Citation Context

...ssages that would need to be sent to a central data collection point. 1 Introduction Much work has been done on monitoring systems w.r.t. formal specifications such as linear-time temporal logic (LTL =-=[1]-=-) formulae. For this purpose, a system is thought of more or less as a “black box”, and some (automatically generated) monitor observes its outside visible behaviour in order to determine whether or n...

Citation Context

...ification patterns. In order to evaluate our approach also at the hand of realistic LTL specifications, we conducted benchmarks using LTL formulae following the well-known LTL specification patterns (=-=[19]-=-, whereas the actual formulae underlying the patterns are available at this site [20] and recalled in [18]). In this context, to randomly generate formulae, we proceeded as follows. For a given specif...

Citation Context

...wise, where for every w ∈ Σω and j>0, wehavewj |= Xϕ if and only if wj−1 |= ϕ. In other words, X is the dual to the X-operator, sometimes referred to as the “previouslyoperator” in past-time LTL (cf. =-=[16]-=-). To ease presentation, the formula X m ϕ is a short m for { }} { Our operator is somewhat different to the standard use of X: it can XX ...X ϕ.Decentralised LTL Monitoring 91 only precede an atomic...

Citation Context

...We review an alternative monitoring procedure based on formula rewriting, which is also known as formula progression, or just progression in the domain of planning with temporally extended goals (cf. =-=[13]-=-). Progression splits a formula into a formula expressing what needs to be satisfied by the current observation and a new formula (referred to as a future goal or obligation), which has to be satisfie...

Citation Context

... receives events from a system under scrutiny and states whether or not the trace observed so far constitutes a good or a bad prefix of L(ϕ). One monitoring approach along those lines is described in =-=[12]-=-. We review an alternative monitoring procedure based on formula rewriting, which is also known as formula progression, or just progression in the domain of planning with temporally extended goals (cf...

Citation Context

..., σ) ∧ G(ϕ) P (Fϕ, σ) = P (ϕ, σ) ∨ F(ϕ) P (⊤,σ) = ⊤ P (⊥,σ) = ⊥ P (¬ϕ, σ) = ¬P (ϕ, σ) P (Xϕ, σ) =ϕ Note that monitoring using rewriting with similar rules as above has been described, for example, in =-=[14,15]-=-, although not necessarily with the same finite-trace semantics in mind that we are discussing in this paper. Informally, the progression function “mimics” the LTL semanticsonaneventσ, as it is stated...

Citation Context

... denoted by some atomic propositions from the set AP, i.e., σ ∈ 2AP .We denote 2AP by Σ and call it the alphabet (of system events). As our system operates under the perfect synchrony hypothesis (cf. =-=[10]-=-), we assume that its components communicate with each other in terms of sending and receiving messages (which, for the purpose of easier presentation, can also be encoded by actions) at discrete inst...

Citation Context

...unication occurs synchronously. For example, the FlexRayDecentralised LTL Monitoring 87 bus protocol, used for safety-critical systems in the automotive domain, allows synchronous communication (cf. =-=[7,5,8]-=-). What is more, experts predict “that the data volume on FlexRay buses will increase significantly in the future” [6, Sec. 2], promoting techniques to minimise the number of used communication slots....

Citation Context

..., σ) ∧ G(ϕ) P (Fϕ, σ) = P (ϕ, σ) ∨ F(ϕ) P (⊤,σ) = ⊤ P (⊥,σ) = ⊥ P (¬ϕ, σ) = ¬P (ϕ, σ) P (Xϕ, σ) =ϕ Note that monitoring using rewriting with similar rules as above has been described, for example, in =-=[14,15]-=-, although not necessarily with the same finite-trace semantics in mind that we are discussing in this paper. Informally, the progression function “mimics” the LTL semanticsonaneventσ, as it is stated...

Citation Context

.... We will shorten good(L(ϕ)) (resp. bad(L(ϕ))) togood(ϕ) (resp. bad(ϕ)). Although there exist a myriad of different approaches to monitoring LTL formulae, based on various finite-trace semantics (cf. =-=[11]-=-), one valid way of looking at the monitoring problem for some formula ϕ ∈ LTL is the following: The monitoring problem of ϕ ∈ LTL is to devise an efficient monitoring algorithm which, in a stepwise m...

Citation Context

...ification Patterns. In order to evaluate our approach also at the hand of realistic LTL specifications, we conducted benchmarks using LTL formulae following the well-known LTL specification patterns (=-=[19]-=-, whereas the actual formulae underlying the patterns are available at this site [20] and recalled in [18]). In this 2 Our experiments show that this way of measuring the size of a formula is more rep...

Citation Context

...ecede an atomic proposition or an atomic proposition which is preceded by further X-operators. Hence, the restricted use of the X-operator does not give us the full flexibility (or succinctness gains =-=[17]-=-) of past-time LTL. Using the X-operator, let us now formally define the urgency of a formula ϕ using a pattern matching as follows: Definition 4. Let ϕ be an LTL formula, and Υ :LTL→ N ≥0 be an induc...

Citation Context

...unication occurs synchronously. For example, the FlexRayDecentralised LTL Monitoring 87 bus protocol, used for safety-critical systems in the automotive domain, allows synchronous communication (cf. =-=[7,5,8]-=-). What is more, experts predict “that the data volume on FlexRay buses will increase significantly in the future” [6, Sec. 2], promoting techniques to minimise the number of used communication slots....

