Runtime monitoring of Java programs by Abstract State Machines (original) (raw)

CoMA: conformance monitoring of java programs by abstract state machines

2012

We present CoMA (Conformance Monitoring by Abstract State Machines), a specification-based approach and its supporting tool for runtime monitoring of Java software. Based on the information obtained from code execution and model simulation, the conformance of the concrete implementation is checked with respect to its formal specification given in terms of Abstract State Machines. At runtime, undesirable behaviors of the implementation, as well as incorrect specifications of the system behavior are recognized.

Runtime data analysis for Java programs

… on Advancing the State-of-the- …, 2003

Program analysis plays a key role in many areas of software development, such as performance tuning, testing, debugging, and maintenance. Program analysis can be carried out statically or dynamically, and these two approaches are generally seen as being complementary to each other. In this paper, we will focus on runtime data analysis for object oriented systems in general and the Java 2 platform in particular. More specifically, we are investigating various runtime approaches to monitor the access and modification of variables in a Java program in order to keep track of the their usage history, being of particular interest for dynamic data flow analysis. Our results indicate that the Java 2 platform does not provide sufficient tools to enable comprehensive runtime data analysis in this context, especially when the complete source code of an application under investigation is unavailable.

Specification and error pattern based program monitoring

2001

We briefly present Java PathExplorer (JPAX), a tool developed at NASA Ames for monitoring the execution of Java programs../PAX can be used not only during program testing to reveal subtle errors, but also can be applied during operation to surJey safety critical systems. The tool facilitates automated instrumentation of a program in order to property observe its execution. The instrumentation can be either at the bytecode level or at the source level when the tource code is available. JPaX is an instance of a more general project, called PathExplorer (PAX), which is a basis for experiments rather than a fixed system, capable of monitoring various programming languages and ex!: erimenting with other logics and analysis techniques.

Computational Analysis of Run-time Monitoring

Electronic Notes in Theoretical Computer Science, 2002

A run-time monitor shares computational resources, such as memory and CPU time, with the target program. Furthermore, heavy computation performed by a monitor for checking target program's execution with respect to requirement properties can be a bottleneck to the target program's execution. Therefore, computational characteristics of run-time monitoring cause a significant impact on the target program's execution. We investigate computational issues on run-time monitoring. The first issue is the power of run-time monitoring. In other words, we study the class of properties run-time monitoring can evaluate. The second issue is computational complexity of evaluating properties written in process algebraic language. Third, we discuss sound abstraction of the target program's execution, which does not change the result of property evaluation. This abstraction can be used as a technique to reduce monitoring overhead. Theoretical understanding obtained from these issues affects the implementation of Java-MaC, a toolset for the run-time monitoring and checking of Java programs. Finally, we demonstrate the abstraction-based overhead reduction technique implemented in Java-MaC through a case study.

A Case for “Piggyback” Runtime Monitoring

Lecture Notes in Computer Science, 2012

A runtime monitor enforcing a constraint on sequences of method calls on an object must keep track of the state of the sequence by updating an appropriate state machine. The present paper stems from the observation that an object's member fields must already contain an encoding of that state machine, and that a monitor essentially duplicates operations that the object performs internally. Rather than maintain a state machine in parallel, the paper puts forward the concept of "piggyback" runtime monitoring, where the monitor relies as much as possible on the object's own state variables to perform its task. Experiments on real-world benchmarks show that this approach greatly simplifies the monitoring process and drastically reduces the incurred runtime overhead compared to classical solutions.

RV’04 Preliminary Version jMonitor: Java Runtime Event Specification and Monitoring Library Abstract

2008

jMonitor is a pure Java library and runtime utility for specifying event patterns and associating them with user provided event monitors that get called when the specified runtime events occur during the execution of legacy Java applications. jMonitor APIs define an event specification abstraction layer allowing programmers to design event patterns to monitor runtime execution of legacy Java applications. jMonitor instrumentation works at the Java bytecode level and does not require the presence of source code for the Java application that is being monitored. jMonitor overloads the dynamic class loader and takes the event specification and monitors (in the form of Java class files) as additional arguments when launching the target Java application. The class bytecodes of the monitored Java program are instrumented on the fly by the jMonitor class loader according to the needs of the externally specified jMonitor event patterns and event monitors. Key words: Aspect-oriented programmi...

Java-MaC: a Run-time Assurance Tool for Java Programs

Electronic Notes in Theoretical Computer Science, 2001

We describe Java-MaC, a prototype implementation of the Monitoring and Checking (MaC) architecture for Java programs. The MaC architecture provides assurance about the correct execution of target programs at run-time. Monitoring and checking is performed based on a formal speci cation of system requirements. MaC bridges the gap between formal veri cation, which ensures the correctness of a design rather than an implementation, and testing, which only partially validates an implementation. Java-MaC provides a lightweight formal method solution as a viable complement to the current heavyweight formal methods. An important aspect of the architecture is the clear separation between monitoring implementation-dependent low-level behaviors and checking high-level behaviors against a formal requirements speci cation. Another salient feature is automatic instrumentation of executable codes. The paper presents an overview of the MaC architecture and a prototype implementation Java-MaC.

A Foundation for Runtime Monitoring

Runtime Verification

Runtime Verification is a lightweight technique that complements other verification methods in an effort to ensure software correctness. The technique poses novel questions to software engineers: it is not easy to identify which specifications are amenable to runtime monitoring, nor is it clear which monitors effect the required runtime analysis correctly. This exposition targets a foundational understanding of these questions. Particularly, it considers an expressive specification logic (a syntactic variant of the modal µ-calculus) that is agnostic of the verification method used, together with an elemental framework providing an operational semantics for the runtime analysis performed by monitors. The correspondence between the property satisfactions in the logic on the one hand, and the verdicts reached by the monitors performing the analysis on the other, is a central theme of the study. Such a correspondence underpins the concept of monitorability, used to identify the subsets of the logic that can be adequately monitored for by RV. Another theme of the study is that of understanding what should be expected of a monitor in order for the verification process to be correct. We show how the monitor framework considered can constitute a basis whereby various notions of monitor correctness may be defined and investigated.

Finding programming errors earlier by evaluating runtime monitors ahead-of-time

2008

Abstract Runtime monitoring allows programmers to validate, for instance, the proper use of application interfaces. Given a property specification, a runtime monitor tracks appropriate runtime events to detect violations and possibly execute recovery code. Although powerful, runtime monitoring inspects only one program run at a time and so may require many program runs to find errors.