A Model-Based Approach to Combining Static and Dynamic Verification Techniques

Abstract: Abstract. Given the complementary nature of static and dynamic analysis, there has been much work on identifying means of combining the two. In particular, the use of static analysis as a means of alleviating the overheads induced by dynamic analysis, typically by trying to prove parts of the properties, which would then not need to be verified at runtime. In this paper, we propose a novel framework which combines static with dynamic verification using a model-based approach. The approach allows the support of… Show more

“…As no other tool supports all our extended RV features, here we only focus on experimental evaluations on the usefulness and correctness of our ABRV approach. 2 Tests on LTL Patterns. To show the feasibility and effectiveness of our RV approach, we have generated monitors from a wide coverage of practical specifications, i.e.…”

“…The basic requirement is that all bottles at position 2 have both ingredients filled, if the belt is not moving. It can be expressed by safety property G ((bottle present[2] ∧ ¬ move belt) → (bottle ingr1[2] ∧ bottle ingr2 [2])) (whenever the belt is not moving and there is a bottle at position 2, both ingredients are filled in that bottle). We found that, the monitor of the same property, generated with the factory model as assumption, is predictive: it outputs ⊥ a almost immediately after the first fault happens, before the bottle arrived at position 2.…”

Assumption-Based Runtime Verification with Partial Observability and Resets

“…As no other tool supports all our extended RV features, here we only focus on experimental evaluations on the usefulness and correctness of our ABRV approach. 2 Tests on LTL Patterns. To show the feasibility and effectiveness of our RV approach, we have generated monitors from a wide coverage of practical specifications, i.e.…”

“…The basic requirement is that all bottles at position 2 have both ingredients filled, if the belt is not moving. It can be expressed by safety property G ((bottle present[2] ∧ ¬ move belt) → (bottle ingr1[2] ∧ bottle ingr2 [2])) (whenever the belt is not moving and there is a bottle at position 2, both ingredients are filled in that bottle). We found that, the monitor of the same property, generated with the factory model as assumption, is predictive: it outputs ⊥ a almost immediately after the first fault happens, before the bottle arrived at position 2.…”

Assumption-Based Runtime Verification with Partial Observability and Resets

“…One way in which DATEs extend finite state automata is through the introduction of a symbolic state which can be checked and updated on transitions which trigger on events, with conditional guards, and perform side-effect actions affecting the symbolic monitoring state. 6 Consider the DATE shown in Figure 3. Transitions are labelled by a triple e | c → a -when event e occurs and if condition c holds, the transition is taken, executing action a 7 .…”

Control-Flow Residual Analysis for Symbolic Automata

“…Twelve of these can be verified statically at compile-time (see [1,2] for more information), while eleven are done at runtime, i.e. checked using Valour.…”

“…Given that the verification tools will be used at runtime and interacting with the actual system users would expect that the dependability of the combined verification tool and system-under-scrutiny should not be any lower than that of the original system. In order to convince users to adopt such tools, the confidence in the reliability of the runtime verification tool has to far exceed that of the system-under-scrutiny 1 . Testing, offline verification and static analysis tools have the luxury of being used prior to deployment, thus mitigating part of this problem.…”

Runtime Verification using VALOUR