Offline Runtime Verification of Safety Requirements using CSP

TL;DR

This paper introduces Varanus, a runtime verification toolchain that uses CSP models derived from safety requirements documents to verify safety properties offline in an industrial teleoperation system, ensuring consistency and traceability.

Contribution

The paper presents a novel workflow for deriving CSP models from natural-language safety documents and integrates it into an offline runtime verification toolchain for industrial systems.

Findings

The CSP model revealed an underspecification in the safety design.

Varanus effectively validates safety documents and properties.

The approach ensures consistency between static models and runtime monitors.

Abstract

Dynamic formal verification is a key tool for providing ongoing confidence that a system is meeting its requirements while in use, especially when paired with static formal verification before the system is in use. This paper presents a workflow and Runtime Verification (RV) toolchain, Varanus, and their application to an industrial case study. Using the workflow we manually derive a Communicating Sequential Processes (CSP) model from natural-language safety requirements documents, which Varanus uses as the monitor oracle. This reuse of the model means that the monitor oracle does not have to be developed separately, risking inconsistencies between it and the model for static verification. The approach is demonstrated by the offline RV of a teleoperated manipulation system, called MASCOT, which enables remote operations inside the Joint European Torus (JET) fusion reactor. We describe our model of the MASCOT safety design documents (including how the modelling process revealed an underspecification in the design) and evaluate the Varanus toolchain's utility. The workflow and tool provide validation of the safety documents, traceability of the safety properties from the documentation to the system, and a verified oracle for RV.