Validating the Hybrid ERTMS/ETCS Level 3 concept with Electrum

Cunha, Alcino; Macedo, Nuno

doi:10.1007/s10009-019-00540-4

Cited by 22 publications

(14 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Two other solutions were presented at ABZ'18, one using Spin [30] and one using Alloy/Electrum [31]. The latter is interesting as it uses Alloy's magic layout feature to obtain a visual representation of the state of the model.…”

Section: Comparisonmentioning

confidence: 99%

Validation and real-life demonstration of ETCS hybrid level 3 principles using a formal B model

Hansen

Leuschel

Körner

et al. 2020

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

In this article, we present a concrete realisation of the ETCS hybrid level 3 concept, whose practical viability was evaluated in a field demonstration in 2017. Hybrid level 3 introduces virtual subsections as subdivisions of classical track sections with trackside train detection. Our approach introduces an add-on for the radio block centre (RBC) of Thales, called virtual block function (VBF), which computes the occupation states of the virtual subsections using the train position reports, train integrity information, and the track occupation states. From the perspective of the RBC, the VBF behaves as an interlocking that transmits all signal aspects for virtual signals introduced for each virtual subsection to the RBC. We report on the development of the VBF, implemented as a formal B model executed at runtime using ProB and successfully used in a field demonstration to control real trains. Keywords B-method • Animation • Model-based testing • Model checking • ETCS

show abstract

Section: Comparisonmentioning

confidence: 99%

Validation and real-life demonstration of ETCS hybrid level 3 principles using a formal B model

Hansen

Leuschel

Körner

et al. 2020

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

show abstract

“…The remaining three contributions do not attempt any abstraction but model the concrete specification as faithfully as possible in order to model check or animate it to discover bugs against the scenarios. Cunha et al [34] do this using Electum (an extension of Alloy) and the Analyzer model checker, and Arcaini et al [35] use Promela with the Spin model checker. Hanson et al use ProB to execute 'classical' B [36] to demonstrate the specification controlling an actual (test) railway system.…”

Section: Comparisonmentioning

confidence: 99%

Formalising the Hybrid ERTMS Level 3 specification in iUML-B and Event-B

Dghaym

Dalvandi

Poppleton

et al. 2019

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

We demonstrate refinement-based formal development of the hybrid, 'fixed virtual block' approach to train movement control for the emerging European Rail Traffic Management System (ERTMS) level 3. Our approach uses iUML-B diagrams as a front end to the Event-B modelling language. We use abstraction to verify the principle of movement authority before gradually developing the details of the Virtual Block Detector component in subsequent refinements, thus verifying that it preserves the safety properties. We animate the refined models to demonstrate their validity using the scenarios from the Hybrid ERTMS Level 3 (HLIII) specification. We reflect on our team-based approach to finding useful modelling abstractions and demonstrate a systematic modelling method based on the state and class diagrams of iUML-B. The component and control flow architectures of the application, its environment and interacting systems emerge through the layered refinement process. The runtime semantics of the specification's state-machine behaviour are modelled in the final refinements. We discuss how the model could be used to generate an implementation using code generation tools and techniques. Abbreviations ADT Abstract Data Type RodinRodin platform ERS

show abstract

“…To further ease the feature-oriented design of software families, language extensions to Alloy have also been proposed [1,9]. This paper reports the modelling and subsequent validation and verification of an adaptive exterior lights system (ELS) with multiple variants in Electrum 1 , carried out as an answer to the ABZ'20 call for case study submissions, following the successful submission to ABZ'18 [4]. The employed approach -which we hope can be applied to similar signal-based systems -is presented in Sect.…”

Section: Introductionmentioning

confidence: 99%

Validating Multiple Variants of an Automotive Light System with Electrum

Cunha

Macedo

Liu

2020

Rigorous State-Based Methods

Self Cite

View full text Add to dashboard Cite

This paper reports on the development and validation of a formal model for an automotive adaptive exterior lights system (ELS) with multiple variants in Electrum, a lightweight formal specification language that extends Alloy with mutable relations and temporal logic. We explore different strategies to address variability, one in pure Electrum and another through an annotative language extension. We then show how Electrum and its Analyzer can be used to validate systems of this nature, namely by checking that the reference scenarios are admissible, and to automatically verify whether the established requirements hold. A prototype was developed to translate the provided validation sequences into Electrum and back to further automate the validation process. The resulting ELS model was validated against the provided validation sequences and verified for most of requirements for all variants.

show abstract

Validating the Hybrid ERTMS/ETCS Level 3 concept with Electrum

Cited by 22 publications

References 17 publications

Validation and real-life demonstration of ETCS hybrid level 3 principles using a formal B model

Validation and real-life demonstration of ETCS hybrid level 3 principles using a formal B model

Formalising the Hybrid ERTMS Level 3 specification in iUML-B and Event-B

Validating Multiple Variants of an Automotive Light System with Electrum

Contact Info

Product

Resources

About