A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is
In this dissertation we focus on providing effective adaptations that can be localised and applied to specific concurrent actors, thereby only causing a temporary disruption to the parts of the system requiring mitigation, while leaving the rest of the system intact. We make the application of localised adaptations efficient through incremental synchronisation, whereby the specifier can strategically suspend specific parts of the system, whenever this is strictly required for ensuring thatarXiv:1709.02346v1 fatcat:j47vh2ufszhzrfoamilko7fph4
more »... ations are effectively applied. We also study static analysis techniques to determine whether the specified incremental synchronisation is in some sense adequate for local adaptations to be carried out. We thus identify a number of generic adaptations that can be applied to any actor system, regardless of its design and the code that it executes. We implement the identified adaptations as an extension of an existing Runtime Verification tool for actor-systems, thereby creating a RA framework for monitoring and mitigating actor systems. In parallel to our implementation we also develop a formal model of our RA framework that further serves to guide our implementation. This model also enables us to better understand the subtle errors that erroneously specified adaptation scripts may introduce. We thus develop a static type system for detecting and rejecting erroneous adaptation scripts prior to deployment, thereby providing the specifier with assistance for writing valid scripts. Although the static typesystem analyses scripts with respect to certain assumptions, we do not assume that the monitored system abides by these assumptions. We therefore augment our RA framework with dynamic checks for halting monitoring whenever the system deviates from our assumption. Based on this dynamically checked model of our RA framework, we prove type soundness for our static type system.
Runtime enforcement and control system synthesis are two verication techniques that automate the process of transforming an erroneous system into a valid one. As both techniques can modify the behaviour of a system to prevent erroneous executions, they are both ideal for ensuring safety. In this paper, we investigate the interplay between these two techniques and identify control system synthesis as being the static counterpart to suppression-based runtime enforcement, in the context of safety properties.doi:10.5281/zenodo.3743171 fatcat:3blgwauhszd3jkhf3quroriu4m
Lecture Notes in Computer Science
We study the problem of extending RV techniques in the context of (asynchronous) actor systems, so as to be able to carry out a degree of system adaptation at runtime. We propose extensions to specification logics that provide handles for programming both monitor synchronisations (with individual actors), as well as the administration of the resp. adaptations once the triggering behaviour is observed. Since this added functionality allows the specifier to introduce erroneous adaptationdoi:10.1007/978-3-319-23820-3_3 fatcat:m4y37zv3fjdctbisnsvfyoaike
more »... s, we also develop static analysis techniques based on substructural type systems to assist the construction of correct adaptation scripts.
The ubiquitous reliance on software systems increases the need for ensuring that systems behave correctly and are well protected against security risks. Runtime enforcement is a dynamic analysis technique that utilizes software monitors to check the runtime behaviour of a software system with respect to a correctness specification. Whenever the runtime behaviour of the monitored system is about to deviate from the specification (either due to a programming bug or a security hijack attack), thearXiv:1804.08917v2 fatcat:r577c6ajwrex3nufaeqdyopaoa
more »... onitors apply enforcement techniques to prevent this deviation. Current Runtime Enforcement techniques require that the correctness specification defines the behaviour of the enforcement monitor itself. This burdens the specifier with not only having to define property that needs to be enforced, but also with having to specify how this should be enforced at runtime; we thus relieve the specifier from this burden by resorting to a highly expressive logic. Using a logic we allow the specifier to define the correctness specification as a logic formula from which we can automatically synthesise the appropriate enforcement monitor. Highly expressive logics can, however, permit for defining a wide variety of formulae, some of which cannot actually be enforced correctly at runtime. We thus study the enforceability of Hennessy Milner Logic with Recursion for which we identify a subset that allows for defining enforceable formulae. This allows us to define a synthesis function that translates enforceable formulae into enforcement monitors. As our monitors are meant to ensure the correct behaviour of the monitored system, it is imperative that they work correctly themselves. We thus study formal definitions that allow us to ensure that our enforcement monitors behave correctly.
