The document discusses stream processing and querying of process logs. It defines a process log as a mapping of case identifiers to traces, which are sequences of events. Queries can check properties of individual traces or perform aggregations across multiple traces. Hyper-queries generalize this to operate on the full log. Various methods of incrementally evaluating queries and hyper-queries are discussed as the log is produced, such as processing one case or event at a time. The state of the art in constraint and query languages is reviewed.
A Stream-Based Approach to Intrusion DetectionSylvain Hallé
Slides of a presentation given to promote the book "CyberSecurity in a DevOps Environment" (2023).
Abstract:
Integrating security in the development and operation of information systems is the cornerstone of SecDevOps. From an operational perspective, one of the key activities for achieving such an integration is the detection of incidents (such as intrusions), especially in an automated manner. However, one of the stumbling blocks of an automated approach to intrusion detection is the management of the large volume of information typically produced by this type of solution. Existing works on the topic have concentrated on the reduction of volume by increasing the precision of the detection approach, thus lowering the rate of false alarms. However, another, less explored possibility is to reduce the volume of evidence gathered for each alarm raised.
This chapter explores the concept of intrusion detection from the angle of complex event processing. It provides a formalization of the notion of pattern matching in a sequence of events produced by an arbitrary system, by framing the task as a runtime monitoring problem. It then focuses on the topic of incident reporting, and proposes a technique to automatically extract relevant elements of a stream that explain the occurrence of an intrusion. These relevant elements generally amount to a small fraction of all the data ingested for an alarm to be triggered, and thus help reduce the volume of evidence that needs to be examined by manual means. The approach is experimentally evaluated on a proof-of-concept implementation of these principles.
Event Stream Processing with BeepBeep 3Sylvain Hallé
Event logs and event streams can be found in software systems of very diverse kinds. Analyzing the wealth of information contained in these logs can serve multiple purposes. In this tutorial, the audience will learn about BeepBeep, a versatile Java library intended to make the processing of event streams (either offline or in realtime) both fun and simple. BeepBeep is the result of more than a decade of research led by a team at Laboratoire d’informatique formelle at Université du Québec à Chicoutimi (Canada). Over the past few years, BeepBeep has been involved in a variety of case studies, and provides built-in support for writing domain-specific languages. Recently, a complete textbook has been published on BeepBeep, testifying to the maturity that the system has acquired.
Smart Contracts-Enabled Simulation for Hyperconnected LogisticsSylvain Hallé
(Slides for a talk given in the journal-first track of the EDOC 2022 conference.)
The combination of the Internet of Things and blockchain-based technologies represents a real opportunity for supply chain and logistics protagonists, who need more dynamic, trustworthy and transparent tracking systems in order to improve their efficiency and strengthen customer confidence. In parallel, hyperconnected logistics promise more efficient and sustainable goods handling and delivery. This chapter shows how the Ethereum blockchain and smart contracts can be used to implement a shareable and secured tracking system for hyperconnected logistics. A simulation using the well-known AnyLogic software tool provides insights on the monitoring of properties depicting shipment lifecycle constraints through a stream of blockchain log events processed by BeepBeep 3, an open source stream processing engine.
Test Suite Generation for Boolean Conditions with Equivalence Class PartitioningSylvain Hallé
Boolean test input generation is the process of finding sets of values for variables of a logical expression such that a given coverage criterion is achieved. This paper presents a formal framework in which evaluating an expression produces a tree structure, and where a coverage criterion is expressed as equivalence classes induced by a particular transformation over these trees. It then defines many well-known coverage criteria as particular cases of this framework. The paper describes an algorithm to generate test suites by a reduction through a graph problem; this algorithm works in the same way regardless of the criterion considered. An experimental evaluation of this technique shows that it produces test suites that are in many cases smaller than existing tools.
Synthia: a Generic and Flexible Data Structure Generator (Long Version)Sylvain Hallé
Synthia is a versatile, modular and extensible Java-based data structure generation library. It is centered on the notion of "pickers", which are objects producing values of a given type on demand. Pickers are stateful and can be given as input to other pickers; this chaining principle can generate objects whose structure follows a complex pattern. The paper describes the core principles and key features of the library, including test input shrinking, provenance tracking, and object mutation.
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)Sylvain Hallé
The paper presents a theoretical foundation for test sequence generation based on an input specification. The set of possible test sequences is first partitioned according to a generic "triaging" function, which can be created from a state-machine specification in various ways. The notion of coverage metric is then expressed in terms of the categories produced by this function. Many existing test generation problems, such as t-way state or transition coverage, become particular cases of this generic framework. We then present algorithms for generating sets of test sequences providing guaranteed full coverage with respect to a metric, by building and processing a special type of graph called a Cayley graph. An implementation of these concepts is then experimentally evaluated against existing techniques, and shows it provides better performance in terms of running time and test suite size.
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)Sylvain Hallé
We describe an extension of the BeepBeep stream processing library for the offline verification of arbitrary expressions of Linear Temporal Logic using bitmap manipulations. Experimental results show that, for complex LTL formulæ containing up to 20 operators, event traces can be evaluated at a throughput of millions of events per second and provide a considerable speed-up compared to the current implementation of the tool.
A Stream-Based Approach to Intrusion DetectionSylvain Hallé
Slides of a presentation given to promote the book "CyberSecurity in a DevOps Environment" (2023).
Abstract:
Integrating security in the development and operation of information systems is the cornerstone of SecDevOps. From an operational perspective, one of the key activities for achieving such an integration is the detection of incidents (such as intrusions), especially in an automated manner. However, one of the stumbling blocks of an automated approach to intrusion detection is the management of the large volume of information typically produced by this type of solution. Existing works on the topic have concentrated on the reduction of volume by increasing the precision of the detection approach, thus lowering the rate of false alarms. However, another, less explored possibility is to reduce the volume of evidence gathered for each alarm raised.
This chapter explores the concept of intrusion detection from the angle of complex event processing. It provides a formalization of the notion of pattern matching in a sequence of events produced by an arbitrary system, by framing the task as a runtime monitoring problem. It then focuses on the topic of incident reporting, and proposes a technique to automatically extract relevant elements of a stream that explain the occurrence of an intrusion. These relevant elements generally amount to a small fraction of all the data ingested for an alarm to be triggered, and thus help reduce the volume of evidence that needs to be examined by manual means. The approach is experimentally evaluated on a proof-of-concept implementation of these principles.
Event Stream Processing with BeepBeep 3Sylvain Hallé
Event logs and event streams can be found in software systems of very diverse kinds. Analyzing the wealth of information contained in these logs can serve multiple purposes. In this tutorial, the audience will learn about BeepBeep, a versatile Java library intended to make the processing of event streams (either offline or in realtime) both fun and simple. BeepBeep is the result of more than a decade of research led by a team at Laboratoire d’informatique formelle at Université du Québec à Chicoutimi (Canada). Over the past few years, BeepBeep has been involved in a variety of case studies, and provides built-in support for writing domain-specific languages. Recently, a complete textbook has been published on BeepBeep, testifying to the maturity that the system has acquired.
Smart Contracts-Enabled Simulation for Hyperconnected LogisticsSylvain Hallé
(Slides for a talk given in the journal-first track of the EDOC 2022 conference.)
The combination of the Internet of Things and blockchain-based technologies represents a real opportunity for supply chain and logistics protagonists, who need more dynamic, trustworthy and transparent tracking systems in order to improve their efficiency and strengthen customer confidence. In parallel, hyperconnected logistics promise more efficient and sustainable goods handling and delivery. This chapter shows how the Ethereum blockchain and smart contracts can be used to implement a shareable and secured tracking system for hyperconnected logistics. A simulation using the well-known AnyLogic software tool provides insights on the monitoring of properties depicting shipment lifecycle constraints through a stream of blockchain log events processed by BeepBeep 3, an open source stream processing engine.
