Specification and Optimal Reactive Synthesis of Run-time Enforcement Shields

TL;DR

This paper presents a formal method for specifying and automatically synthesizing run-time enforcement shields that correct sporadic errors in controllers while minimizing deviations, using logical formulas and optimization.

Contribution

It introduces a logical specification framework with quantitative optimization for shield synthesis, and demonstrates automatic synthesis for various shield types using the DCSynth tool.

Findings

Successfully synthesizes shields for multiple specifications

Shows shields minimize deviations effectively

Provides experimental comparison with previous methods

Abstract

A system with sporadic errors (SSE) is a controller which produces high quality output but it may occasionally violate a critical requirement REQ(I,O). A run-time enforcement shield is a controller which takes (I,O) (coming from SSE) as its input, and it produces a corrected output O' which guarantees the invariance of requirement REQ(I,O'). Moreover, the output sequence O' must deviate from O "as little as possible" to maintain the quality. In this paper, we give a method for logical specification of shields using formulas of logic Quantified Discrete Duration Calculus (QDDC). The specification consists of a correctness requirement REQ as well as a hard deviation constraint HDC which must both be mandatorily and invariantly satisfied by the shield. Moreover, we also use quantitative optimization to give a shield which minimizes the expected value of cumulative deviation in an H-optimal fashion. We show how tool DCSynth implementing soft requirement guided synthesis can be used for automatic synthesis of shields from a given specification. Next, we give logical formulas specifying several notions of shields including the k-Stabilizing shield of Bloem "et al." as well as the Burst-error shield of Wu "et al.", and a new e,d-shield. Shields can be automatically synthesized for all these specifications using the tool DCSynth. We give experimental results showing the performance of our shield synthesis tool in relation to previous work. We also compare the performance of the shields synthesized under diverse hard deviation constraints in terms of their expected deviation and the worst case burst-deviation latency.