Lecture Notes in Computer Science
Runtime Verification is a lightweight technique that complements other verification methods in an effort to ensure software correctness. The technique poses novel questions to software engineers: it is not easy to identify which specifications are amenable to runtime monitoring, nor is it clear which monitors effect the required runtime analysis correctly. This exposition targets a foundational understanding of these questions. Particularly, it considers an expressive specification logic (adoi:10.1007/978-3-319-67531-2_2 fatcat:vqqizqonsraarbmm6o7wyfcqhm
more »... actic variant of the modal µ-calculus) that is agnostic of the verification method used, together with an elemental framework providing an operational semantics for the runtime analysis performed by monitors. The correspondence between the property satisfactions in the logic on the one hand, and the verdicts reached by the monitors performing the analysis on the other, is a central theme of the study. Such a correspondence underpins the concept of monitorability, used to identify the subsets of the logic that can be adequately monitored for by RV. Another theme of the study is that of understanding what should be expected of a monitor in order for the verification process to be correct. We show how the monitor framework considered can constitute a basis whereby various notions of monitor correctness may be defined and investigated. Introduction Runtime Verification (RV)  is a lightweight verification technique that checks whether the System Under Scrutiny (SUS) satisfies a correctness property by analysing its current execution. It has its origins in model checking, as a more scalable (yet still formal) approach to program verification where state explosion problems (which are inherent to model checking) are mitigated [34, 35] . RV is often used to complement other verification techniques such as theorem proving, model checking and testing, in a multi-pronged approach towards ensuring system correctness [5, 4, 21, 3] . The technique has fostered a number of verification
Ian Cassar (2015) Chart 1 : 1 2008 Value Added Multipliers* * The numbers in the brackets represent the rankings of the Type II multiplier.Source: Cassar (2015) Table 1 : 1 Stage 2 Report (2003) -Input-Output ... Source: Blake et al. (2003) , Cassar (2015) , NSO (2016) . ...doi:10.5901/mjss.2016.v7n6p49 fatcat:njhm2qxgrzbzzoxyglhq66aarq
We design monitor optimisations for detectEr, a runtime-verification tool synthesising systems of concurrent monitors from correctness properties for Erlang programs. We implement these optimisations as part of the existing tool and show that they yield considerably lower runtime overheads when compared to the unoptimised monitor synthesis.doi:10.4204/eptcs.178.1 fatcat:j6l22bkdovfsvfvu6e4qrprpmm
Cassar, A. Francalanza, L. Aceto and A. ... In  , Cassar et. al used eAOP as part of a toolchain making up a runtime monitoring framework called DetectEr 2.0 2 . ...doi:10.1145/3123569.3123570 dblp:conf/erlang/CassarFAI17 fatcat:uxgwbyqdu5dovjisa5nhows44q
In an attempt to put forward a plausible range of the total impact of tourism activities on the Maltese economy, Cassar et al. (2016) presents a critical survey of applied empirical literature. ... The latter is particularly highlighted by Cassar et al. (2016) which puts forward a critical assessment of the key studies which present empirical estimates for the contribution of the tourism sector ...doi:10.54055/ejtr.v23i.391 fatcat:q23c3eanxraz5ijyamm5hqkjjm
recursive call) | [p] rel v. c (guard) | *[p] rel v. c (blocking guard) | A(x) rel v. c (asyn. adaptation) | S(x) rel v. c (sync. adaptation) Figure 1: Monitor Specification Syntax The Logic In [6, 7] , Cassar ...doi:10.4204/eptcs.254.6 fatcat:votjnq5azrgqzlb5qi3rmqtl7m
This paper explores the relationship between government debt and private consumption for Malta. In particular, it attempts to find evidence in favor or against the proposition that the consumption behavior of Maltese households follows the Ricardian Equivalence Theorem. The empirical findings from this analysis suggest that household consumption behavior in Malta is not Ricardian. The resulting lack of evidence supporting the presence of a cointegrating relationship between private consumptiondoi:10.5539/ijef.v10n12p77 fatcat:jrcyj4ao65addcgbsmxopaw5zy
more »... nd public debt indicates that there is no long run relationship amongst these two variables. However, the results obtained from a subsequent application of a vector auto regressive generalized impulse response function suggests that in the short-term a rise in public debt does positively influence private household consumption. This implies that Keynesian theory may be better suited at explaining the underlying behavior of Maltese households in response to changes in the level of public debt, supporting the view that Maltese households, on aggregate, exhibit a myopic behavior with regards to household consumption patterns. This suggests that to an extent, the Government may thus be able to take advantage of the implicit effectiveness of an expansionary fiscal stance to stimulate the economy through higher aggregate consumption, at least in the short run. However, it should be noted that in the case of Malta the non-presence of the Ricardian Equivalence Theorem may not necessarily imply a high level of effectiveness of Keynesian fiscal policy, given that Malta is a small and open economy characterized by a high level of import content in its aggregate demand components. The longer-term implications pertaining to the public debt burden on future generations should be taken into account by policy makers as higher levels of debt could result in an eventual contractionary fiscal stance, which would negatively impact the consumption pattern of future generations.