Test Suite Generation for Boolean Conditions with Equivalence Class PartitioningSylvain Hallé
Boolean test input generation is the process of finding sets of values for variables of a logical expression such that a given coverage criterion is achieved. This paper presents a formal framework in which evaluating an expression produces a tree structure, and where a coverage criterion is expressed as equivalence classes induced by a particular transformation over these trees. It then defines many well-known coverage criteria as particular cases of this framework. The paper describes an algorithm to generate test suites by a reduction through a graph problem; this algorithm works in the same way regardless of the criterion considered. An experimental evaluation of this technique shows that it produces test suites that are in many cases smaller than existing tools.
Synthia: a Generic and Flexible Data Structure Generator (Long Version)Sylvain Hallé
Synthia is a versatile, modular and extensible Java-based data structure generation library. It is centered on the notion of "pickers", which are objects producing values of a given type on demand. Pickers are stateful and can be given as input to other pickers; this chaining principle can generate objects whose structure follows a complex pattern. The paper describes the core principles and key features of the library, including test input shrinking, provenance tracking, and object mutation.
Test Sequence Generation with Cayley Graphs (Talk @ A-MOST 2021)Sylvain Hallé
The paper presents a theoretical foundation for test sequence generation based on an input specification. The set of possible test sequences is first partitioned according to a generic "triaging" function, which can be created from a state-machine specification in various ways. The notion of coverage metric is then expressed in terms of the categories produced by this function. Many existing test generation problems, such as t-way state or transition coverage, become particular cases of this generic framework. We then present algorithms for generating sets of test sequences providing guaranteed full coverage with respect to a metric, by building and processing a special type of graph called a Cayley graph. An implementation of these concepts is then experimentally evaluated against existing techniques, and shows it provides better performance in terms of running time and test suite size.
Efficient Offline Monitoring of LTL with Bit Vectors (Talk at SAC 2021)Sylvain Hallé
We describe an extension of the BeepBeep stream processing library for the offline verification of arbitrary expressions of Linear Temporal Logic using bitmap manipulations. Experimental results show that, for complex LTL formulæ containing up to 20 operators, event traces can be evaluated at a throughput of millions of events per second and provide a considerable speed-up compared to the current implementation of the tool.
Detecting Responsive Web Design Bugs with Declarative SpecificationsSylvain Hallé
Responsive Web Design (RWD) is a concept that is born from the need to provide users with a positive and intuitive experience, no matter what device they use. Complex Cascading Style Sheets (CSS) are used in RWD to smoothly change the appearance of a website based on the window width of the device being used. The paper presents an automated approach for testing these dynamic web applications, where a combination of dynamic crawling and back-end testing is used to automatically detect RWD bugs.
Streamlining the Inclusion of Computer Experiments in Research PapersSylvain Hallé
To run experiments on a computer, you probably write command-line scripts for various tasks: generate your data, save it into files, process and display them as plots or tables to include in a paper. But soon enough, your handful of “quick and dirty” files becomes a bunch of poorly documented scripts that generate and pass around all kinds of obscure temporary files. LabPal is a library that allows you to set up an environment for running experiments, collating their results and processing them.
Writing Domain-Specific Languages for BeepBeepSylvain Hallé
This paper describes a plug-in extension of the BeepBeep 3 event stream processing engine. The extension allows one to write a custom grammar defining a particular specification language on event traces. A built-in interpreter can then convert expressions of the language into chains of BeepBeep processors through just a few lines of code, making it easy for users to create their own domain-specific languages.
Real-Time Data Mining for Event StreamsSylvain Hallé
Information systems produce different types of event logs; in many situations, it may be desirable to look for trends inside these logs. We show how trends of various kinds can be computed over such logs in real time, using a generic framework called the trend distance workflow. Many common computations on event streams turn out to be special cases of this workflow, depending on how a handful of workflow parameters are defined. This process has been implemented and tested in a real-world event stream processing tool, called BeepBeep.
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)Sylvain Hallé
Surfez sur le web quelques heures, et vous trouverez sûrement un site ou une application qui contient un bogue dans son interface graphique. Que ce soit un bouton qui ne fonctionne pas, un rectangle partiellement caché ou mal positionné, il semble que les problèmes d’interface soient notoirement difficiles à traquer! Des technologies intelligentes pourraient-elles aider les concepteurs et les développeurs à mieux tester leurs interfaces? Au Laboratoire d’informatique formelle de l’Université du Québec à Chicoutimi, nous le croyons. Nous avons développé Cornipickle, un logiciel permettant à un développeur d’énoncer, dans un langage simple et lisible, une foule de contraintes sur le positionnement et le contenu des éléments d’une interface web. Nous verrons comment Cornipickle peut s’intégrer à une application existante, détecter des problèmes, identifier les éléments qui sont fautifs et même suggérer des correctifs. Ceci permet donc à un développeur de gagner beaucoup de temps lors de la recherche des problèmes.
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)Sylvain Hallé
This talk reviews the basic principles behind the BeepBeep 3 event stream processing engine, and the facilities it provides to help you design you own, domain-specific query language.
Event Stream Processing with Multiple ThreadsSylvain Hallé
We present an extension to the BeepBeep 3 event stream engine that allows the use of multiple threads during the evaluation of a query. Compared to the single-threaded version of BeepBeep, the allocation of just a few threads to specific portions of a query provides improvement in terms of throughput.
Solving Equations on Words with Morphisms and AntimorphismsSylvain Hallé
Word equations are combinatorial equalities between strings of symbols, variables and functions, which can be used to model problems in a wide range of domains. While some complexity results for the solving of specific classes of equations are known, currently there does not exist a systematic equation solver. We present in this paper a reduction of the problem of solving word equations to Boolean satisfiability, and describe the implementation of a general-purpose tool that leverages existing SAT solvers for this purpose. Our solver will prove useful in the resolution of word equations, and in the computer-based exploration of various combinatorial conjectures.
This presentation is an introduction to Complex Event Processing (CEP) intended for an practicioners of Runtime Verification. It first describes typical CEP problems, popular tools and their query languages. It then presents BeepBeep 3, an event stream processor that attempts to bridge the gap between RV and CEP. Thanks to BeepBeep’s generic architecture and flexible input language, queries and properties from both fields can be efficiently processed.
Decentralized Enforcement of Artifact LifecyclesSylvain Hallé
Artifact-centric workflows describe possible executions of a business process through constraints expressed from the point of view of the documents exchanged between principals. A sequence of manipulations is deemed valid as long as every document in the workflow follows its prescribed lifecycle at all steps of the process. So far, establishing that a given workflow complies with artifact lifecycles has mostly been done through static verification, or by assuming a centralized access to all artifacts where these constraints can be monitored and enforced. We present in this paper an alternate method of enforcing document lifecycles that requires neither static verification nor single-point access. Rather, the document itself is designed to carry fragments of its history, protected from tampering using hashing and public-key encryption. Any principal involved in the process can verify at any time that a document’s history complies with a given lifecycle. Moreover, the proposed system also enforces access permissions: not all actions are visible to all principals, and one can only modify and verify what one is allowed to observe.
Chasing Bugs with the BeepBeep Event Stream ProcessorSylvain Hallé
Runtime verification is the process of observing a sequence of events generated by a running system and comparing it to some formal specification for potential violations. We show how the use of the BeepBeep event stream processor can greatly speed up the testing phase of a video game under development, by automating the detection of bugs when the game is being played. This process generalizes to a wide number of other use cases, including web application debugging and network intrusion detection.
