Diagnosing Violations of State-based Specifications in iCFTL

Analysis techniques; Based specification; Control-flow; Diagnostic approach; Dynamic environments; Execution trace; Inter-procedural; Run-time analysis; Software-systems; State based; Software

Abstract :

[en] As modern software systems grow in complexity and operate in dynamic environments, the need for runtime analysis techniques becomes a more critical part of the verification and validation process. Runtime verification monitors the runtime system behaviour by checking whether an execution trace—a sequenceof recorded events—satisfies a given specification, yielding a Boolean or quantitative verdict. However, when a specification is violated, such a verdict is often insufficient to understand why the violation happened. To fill this gap, diagnostics approaches aim to produce more informative verdicts. In this paper, we address the problem of generating informative verdicts for violated Inter-procedural Control-Flow Temporal Logic (iCFTL) specifications that express constraints over program variable values. We propose a diagnostic approach based on backward data-flow analysis to statically determine the relevant statements contributing to the specification violation. Using this analysis, we instrument the program to produce enriched execution traces. Using the enriched execution traces, we perform the runtime analysis and identify the statements whose execution led to the specification violation. We implemented our approach in a prototype tool, iCFTLdiagnostics, and evaluated it on 112 specifications across 10 software projects. Our tool achieves 90% precision in identifying relevant statements for 100 of the 112 specifications. It reduces the number of lines that have to be inspected for diagnosing a violation by at least 90%. In terms of computational cost, our experiments show that iCFTLdiagnostics generates a diagnosis within 7 min, and requires no more than 25MB of memory. The instrumentation required to support diagnostics incurs an execution time overhead of less than 30% and a memory overhead below 20%.

Disciplines :

Computer science

Author, co-author :

STRATAN, Cristina ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV

MANDRIOLI, Claudio ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV

BIANCULLI, Domenico ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV

External co-authors :

Language :

English

Title :

Diagnosing Violations of State-based Specifications in iCFTL

Publication date :

2026

Journal title :

IEEE Transactions on Software Engineering

ISSN :

0098-5589

eISSN :

1939-3520

Publisher :

Institute of Electrical and Electronics Engineers Inc.

Pages :

1-20

Peer reviewed :

Peer Reviewed verified by ORBi

Additional URL :

http://xplorestaging.ieee.org/ielx8/32/4359463/11408937.pdf?arnumber=11408937

European Projects :

HE - 101148870 - ContTestCPS - Control Theory-based Testing of Cyber-Physical Systems

FnR Project :

FNR17065054 - DISCO - Diagnostics Of Violations Of Signal And Source Code Behaviour In The Cps Settings, 2022 (01/03/2022-31/01/2026) - Cristina Stratan

Funders :

European Union

Available on ORBilu :

since 09 March 2026

Statistics

Number of views

48 (3 by Unilu)

