Theoretical Runtime Safety Guarantees

• Theoretical runtime safety guarantees are formal assurances that a system remains within defined safe behaviors during execution despite uncertainties.
• They leverage rigorous models from logic, control theory, and probabilistic analysis by synthesizing runtime monitors and enforcers with formal proofs.
• Applications span cyber-physical systems, autonomous driving, and smart contracts, highlighting practical challenges in synthesis and runtime enforcement.

Theoretical runtime safety guarantees formalize the property that a system—often a cyber-physical system (CPS), embedded controller, or software agent—remains within a set of safe behaviors during execution, even in the presence of uncertainties, imperfect information, or adversarial faults. These guarantees are established by synthesizing runtime monitors, enforcers, or controllers equipped with formal proofs (often of soundness, completeness, or probabilistic bounds) that link the specification to actual execution. Modern approaches draw from logic, control theory, formal verification, stochastic analysis, and runtime enforceability to provide provable assurances that runtime behavior does not deviate from critical safety properties.

1. Formal Definitions and Models for Runtime Safety

Theoretical runtime safety guarantees depend on rigorous formulations of the system and environment dynamics, the nature of safety properties, and the semantics of runtime interventions. Distinct models underpin different domains:

a) Discrete and Continuous System Models:

• Transition systems or Markov decision processes (MDPs) are widely used for discrete event systems; their stochastic extensions model probabilistic dynamics under uncertainty. In these settings, safety is typically characterized by a subset of "safe" states never to be left, formalized in terms of invariants or temporal logic (e.g., LTL safety fragments) (Könighofer et al., 2022).
• Continuous and hybrid dynamical systems are modeled by ordinary differential equations (ODEs), affine control systems, or hybrid automata, with possibly unmodeled disturbances or parametric uncertainty (Abate et al., 2020, Mitsch et al., 2018, Kwon et al., 20 May 2025).

b) Runtime Monitor and Enforcer Semantics:

• Monitors in the Lola language are formalized as collections of input–output streams over fixed time indices, specified by stream equations with explicit semantics for offsets and default values (C. et al., 2021).
• Runtime enforcers (e.g., shields, filters, or backup controllers) act either by suppressing, modifying, or overriding agent decisions to keep executions within the admissible envelope as defined by formulas in logics (HML, STL) or control-theoretic invariants (Cassar et al., 2018, Abate et al., 2020).

c) Safety Specification Languages:

• Properties are commonly expressed as inductive invariants, safe sets, or contract postconditions, often with Hoare-style logic for discrete software or barrier certificates for continuous dynamical systems (C. et al., 2021, Mitsch et al., 2018, Abate et al., 2020).
• In stochastic systems, safety properties become probabilistic—e.g., the probability that trajectories never enter an unsafe set—necessitating probabilistic barrier functions or risk-aware specifications (Feng et al., 12 Nov 2025, Knuth et al., 2022).

2. Formal Verification and Monitoring Techniques

The principal methodologies ground runtime safety guarantees in machine-checked reasoning and proof obligation discharge, connecting formal, model-level properties to executable monitors.

a) Hoare-Style and Inductive Proof Obligations:

• In stream-monitoring frameworks, "assume" and "assert" annotations specify assumptions about inputs and assertions about the outputs, and proof obligations are encoded as Horn clauses or SMT queries. Discharging these obligations (soundness theorems) ensures that monitors statically enforce invariants at every runtime step, bolstered by conditional completeness under solver limitations (C. et al., 2021).
• Differential dynamic logic (dL) and hybrid program modeling allow extraction of runtime monitors that check whether the next observed state can still be explained by the assumed system model under bounded noise. This leads to monitor conditions tied to invariants, with robustness to bounded actuator disturbance and sensor error (Mitsch et al., 2018).

b) Runtime Enforcement Synthesis:

• In logic-based frameworks, the enforceable fragment (e.g., Safe HML, sHML) is systematically compiled to deterministic monitors that suppress or substitute events to ensure the system trace satisfies the specification. Enforcement soundness and transparency are proven by structural induction and bisimulation arguments, guaranteeing the monitor only restricts when necessary and preserves correct executions (Cassar et al., 2018).
• Control barrier function (CBF) synthesis for continuous domains projects agent actions onto sets defined by forward-invariance conditions, leading to online quadratic programs that keep the state within the safe set under real-time uncertainties (Abate et al., 2020, Könighofer et al., 2022).

3. Probabilistic and Statistical Runtime Guarantees

When system uncertainty or learning renders deterministic guarantees unattainable, statistical and probabilistic approaches provide quantifiable assurances.

a) Observation-Aware Barrier Functions:

• For stochastic systems, observation-aware barrier functions and their duals (OSBFs) compute bounds on safety or reach–avoid probabilities conditioned on real-time sensor data. At each observation, backward iteration updates the lower (OBF) or upper (OSBF/ORBF) probability bounds, yielding runtime-updated certificates that, via martingale and Bayes arguments, guarantee

$$\mathbb P_{x_0}\bigl(x_t\notin U\ \forall t\;\bigm|\;x_{t_i}\in O_i\bigr) \ge 1-\frac{p}{q}$$

where $q$ and $p$ are tight bounds from backward recursion (Feng et al., 12 Nov 2025).

