Verified Rust Monitors for Lola Specifications
This work addresses the problem of ensuring the correctness of monitoring mechanisms for cyber-physical systems, which is critical for their safety.
This paper introduces a verifying compiler that translates Lola specifications into Rust implementations. The generated Rust code includes verification annotations, enabling the Viper toolkit to automatically prove functional correctness, memory safety, and termination, and the compiler parallelizes stream evaluation based on dependency analysis.
The safety of cyber-physical systems rests on the correctness of their monitoring mechanisms. This is problematic if the specification of the monitor is implemented manually or interpreted by unreliable software. We present a verifying compiler that translates specifications given in the stream-based monitoring language Lola to implementations in Rust. The generated code contains verification annotations that enable the Viper toolkit to automatically prove functional correctness, absence of memory faults, and guaranteed termination. The compiler parallelizes the evaluation of different streams in the monitor based on a dependency analysis of the specification. We present encouraging experimental results obtained with monitor specifications found in the literature. For every specification, our approach was able to either produce a correctness proof or to uncover errors in the specification.