Stepwise Development and Model Checking of a Distributed Interlocking System - Using RAISE

Geisler, Signe; Haxthausen, Anne Elisabeth

doi:10.1007/978-3-319-95582-7_16

Cited by 4 publications

(4 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The refined version of the protocol would also need to solve another type of deadlock scenario which would occur once railway routes are introduced into the model. Specifically, the head-to-head deadlock scenario, which can occur when two trains cannot progress as each train is preventing the other one from locking the next set of resources (example discussed in Section 7.1.4 of [GH21]). In the future work we could address this issue by extending the protocol to specify how objectives are formed and selected.…”

Section: Discussionmentioning

confidence: 99%

A refinement-based development of a distributed signalling system

Stankaitis

Iliasov²,

Kobayashi

et al. 2021

Form. Asp. Comput.

View full text Add to dashboard Cite

The decentralised railway signalling systems have a potential to increase capacity, availability and reduce maintenance costs of railway networks. However, given the safety-critical nature of railway signalling and the complexity of novel distributed signalling solutions, their safety should be guaranteed by using thorough system validation methods. To achieve such a high-level of safety assurance of these complex signalling systems, scenario-based testing methods are far from being sufficient despite that they are still widely used in the industry. Formal verification is an alternative approach which provides a rigorous approach to verifying complex systems and has been successfully used in the railway domain. Despite the successes, little work has been done in applying formal methods for distributed railway systems. In our research we are working towards a multifaceted formal development methodology of complex railway signalling systems. The methodology is based on the Event-B modelling language which provides an expressive modelling language, a stepwise development and a proof-based model verification. In this paper, we present the application of the methodology for the development and verification of a distributed protocol for reservation of railway sections. The main challenge of this work is developing a distributed protocol which ensures safety and liveness of the distributed railway system when message delays are allowed in the model.

show abstract

Section: Discussionmentioning

confidence: 99%

A refinement-based development of a distributed signalling system

Stankaitis

Iliasov²,

Kobayashi

et al. 2021

Form. Asp. Comput.

View full text Add to dashboard Cite

show abstract

“…In [HHP17], we have shown that bounded model checking in combination with k-induction can cope with the size of real-world route-based interlocking systems for verifying their behaviour. As an alternative to the B-family, the RAISE tool offers the possibility to perform combined verification by theorem proving and model checking [GH18].…”

Section: Related Workmentioning

confidence: 99%

Efficient data validation for geographical interlocking systems

et al. 2021

Self Cite

View full text Add to dashboard Cite

In this paper, an efficient approach to data validation of distributed geographical interlocking systems (IXLs) is presented. In the distributed IXL paradigm, track elements are controlled by local computers communicating with other control components over local and wide area networks. The overall control logic is distributed over these track-side computers and remote server computers that may even reside in one or more cloud server farms. Redundancy is introduced to ensure fail-safe behaviour, fault-tolerance, and to increase the availability of the overall system. To cope with the configuration-related complexity of such distributed IXLs, the software is designed according to the digital twin paradigm: physical track elements are associated with software objects implementing supervision and control for the element. The objects communicate with each other and with high-level IXL control components in the cloud over logical channels realised by distributed communication mechanisms. The objective of this article is to explain how configuration rules for this type of IXLs can be specified by temporal logic formulae interpreted on Kripke Structure representations of the IXL configuration. Violations of configuration rules can be specified using formulae from a well-defined subset of LTL. By decomposing the complete configuration model into sub-models corresponding to routes through the model, the LTL model checking problem can be transformed into a CTL checking problem for which highly efficient algorithms exist. Specialised rule violation queries that are hard to express in LTL can be simplified and checked faster by performing sub-model transformations adding auxiliary variables to the states of the underlying Kripke Structures. Further performance enhancements are achieved by checking each sub-model concurrently. The approach presented here has been implemented in a model checking tool which is applied by Siemens Mobility for data validation of geographical IXLs.

show abstract

“…-Variant 1) [15,12]. The engineering concept was originally developed by INSY GmbH Berlin for their railway control system RELIS 2000 designed for local railway networks.…”

Section: Distributed Interlocking As Distributed Mutual Exclusionmentioning

confidence: 99%

“…In [15] the concept has been formalised in the RAISE Specification Language, RSL [27], and the RAISE theorem prover was used for verification. In [12] an extension of RSL, called RSL-SAL [23] was used for the formalisation, and the formal verification was performed using the SAL symbolic model checker. -Variant 1) US patent 8820685 B2 [22].…”

Section: Distributed Interlocking As Distributed Mutual Exclusionmentioning

confidence: 99%

Safety Interlocking as a Distributed Mutual Exclusion Problem

Fantechi

Haxthausen

2018

Formal Methods for Industrial Critical Systems

Self Cite

View full text Add to dashboard Cite

 Users may download and print one copy of any publication from the public portal for the purpose of private study or research.  You may not further distribute the material or use it for any profit-making activity or commercial gain  You may freely distribute the URL identifying the publication in the public portal If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim.

show abstract

Stepwise Development and Model Checking of a Distributed Interlocking System - Using RAISE

Cited by 4 publications

References 9 publications

A refinement-based development of a distributed signalling system

A refinement-based development of a distributed signalling system

Efficient data validation for geographical interlocking systems

Safety Interlocking as a Distributed Mutual Exclusion Problem

Contact Info

Product

Resources

About