b) Extreme Value Theory and Runtime Sampling:

• Runtime bounds for motion planning with learned models are certified using Extreme Value Theory (EVT), allowing the system to estimate, with high confidence $1-\alpha$, that the actual tracking error does not exceed a statistically computed threshold, thereby keeping the trajectory inside the designated safe set (Knuth et al., 2022).
• Runtime safety for black-box systems can be guaranteed with probability at least $1-\epsilon$, at confidence $1-\delta$, by sampling $N \ge \log \delta/\log(1-\epsilon)$ scenarios and measuring the worst-case observed runtime; the maximum observed value serves as the runtime bound for at least $(1-\epsilon)$ fraction of cases (Akella et al., 2023).

c) Adaptive and Distributionally Robust Methods:

• Shielded RL systems with hidden parameters (mass, friction) use online function encoders to infer dynamics and employ conformal prediction to bound one-step uncertainties, ensuring—with probability $1-\delta$—that the next action remains in the safety region. The long-run frequency of safety violations is bounded by $\delta + \bar{\epsilon}(1-\delta)$ where $\bar{\epsilon}$ is the limiting frequency of failing to find feasible actions, which vanishes as the number of samples grows (Kwon et al., 20 May 2025).

4. Complexity, Performance, and Practicality

The practical realization of runtime safety guarantees depends on the ability to synthesize, analyze, and execute monitors or shields efficiently, often under tight latency, computation, or power constraints.

a) Complexity Analysis:

• For stream-based monitors with finite offsets and moderate formula AST size, proof obligations scale linearly with the size of specification and are efficiently discharged by modern SMT solvers (Z3) within sub-second times (C. et al., 2021).
• In logic monitor synthesis, the offline step of fixpoint computation for shield synthesis is polynomial in the state–action space size, but at runtime the enforcement is O(1) (finite automaton look-up) for discrete systems, and O(m³) per QP solution for m-dimensional continuous actions (Könighofer et al., 2022).
• For conformal-prediction–based shielding, online adaptation adds O(k³) for hidden parameter inference and O(N) per step for candidate sampling, incurring only moderate runtime overhead (<15% increase) in experimental systems (Kwon et al., 20 May 2025).

b) Trade-offs and Limitations:

• Guarantee strength is conditioned on model fidelity, observability, and completeness of logical or stochastic proof. For instance, soundness is always preserved for proven fragments, but completeness may be conditional on solver capabilities or support-exhaustiveness in EVT fits (Feng et al., 12 Nov 2025, Akella et al., 2023).
• Conservative over-approximation (e.g., in mixed-monotonicity reachability or barrier tubes) can reduce system performance or permissiveness but is necessitated by worst-case safety certification (Abate et al., 2020, Knuth et al., 2022).

5. Application Domains and Case Study Illustrations

Runtime safety guarantees are central to CPS, embedded control, AI agents, and formalized distributed protocols. Set-piece illustrations in the literature include:

a) Avionics Runtime Monitoring:

• Hoare-annotated Lola monitors, verified with bounded induction via SMT, revealed safety-critical errors in real-world specifications for aircraft recovery logic and enabled correction of design flaws with minimal verification overhead (C. et al., 2021).

b) Safe Autonomous Driving Control:

• The Simplex-Drive paradigm merges deep reinforcement learning controllers (for performance) with verifiably safe baseline controllers, using formal state switching conditions to ensure that, at no point, the vehicle state can exit the safe set—a property formally proven using reachability analysis of the hybrid controller (Chen et al., 2021).

c) Secure Smart Contract Protocols:

• The Theorem-Carrying-Transaction (TCT) protocol guarantees that every contract invocation in a blockchain transaction carries a formal proof (machine-checked off-chain) that specified invariants are preserved, with runtime checks of path hashes and contract predicates, yielding sub-1% overhead and per-transaction correctness theorems (Bjørner et al., 2024).

6. Open Challenges and Theoretical Limitations

While runtime safety frameworks have matured in rigor and applicability, several theoretical and practical challenges remain:

• Compositional reasoning and scalable shield synthesis for multi-agent or hierarchical systems remain unresolved, particularly in the face of state-space explosion and interacting safety specifications (Könighofer et al., 2022).
• Robust guarantees for partially observable, non-stationary, or adaptive dynamics are still open in general, especially for run-time systems integrating online learning with evolving plant models (Mitsch et al., 2018, Kwon et al., 20 May 2025).
• Quantifying and minimizing conservatism, balancing maximal permissiveness against feasibility, and establishing benchmarks for runtime enforcer efficiency constitute active research directions, compounded by the need for unified metrics and frameworks across discrete, continuous, and hybrid domains (Könighofer et al., 2022).
• Some enforcer synthesis problems (e.g., in expressive logics or non-convex/uncertain models) remain intractable or subject to hard undecidability barriers, necessitating restriction to subclasses where strong guarantees are computable and meaningful (Cassar et al., 2018, C. et al., 2021).

The field thus continues to advance toward scalable, minimally conservative, and compositional approaches to runtime safety assurance, bridging the gap between model-level proofs and system-level execution in increasingly complex, uncertain, or adaptive environments.