Activity Recognition Through Complex Event Processing: First Findings Sylvain Hallé
The activities of daily living of a patient in a smart home environment can be detected to a large extent by the real-time analysis of characteristics of the habitat's electrical consumption. However, reasoning over the conduct of these activities occurs at a much higher level of abstraction than what the sensors generally produce. In this paper, we leverage the concept of Complex Event Processing (CEP), in which low-level data streams are progressively transformed into higher-level ones, to the task of activity recognition. We show how the use of an appropriate representation for each level of abstraction can greatly simplify the process. We also report on the use of an existing event stream processor to successfully implement the complete chain, from low-level sensor data up to a sequence of discrete and high-level actions.
We describe work in progress on the design and implementation of an SQL-like language for performing complex queries on event streams. This language aims at providing a simple, intuitive and fully non-procedural syntax, while still preserving backwards compatibility with traditional SQL. The syntax and informal semantics of the language are introduced; multiple examples of scenarios taken from past literature are then presented, and used to compare the expressiveness and intuitiveness of the proposed language with respect to existing Complex Event Processing engines.
Graph Methods for Generating Test Cases with Universal and Existential Constr...Sylvain Hallé
We introduce a generalization of the t -way test case generation problem, where parameter t is replaced by a set Φ of Boolean conditions on attribute values. We then present two reductions of this problem to graphs; first, to graph colouring, where we link the the minimal number of tests to the chromatic number of some graph; second, to hypergraph vertex covering. This latter formalization allows us to handle problems with constraints of two kinds: those that must be true for every generated test case, and those that must be true for at least one test case. Experimental results show that the proposed solution produces test suites of slightly smaller sizes than a range of existing tools, while being more general: to the best of our knowledge, our work is the first to allow existential constraints over test cases.
We introduce a formal notation for the processing of event traces called Stream Logic (SL). A monitor evaluates a Boolean condition over an input trace, while a filter outputs events from an input trace depending on some monitor's verdict; both constructs can be freely composed. We show how all operators of Linear Temporal Logic, as well as the parametric slicing of an input trace, can be written as Stream Logic constructs.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Detecting Responsive Web Design Bugs with Declarative SpecificationsSylvain Hallé
Responsive Web Design (RWD) is a concept that is born from the need to provide users with a positive and intuitive experience, no matter what device they use. Complex Cascading Style Sheets (CSS) are used in RWD to smoothly change the appearance of a website based on the window width of the device being used. The paper presents an automated approach for testing these dynamic web applications, where a combination of dynamic crawling and back-end testing is used to automatically detect RWD bugs.
Streamlining the Inclusion of Computer Experiments in Research PapersSylvain Hallé
To run experiments on a computer, you probably write command-line scripts for various tasks: generate your data, save it into files, process and display them as plots or tables to include in a paper. But soon enough, your handful of “quick and dirty” files becomes a bunch of poorly documented scripts that generate and pass around all kinds of obscure temporary files. LabPal is a library that allows you to set up an environment for running experiments, collating their results and processing them.
Writing Domain-Specific Languages for BeepBeepSylvain Hallé
This paper describes a plug-in extension of the BeepBeep 3 event stream processing engine. The extension allows one to write a custom grammar defining a particular specification language on event traces. A built-in interpreter can then convert expressions of the language into chains of BeepBeep processors through just a few lines of code, making it easy for users to create their own domain-specific languages.
Real-Time Data Mining for Event StreamsSylvain Hallé
Information systems produce different types of event logs; in many situations, it may be desirable to look for trends inside these logs. We show how trends of various kinds can be computed over such logs in real time, using a generic framework called the trend distance workflow. Many common computations on event streams turn out to be special cases of this workflow, depending on how a handful of workflow parameters are defined. This process has been implemented and tested in a real-world event stream processing tool, called BeepBeep.
Technologies intelligentes d'aide au développement d'applications web (WAQ 2018)Sylvain Hallé
Surfez sur le web quelques heures, et vous trouverez sûrement un site ou une application qui contient un bogue dans son interface graphique. Que ce soit un bouton qui ne fonctionne pas, un rectangle partiellement caché ou mal positionné, il semble que les problèmes d’interface soient notoirement difficiles à traquer! Des technologies intelligentes pourraient-elles aider les concepteurs et les développeurs à mieux tester leurs interfaces? Au Laboratoire d’informatique formelle de l’Université du Québec à Chicoutimi, nous le croyons. Nous avons développé Cornipickle, un logiciel permettant à un développeur d’énoncer, dans un langage simple et lisible, une foule de contraintes sur le positionnement et le contenu des éléments d’une interface web. Nous verrons comment Cornipickle peut s’intégrer à une application existante, détecter des problèmes, identifier les éléments qui sont fautifs et même suggérer des correctifs. Ceci permet donc à un développeur de gagner beaucoup de temps lors de la recherche des problèmes.
A "Do-It-Yourself" Specification Language with BeepBeep 3 (Talk @ Dagstuhl 2017)Sylvain Hallé
This talk reviews the basic principles behind the BeepBeep 3 event stream processing engine, and the facilities it provides to help you design you own, domain-specific query language.
Event Stream Processing with Multiple ThreadsSylvain Hallé
We present an extension to the BeepBeep 3 event stream engine that allows the use of multiple threads during the evaluation of a query. Compared to the single-threaded version of BeepBeep, the allocation of just a few threads to specific portions of a query provides improvement in terms of throughput.
Solving Equations on Words with Morphisms and AntimorphismsSylvain Hallé
Word equations are combinatorial equalities between strings of symbols, variables and functions, which can be used to model problems in a wide range of domains. While some complexity results for the solving of specific classes of equations are known, currently there does not exist a systematic equation solver. We present in this paper a reduction of the problem of solving word equations to Boolean satisfiability, and describe the implementation of a general-purpose tool that leverages existing SAT solvers for this purpose. Our solver will prove useful in the resolution of word equations, and in the computer-based exploration of various combinatorial conjectures.
This presentation is an introduction to Complex Event Processing (CEP) intended for an practicioners of Runtime Verification. It first describes typical CEP problems, popular tools and their query languages. It then presents BeepBeep 3, an event stream processor that attempts to bridge the gap between RV and CEP. Thanks to BeepBeep’s generic architecture and flexible input language, queries and properties from both fields can be efficiently processed.
Decentralized Enforcement of Artifact LifecyclesSylvain Hallé
Artifact-centric workflows describe possible executions of a business process through constraints expressed from the point of view of the documents exchanged between principals. A sequence of manipulations is deemed valid as long as every document in the workflow follows its prescribed lifecycle at all steps of the process. So far, establishing that a given workflow complies with artifact lifecycles has mostly been done through static verification, or by assuming a centralized access to all artifacts where these constraints can be monitored and enforced. We present in this paper an alternate method of enforcing document lifecycles that requires neither static verification nor single-point access. Rather, the document itself is designed to carry fragments of its history, protected from tampering using hashing and public-key encryption. Any principal involved in the process can verify at any time that a document’s history complies with a given lifecycle. Moreover, the proposed system also enforces access permissions: not all actions are visible to all principals, and one can only modify and verify what one is allowed to observe.
Chasing Bugs with the BeepBeep Event Stream ProcessorSylvain Hallé
Runtime verification is the process of observing a sequence of events generated by a running system and comparing it to some formal specification for potential violations. We show how the use of the BeepBeep event stream processor can greatly speed up the testing phase of a video game under development, by automating the detection of bugs when the game is being played. This process generalizes to a wide number of other use cases, including web application debugging and network intrusion detection.
