Compositional Runtime Enforcement
Runtime enforcement is a methodology used to enforce that the output of a running system satisfies a desired property. Given a property, an enforcement monitor modifies an (untrusted) sequence of events into a sequence that complies to that property. In practice, we may have not one, but many properties to enforce. Moreover, new properties may arise as new capabilities are added to the system. It then becomes interesting to be able to build not a single, monolithic monitor that enforces all the properties, but rather several monitors, one for each property. The question is to what extent such monitors can be composed, and how. This is the topic of this paper. We study two monitor composition schemes, serial and parallel composition, and show that, while enforcement under these schemes is generally not compositional, it is for certain subclasses of regular properties.
KeywordsInput Sequence Safety Property Parallel Composition Label Transition System Enforcement Mechanism
This work was partially supported by the Academy of Finland and the U.S. National Science Foundation (awards #1329759 and #1139138).
- 2.Bloem, R., Könighofer, B., Könighofer, R., Wang, C.: Shield synthesis: runtime enforcement for reactive systems. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 533–548. Springer, Heidelberg (2015)Google Scholar
- 3.Clarke, E., Long, D., McMillan, K.: Compositional model checking. In: 1989 Fourth Annual Symposium on Logic in Computer Science, LICS 1989, Proceedings., pp. 353–362 (1989)Google Scholar
- 7.Godefroid, P.: Compositional dynamic test generation. In: Proceedings of the 34th Annual ACM SIGPLAN-SIGACT. pp. 47–54. POPL, ACM, New York, USA (2007)Google Scholar
- 13.Pinisetty, S., Preoteasa, V., Tripakis, S., Jéron, T., Falcone, Y., Marchand, H.: Predictive runtime enforcement. In: Symposium on Applied Computing (SAC-SVT). ACM (2016)Google Scholar