Formal Distributed Protocol Development for Reservation of Railway Sections

Abstract: The decentralisation of railway signalling systems has the potential to increase railway network capacity, availability and reduce maintenance costs. Given the safety-critical nature of railway signalling and the complexity of novel distributed signalling solutions, their safety should be guaranteed by using thorough system validation methods. In this paper, we present a rigorous formal development and verification of a distributed protocol for reservation of railway sections, which we believe could deliver be… Show more

“…The railway domain has proved to be a fruitful area for applying various formal methods, but considerably less has been done in applying them for distributed railway systems by industry and academia [BBFM99,ED06]. Therefore, the long-term aim of our research is to lower the barriers of applying formal methods for the development of complex railway signalling systems, including distributed [SIK+20], heterogeneous [SI17] and hybrid [SDS+19] railway systems.…”

“…As shown in Section 3.2 (Scenarios 1 -2) high-level system requirements can only be met if an agent invariably and correctly forms a distributed lane. The probabilistic lane forming eventuality (LIV 3 ) is discussed in [SIK+20] while in the following paragraphs we describe proving requirements SAF 3−4 in the Event-B model. First of all, requirement SAF 3 (see Table 4) relates to SAF 2 (see Table 3) and is needed to ensure that that an agent is not allocated only a part of resources it has requested.…”

A refinement-based development of a distributed signalling system

“…The railway domain has proved to be a fruitful area for applying various formal methods, but considerably less has been done in applying them for distributed railway systems by industry and academia [BBFM99,ED06]. Therefore, the long-term aim of our research is to lower the barriers of applying formal methods for the development of complex railway signalling systems, including distributed [SIK+20], heterogeneous [SI17] and hybrid [SDS+19] railway systems.…”

“…As shown in Section 3.2 (Scenarios 1 -2) high-level system requirements can only be met if an agent invariably and correctly forms a distributed lane. The probabilistic lane forming eventuality (LIV 3 ) is discussed in [SIK+20] while in the following paragraphs we describe proving requirements SAF 3−4 in the Event-B model. First of all, requirement SAF 3 (see Table 4) relates to SAF 2 (see Table 3) and is needed to ensure that that an agent is not allocated only a part of resources it has requested.…”

A refinement-based development of a distributed signalling system