime monitoring of LTL-FO+ Hallé & Villemaire: Runtime Monitoring of Message-Based Workflows with Data. Proc. EDOC 2008, IEEE. Application to Amazon web services Hallé & al.: Model-based Runtime Verification of Web Service Interface Contracts. IEEE Int. Comp., to appear. Sylvain Hallé
  • 174. Additional information My web page http://www.leduotang.com/sylvain BeepBeep's web site http://beepbeep.sourceforge.net Sylvain Hallé