Hyperproperties, such as non-interference and observational determinism, relate multiple system executions to each other. They are not expressible in standard temporal logics, like LTL, CTL, and CTL*, and thus cannot be monitored with standard runtime verification techniques. \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\text {HyperLTL}$$\end{document}HyperLTL extends linear-time temporal logic (LTL) with explicit quantification over traces in order to express hyperproperties. We investigate the runtime verification problem of \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\text {HyperLTL}$$\end{document}HyperLTL formulas for three different input models: (1) The parallel model, where a fixed number of system executions is processed in parallel. (2) The unbounded sequential model, where system executions are processed sequentially, one execution at a time. In this model, the number of incoming executions is a-priori unbounded and may in fact grow forever. (3) The bounded sequential model where the traces are processed sequentially and the number of incoming executions is bounded. We show that the existence of a bound in the parallel and bounded sequential models leads to a different notion of monitorability than in the unbounded sequential model. We show that deciding the monitoriability problem for alternation-free HyperLTL is \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\textsc {PSpace}$$\end{document}PSPACE-complete while the problem is undecidable in general. For every input model, we provide monitoring algorithms along with run-time and storage optimizations. By recognizing properties of specifications such as reflexivity, symmetry, and transitivity, we reduce the number of comparisons between traces. For the sequential models, we present a technique that minimizes the number of traces that need to be stored. We evaluate our optimizations, showing that this leads to a more scalable monitoring and, in particular, a significantly lower memory consumption.

中文翻译：

---

监控超属性

超属性，例如非干扰性和观察确定性，将多个系统执行相互关联起来。它们无法在标准时间逻辑（如 LTL、CTL 和 CTL*）中表达，因此无法使用标准运行时验证技术进行监控。\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{ -69pt} \begin{document}$$\text {HyperLTL}$$\end{document}HyperLTL 扩展了线性时间时序逻辑 (LTL)，通过对迹线的显式量化来表达超属性。我们研究了 \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} 的运行时验证问题\setlength{\oddsidemargin}{-69pt} \begin{document}$$\text {HyperLTL}$$\end{document}HyperLTL 三个不同输入模型的公式： (1) 并行模型，其中固定数量的系统执行是并行处理的。(2) 无界顺序模型，系统执行按顺序处理，一次执行一次。在这个模型中，传入执行的数量是先验无界的，实际上可能会永远增长。(3) 有界顺序模型，其中跟踪顺序处理并且传入执行的数量是有界的。我们表明，并行和有界顺序模型中存在的界限导致了与无界顺序模型不同的可监控性概念。我们表明决定无交替 HyperLTL 的可监控性问题是 \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs } \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\textsc {PSpace}$$\end{document}PSPACE-complete，而问题通常无法确定。对于每个输入模型，我们提供监控算法以及运行时和存储优化。通过识别规范的属性，例如自反性、对称性和传递性，我们减少了迹之间的比较次数。对于序列模型，我们提出了一种技术，可以最大限度地减少需要存储的跟踪数量。我们评估了我们的优化，表明这导致了更具可扩展性的监控，特别是显着降低了内存消耗。