Illegal State Rejection: Methods & Implications

Updated 24 December 2025

Illegal State Rejection is the systematic approach to detect, prevent, or handle forbidden system configurations across various domains.
Automata networks employ stateful priorities and SMT-based reachability to precisely block unsafe transitions without affecting safe behaviors.
In classification and smart contracts, methods like SDIM-logit and state-reverting mechanisms achieve high accuracy in detecting adversarial inputs and enforcing invariants.

Illegal state rejection encompasses a spectrum of rigorous methodologies implemented across computer science subfields to detect, prevent, or systematically handle system configurations—“states”—that are prohibited by specification or defined as adversarial, unsafe, or otherwise undesirable. This concept is central in formal verification, robust learning and inference, and smart contract security, where it enables safety, reliable operation, and resilience against manipulative or unforeseen input patterns.

1. Fundamental Definitions and Conceptual Scope

An illegal state is a system configuration forbidden by an explicit or implicit protocol, safety constraint, or correctness property. Illegal state rejection is any systematic mechanism—at the level of system design, runtime execution, or statistical inference—that prevents entry into, or detects and remedially handles, such configurations. Key formalizations occur in:

Automata networks and discrete systems, where illegal states are global configurations violating reachability or safety properties (Herrera, 2020).
Classifier and inference systems, where illegal inputs are patterns (including adversarial examples or out-of-distribution data) outside the nominal data manifold (Wang, 2020).
Smart contract platforms, where transactional state reverts on violation of critical invariants, with implications for both safety enforcement and potential adversarial exploitation (Liao et al., 2024).

While rejecting illegal states enhances system robustness, precision—only rejecting truly forbidden or risky transitions—is paramount to avoid unnecessary constraints on safe behavior.

2. Illegal State Rejection in Automata Networks: Stateful Priorities

In reactive or distributed system networks modeled as composed automata, illegal state rejection has historically leveraged priority mechanisms. A stateless priority is a global partial order over actions: for any $a_1 \prec a_2$ in $\Sigma \times \Sigma$ , $a_1$ is only permitted if $a_2$ is disabled (Herrera, 2020).

Stateful priorities generalize this to allow context sensitivity. The key formal definitions are:

System state $s$ encapsulates the locations of each automaton and relevant variable valuations.
Error (illegal) constraint $C$ : typically a conjunction of atomic predicates over state variables or locations.
Stateful priority function $\pi(s, a_{\mathit{blockee}}, a_{\mathit{blocker}})$ equals $1$ if, in state $s$ , $a_{\mathit{blocker}}$ must preempt $a_{\mathit{blockee}}$ .

To guarantee illegal-state rejection:

Synthesize all system states $s$ from which an unsafe transition would reach $C$ (“preError” states).
For each such $s$ , use SMT-based reachability to validate the existence of a safe “blocker” alternative to any “blockee” action leading into $C$ .
Augment the system so outgoing transitions into $C$ are dynamically disabled only in the corresponding $s$ , preserving maximum allowable behavior elsewhere.

Formally, the transformed network features edge guards such that transitions into error states are disallowed only if the global system position matches a synthesized preError. This approach enables exact illegal-state rejection—blocking precisely those transitions that propagate risk and leaving the rest of the space unconstrained (Herrera, 2020).

3. Illegal State Rejection for Input Validation in Classifier Systems

In supervised learning, illegal state rejection appears as classification with rejection—particularly in detecting adversarial or out-of-distribution (OOD) inputs. SDIM-logit exemplifies a method wherein:

The output logits $f(x)$ of a frozen discriminative classifier are encoded into a compact representation $z=E_\varphi(f(x))$ .
Generative modeling places a multivariate Gaussian $\mathcal{N}(z; \mu_y, \Sigma_y)$ over $z$ conditioned on true label $y$ .
Decision: for test-time $z$ , if $\log p(z \mid y^*) \geq \delta_{y^*}$ for predicted class $y^*$ , output $y^*$ . Otherwise, reject the input as illegal (Wang, 2020).

Thresholds $\delta_y$ are set based on percentiles of class-conditional scores on clean training data to control nominal rejection rates. SDIM-logit achieves high detection rates for adversarial ( $>$ 90% at $\ell_\infty=\frac{8}{255}$ ) and OOD inputs (e.g., 98.5% SVHN detection at 1% threshold), with negligible loss of in-distribution accuracy. This technique performs calibrated illegal state rejection at inference, preventing spurious or adversarial predictions (Wang, 2020).

