From Timed Automata to Go: Formally Verified Code Generation and Runtime Monitoring for Cyber-Physical Systems

Abstract

The design of critical components in cyber-physical systems (CPS) demands rigorous guarantees of safety and correctness, particularly in safety-critical domains such as autonomous vehicles and industrial automation. While formal verification techniques, such as Timed Automata (TA) models analyzed with UPPAAL, provide strong offline assurances, transitioning these models into reliable executable systems remains a major challenge, especially when integrated with unverified legacy systems. This paper shows that combining formal verification with runtime monitoring can effectively bridge this gap and enhance system reliability. We introduce a novel framework that automatically translates UPPAAL-verified TA models into executable Go programs, leveraging a new intermediate formalism, Timed Automata with Disjoint Actions (TADA), to make time progression explicit and resolve semantic ambiguities in code generation. By integrating lightweight runtime monitors into the generated code, our approach ensures continuous enforcement of timing invariants even when verified components interact with legacy elements. Compared to prior work focused solely on offline verification, our hybrid approach offers a robust safety envelope in heterogeneous environments. We demonstrate the effectiveness of our framework through a case study on an industrial control system, showing that it successfully detects and mitigates timing violations introduced by legacy components, significantly improving overall system resilience.