Number of downloads

14 (2 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

Bibliography

C. Sánchez, G. Schneider, W. Ahrendt, E. Bartocci, D. Bianculli, C. Colombo, Y. Falcone, A. Francalanza, S. Krstić, J. M. Lourenço et al., “A survey of challenges for runtime verification from advanced application domains (beyond software),” Formal Methods Syst. Des., vol. 54, no. 3, pp. 279–335, 2019.
E. Bartocci, Y. Falcone, A. Francalanza, and G. Reger, “Introduction to runtime verification,” in Lectures on Runtime Verification: Introductory and Advanced Topics. Springer, 2018, pp. 1–33.
R. Koymans, “Specifying real-time properties with metric temporal logic,” Real-Time Systems, vol. 2, no. 4, pp. 255–299, 1990.
O. Maler and D. Nickovic, “Monitoring temporal properties of continuous signals,” in Proc. FTRTFT’04. Springer, 2004, pp. 152–166.
J. H. Dawes and G. Reger, “Specification of temporal properties of functions for runtime verification,” in Proc. SAC’19. ACM, 2019, pp. 2206–2214.
J. Dawes and D. Bianculli, “Specifying properties over inter-procedural, source code level behaviour of programs,” in Proc RV’21. Springer, 2021, pp. 23–41.
C. Boufaied, C. Menghi, D. Bianculli, L. Briand, and Y. I. Parache, “Trace-checking signal-based temporal properties: A model-driven approach,” in Proc. ASE’20. ACM, 2020, pp. 1004–1015.
J. V. Deshmukh, A. Donzé, S. Ghosh, X. Jin, G. Juniwal, and S. A. Seshia, “Robust online monitoring of signal temporal logic,” Formal Methods Syst. Des., vol. 51, no. 1, pp. 5–30, 2017.
T. Ferrère, O. Maler, and D. Ničković, “Trace diagnostics using temporal implicants,” in Proc. ATVA’15. Springer, 2015, pp. 241–258.
J. H. Dawes and G. Reger, “Explaining violations of properties in control-flow temporal logic,” in Proc. RV’19. Springer, 2019, pp. 202–220.
C. Boufaied, C. Menghi, D. Bianculli, and L. C. Briand, “Trace diagnostics for signal-based temporal properties,” IEEE Trans. Softw. Eng., vol. 49, no. 5, pp. 3131–3154, 2023.
C. Stratan, J. H. Dawes, and D. Bianculli, “Diagnosing violations of time-based properties captured in icftl,” in Proc. FormaliSE’24. ACM, 2024, pp. 33–43.
I. Bouzenia, B. P. Krishan, and M. Pradel, “Dypybench: A benchmark of executable python software,” Proc. ACM’24, vol. 1, no. FSE, pp. 1–21, Jul. 2024.
M. Lacchia. (2025) Radon api documentation. Accessed: August 21, 2025. [Online]. Available: https://radon.readthedocs.io/en/latest/api.html
Python Software Foundation. (2025) ast — abstract syntax trees. Accessed: August 21, 2025. [Online]. Available: https://docs.python.org/3/library/ast.html
T. Girba, A. Kuhn, M. Seeberger, and S. Ducasse, “How developers drive software evolution,” in Eighth International Workshop on Principles of Software Evolution (IWPSE’05), 2005, pp. 113–122.
D. W. McDonald and M. S. Ackerman, “Expertise recommender: a flexible recommendation system and architecture,” in Proceedings of the 2000 ACM Conference on Computer Supported Cooperative Work, ser. CSCW ’00. New York, NY, USA: Association for Computing Machinery, 2000, pp. 231–240.
M. H. Halstead, Elements of Software Science, ser. Operating and Programming Systems Series. New York, NY, USA: Elsevier Science Inc., 1977.
G. Hao, H. Hijazi, J. Medeiros, J. Durães, C. T. Lam, P. De Carvalho, and H. Madeira, “Complementarity in software code complexity metrics,” JSS, vol. 232, p. 112679, 2026.
E. Bartocci, N. Manjunath, L. Mariani, C. Mateis, and D. Ničković, “Automatic failure explanation in cps models,” in Proc. SEFM’19. Springer, 2019, pp. 69–86.
D. Ničković, O. Lebeltel, O. Maler, T. Ferrère, and D. Ulus, “Amt 2.0: Qualitative and quantitative trace analysis with extended signal temporal logic,” Int. J. Softw. Tools Technol. Transf., vol. 22, no. 6, pp. 741–758, 2020.
W. E. Wong, Y. Qi, L. Zhao, and K.-Y. Cai, “Effective fault localization using code coverage,” in Proc. COMP-SAC’07, vol. 1, 2007, pp. 449–456.
E. Bartocci, T. Ferrère, N. Manjunath, and D. Ničković, “Localizing faults in simulink/stateflow models with stl,” in Proceedings of the 21st International Conference on Hybrid Systems: Computation and Control (part of CPS Week), 2018, pp. 197–206.
S. Pearson, J. Campos, R. Just, G. Fraser, R. Abreu, M. D. Ernst, D. Pang, and B. Keller, “Evaluating and improving fault localization,” in Proc. ICSE’17, 2017, pp. 609–620.
N. Louloudakis, P. Gibson, J. Cano, and A. Rajan, “Fix-con: Automatic fault localization and repair of deep learning model conversions between frameworks,” 2025.
C. Liu and J. Han, “Failure proximity: A fault localization-based approach,” in Proc. SIGSOFT’06. ACM, 2006, pp. 46–56.
A. Zeller, “Isolating cause-effect chains from computer programs,” SIGSOFT Softw. Eng. Notes, vol. 27, no. 6, pp. 1–10, 11 2002.
H. Cleve and A. Zeller, “Locating causes of program failures,” in Proc. ICSE’05. ACM, 2005, pp. 342–351.
S. Feng, Y. Ye, Q. Shi, Z. Cheng, X. Xu, S. Cheng, H. Choi, and X. Zhang, “Rocas: Root cause analysis of autonomous driving accidents via cyber-physical co-mutation,” in Proc. ASE’24, 2024, pp. 1620–1632.
J. Thomé, L. K. Shar, D. Bianculli, and L. Briand, “Security slicing for auditing common injection vulnerabilities,” Journal of Systems and Software, vol. 137, pp. 766–783, 2018.
J. T. B. H. Workbench. (2025) Joern: Static code analysis for vulnerability research. Accessed: August 21, 2025. [Online]. Available: https://github.com/joernio/joern
W. Dou, D. Bianculli, and L. Briand, “Model-driven trace diagnostics for pattern-based temporal specifications,” in Proc. MODELS’18. ACM, 2018, pp. 278–288.
N. Basnet and H. Abbas, “Logical signal processing: A fourier analysis of temporal logic,” in Proc. RV’20. Springer, 2020, pp. 359–382.
P. Clauss, B. Kenmei, and J. C. Beyler, “The periodic-linear model of program behavior capture,” in Proc. Euro-Par’05. Springer, 2005, pp. 325–335.
W. E. Wong, R. Gao, Y. Li, R. Abreu, and F. Wotawa, “A survey on software fault localization,” IEEE Trans. Softw. Eng., vol. 42, no. 8, pp. 707–740, 2016.
J. H. Dawes and D. Bianculli, “Specifying source code and signal-based behaviour of cyber-physical system components,” in Proc. FACS’22. Springer, 2022, pp. 20–38.
S. Varrette, H. Cartiaux, S. Peter, E. Kieffer, T. Valette, and A. Olloh, “Management of an academic hpc & research computing facility: The ulhpc experience 2.0,” in Proc. HPCCT’22. ACM, Jul. 2022.