📝 SummarXiv

Abstract

Stream-based monitoring is a real-time safety assurance mechanism for complex cyber-physical systems such as unmanned aerial vehicles. In this context, a monitor aggregates streams of input data from sensors and other sources to give real-time statistics and assessments of the system's health. Since monitors are safety-critical components, it is crucial to ensure that they are free of potential runtime errors. One of the central challenges in designing reliable stream-based monitors is to deal with the asynchronous nature of data streams: in concrete applications, the different sensors being monitored produce values at different speeds, and it is the monitor's responsibility to correctly react to the asynchronous arrival of different streams of values. To ease this process, modern frameworks for stream-based monitoring such as RTLola feature an expressive specification language that allows to finely specify data synchronization policies. While this feature dramatically simplifies the design of monitors, it can also lead to subtle runtime errors. To mitigate this issue, this paper presents pacing types, a novel type system implemented in RTLola to ensure that monitors for asynchronous streams are well-behaved at runtime. We formalize the essence of pacing types for a core fragment of RTLola, and present a soundness proof of the pacing type system using a new logical relation.