Activity Recognition Through Complex Event Processing: First Findings Sylvain Hallé
The activities of daily living of a patient in a smart home environment can be detected to a large extent by the real-time analysis of characteristics of the habitat's electrical consumption. However, reasoning over the conduct of these activities occurs at a much higher level of abstraction than what the sensors generally produce. In this paper, we leverage the concept of Complex Event Processing (CEP), in which low-level data streams are progressively transformed into higher-level ones, to the task of activity recognition. We show how the use of an appropriate representation for each level of abstraction can greatly simplify the process. We also report on the use of an existing event stream processor to successfully implement the complete chain, from low-level sensor data up to a sequence of discrete and high-level actions.
We describe work in progress on the design and implementation of an SQL-like language for performing complex queries on event streams. This language aims at providing a simple, intuitive and fully non-procedural syntax, while still preserving backwards compatibility with traditional SQL. The syntax and informal semantics of the language are introduced; multiple examples of scenarios taken from past literature are then presented, and used to compare the expressiveness and intuitiveness of the proposed language with respect to existing Complex Event Processing engines.
Graph Methods for Generating Test Cases with Universal and Existential Constr...Sylvain Hallé
We introduce a generalization of the t -way test case generation problem, where parameter t is replaced by a set Φ of Boolean conditions on attribute values. We then present two reductions of this problem to graphs; first, to graph colouring, where we link the the minimal number of tests to the chromatic number of some graph; second, to hypergraph vertex covering. This latter formalization allows us to handle problems with constraints of two kinds: those that must be true for every generated test case, and those that must be true for at least one test case. Experimental results show that the proposed solution produces test suites of slightly smaller sizes than a range of existing tools, while being more general: to the best of our knowledge, our work is the first to allow existential constraints over test cases.
We introduce a formal notation for the processing of event traces called Stream Logic (SL). A monitor evaluates a Boolean condition over an input trace, while a filter outputs events from an input trace depending on some monitor's verdict; both constructs can be freely composed. We show how all operators of Linear Temporal Logic, as well as the parametric slicing of an input trace, can be written as Stream Logic constructs.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Monitoring Business Process Compliance Across Multiple Executions with Stream Processing
1. Stream Processing
Stream Processing
Chukri Soueidi
Yliès Falcone
Université Grenoble-Alpes
France
Monitoring
Multiple Executions
Process
with
across
Business
Compliance
Monitoring
Multiple Executions
Process
with
across
Business
Compliance
Université du Québec à Chicoutimi
Canada
Sylvain Hallé
2. C. Soueidi, Y. Falcone, S. Hallé
A school admission process
a. Assign
Officer
b. Review
Application
c. Request
Documents
d. Schedule
Interview
f. Evaluate
Interview
e. Conduct
Interview
g. Accep-
tance Letter
h. Rejection
Letter
Admission
Process Ends
Application
Submitted
3. C. Soueidi, Y. Falcone, S. Hallé
A school admission process
a
b
c
d
f g
e h
4. C. Soueidi, Y. Falcone, S. Hallé
A school admission process
a
b
c
d
f g
e h
Executions of this process are called cases
or instances
5. C. Soueidi, Y. Falcone, S. Hallé
A school admission process
a
b
c
d
f g
e h
Executions of this process are called cases
or instances
a
b d
f g
e
c
h
6. C. Soueidi, Y. Falcone, S. Hallé
A school admission process
a
b
c
d
f g
e h
Executions of this process are called cases
or instances
,
7. C. Soueidi, Y. Falcone, S. Hallé
A school admission process
a
b
c
d
f g
e h
Executions of this process are called cases
or instances
, , , ...
,
8. C. Soueidi, Y. Falcone, S. Hallé
Process log
These executions can be recorded in the form of
a log
9. C. Soueidi, Y. Falcone, S. Hallé
Process log
These executions can be recorded in the form of
a log
a g
f
b d e
10. C. Soueidi, Y. Falcone, S. Hallé
Process log
These executions can be recorded in the form of
a log
a g
f
b d e
a f
b d e
c h
11. C. Soueidi, Y. Falcone, S. Hallé
Process log
These executions can be recorded in the form of
a log
a g
f
b d e
a f
b d e
c h
a g
f
b d e
c
12. C. Soueidi, Y. Falcone, S. Hallé
Process log
These executions can be recorded in the form of
a log
a g
f
b d e
a f
b d e
c h
a g
f
b d e
c
a g
f
b d e
13. C. Soueidi, Y. Falcone, S. Hallé
Process log
Formally, let...
14. C. Soueidi, Y. Falcone, S. Hallé
Process log
Formally, let...
Σ = {σ1, ..., σn} set of events
σ ∈ Σ* is a trace
a f b e
( (
d
15. C. Soueidi, Y. Falcone, S. Hallé
Process log
Formally, let...
Σ = {σ1, ..., σn} set of events
σ ∈ Σ* is a trace
a f b e
( (
d
C = {c1, ..., cm} set of case
identifiers ( (
16. C. Soueidi, Y. Falcone, S. Hallé
Process log
Formally, let...
Σ = {σ1, ..., σn} set of events
σ ∈ Σ* is a trace
a f b e
( (
d
C = {c1, ..., cm} set of case
identifiers ( (
A log is a function λ : C → Σ*, mapping a trace to
each case identifier.
a g
f
b d e
a f
b d e
c h
↦
↦
a g
f
b d e
c
a g
f
b d e
↦
↦
17. C. Soueidi, Y. Falcone, S. Hallé
Querying the log
Many questions can be asked about this log:
18. C. Soueidi, Y. Falcone, S. Hallé
Querying the log
Many questions can be asked about this log:
Does the process
start with ?
a
Does come
after ?
a
b
Does the case end
after fewer than n
events?
19. C. Soueidi, Y. Falcone, S. Hallé
Querying the log
Many questions can be asked about this log:
Does the process
start with ?
a
Does come
after ?
a
b
Does the case end
after fewer than n
events?
What is the number
of events in a trace?
What are the events
in the trace?
What is the average
delay between two
events?
20. C. Soueidi, Y. Falcone, S. Hallé
Querying the log
Many questions can be asked about this log:
Does the process
start with ?
a
Does come
after ?
a
b
Does the case end
after fewer than n
events?
What is the number
of events in a trace?
What are the events
in the trace?
What is the average
delay between two
events?
"Constraints"
answer by yes or no
"Queries"
answer by something else
21. C. Soueidi, Y. Falcone, S. Hallé
Querying the log
Given a trace σ ∈ Σ*, a query is a function
q : Σ* → D
for some arbitrary image D. A constraint is the
particular case where D = {⊤,⊥}.
22. C. Soueidi, Y. Falcone, S. Hallé
Querying the log
Given a trace σ ∈ Σ*, a query is a function
q : Σ* → D
for some arbitrary image D. A constraint is the
particular case where D = {⊤,⊥}.
A trace σ is compliant with respect to
a constraint q iff q(σ) = ⊤.
23. C. Soueidi, Y. Falcone, S. Hallé
Querying the log
Given a trace σ ∈ Σ*, a query is a function
q : Σ* → D
for some arbitrary image D. A constraint is the
particular case where D = {⊤,⊥}.
A log λ is compliant with respect to a constraint
q iff q(λ(c)) = ⊤ for every case identifier c ∈ C.
A trace σ is compliant with respect to
a constraint q iff q(σ) = ⊤.
24. C. Soueidi, Y. Falcone, S. Hallé
Querying the log
A query (and compliance) is concerned with each
execution taken in isolation. Generalize queries to
calculations involving multiple executions:
25. C. Soueidi, Y. Falcone, S. Hallé
Querying the log
A query (and compliance) is concerned with each
execution taken in isolation. Generalize queries to
calculations involving multiple executions:
Are there at least
50% of cases
ending in ?
g
Is the average case
duration below k?
