Predictive runtime enforcement

  • Srinivas Pinisetty
  • Viorel Preoteasa
  • Stavros Tripakis
  • Thierry Jéron
  • Yliès Falcone
  • Hervé Marchand

DOI: 10.1007/s10703-017-0271-1

Cite this article as:
Pinisetty, S., Preoteasa, V., Tripakis, S. et al. Form Methods Syst Des (2017). doi:10.1007/s10703-017-0271-1


Runtime enforcement (RE) is a technique to ensure that the (untrustworthy) output of a black-box system satisfies some desired properties. In RE, the output of the running system, modeled as a sequence of events, is fed into an enforcer. The enforcer ensures that the sequence complies with a certain property, by delaying or modifying events if necessary. This paper deals with predictive runtime enforcement, where the system is not entirely black-box, but we know something about its behavior. This a priori knowledge about the system allows to output some events immediately, instead of delaying them until more events are observed, or even blocking them permanently. This in turn results in better enforcement policies. We also show that if we have no knowledge about the system, then the proposed enforcement mechanism reduces to standard (non-predictive) runtime enforcement. All our results related to predictive RE of untimed properties are also formalized and proved in the Isabelle theorem prover. We also discuss how our predictive runtime enforcement framework can be extended to enforce timed properties.


Runtime monitoring Runtime enforcement Automata Timed automata Monitor synthesis 

Funding information

Funder NameGrant NumberFunding Note
Suomen Akatemia
    National Science Foundation
    • 1139138
    • 1329759

    Copyright information

    © Springer Science+Business Media New York 2017

    Authors and Affiliations

    1. 1.Aalto UniversityEspooFinland
    2. 2.University of California, BerkeleyBerkeleyUSA
    3. 3.INRIA Rennes - Bretagne AtlantiqueRennesFrance
    4. 4.Laboratoire d’Informatique de GrenobleUniv. Grenoble Alpes, Inria, LIGGrenobleFrance

    Personalised recommendations