Runtime errors caused by temporal mismatches—such as synchronization failures in cyber-physical systems (e.g., drones)—pose critical reliability challenges in asynchronous data stream monitoring. Method: We propose a novel pacing-based type system that formally models the timing behavior of a core fragment of RTLola and rigorously proves its type safety. This system integrates pacing constraints directly into typing rules—enabling precise detection of asynchronous synchronization errors that elude conventional approaches—and combines static analysis to verify fine-grained data synchronization strategies. Contribution/Results: Our implementation performs whole-program static checking of RTLola monitors, eliminating undefined behavior induced by asynchronous inputs at compile time. This significantly enhances the reliability and safety of streaming monitoring components, marking the first type system to formally incorporate pacing for asynchronous stream synchronization verification.

Stream-based monitoring is a real-time safety assurance mechanism for complex cyber-physical systems such as unmanned aerial vehicles. In this context, a monitor aggregates streams of input data from sensors and other sources to give real-time statistics and assessments of the system's health. Since monitors are safety-critical components, it is crucial to ensure that they are free of potential runtime errors. One of the central challenges in designing reliable stream-based monitors is to deal with the asynchronous nature of data streams: in concrete applications, the different sensors being monitored produce values at different speeds, and it is the monitor's responsibility to correctly react to the asynchronous arrival of different streams of values. To ease this process, modern frameworks for stream-based monitoring such as RTLola feature an expressive specification language that allows to finely specify data synchronization policies. While this feature dramatically simplifies the design of monitors, it can also lead to subtle runtime errors. To mitigate this issue, this paper presents pacing types, a novel type system implemented in RTLola to ensure that monitors for asynchronous streams are well-behaved at runtime. We formalize the essence of pacing types for a core fragment of RTLola, and present a soundness proof of the pacing type system using a new logical relation.