Integrating Testing with Runtime Verification for Mission-Critical Distributed Control Systems

Verification of safety properties of mission-critical Distributed Control Systems (DCS) is challenging, especially when depending on a dynamically varying number of distributed components interacting via the system's Integration Layer (IL). In such cases, complementing testing with Runtime Verification (RV) can help detect non-systematic errors earlier and reduce time-to-production. We adopt RV to test the IL of a real-world mission-critical railway control system, based on a Message-oriented Middleware (MoM) implementing a publish-subscribe communication protocol, with critical requirements on message uniqueness and order. These requirements are formalized in RML (Runtime Monitoring Language) and compiled into a monitor which verifies them dynamically. Performance measurements on real-world scenario parameters show that our approach can complement testing in the Continuous Integration (CI) cycle.