26. C. Soueidi, Y. Falcone, S. Hallé
Querying the log
A query (and compliance) is concerned with each
execution taken in isolation. Generalize queries to
calculations involving multiple executions:
Are there at least
50% of cases
ending in ?
g
Is the average case
duration below k?
What is the maximum
number of concurrent
active cases?
What event occurs in
the fewest cases?
27. C. Soueidi, Y. Falcone, S. Hallé
Querying the log
A query (and compliance) is concerned with each
execution taken in isolation. Generalize queries to
calculations involving multiple executions:
Are there at least
50% of cases
ending in ?
g
Is the average case
duration below k?
What is the maximum
number of concurrent
active cases?
What event occurs in
the fewest cases?
"Hyper-Constraints"
answer by yes or no
"Hyper-Queries"
answer by something else
28. C. Soueidi, Y. Falcone, S. Hallé
Hyper-querying the log
Given a log λ ∈ L, a hyper-query is a function
q : L → D
for some arbitrary image D. A hyper-constraint is
the particular case where D = {⊤,⊥}.
29. C. Soueidi, Y. Falcone, S. Hallé
Evaluating hyper-queries
Two goals:
30. C. Soueidi, Y. Falcone, S. Hallé
Evaluating hyper-queries
Two goals:
A
provide formal means of defining
expressive (hyper) queries
stateful, aggregations, unconventional types
31. C. Soueidi, Y. Falcone, S. Hallé
Evaluating hyper-queries
Two goals:
A
provide formal means of defining
expressive (hyper) queries
stateful, aggregations, unconventional types
evaluate these queries incrementally
as the log is produced
P
32. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 1
The complete log is available at once; the
hyperquery is evaluated on the log
a g
f
b d e
a f
b d e
c h
a g
f
b d e
c
a g
f
b d e
33. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 2
One complete case is processed at a time
34. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 2
One complete case is processed at a time
a g
f
b d e
35. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 2
One complete case is processed at a time
a g
f
b d e
a f
b d e
c h
36. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 2
One complete case is processed at a time
a g
f
b d e
a f
b d e
c h
a g
f
b d e
c
37. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 2
One complete case is processed at a time
a g
f
b d e
a f
b d e
c h
a g
f
b d e
c
a g
f
b d e
38. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 3
One event from each case is processed at a time
39. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 3
One event from each case is processed at a time
a
a
a
a
40. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 3
One event from each case is processed at a time
a
a
a
a
b
b
b
b
41. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 3
One event from each case is processed at a time
a
a
a
a
b
b
b
b
d
c
c
d
42. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 3
One event from each case is processed at a time
a
a
a
a
b
b
b
b
d
c
c
d
. . .
. . .
. . .
. . .
43. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 4
Events from each case are arbitrarily
interleaved
44. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 4
Events from each case are arbitrarily
interleaved
a
45. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 4
Events from each case are arbitrarily
interleaved
a
a
46. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 4
Events from each case are arbitrarily
interleaved
a
a
b
47. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 4
Events from each case are arbitrarily
interleaved
a
a
b
a
48. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 4
Events from each case are arbitrarily
interleaved
a
a
b
a
d
49. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 4
Events from each case are arbitrarily
interleaved
a
a
b
a
d
a
50. C. Soueidi, Y. Falcone, S. Hallé
Incremental evaluation
Case 4
Events from each case are arbitrarily
interleaved
a
a
b
a
d
a
b
52. C. Soueidi, Y. Falcone, S. Hallé
State of the art
Constraints Queries
Classical
Hyper
53. C. Soueidi, Y. Falcone, S. Hallé
State of the art
Constraints Queries
Classical
Hyper
Temporal Logic(s)
Petri nets
Finite-state machines
A
P
✓
✓
✓
54. C. Soueidi, Y. Falcone, S. Hallé
State of the art
Constraints Queries
Classical
Hyper
Temporal Logic(s)
Petri nets
Finite-state machines
A
P
✓
✓
✓
Stream equations
Stream pipelines
A
P
✓
✓
55. C. Soueidi, Y. Falcone, S. Hallé
State of the art
Constraints Queries
Classical
Hyper
Temporal Logic(s)
Petri nets
Finite-state machines
A
P
✓
✓
✓
Stream equations
Stream pipelines
A
P
✓
✓
Hyper-LTL
HyperLDLf
Event calculus
A
P
±
?
✓
56. C. Soueidi, Y. Falcone, S. Hallé
State of the art
Constraints Queries
Classical
Hyper
Temporal Logic(s)
Petri nets
Finite-state machines
A
P
✓
✓
✓
Stream equations
Stream pipelines
A
P
✓
✓
Hyper-LTL
HyperLDLf
Event calculus
A
P
±
?
✓
SQL (incremental)
APQL
A
P
✓
?
58. C. Soueidi, Y. Falcone, S. Hallé
Log updates
Log update: a special type of log λ with a single
event for a single case
L ⊆ L is the set of updates
^
{ }
a
↦
^
59. C. Soueidi, Y. Falcone, S. Hallé
Log updates
Log update: a special type of log λ with a single
event for a single case
L ⊆ L is the set of updates
^
{ }
a
↦
^
Update
operation:
an operator ∘ : L × L → L that appends
an event to an existing log
^
60. C. Soueidi, Y. Falcone, S. Hallé
C. Soueidi, Y. Falcone, S. Hallé
C. Soueidi, Y. Falcone, S. Hallé
Log updates
Log updates
Log updates
Log update: a special type of log λ with a single
event for a single case
L ⊆ L is the set of updates
^
{ }
a
↦
^
Log update: a special type of log λ with a single
event for a single case
L ⊆ L is the set of updates
^
{ }
a
↦
^
Log update: a special type of log λ with a single
event for a single case
L ⊆ L is the set of updates
^
{ }
a
↦
^
Update
operation:
an operator ∘ : L × L → L that appends
an event to an existing log
^
Update
operation:
an operator ∘ : L × L → L that appends
an event to an existing log
^
Update
operation:
an operator ∘ : L × L → L that appends
an event to an existing log
^
{ a
↦
a b
↦ }
∘ { }
b
↦ = { a
↦
a b
↦ }
b
λ ∘ λ
^
=
61. C. Soueidi, Y. Falcone, S. Hallé
Log updates
A log is progressvely built through a sequence
(i.e. a stream) of log updates from an empty log
62. C. Soueidi, Y. Falcone, S. Hallé
Log updates
A log is progressvely built through a sequence
(i.e. a stream) of log updates from an empty log
∅
63. C. Soueidi, Y. Falcone, S. Hallé
Log updates
A log is progressvely built through a sequence
(i.e. a stream) of log updates from an empty log
∅ { }
a
↦
∘
64. C. Soueidi, Y. Falcone, S. Hallé
Log updates
A log is progressvely built through a sequence
(i.e. a stream) of log updates from an empty log
∅ { }
a
↦
∘ ∘ { }
a
↦
65. C. Soueidi, Y. Falcone, S. Hallé
Log updates
A log is progressvely built through a sequence
(i.e. a stream) of log updates from an empty log
∅ { }
a
↦
∘ ∘ { }
a
↦ ∘ { }
b
↦ ∘ ...