Citation Context

... behaviour of distributed systems. For example, the diagnosis (of discrete-event systems) has a similar objective (i.e., detect the occurrence of a fault after a finite number of discrete steps) (cf. =-=[21,22,23]-=-). In diagnosis, however, one tries to isolate root causes for failure (i.e., identify the component in a system which is responsible for a fault). A key concept is that of diagnosability: a system mo...

Citation Context

... a car’s bus network has to be kept minimal. Therefore one cannot continuously send unnecessary sensor information on a bus that is shared by critical applications where low latency is paramount (cf. =-=[5,6]-=-). In other words, in these scenarios, one has to monitor such a requirement not based on a single behavioural trace, assumed to be collected by some global sensor, but based on the many partial behav...

Citation Context

... monitor observes its outside visible behaviour in order to determine whether or not the runtime behaviour satisfies an LTL formula. Applications include monitoring programs written in Java or C (cf. =-=[2,3]-=-) or abstract Web services (cf. [4]) to name just a few. From a system designer’s point of view, who defines the overall behaviour that a system has to adhere to, this “black box” view is perfectly re...

Citation Context

...s its set of good (resp. bad) prefixes is not empty. However, we have not investigated whether or not the restriction of safety formulae is inherent to [25] or made by choice. Other recent works like =-=[26]-=- target physically distributed systems, but do not focus on the communication overhead that may be induced by their monitoring. Similarly, this work also mainly addresses the problem of monitoring sys...

Citation Context

... a car’s bus network has to be kept minimal. Therefore one cannot continuously send unnecessary sensor information on a bus that is shared by critical applications where low latency is paramount (cf. =-=[5,6]-=-). In other words, in these scenarios, one has to monitor such a requirement not based on a single behavioural trace, assumed to be collected by some global sensor, but based on the many partial behav...

Citation Context

... behaviour of distributed systems. For example, the diagnosis (of discrete-event systems) has a similar objective (i.e., detect the occurrence of a fault after a finite number of discrete steps) (cf. =-=[21,22,23]-=-). In diagnosis, however, one tries to isolate root causes for failure (i.e., identify the component in a system which is responsible for a fault). A key concept is that of diagnosability: a system mo...

Citation Context

...n our setting the local monitors directly communicate without a central decision making point. A natural counterpart of diagnosability is that of observability as defined in decentralised observation =-=[24]-=-: a distributed system is said to be x-observable, where x ranges over different parameters such as whether local observers have finite or infinite memory available to store a trace (i.e., jointly unb...

Citation Context

... behaviour of distributed systems. For example, the diagnosis (of discrete-event systems) has a similar objective (i.e., detect the occurrence of a fault after a finite number of discrete steps) (cf. =-=[21,22,23]-=-). In diagnosis, however, one tries to isolate root causes for failure (i.e., identify the component in a system which is responsible for a fault). A key concept is that of diagnosability: a system mo...

Citation Context

...the communication overhead needed for observing/diagnosing a distributed system. A specific temporal logic, MTTL, for expressing properties of asynchronous multithreaded systems has been presented in =-=[25]-=-. Its monitoring procedure takes as input a safety formula and a partially ordered execution of a parallel asynchronous system. It then establishes whether or not there exist runs in the execution tha...

Citation Context

..., especially critical ones, communication occurs synchronously. For example, the FlexRay bus protocol, used for safety-critical systems in the automotive domain, allows synchronous communication (cf. =-=[7, 5, 8]-=-). What is more, experts predict “that the data volume on FlexRay buses will increase significantly in the future” [6, Sec. 2], promoting techniques to minimise the number of used communication slots....

Citation Context

...s its set of good (resp. bad) prefixes is not empty. However, we have not investigated whether or not the restriction of safety formulae is inherent to [25] or made by choice. Other recent works like =-=[26]-=- target physically distributed systems, but do not focus on the communication overhead that may be induced by their monitoring. Similarly, this work also mainly addresses the problem of monitoring sys...

Citation Context

... behaviour in order to determine whether or not the runtime behaviour satisfies an LTL formula. Applications include monitoring programs written in Java or C (cf. [2,3]) or abstract Web services (cf. =-=[4]-=-) to name just a few. From a system designer’s point of view, who defines the overall behaviour that a system has to adhere to, this “black box” view is perfectly reasonable. For example, most modern ...

Citation Context

... monitor observes its outside visible behaviour in order to determine whether or not the runtime behaviour satisfies an LTL formula. Applications include monitoring programs written in Java or C (cf. =-=[2, 3]-=-) or abstract Web services (cf. [4]) to name just a few. From a system designer’s point of view, who defines the overall behaviour that a system has to adhere to, this “black box” view is perfectly re...

Citation Context

...the communication overhead needed for observing/diagnosing a distributed system. A specific temporal logic, MTTL, for expressing properties of asynchronous multithreaded systems has been presented in =-=[25]-=-. Its monitoring procedure takes as input a safety formula and a partially ordered execution of a parallel asynchronous system. 13 It then establishes whether or not there exist runs in the execution ...