Formal Verification and Validation of ERTMS Industrial Railway Train Spacing System

Int J Softw Tools Technol Transfer

et al. 2014

Abstract. We describe a novel framework for modelling railway interlockings which has been developed in conjunction with railway engineers. The modelling language used is CSP||B. Beyond the modelling we present a variety of abstraction techniques which make the analysis of medium to large scale networks feasible. The paper notably introduces a covering technique that allows railway scheme plans to be decomposed into a set of smaller scheme plans. The finitisation and topological abstraction techniques are extended from previous work and are given formal foundations. All three techniques are applicable to other modelling frameworks besides CSP||B. Being able to apply abstractions and simplifications on the domain model before performing model checking is the key strength of our approach. We demonstrate the use of the framework on a real-life, medium size scheme plan.

Section: Related Workmentioning

confidence: 99%

Section: Verification Comparisonmentioning

confidence: 99%

Techniques for modelling and verifying railway interlockings

James

Int J Softw Tools Technol Transfer

et al. 2014

“…Prominent studies from the B community include [17,18] whilst [19,20] are classical contributions from process algebra and [21] uses techniques from Algebraic Specification. On a lower abstraction layer, [22][23][24][25] verify the safety of interlocking programs with logical approaches.…”

Section: Related Workmentioning

confidence: 99%

“…control tables) by Haxthausen [30] also falls into the first category and is supported by automated tools that generate the models. Cimatti et al [25] also have had considerable success using NuSMV but their analysis is focussed on the implementation descriptions.…”

Section: Related Workmentioning

confidence: 99%

Verification of Scheme Plans Using CSP$$||$$B

James

Software Engineering and Formal Methods

et al. 2014

Abstract. The paper presents a tool-supported approach to graphically editing scheme plans and their safety verification. The graphical tool is based on a Domain Specific Language which is used as the basis for transformation to a CSP B formal model of a scheme plan. The models produced utilise a variety of abstraction techniques that make the analysis of large scale plans feasible. The techniques are applicable to other modelling languages besides CSP B. We use the ProB tool to ensure the safety properties of collision, derailment and run-through freedom.

“…The results achieved are comparable in size to our Single Junction scenario. Cimatti et al [5] also have had considerable success using NuSMV but their analysis is focussed on the implementation descriptions.…”

Section: Related Workmentioning

confidence: 99%

Defining and Model Checking Abstractions of Complex Railway Models Using CSP||B

Hardware and Software: Verification and Testing

Roggenbach

et al. 2013

Abstract. The safety analysis of interlocking railway systems involves verifying collision and derailment freedom. In this paper we propose a structured way of refining track plans, in order to expand track segments so that they form collections of track segments. We show how the abstract model can be model checked to ensure the safety properties, which must also hold in the corresponding concrete track plan, so that we will never need to model check the concrete track plan directly. We also identify the minimal number of trains that needs to be considered as part of the model checking, and we demonstrate the practicality of the approach on various scenarios.