Runtime Monitoring is a lightweight and dynamic verification technique that involves observing the internal operations of a software system and/or its interactions with other external entities, with the aim of determining whether the system satisfies or violates a correctness specification. Compilation techniques employed in Runtime Monitoring tools allow monitors to be automatically derived from high-level correctness specifications (aka. properties). This allows the same property to bedoi:10.4204/eptcs.254.2 fatcat:537v3lxagjbn7h6gcjxdccpecm
more »... ed into different types of monitors, which may apply different instrumentation techniques for checking whether the property was satisfied or not. In this paper we compare and contrast the various types of monitoring methodologies found in the current literature, and classify them into a spectrum of monitoring instrumentation techniques, ranging from completely asynchronous monitoring on the one end and completely synchronous monitoring on the other.
We study the impact of synchronous and asynchronous monitoring instrumentation on runtime overheads in the context of a runtime verification framework for actor-based systems. We show that, in such a context, asynchronous monitoring incurs substantially lower overhead costs. We also show how, for certain properties that require synchronous monitoring, a hybrid approach can be used that ensures timely violation detections for the important events while, at the same time, incurring lower overheaddoi:10.4204/eptcs.175.4 fatcat:dbtypl3ksfal5ixl2hquajy73e
more »... costs that are closer to those of an asynchronous instrumentation.
Popliteal artery aneurysm (PAA) is the second most common arterial aneurysm. Vascunet is an international collaboration of vascular registries. The aim was to study treatment and outcomes. This was a retrospective analysis of prospectively registered population based data. Fourteen countries contributed data (Australia, Denmark, Finland, France, Hungary, Iceland, Italy, Malta, New Zealand, Norway, Portugal, Serbia, Sweden, and Switzerland). During 2012-2018, data from 10 764 PAA repairs weredoi:10.1016/j.ejvs.2020.07.005 pmid:32807672 fatcat:tntubba6v5bltj3xr3ssymhjim
more »... luded. Mean values with between countries ranges in parenthesis are given. The incidence was 10.4 cases/million inhabitants/year (2.4-19.3). The mean age was 71.3 years (66.8-75.3). Most patients, 93.3%, were men and 40.0% were active smokers. The operations were elective in 73.2% (60.0%-85.7%). The mean pre-operative PAA diameter was 32.1 mm (27.3-38.3 mm). Open surgery dominated in both elective (79.5%) and acute (83.2%) cases. A medial surgical approach was used in 77.7%, and posterior in 22.3%. Vein grafts were used in 63.8%. Of the emergency procedures, 91% (n = 2 169, 20.2% of all) were for acute thrombosis and 9% for rupture (n = 236, 2.2% of all). Thrombosis patients had larger aneurysms, mean diameter 35.5 mm, and 46.3% were active smokers. Early amputation and death were higher after acute presentation than after elective surgery (5.0% vs. 0.7%; 1.9% vs. 0.5%). This pattern remained one year after surgery (8.5% vs. 1.0%; 6.1% vs. 1.4%). Elective open compared with endovascular surgery had similar one year amputation rates (1.2% vs. 0.2%; p = .095) but superior patency (84.0% vs. 78.4%; p = .005). Veins had higher patency and lower amputation rates, at one year compared with synthetic grafts (86.8% vs. 72.3%; 1.8% vs. 5.2%; both p < .001). The posterior open approach had a lower amputation rate (0.0% vs. 1.6%, p = .009) than the medial approach. Patients presenting with acute ischaemia had high risk of amputation. The frequent use of endovascular repair and prosthetic grafts should be reconsidered based on these results.
« Previous Showing results 1 — 15 out of 204 results