4. Illegal State Rejection in Smart Contracts: State-Reverting Mechanisms

In platforms such as Ethereum, illegal state rejection is implemented via explicit transaction rollbacks—require, assert, and revert statements enforce critical predicates and, upon failure, discard all in-transaction writes (Liao et al., 2024). This mechanism, designed for invariant enforcement and robust error handling, has dual implications:

Safety: unwanted or risky state transitions are atomically prevented from mutating contract state (all SSTOREs revert).
Vulnerability: adversaries can exploit this feature to guarantee only favorable outcomes (profit-gain) or to lock functionality (DoS).

SmartState formalizes and automatically detects such State-Reverting Vulnerabilities (SRVs):

Contracts are modeled as partial state transition systems, with rollback mapping $\delta_f^{\mathit{revert}}: S \rightarrow S$ as the identity.
State dependency graphs capture assertion-related and temporal-order dependencies, mined via IR reconstruction and FSM construction from bytecode and transaction traces.
SRV indicators $I_{\mathit{profit}}$ , $I_{\mathit{DoS}}$ evaluate Boolean patterns over storage, randomness, access control, and control flow to flag vulnerable logic.

Precision and recall in detected real-world contracts exceed 87% and 89% respectively. Hundreds of previously unknown vulnerabilities—including attacks that either guarantee profitable mints or freeze funds by exploiting revert logic—have been identified through this approach (Liao et al., 2024).

5. Algorithmic and Practical Considerations

Synthesis and implementation of illegal state rejection span static, dynamic, and statistical methods:

In automata networks, illegal state rejection via stateful priorities employs bounded model checking (e.g., SMT) to compute minimal, non-colliding blocking relations per error adjacency. Complexity is governed by the number of unique preError states and the path-unfolding bound $k$ (Herrera, 2020).
For input rejection in classifiers, SDIM-logit’s overhead is minimal ( $\sim$ 10k extra parameters for CIFAR-10-scale tasks), and it is compatible with arbitrarily complex frozen backbones (Wang, 2020).
Smart contract SRV detection combines bytecode analysis ( $O(|V|+|E|)$ over SDG) with scalable behavioral mining (FSMs from traces, $O(L \log N)$ in trace volume). The approach achieves high accuracy and scalability to tens of thousands of contracts (Liao et al., 2024).

6. Empirical Outcomes and Limitations

Empirical results from different domains underscore the effectiveness of illegal state rejection techniques:

Domain	Method	In-Distribution Loss	OOD/Adversarial Detection	Notable Limitation(s)
Automata Networks	Stateful Priorities (Herrera, 2020)	None	Complete safety (bounded)	Sufficiency depends on $k$ ; requires finite unfolding
Classification	SDIM-logit (Wang, 2020)	Negligible (≤0.15%)	80–98% (adv/OOD)	Threshold tuning; inherited model bias
Smart Contracts	SmartState (Liao et al., 2024)	Not applicable	87–89% (SRVs)	False positives from ambiguous taint; oracle under-approximation

Precision-tuned illegal state rejection reduces collateral blocking of safe behaviors and minimizes false positives, but hinges on the expressiveness of models (state variables, error constraints), choice of unfolding bounds, and completeness of runtime or training data.

7. Broader Implications and Directions

Illegal state rejection constitutes a foundational pattern across safety-critical system design, robust machine learning, and security engineering:

In formal verification and controller synthesis, it enables the construction of safe-by-design systems wherein forbidden configurations are unreachable under all (or bounded-length) action sequences.
In AI safety, calibrated rejection supports resilience to adversarial manipulations and distribution shift, complementing confidence estimates and anomaly detection.
In programmable ledgers, precise understanding and proactive identification of state-reverting logic underpins secure contract engineering, facilitating both enforcement of invariants and automated vulnerability discovery.

A plausible implication is that further integration of stateful, context-sensitive rejection logic may become standard in the design of secure and robust cyber-physical and computational systems, contingent on advances in scalable synthesis, semantic modeling, and compositional verification. Continued research on balancing rejection precision, computational tractability, and semantic scope will determine its efficacy in increasingly heterogeneous and adversarial environments.