Runtime Verification (RV) involves monitoring a system to check if it satisfies or violates a property. It is effective at bridging the reality gap between design-time assumptions and run-time environments; which is especially useful for robotic systems, because they operate in the real-world. This paper presents an RV approach that uses a Communicating Sequential Processes (CSP) model, derived from natural-language safety documents, as a runtime monitor. We describe our modelling process and monitoring toolchain, Varanus. The approach is demonstrated on a teleoperated robotic system, called MASCOT, which enables remote operations inside a nuclear reactor. We show how the safety design documents for the MASCOT system were modelled (including how modelling revealed an underspecification in the document) and evaluate the utility of the Varanus toolchain. As far as we know, this is the first RV approach to directly use a CSP model. This approach provides traceability of the safety properties from the documentation to the system, a verified monitor for RV, and validation of the safety documents themselves.
翻译:运行时核查(RV) 包括监测一个系统,以检查它是否满足或违反财产; 有效弥合设计-时间假设和运行-时间环境之间的现实差距; 这对于机器人系统特别有用,因为机器人系统在现实世界中运作; 本文介绍了一种使用交流序列过程模型(CSP)的RV方法,该模型来自自然语言安全文件,作为运行时间监测; 我们描述了我们的建模过程和监测工具链, Varanus。 这种方法在远程操作的机器人系统(称为MASCOT)上展示,它使核反应堆内的远程操作得以进行; 我们展示了MASCOT系统的安全设计文件是如何建模的(包括模型如何揭示文件中的细化)和评估Varanus工具链的效用的。 据我们所知,这是第一个直接使用CSP模型的RV方法。 这种方法提供了从文档到系统的安全特性的可追溯性,一个经过核查的RV监测器,以及安全文件本身的验证。
相关内容
微信扫码咨询专知VIP会员