What can you verify and enforce at runtime?

  • Yliès FalconeEmail author
  • Jean-Claude Fernandez
  • Laurent Mounier
Runtime Verification


The underlying property, its definition, and representation play a major role when monitoring a system. Having a suitable and convenient framework to express properties is thus a concern for runtime analysis. It is desirable to delineate in this framework the sets of properties for which runtime analysis approaches can be applied to. This paper presents a unified view of runtime verification and enforcement of properties in the Safety-Progress classification. First, we extend the Safety-Progress classification of properties in a runtime context. Second, we characterize the set of properties which can be verified (monitorable properties) and enforced (enforceable properties) at runtime. We propose in particular an alternative definition of “property monitoring” to the one classically used in this context. Finally, for the delineated sets of properties, we define specialized verification and enforcement monitors.


Runtime verification Property monitoring Property enforcement Monitorable properties Enforceable properties Safety-Progress characterization 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alpern B., Schneider F.B.: Defining liveness. Inf. Process. Lett. 21(4), 181–185 (1985)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Barringer H., Rydeheard D.E., Havelund K.: Rule systems for run-time monitoring: from eagle to ruler. J. Log. Comput. 20(3), 675–706 (2010)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Bauer, A., Leucker, M., Schallhart, C.: Runtime verification for LTL and TLTL. Technical Report TUM-I0724, Institut für Informatik, Technische Universität München, December 2007Google Scholar
  4. 4.
    Bauer A., Leucker M., Schallhart C.: Comparing ltl semantics for runtime verification. J. Log. Comput. 20(3), 651–674 (2010)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Chang, E., Manna, Z., Pnueli, A.: The Safety-Progress Classification. Technical report, Department of Computer Science, Stanford University (1992)Google Scholar
  6. 6.
    Chang, E.Y., Manna, Z., Pnueli, A.: Characterization of temporal property classes. In: Automata, Languages and Programming, pp. 474–486 (1992)Google Scholar
  7. 7.
    Chen, F., Roşu, G.: MOP: an efficient and generic runtime verification framework. In: Object-Oriented Programming, Systems, Languages and Applications (OOPSLA’07), pp. 569–588. ACM press, New York (2007)Google Scholar
  8. 8.
    Chen F., Roşu G.: Parametric trace slicing and monitoring. In: Kowalewski, S., Philippou, A. (eds) TACAS, Lecture Notes in Computer Science, vol. 5505, pp. 246–261. Springer, Berlin (2009)Google Scholar
  9. 9.
    Clarke E.M., Wing J.M.: Formal methods: state of the art and future directions. ACM Comput. Surv. 28, 626–643 (1996)CrossRefGoogle Scholar
  10. 10.
    Cousot P., Cousot R.: Abstract interpretation and application to logic programs. J. Log. Program. 13(2–3), 103–179 (1992)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    d’Amorim, M., Roşu, G.: Efficient monitoring of ω-languages. In: Proceedings of 17th International Conference on Computer-aided Verification (CAV’05). Lecture Notes in Computer Science, vol. 3576, pp. 364–378. Springer, Berlin (2005)Google Scholar
  12. 12.
    Emerson, E.A., Clarke, E.M.: Characterizing correctness properties of parallel programs using fixpoints. In: Proceedings of the 7th Colloquium on Automata, Languages and Programming, pp. 169–181. Springer, Berlin (1980)Google Scholar
  13. 13.
    Falcone Y.: You should better enforce than verify. In: Barringer, H., Falcone, Y., Finkbeiner, B., Havelund, K., Lee, I., Pace, G.J., Roşu, G., Sokolsky, O., Tillmann, N. (eds) RV. Lecture Notes in Computer Science, vol. 6418, pp. 89–105. Springer, Berlin (2010)Google Scholar
  14. 14.
    Falcone Y., Fernandez J.-C., Jéron T., Marchand H., Mounier L.: More testable properties. In: Petrenko, A., daSilva Simão, A., Maldonado, J.C. (eds) ICTSS. Lecture Notes in Computer Science, vol. 6435, pp. 30–46. Springer, Berlin (2010)Google Scholar
  15. 15.
    Falcone, Y., Fernandez, J.-C., Mounier, L.: Synthesizing enforcement monitors wrt. the Safety-Progress classification of properties. In: ICISS ’08: Proceedings of the 4th International Conference on Information Systems Security, pp. 41–55. Springer, Berlin (2008)Google Scholar
  16. 16.