66. C. Soueidi, Y. Falcone, S. Hallé
Problem
Problem Given a hyperquery q : L → D, define a
processor πq : L* → D* such that
πq(λ1 ⋅ ... ⋅ λn)[n] = q(λ1 ∘ ... ∘ λn)
Hyper-processors
πq
67. C. Soueidi, Y. Falcone, S. Hallé
Problem
Problem Given a hyperquery q : L → D, define a
processor πq : L* → D* such that
πq(λ1 ⋅ ... ⋅ λn)[n] = q(λ1 ∘ ... ∘ λn)
Hyper-processors
q( )
{ }
a
↦ { }
a
↦
πq
68. C. Soueidi, Y. Falcone, S. Hallé
Problem
Problem Given a hyperquery q : L → D, define a
processor πq : L* → D* such that
πq(λ1 ⋅ ... ⋅ λn)[n] = q(λ1 ∘ ... ∘ λn)
Hyper-processors
πq
69. C. Soueidi, Y. Falcone, S. Hallé
Problem
Problem Given a hyperquery q : L → D, define a
processor πq : L* → D* such that
πq(λ1 ⋅ ... ⋅ λn)[n] = q(λ1 ∘ ... ∘ λn)
Hyper-processors
πq
πq
{ }
a
↦
}
a
↦
{ a
↦
q(
70. C. Soueidi, Y. Falcone, S. Hallé
Problem
Problem Given a hyperquery q : L → D, define a
processor πq : L* → D* such that
πq(λ1 ⋅ ... ⋅ λn)[n] = q(λ1 ∘ ... ∘ λn)
Hyper-processors
πq
71. C. Soueidi, Y. Falcone, S. Hallé
Problem
Problem Given a hyperquery q : L → D, define a
processor πq : L* → D* such that
πq(λ1 ⋅ ... ⋅ λn)[n] = q(λ1 ∘ ... ∘ λn)
Hyper-processors
πq
πq
}
a
↦
{ a
↦
q(
)
{ }
b
↦ b
72. C. Soueidi, Y. Falcone, S. Hallé
Problem
Problem Given a hyperquery q : L → D, define a
processor πq : L* → D* such that
πq(λ1 ⋅ ... ⋅ λn)[n] = q(λ1 ∘ ... ∘ λn)
Hyper-processors
πq
πq
}
a
↦
{ a
↦
q(
)
{ }
b
↦ b
In other words, πq incrementally evaluates q on
each update
Avoid re-evaluating q from scratch every time!
73. C. Soueidi, Y. Falcone, S. Hallé
Solution
Solution Follow a compositional approach
Hyper-processors
74. C. Soueidi, Y. Falcone, S. Hallé
Solution
Solution Follow a compositional approach
Hyper-processors
elementary (incremental)
hyperquery processors
75. C. Soueidi, Y. Falcone, S. Hallé
Solution
Solution Follow a compositional approach
Hyper-processors
elementary (incremental)
hyperquery processors
allow composition to express
complex hyperqueries
76. C. Soueidi, Y. Falcone, S. Hallé
Solution
Solution Follow a compositional approach
Hyper-processors
elementary (incremental)
hyperquery processors
allow composition to express
complex hyperqueries
77. C. Soueidi, Y. Falcone, S. Hallé
Solution
Solution Follow a compositional approach
Hyper-processors
elementary (incremental)
hyperquery processors
allow composition to express
complex hyperqueries
78. C. Soueidi, Y. Falcone, S. Hallé
Solution
Solution Follow a compositional approach
Hyper-processors
Solution
Solution Follow a compositional approach
Operators on log updates
Log combinations
Qualified conditions
79. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
XES Source
Reads a log file in XES format, and outputs it as an
interleaved stream of log updates.
80. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
XES Source
Reads a log file in XES format, and outputs it as an
interleaved stream of log updates.
a g
f
b d e
a f
b d e
c h
↦
↦
a g
f
b d e
c
a g
f
b d e
↦
↦
81. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
XES Source
Reads a log file in XES format, and outputs it as an
interleaved stream of log updates.
1
2
3
4
5
a g
f
b d e
a f
b d e
c h
↦
↦
a g
f
b d e
c
a g
f
b d e
↦
↦
82. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
XES Source
Reads a log file in XES format, and outputs it as an
interleaved stream of log updates.
1
2
3
4
5
a g
f
b d e
a f
b d e
c h
↦
↦
a g
f
b d e
c
a g
f
b d e
↦
↦
{ }
a
↦
83. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
XES Source
Reads a log file in XES format, and outputs it as an
interleaved stream of log updates.
1
2
3
4
5
a g
f
b d e
a f
b d e
c h
↦
↦
a g
f
b d e
c
a g
f
b d e
↦
↦
{ }
a
↦
84. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
XES Source
Reads a log file in XES format, and outputs it as an
interleaved stream of log updates.
1
2
3
4
5
a g
f
b d e
a f
b d e
c h
↦
↦
a g
f
b d e
c
a g
f
b d e
↦
↦
{ }
a
↦
85. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
XES Source
Reads a log file in XES format, and outputs it as an
interleaved stream of log updates.
1
2
3
4
5
a g
f
b d e
a f
b d e
c h
↦
↦
a g
f
b d e
c
a g
f
b d e
↦
↦
{ }
b
↦
86. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
Sample
Evaluate condition f on first event σ of each case;
retain case in log if f(σ) = ⊤.
f
87. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
Sample
Evaluate condition f on first event σ of each case;
retain case in log if f(σ) = ⊤.
=?
a
88. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
Sample
Evaluate condition f on first event σ of each case;
retain case in log if f(σ) = ⊤.
=?
a
{ }
a
↦
89. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
Sample
Evaluate condition f on first event σ of each case;
retain case in log if f(σ) = ⊤.
=?
a
{ }
a
↦ { }
a
↦
90. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
Sample
Evaluate condition f on first event σ of each case;
retain case in log if f(σ) = ⊤.
=?
a
91. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
Sample
Evaluate condition f on first event σ of each case;
retain case in log if f(σ) = ⊤.
=?
a
{ }
b
↦
92. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
Sample
Evaluate condition f on first event σ of each case;
retain case in log if f(σ) = ⊤.
=?
a
93. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
Sample
Evaluate condition f on first event σ of each case;
retain case in log if f(σ) = ⊤.
=?
a
{ }
b
↦
94. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
Sample
Evaluate condition f on first event σ of each case;
retain case in log if f(σ) = ⊤.
=?
a
{ }
b
↦ { }
b
↦
95. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
Sample
Evaluate condition f on first event σ of each case;
retain case in log if f(σ) = ⊤.
=?
a
96. C. Soueidi, Y. Falcone, S. Hallé
Operators on log updates
Sample
Evaluate condition f on first event σ of each case;
retain case in log if f(σ) = ⊤.
=?
a
{ }
a
↦
97. C. Soueidi, Y. Falcone, S. Hallé
Filter
Run processor P on each case; only output updates
for cases where P returns ⊤.
Operators on log updates
P
98. C. Soueidi, Y. Falcone, S. Hallé
Filter
Run processor P on each case; only output updates
for cases where P returns ⊤.
Operators on log updates
1
Σ
0
+
f
≥
2
there are more
than 2 events
99. C. Soueidi, Y. Falcone, S. Hallé
Filter
Run processor P on each case; only output updates
for cases where P returns ⊤.
Operators on log updates
1
Σ
0
+
f
≥
2
{ }
a
↦
100. C. Soueidi, Y. Falcone, S. Hallé
Filter
Run processor P on each case; only output updates
for cases where P returns ⊤.
Operators on log updates
1
Σ
0
+
f
≥
2
101. C. Soueidi, Y. Falcone, S. Hallé
Filter
Run processor P on each case; only output updates
for cases where P returns ⊤.
Operators on log updates
1
Σ
0
+
f
≥
2
{ }
b
↦
102. C. Soueidi, Y. Falcone, S. Hallé
Filter
Run processor P on each case; only output updates
for cases where P returns ⊤.
Operators on log updates
1
Σ
0
+
f
≥
2
103. C. Soueidi, Y. Falcone, S. Hallé
Filter
Run processor P on each case; only output updates
for cases where P returns ⊤.
Operators on log updates
1
Σ
0
+
f
≥
2
{ }
b
↦
104. C. Soueidi, Y. Falcone, S. Hallé
Filter
Run processor P on each case; only output updates
for cases where P returns ⊤.
