Synthesizing Runtime Enforcer of Safety Properties Under Burst Error

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9690)


We propose a game-based method for synthesizing a runtime enforcer for a reactive system to ensure that a set of safety-critical properties always holds even if errors occur in the system due to design defect or environmental disturbance. The runtime enforcer does not modify the internals of the system or provide a redundant implementation; instead, it monitors the input and output of the system and corrects any erroneous output signal that may cause a safety violation. Our main contribution is a new algorithm for synthesizing a runtime enforcer that can respond to violations instantaneously and guarantee the safety of the system under burst error. This is in contrast to existing methods that either require significant delay before the enforcer can respond to violations or do not handle burst error. We have implemented our method in a synthesis tool and evaluated it on a set of temporal logic specifications. Our experiments show that the enforcer synthesized by our method can robustly handle a wide range of properties under burst error.


  1. 1.
    Bauer, A., Leucker, M., Schallhart, C.: Runtime verification for LTL and TLTL. ACM Trans. Softw. Eng. Methodol. 20(4), 14:1–14:64 (2011)CrossRefGoogle Scholar
  2. 2.
    Bloem, R., Jobstmann, B., Piterman, N., Pnueli, A., Sa’ar, Y.: Synthesis of reactive(1) designs. J. Comput. Syst. Sci. 78(3), 911–938 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Bloem, R., Könighofer, B., Könighofer, R., Wang, C.: Shield synthesis: Runtime enforcement for reactive systems. In: International Conference on Tools and Algorithms for Construction and Analysis of Systems, pp. 533–548 (2015)Google Scholar
  4. 4.
    Brayton, R.K., et al.: VIS: A system for verification and synthesis. In: International Conference on Computer Aided Verification, pp. 428–432 (1996)Google Scholar
  5. 5.
    Clarke, E.M., Emerson, E.A.: Design and synthesis of synchronization skeletons using branching time temporal logic. In: Grumberg, O., Veith, H. (eds.) 25MC Festschrift. LNCS, vol. 5000, pp. 196–215. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Patterns in property specifications for finite-state verification. In: International Conference on Software Engineering (1999)Google Scholar
  7. 7.
    Ehlers, R., Topcu, U.: Resilience to intermittent assumption violations in reactive synthesis. In: International Conference on Hybrid Systems: Computation and Control, pp. 203–212 (2014)Google Scholar
  8. 8.
    Falcone, Y., Fernandez, J.-C., Mounier, L.: What can you verify and enforce at runtime? J. Softw. Tools Technol. Transf. 14(3), 349–382 (2012)CrossRefGoogle Scholar
  9. 9.
    Jin, X., Deshmukh, J., Kapinski, J., Ueda, K., Butts, K.: Powertrain control verification benchmark. In: International Conference on Hybrid Systems: Computation and Control (2014)Google Scholar
  10. 10.
    Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Trans. Inf. Syst. Secur. 12(3), 1–41 (2009)CrossRefGoogle Scholar
  11. 11.
    Luo, Q., Roşu, G.: Enforcemop: a runtime property enforcement system for multithreaded programs. In: International Symposium on Software Testing and Analysis, pp. 156–166 (2013)Google Scholar
  12. 12.
    Mazala, R.: Infinite games. In: Grädel, E., Thomas, W., Wilke, T. (eds.) Automata, Logics, and Infinite Games. LNCS, vol. 2500, pp. 23–38. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    NHTSA. 49 CFR Part 571: Federal Motor Vehicle Safety Standards; Accelerator Control Systems. Department of Transportation (2012)Google Scholar
  14. 14.
    Pnueli, A., Rosner, R.: On the synthesis of a reactive module. In: ACM Symposium on Principles of Programming Languages, pp. 179–190 (1989)Google Scholar
  15. 15.
    Queille, J.P., Sifakis, J.: Specification and verification of concurrent systems in CESAR. In: Dezani-Ciancaglini, M., Montanari, U. (eds.) International Symposium on Programming. LNCS, vol. 137, pp. 337–351. Springer, Heidelberg (1982)CrossRefGoogle Scholar
  16. 16.
    Renard, M., Falcone, Y., Rollet, A.: Optimal enforcement of (timed) properties with uncontrollable events (2016).
  17. 17.
    Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3, 30–50 (2000)CrossRefGoogle Scholar
  18. 18.
    Sohail, S., Somenzi, F.: Safety first: A two-stage algorithm for the synthesis of reactive systems. J. Softw. Tools Technol. Transfer 15(5–6), 433–454 (2013)CrossRefGoogle Scholar
  19. 19.
    Somenzi, F.: CUDD: CU Decision Diagram Package.
  20. 20.
    Wu, M.: iShield2 Synthesizer.
  21. 21.
    Yu, F., Alkhalaf, M., Bultan, T.: Patching vulnerabilities with sanitization synthesis. In: International Conference on Software Engineering, pp. 251–260 (2011)Google Scholar
  22. 22.
    Zhang, L., Wang, C.: Runtime prevention of concurrency related type-state violations in multithreaded applications. In: International Symposium on Software Testing and Analysis, pp. 1–12 (2014)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Department of ECEVirginia TechBlacksburgUSA

Personalised recommendations