    Falcone, Y., Fernandez, J.-C., Mounier, L.: Enforcement monitoring wrt. the Safety-Progress classification of properties. In: SAC ’09: Proceedings of the 2009 ACM symposium on Applied Computing, pp. 593–600. ACM Press, New York (2009)Google Scholar
  17. 17.
    Falcone Y., Fernandez J.-C., Mounier L.: Runtime verification of safety-progress properties. In: Bensalem, S., Peled, D. (eds) RV. Lecture Notes in Computer Science, vol. 5779, pp. 40–59. Springer, Belin (2009)Google Scholar
  18. 18.
    Falcone, Y., Mounier, L., Fernandez, J.-C., Richier, J.-L.: Runtime enforcement monitors: composition, synthesis, and enforcement abilities. Formal Methods Syst. Des. 38(3) (2011)Google Scholar
  19. 19.
    Fong, P.W.L.: Access control by tracking shallow execution history. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy, pp. 43–55. IEEE Computer Society Press, Los Alamitos (2004)Google Scholar
  20. 20.
    Hamlen K.W., Morrisett G., Schneider F.B.: Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst. 28(1), 175–205 (2006)CrossRefGoogle Scholar
  21. 21.
    Havelund, K., Goldberg, A.: Verify your runs. In: Verified Software: Theories, Tools, Experiments: First IFIP TC 2/WG 2.3 Conference, VSTTE 2005, Zurich, Switzerland, 10–13 Oct 2005, Revised Selected Papers and Discussions, pp. 374–383. Springer, Berlin (2008)Google Scholar
  22. 22.
    Havelund, K., Roşu, G.: Efficient monitoring of safety properties. Softw. Tools Technol. Transf. 6(2), 158–173 (2002)Google Scholar
  23. 23.
    Hopcroft J.E., Ullman J.D.: Introduction to Automata Theory, Languages, and Computation. Addison-Wesley, Reading, MA (1979)zbMATHGoogle Scholar
  24. 24.
    Kupferman O., Vardi M.Y.: Model checking of safety properties. Formal Methods Syst. Des. 19(3), 291–314 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Lamport L.: Proving the correctness of multiprocess programs. IEEE Trans. Softw. Eng. 3(2), 125–143 (1977)zbMATHCrossRefMathSciNetGoogle Scholar
  26. 26.
    Leucker M., Schallhart C.: A brief account of runtime verification. J. Log. Algebr. Program. 78(5), 293–303 (2008)CrossRefGoogle Scholar
  27. 27.
    Ligatti, J., Bauer, L., Walker, D.: Enforcing non-safety security policies with program monitors. In: ESORICS, pp. 355–373 (2005)Google Scholar
  28. 28.
    Ligatti J., Bauer L., Walker D.: Run-time enforcement of nonsafety policies. ACM Trans. Inf. Syst. Secur. 12(3), 1–41 (2009)CrossRefGoogle Scholar
  29. 29.
    Manna, Z., Pnueli, A.: A hierarchy of temporal properties (invited paper, 1989). In: PODC ’90: Proceedings of the 9th Annual ACM Symposium on Principles of Distributed Computing, pp. 377–410. ACM Press, New York (1990)Google Scholar
  30. 30.
    Martinelli F., Matteucci I.: Through modeling to synthesis of security automata. Electron. Notes Theor. Comput. Sci. 179, 31–46 (2007)CrossRefGoogle Scholar
  31. 31.
    Matteucci I.: Automated synthesis of enforcing mechanisms for security properties in a timed setting. Electron. Notes Theor. Comput. Sci. 186, 101–120 (2007)CrossRefMathSciNetGoogle Scholar
  32. 32.
    Pnueli A., Zaks A.: PSL model checking and run-time verification via testers. In: Misra, J., Nipkow, T., Sekerinski, E. (eds) FM. Lecture Notes in Computer Science, vol. 4085, pp. 573–586. Springer, Berlin (2006)Google Scholar
  33. 33.
    Roşu, G., Chen, F., Ball, T.: Synthesizing monitors for safety properties—this time with calls and returns. In: Workshop on Runtime Verification (RV’08). Lecture Notes in Computer Science, vol. 5289, pp. 51–68. Springer, Berlin (2008)Google Scholar
  34. 34.
    Runtime Verification, 2001–2010.
  35. 35.
    Schneider F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)CrossRefGoogle Scholar
  36. 36.
    Streett, R.S.: Propositional dynamic logic of looping and converse. In: STOC ’81: Proceedings of the 13th Annual ACM Symposium on Theory of Computing, pp. 375–383. ACM Press, New York (1981)Google Scholar
  37. 37.
    Viswanathan M., Kim M.: Foundations for the run-time monitoring of reactive systems—fundamentals of the MaC language. In: Liu, Z., Araki, K. (eds) ICTAC. Lecture Notes in Computer Science, vol. 3407, pp. 543–556. Springer, Berlin (2004)Google Scholar

Copyright information

© Springer-Verlag 2011

Authors and Affiliations

  • Yliès Falcone
    • 1
    Email author
  • Jean-Claude Fernandez
    • 2
  • Laurent Mounier
    • 2
  1. 1.INRIA, Rennes, Bretagne AtlantiqueRennesFrance
  2. 2.Verimag, Université Grenoble IGrenobleFrance

Personalised recommendations