Operators on log updates
1
Σ
0
+
f
≥
2
{ }
b
↦ { }
a
↦ b
105. C. Soueidi, Y. Falcone, S. Hallé
Filter
Run processor P on each case; only output updates
for cases where P returns ⊤.
Operators on log updates
1
Σ
0
+
f
≥
2
{ }
b
↦ { }
a
↦ b
{ }
a
↦ b
when the condition becomes ⊤,
all the updates from the start of
the case are output
106. C. Soueidi, Y. Falcone, S. Hallé
Filter
Run processor P on each case; only output updates
for cases where P returns ⊤.
Operators on log updates
1
Σ
0
+
f
≥
2
107. C. Soueidi, Y. Falcone, S. Hallé
Filter
Run processor P on each case; only output updates
for cases where P returns ⊤.
Operators on log updates
1
Σ
0
+
f
≥
2
{ }
c
↦
108. C. Soueidi, Y. Falcone, S. Hallé
Filter
Run processor P on each case; only output updates
for cases where P returns ⊤.
Operators on log updates
1
Σ
0
+
f
≥
2
{ }
c
↦ { }
c
↦
109. C. Soueidi, Y. Falcone, S. Hallé
Filter
Run processor P on each case; only output updates
for cases where P returns ⊤.
Operators on log updates
1
Σ
0
+
f
≥
2
{ }
c
↦ { }
c
↦
subsequent updates are let
through
110. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
P
111. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
112. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
put two successive
events in a tuple
113. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
114. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
{ }
a
↦
115. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
{ }
a
↦
116. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
117. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
{ }
b
↦
118. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
{ }
b
↦
119. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
120. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
{ }
b
↦
121. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
{ }
b
↦
a b
122. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
a b
{ }
↦
{ }
b
↦
a b
123. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
a b
124. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
{ }
a
↦
a b
125. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
{ }
a
↦
a b ba
126. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
{ }
ba
↦
{ }
a
↦
a b ba
127. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
a b ba
128. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
{ }
c
↦
a b ba
129. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
{ }
c
↦
a b
bc ba
130. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
{ }
bc
↦
{ }
c
↦
a b
bc ba
131. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
bc ba
132. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
{ }
b
↦
bc ba
133. C. Soueidi, Y. Falcone, S. Hallé
Slice
Run an instance of processor P on each case; output
resulting log as a new stream of updates.
Operators on log updates
1
f
{ }
b
↦
bc ba
134. C. Soueidi, Y. Falcone, S. Hallé
Quantification
Given quantifiers Q1σ1, ..., Qnσn on cases,
evaluate quantified expression P(σ1, ..., σn) for a
processor P.
Log combinations
Q
∀ ∃
...
P
135. C. Soueidi, Y. Falcone, S. Hallé
Quantification
Given quantifiers Q1σ1, ..., Qnσn on cases,
evaluate quantified expression P(σ1, ..., σn) for a
processor P.
Log combinations
Q
∀
∃
↑
↑ f
=?
136. C. Soueidi, Y. Falcone, S. Hallé
Quantification
Given quantifiers Q1σ1, ..., Qnσn on cases,
evaluate quantified expression P(σ1, ..., σn) for a
processor P.
Log combinations
Q
∀
∃
↑
↑ f
=? for every case,
there exists another
one that starts with
the same event
137. C. Soueidi, Y. Falcone, S. Hallé
Quantification
Given quantifiers Q1σ1, ..., Qnσn on cases,
evaluate quantified expression P(σ1, ..., σn) for a
processor P.
Log combinations
Q
∀
∃
↑
↑ f
=?
138. C. Soueidi, Y. Falcone, S. Hallé
Quantification
Given quantifiers Q1σ1, ..., Qnσn on cases,
evaluate quantified expression P(σ1, ..., σn) for a
processor P.
Log combinations
Q
∀
∃
↑
↑ f
=?
{ }
a
↦
139. C. Soueidi, Y. Falcone, S. Hallé
Quantification
Given quantifiers Q1σ1, ..., Qnσn on cases,
evaluate quantified expression P(σ1, ..., σn) for a
processor P.
Log combinations
Q
∀
∃
↑
↑ f
=?
{ }
a
↦ ⊥
140. C. Soueidi, Y. Falcone, S. Hallé
Quantification
Given quantifiers Q1σ1, ..., Qnσn on cases,
evaluate quantified expression P(σ1, ..., σn) for a
processor P.
Log combinations
Q
∀
∃
↑
↑ f
=?
141. C. Soueidi, Y. Falcone, S. Hallé
Quantification
Given quantifiers Q1σ1, ..., Qnσn on cases,
evaluate quantified expression P(σ1, ..., σn) for a
processor P.
Log combinations
Q
∀
∃
↑
↑ f
=?
{ }
b
↦
142. C. Soueidi, Y. Falcone, S. Hallé
Quantification
Given quantifiers Q1σ1, ..., Qnσn on cases,
evaluate quantified expression P(σ1, ..., σn) for a
processor P.
Log combinations
Q
∀
∃
↑
↑ f
=?
⊥
{ }
b
↦
143. C. Soueidi, Y. Falcone, S. Hallé
Quantification
Given quantifiers Q1σ1, ..., Qnσn on cases,
evaluate quantified expression P(σ1, ..., σn) for a
processor P.
Log combinations
Q
∀
∃
↑
↑ f
=?
144. C. Soueidi, Y. Falcone, S. Hallé
Quantification
Given quantifiers Q1σ1, ..., Qnσn on cases,
evaluate quantified expression P(σ1, ..., σn) for a
processor P.
Log combinations
Q
∀
∃
↑
↑ f
=?
{ }
b
↦
145. C. Soueidi, Y. Falcone, S. Hallé
Quantification
Given quantifiers Q1σ1, ..., Qnσn on cases,
evaluate quantified expression P(σ1, ..., σn) for a
processor P.
Log combinations
Q
∀
∃
↑
↑ f
=?
⊥
{ }
b
↦
146. C. Soueidi, Y. Falcone, S. Hallé
Quantification
Given quantifiers Q1σ1, ..., Qnσn on cases,
evaluate quantified expression P(σ1, ..., σn) for a
processor P.
Log combinations
Q
∀
∃
↑
↑ f
=?
147. C. Soueidi, Y. Falcone, S. Hallé
Quantification
Given quantifiers Q1σ1, ..., Qnσn on cases,
evaluate quantified expression P(σ1, ..., σn) for a
processor P.
Log combinations
Q
∀
∃
↑
↑ f
=?
{ }
a
↦
148. C. Soueidi, Y. Falcone, S. Hallé
Quantification
Given quantifiers Q1σ1, ..., Qnσn on cases,
evaluate quantified expression P(σ1, ..., σn) for a
processor P.
Log combinations
Q
∀
∃
↑
↑ f
=?
⊤
{ }
a
↦
149. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
P P'
150. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
P P'
aggregate output
run on each case
151. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
152. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
count distinct events running average
153. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
154. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
{ }
a
↦
155. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
{ }
a
↦
156. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
{ }
a
↦
1
157. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
{ }
a
↦ 1
1
158. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
1
159. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
1
{ }
b
↦
160. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
1
{ }
b
↦
161. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
1 1
{ }
b
↦
162. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
1
1 1
{ }
b
↦
163. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
1 1
164. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
1 1
{ }
b
↦
165. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
1
2 1
{ }
b
↦
166. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
1.5
1
2 1
{ }
b
↦
167. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
2 1
168. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
2 1
{ }
b
↦
169. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
2 1
{ }
b
↦
170. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
2 1 1
{ }
b
↦
171. C. Soueidi, Y. Falcone, S. Hallé
Aggregation
Run processor P on each case and aggregate their
last output with function processor P'.
