Improving Runtime Overheads for detectEr

Runtime Verification (RV) [11] is a lightweight verification technique mitigating the scalability issues associated with exhaustive verification techniques such as model checking. Low overheads are an important requirement for the viability of any RV framework, where the additional computation introduced by the monitors should ideally be kept to a minimum. detectEr[3, 7] is an RV tool for analysing the correctness of concurrent Erlang programs — the analysis of concurrent programs is notoriously hard and often leads to state explosion problems. From a safety correctness property (defined through a formal logic), detectEr generates a system of monitors that execute concurrently with the system under scrutiny, analysing its execution trace, and raising an alert as soon as a violation to the resp. correctness property is detected. In [7], it is shown that the monitors generated by the tool are indeed correct (e.g., they only raise an alert when the system violates the resp. property) whereas in [3] the authors study the relationship between synchronous and asynchronous instrumentation in this setting, establishing (amongst other things) that asynchronous monitoring consistently yields the lowest level of overheads. In this paper we study optimisation techniques for further lowering the overheads of the tool’s asynchronous monitors.1 The monitor synthesis defined in [7] uses concurrent monitors to parallelise the runtime analysis as much as possible and exploit better the underlying hardware architecture (which nowadays typically includes multiple computing cores). However, in order to simplify the correctness proofs, this synthesis is kept as regular as possible: the monitor-generation strategy is the same for every logical construct and does not take into consideration the syntactic context of where that logical construct appears in the correctness property. Moreover, the communication organisation of the generated concurrent monitors is also kept static throughout the execution of the program, even though certain monitor subsystems become redundant during the runtime analysis. In this work we address these two potential sources of inefficiency by defining fine-tuned organisations of concurrent monitors specifically tailored to different forms of logical formulas; in addition, these monitors are also able to perform a degree of reconfiguration during the runtime analysis. We incorporate the new strategies into the existing tool and show that the generated monitors produce lower overheads than the existing monitor translations. The rest of the paper is structured as follows. § 2 introduces the tool whereas § 3 identifies inefficiencies and proposes solutions. § 4 discusses performance improvements and § 5 concludes.