Imiron launches SpecForge to monitor cyber-physical systems

Imiron develops SpecForge for system monitoring

Imiron is building SpecForge, a new framework for authoring and monitoring formal specifications based on temporal logic. The tool helps developers manage the complex parts of cyber-physical systems where failure often carries high safety risks.

Engineers use SpecForge to define how a system should behave before they begin the development process. This approach relies on formalized specifications with rigorously defined semantics to eliminate ambiguity between stakeholders and designers.

Automated monitoring tools in the framework check system behavior against these specifications in real time. This process ensures that every execution path in a program adheres to the required safety and performance standards.

Temporal logic defines event sequences

Amir Pnueli first introduced Temporal Logic in 1977 to describe how programs behave over time. Since then, engineers have applied this formalism to hardware specifications, autonomous vehicle traffic scenarios, and medical devices like insulin pumps.

Temporal logic uses specific operators to describe the ordering of events. These operators allow a developer to state exactly when a condition must be met during a trace of data. Common operators used in these frameworks include:

• Eventually: A property must hold at some point in the future.
• Always: A property must hold at every point in the trace.
• Next: A property must hold at the very next time step.
• Until: One property must hold until another specific event occurs.

Developers also use past-tense versions of these operators for online monitoring. These versions, such as Historically or Since, allow a monitor to report violations as they happen without needing to know future events.

Logic handles complex data variables

Simple propositional logic often fails to describe realistic systems with multiple independent resources. If a system manages thousands of locks, writing a separate formula for each one becomes impossible for human developers.

First-order temporal logic solves this by introducing variables that extract values directly from the data. This allows a single formula to track relationships between requests and responses across any number of resources.

One primary application of this logic involves iterator invalidation in programming runtimes. A specification can dictate that a collection must not be modified while an active iterator is traversing its elements.

Researchers have even used first-order temporal logic to formalize parts of the GDPR data protection regulation. These formulas track whether a user has provided consent and ensure that data is deleted when a user requests its removal.

Automata offer more expressive power

State machines, or automata, share a close relationship with temporal logic but offer greater expressivity. Some system properties that are impossible to write in temporal logic are easily defined using an automaton.

Quantified Event Automata allow designers to describe temporal patterns directly. These machines transition through states based on events, reaching a "rejecting" state if the system violates a safety requirement.

If an automaton includes registers to store values, it can track even more complex behaviors. For example, a register automaton can verify that a program does not call a method more times than the size of a specific collection.

These machines are particularly useful for tracking obligations. If a system receives a request, the automaton enters a non-accepting state and remains there until the system fulfills the corresponding response.

Signal logic tracks real-valued data

Many cyber-physical systems produce time-varying signals rather than discrete events. Signal Temporal Logic (STL) extends standard temporal logic by replacing simple propositions with linear inequalities over real-valued data.

STL uses freeze quantification to capture the value of a signal at a specific moment. A developer can store a signal's value as a variable and compare it to values that appear later in the timeline.

This technique allows engineers to specify oscillatory behavior in hardware components. For instance, a rule might state that if a signal hits a certain threshold, it must fluctuate above and below that value within 10 time units.

Quantified Signal Temporal Logic (QSTL) takes this further by using both time and value variables. This creates a logic that closely resembles first-order logic but is optimized for continuous signal data.

Complex event recognition extracts patterns

The field of Complex Event Recognition (CER) goes beyond simple monitoring to extract specific occurrences of events for downstream processing. Languages like CEQL use regular expression patterns to find sequences in a stream of data.

A stock market monitor might use CER to find a sequence of SELL events for specific companies like MSFT or AMZN. The query can include filters to ensure the first price was above 100 and the final price was below 2000.

These systems often use a PARTITION BY clause to group events by a specific attribute, such as a stock name. This ensures the logic only compares events that belong to the same entity.

• Regular expressions define the pattern of events.
• Filters apply constraints to the data variables.
• Aggregations calculate maximum or minimum values across the sequence.

Efficient tools manage monitoring overhead

Monitoring first-order logic is computationally difficult because the system must track witnesses across time. Every time a new parameter appears, the monitor must update its internal relations to check for potential violations.

The tool MonPoly uses temporal databases to track these relations efficiently. A verified version called Verimon+ was built using the Isabelle proof assistant to ensure the monitor itself contains no logic errors.

Another tool called DejaVu uses Binary Decision Diagrams (BDDs) to represent relations. By encoding parameters as bitvectors, DejaVu can manipulate complex Boolean functions with very low memory overhead.

Frameworks like RTLOLA and Logfire use stream processing and rule-based algorithms. Logfire specifically utilizes the RETE algorithm to maintain relations between events and detect errors as soon as they occur.

SpecForge roadmap includes event support

The current version of SpecForge focuses primarily on properties related to real-valued signals. Developers use it to define constraints on physical data coming from sensors and hardware components.

Imiron plans to expand SpecForge to support event-based traces with data payloads in the near future. This update will incorporate the first-order temporal logic constructs required for complex software monitoring.

The goal is to provide a single environment that handles both value freezing for signals and variable quantification for events. This will allow engineers to build a unified safety layer for systems that mix physical hardware with complex software logic.