Formal development and verification of a distributed railway control system

Haxthausen, Anne Elisabeth; Peleskã, Jan

doi:10.1109/32.879808

Cited by 96 publications

(62 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This example is similar to the one presented in [17] (and in many other papers that propose new specification and verification techniques for real-time systems). In a railroad system, the most important issue that should be guaranteed is that trains do not crash.…”

Section: Example: Railroad Systemsupporting

confidence: 65%

Formal Specification and Verification of Real-Time Systems using Graph Grammars

2007

View full text Add to dashboard Cite

show abstract

Section: Example: Railroad Systemsupporting

confidence: 65%

Formal Specification and Verification of Real-Time Systems using Graph Grammars

2007

View full text Add to dashboard Cite

show abstract

“…Several research groups have investigated how formal methods would help efficiently producing more robust railway control systems. An overview of recent trends can be found in [16], and recommendations and best-practices for efficient development and verification of safe railway control systems are summarised in [22]. Re-configurable systems and automated verification are among these recommendations that we have followed.…”

Section: Related Workmentioning

confidence: 99%

“…In the current work, a combination of SMT-based BMC with inductive reasoning allowed us to verify safety properties without having to explore the whole state space, hence we were able to push the bounds even further to handle larger networks of industrial size. As an alternative to the model checking approach, theorem-proving-based techniques have also shown success in the railway domain, see, e.g., [2,21], but these provide a lesser degree of automation.…”

Section: Related Workmentioning

confidence: 99%

Formal modelling and verification of interlocking systems featuring sequential release

Haxthausen

Peleskã

2017

Science of Computer Programming

View full text Add to dashboard Cite

In this article, we present a method and an associated toolchain for the formal verification of the new Danish railway interlocking systems that are compatible with the European Train Control System (ETCS) Level 2. We have made a generic and reconfigurable model of the system behaviour and generic safety properties. This model accommodates sequential release -a feature in the new Danish interlocking systems. To verify the safety of an interlocking system, first a domain-specific description of interlocking configuration data is constructed and validated. Then the generic model and safety properties are automatically instantiated with the well-formed description of interlocking configuration data. This instantiation produces a model instance in the form of a Kripke structure, and concrete safety properties expressed as invariants. Finally, using a combination of SMT based bounded model checking (BMC) and inductive reasoning, it is verified that the generated model instance satisfies the generated safety properties. Using this method, we are able to verify the safety properties for model instances corresponding to railway networks of industrial size. Experiments show that BMC is also efficient for finding bugs in the railway interlocking designs. Additionally, benchmarking results comparing the performance of our approach with alternative verification techniques on the interlocking models are presented.

show abstract

“…The whole system (with single tracks and deviations) has been modelled and specified with CSP in a student project at Bremen (cf. also [HP98] for a solution of the general train control problem). The on-board computer has a layered architecture (see fig.…”

Section: On-board Computer For Railway Controlmentioning

confidence: 99%

“…Moreover, the experience of [HP98] when solving the train control problem in general (cf. also section 5.3) has been that reasoning about algebraic properties at a high level of abstraction is necessary, with subsequent refinements; model-oriented specifications and model-checking are not enough for this very practical problem that had defied a general solution thus far.…”

Section: Verificationmentioning

confidence: 99%

The UniForM workbench a universal development environment for formal methods

Krieg-Brückner

Peleskã

Olderog

et al. 1999

FM’99 — Formal Methods

View full text Add to dashboard Cite

Abstract. The UniForM Workbench supports combination of Formal Methods (on a solid logical foundation), provides tools for the development of hybrid, real-time or reactive systems, transformation, verification, validation and testing. Moreover, it comprises a universal framework for the integration of methods and tools in a common development environment. Several industrial case studies are described.

show abstract

Formal development and verification of a distributed railway control system

Cited by 96 publications

References 3 publications

Formal Specification and Verification of Real-Time Systems using Graph Grammars

Formal Specification and Verification of Real-Time Systems using Graph Grammars

Formal modelling and verification of interlocking systems featuring sequential release

The UniForM workbench a universal development environment for formal methods

Contact Info

Product

Resources

About