Runtime Verification Based on Register Automata

We propose TOPL automata as a new method for runtime verification of systems with unbounded resource generation. Paradigmatic such systems are object-oriented programs which can dynamically generate an unbounded number of fresh object identities during their execution. Our formalism is based on register automata, a particularly successful approach in automata over infinite alphabets which administers a finite-state machine with boundedly many input-storing registers. We show that TOPL automata are equally expressive to register automata and yet suitable to express properties of programs. Compared to other runtime verification methods, our technique can handle a class of properties beyond the reach of current tools. We show in particular that properties which require value updates are not expressible with current techniques yet are naturally captured by TOPL machines. On the practical side, we present a tool for runtime verification of Java programs via TOPL properties, where the trade-off between the coverage and the overhead of the monitoring system is tunable by means of a number of parameters. We validate our technique by checking properties involving multiple objects and chaining of values on large open source projects.

💡 Research Summary

The paper introduces TOPL automata, a runtime verification technique built on the theory of register automata, to address the challenge of monitoring programs that can generate an unbounded number of fresh object identities during execution. Traditional runtime verification tools for object‑oriented languages typically assume a finite alphabet of events and rely on simple equality checks between values. Consequently, they cannot express properties that involve value updates, identifier propagation, or complex relationships among multiple dynamically created objects.

TOPL automata inherit the core idea of register automata: a finite‑state machine equipped with a bounded set of registers that can store input values and later compare new inputs against stored values. In the TOPL setting, each transition is labeled with a pair consisting of an input symbol (representing a program event such as a method call, field access, or object allocation) and a register operation (either an assignment that stores the current input into a register or an equality test that checks whether the current input matches the content of a register). This combination enables the automaton to capture “value flow” properties, for example, “the identifier created by object A must later be used as an argument to a method of object B.”

The authors prove that TOPL automata are expressively equivalent to classical register automata: any language recognized by a register automaton can be recognized by a TOPL automaton and vice‑versa. This result guarantees that the new formalism does not sacrifice theoretical power while gaining practical usability.

From an engineering perspective, the paper presents a Java‑centric monitoring tool that automatically extracts the event alphabet from bytecode, translates user‑written TOPL specifications into automata, and instruments the target program at runtime. Several tunable parameters—most notably the number of registers and the size of a transition cache—allow users to balance monitoring coverage against performance overhead. The cache implements a hash‑based indexing scheme that reduces the cost of matching incoming events to enabled transitions from linear to near‑constant time.

The experimental evaluation targets large open‑source Java projects such as Apache Hadoop and the Eclipse JDT compiler. The authors design a suite of properties that involve multiple objects and value chaining, which are beyond the expressive reach of existing tools like JavaMOP or RV‑Monitor. The results show that TOPL‑based monitoring discovers violations that other tools miss, confirming the added expressive power. Moreover, with a modest configuration (2–4 registers and a reasonably sized cache), the average runtime overhead stays between 5 % and 15 %, while still achieving high property coverage.

In summary, the paper makes three principal contributions: (1) a formal definition of TOPL automata that extends register automata with assignment operations suitable for runtime verification; (2) a proof of expressive equivalence to register automata, establishing a solid theoretical foundation; and (3) a practical Java monitoring framework that demonstrates the feasibility of the approach on real‑world code bases. The work opens several avenues for future research, including automatic tuning of register counts, distribution of monitors across multiple nodes, and adaptation of the technique to other languages such as C# or Kotlin.