Log combinations
σ Σ
}
{
| |
f
f
Σ
0
+
Σ
0
+
÷
1
1.3
2 1 1
{ }
b
↦
172. C. Soueidi, Y. Falcone, S. Hallé
Weakening
Consider the verdict of a hyper-constraint ψ only
for logs that satisfy another hyper-constraint φ.
Qualified conditions
φ ψ
P P'
↑
173. C. Soueidi, Y. Falcone, S. Hallé
Weakening
Consider the verdict of a hyper-constraint ψ only
for logs that satisfy another hyper-constraint φ.
Qualified conditions
φ ψ
↑
f
Σ
0
+
Σ
0
+
÷
1
↑
1
σ Σ
f
k
≤
1
σ Σ
Σ
0
+
f
5
≤
↑
174. C. Soueidi, Y. Falcone, S. Hallé
Weakening
Consider the verdict of a hyper-constraint ψ only
for logs that satisfy another hyper-constraint φ.
Qualified conditions
φ ψ
↑
f
Σ
0
+
Σ
0
+
÷
1
↑
1
σ Σ
f
k
≤
1
σ Σ
Σ
0
+
f
5
≤
↑
the average case
length does not
exceed k
175. C. Soueidi, Y. Falcone, S. Hallé
Weakening
Consider the verdict of a hyper-constraint ψ only
for logs that satisfy another hyper-constraint φ.
Qualified conditions
φ ψ
↑
f
Σ
0
+
Σ
0
+
÷
1
↑
1
σ Σ
f
k
≤
1
σ Σ
Σ
0
+
f
5
≤
↑
on logs having
at least 5 cases
176. C. Soueidi, Y. Falcone, S. Hallé
Is it "just" a logical implication?
Qualified conditions
↑
φ ψ
177. C. Soueidi, Y. Falcone, S. Hallé
Is it "just" a logical implication?
Qualified conditions
↑
φ ψ
1. Separates the policy (ψ) from the
condition under which it applies (φ)
178. C. Soueidi, Y. Falcone, S. Hallé
Is it "just" a logical implication?
Qualified conditions
↑
φ ψ
1. Separates the policy (ψ) from the
condition under which it applies (φ)
2. Three-valued implication: distinguishes
between a non-violation caused by
satisfaction (φ = ⊤, ψ = ⊤)
exemption (φ = ?, ψ = *)
⊤
?
⊤
↑
⊤
?
⊤
?
⊤
⊤ ⊤ ⊤
⊤
⊤
? ?
⊤
179. C. Soueidi, Y. Falcone, S. Hallé
Dampening
Tolerate violations of a hyper-constraint; either...
Qualified conditions
n
m
180. C. Soueidi, Y. Falcone, S. Hallé
Dampening
Tolerate violations of a hyper-constraint; either...
Qualified conditions
n
m
temporary violations in a case (e.g. at most m
out of n successive events)
181. C. Soueidi, Y. Falcone, S. Hallé
Dampening
Tolerate violations of a hyper-constraint; either...
Qualified conditions
n
m
temporary violations in a case (e.g. at most m
out of n successive events)
⊤ ⊤
⊤ ⊤
⊤
⊤
⊤ ⊤ ⊤ ⊤
⊤
⊤ ⊤
182. C. Soueidi, Y. Falcone, S. Hallé
Dampening
Tolerate violations of a hyper-constraint; either...
Qualified conditions
n
m
temporary violations in a case (e.g. at most m
out of n successive events)
⊤ ⊤
⊤ ⊤
⊤
⊤
⊤ ⊤ ⊤ ⊤
⊤
⊤ ⊤
m=3, n=4
183. C. Soueidi, Y. Falcone, S. Hallé
Dampening
Tolerate violations of a hyper-constraint; either...
Qualified conditions
n
m
temporary violations in a case (e.g. at most m
out of n successive events)
⊤ ⊤
⊤ ⊤
⊤
⊤
⊤ ⊤ ⊤ ⊤
⊤
⊤ ⊤
m=3, n=4
184. C. Soueidi, Y. Falcone, S. Hallé
violations of a fraction of all cases (e.g. at
most m
/n of all cases)
n
m
Dampening
Tolerate violations of a hyper-constraint; either...
Qualified conditions
185. C. Soueidi, Y. Falcone, S. Hallé
violations of a fraction of all cases (e.g. at
most m
/n of all cases)
n
m
Dampening
Tolerate violations of a hyper-constraint; either...
Qualified conditions
186. C. Soueidi, Y. Falcone, S. Hallé
violations of a fraction of all cases (e.g. at
most m
/n of all cases)
n
m
Dampening
Tolerate violations of a hyper-constraint; either...
Qualified conditions
m=3, n=4
187. C. Soueidi, Y. Falcone, S. Hallé
violations of a fraction of all cases (e.g. at
most m
/n of all cases)
n
m
Dampening
Tolerate violations of a hyper-constraint; either...
Qualified conditions
m=3, n=4
↦
↦
↦
↦
⊤
⊤
⊤
⊤
⊤
188. C. Soueidi, Y. Falcone, S. Hallé
These "building blocks" have been implemented
as an extension of the event stream
processing library
Implementation
https://github.com/liflab/hypercompliance
They can be freely mixed with other processors
from the library to form complex hyper-queries
189. C. Soueidi, Y. Falcone, S. Hallé
Example
"All cases that contain an a must end in the
same state" (consistency)
f
F
=?
↑
1 a
σ Σ
}
{
f
#
1 f
≤
190. C. Soueidi, Y. Falcone, S. Hallé
Example
"The number of tasks of an employee may not
exceed the global average by a factor k."
f
emp
f
*
#
*
}
{
}
{
f
Σ
max
f
Σ
0
+
Σ
0
+
÷
1
≤
×
2 k
1
191. C. Soueidi, Y. Falcone, S. Hallé
Experimental results
Scenario Events Cases Hyperquery Throughput (Hz) Max memory (B)
Hospital 151434 1143
Concurrent instances 901392 Hz 8059
Directly follows 277351 Hz 3660379
Mean time interval 1130104 Hz 5615
Average length 369351 Hz 522071
Same next 304084 Hz 5401821
CAP 275287 13087
Concurrent instances 920692 Hz 12863
Directly follows 79700 Hz 39075895
Mean time interval 1228959 Hz 5615
Average length 7995 Hz 5991691
Same next 87698 Hz 38400801
WABO 39881 937
Concurrent instances 1375206 Hz 8055
Directly follows 419800 Hz 1873161
Mean time interval 1172970 Hz 5615
Average length 162117 Hz 278085
Same next 302128 Hz 2669627
Throughput and memory consumption for a sample
of properties evaluated on real-life logs
(details in the paper)
192. C. Soueidi, Y. Falcone, S. Hallé
Conclusion
Hyper-contraints and hyper-queries are calculated
on a set of process executions called a log
Elementary computing units (processors) can
incrementally evaluate hyper-queries in an
incremental (i.e. "real-time") fashion
Expressive hyper-queries can be obtained by
composing these units
These concepts have been...
1. formally defined
2. concretely implemented in a stream
processing library
193. C. Soueidi, Y. Falcone, S. Hallé
What's next ?
Journal paper in preparation, considering a
generalization of a hyperquery:
q : L → D q : L* → D
vs.
^
i.e. q depends on the log and the precise
interleavings of its updates.
^
^
194. C. Soueidi, Y. Falcone, S. Hallé
What's next ?
Journal paper in preparation, considering a
generalization of a hyperquery:
q : L → D q : L* → D
vs.
^
i.e. q depends on the log and the precise
interleavings of its updates.
^
^
Thank you!