Optimising Ordering Strategies for Symbolic Model Checking of Railway Interlockings

Winter, Kirsten

doi:10.1007/978-3-642-34032-1_24

Cited by 27 publications

(24 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The paper uses a variant of linear temporal logic (LTL) for safety property specification and employs so-call k-induction. The work of [55] investigates how to exploit domain-specific knowledge about interlocking verification to obtain good variable orderings when encoding the systems to be verified in a BDD-based symbolic model checker. An influential technology is the tool-based support for verified code generation for railway interlockings from Prover AB Sweden [5].…”

Section: Related Workmentioning

confidence: 99%

Efficient verification of railway infrastructure designs against standard regulations

Luteberget

Johansen

2017

Form Methods Syst Des

View full text Add to dashboard Cite

In designing safety-critical infrastructures s.a. railway systems, engineers often have to deal with complex and large-scale designs. Formal methods can play an important role in helping automate various tasks. For railway designs formal methods have mainly been used to verify the safety of so-called interlockings through model checking, which deals with state change and rather complex properties, usually incurring considerable computational burden (e.g., the state-space explosion problem). In contrast, we focus on static infrastructure models, and are interested in checking requirements coming from design guidelines and regulations, as usually given by railway authorities or safety certification bodies. Our goal is to automate the tedious manual work that railway engineers do when ensuring compliance with regulations, through using software that is fast enough to do verification on-the-fly, thus being able to be included in the railway design tools, much like a compiler in an IDE. In consequence, this paper describes the integration into the railway design process of formal methods for automatically extracting railway models from the CAD railway designs and for describing relevant technical regulations and expert knowledge as properties to be checked on the models. We employ a variant of Datalog and use the standardized "railway markup language" railML as basis and exchange format for the formalization. We developed a prototype tool and integrated it in industrial railway CAD software, developed under the name RailCOMPLETE . This on-the-fly verification tool is a help for the engineer while doing the designs, and is not a replacement to other more heavy-weight software like for doing interlocking verification or capacity analysis. Our tool, through the export into railML, can be easily integrated with these other tools. We apply our tool chain in a Norwegian railway project, the upgrade of the Arna railway station.

show abstract

Section: Related Workmentioning

confidence: 99%

Efficient verification of railway infrastructure designs against standard regulations

Luteberget

Johansen

2017

Form Methods Syst Des

View full text Add to dashboard Cite

show abstract

“…To illustrate and evaluate our approach we have devised a case study based on existing networks from [18,19] inspired by the typical examples from real world used in other studies about formal verification of railway interlocking systems [5,7,9,22]. The used network, although invented, represents a realistic case.…”

Section: Mini-tiny-fork: a Small Case Studymentioning

confidence: 99%

“…Locality of a safety property can be exploited for verification purposes, by limiting the state space on which to verify it. This principle has been exploited in [22] to define domain-oriented optimizations of the variable ordering in a BDD-based verification. Locality can be used also for slicing, as suggested in [3] and [10,8].…”

Section: Introductionmentioning

confidence: 99%

Compositional Verification of Multi-station Interlocking Systems

Macedo

Fantechi

Haxthausen

2016

Leveraging Applications of Formal Methods, Verification and Validation: Discussion, Dissemination, Applications

View full text Add to dashboard Cite

Abstract. Because interlocking systems are highly safety-critical complex systems, their automated safety verification is an active research topic investigated by several groups, employing verification techniques to produce important cost and time savings in their certification. However, such systems also pose a big challenge to current verification methodologies, due to the explosion of state space size as soon as large, if not medium sized, multi-station systems have to be controlled. For these reasons, verification techniques that exploit locality principles related to the topological layout of the controlled system to split in different ways the state space have been investigated. In particular, compositional approaches divide the controlled track network in regions that can be verified separately, once proper assumptions are considered on the way the pieces are glued together. Basing on a successful method to verify the size of rather large networks, we propose a compositional approach that is particularly suitable to address multi-station interlocking systems which control a whole line composed of stations linked by mainline tracks. Indeed, it turns out that for such networks, and for the adopted verification approach, the verification effort amounts just to the sum of the verification efforts for each intermediate station and for each connecting line.

show abstract

“…Several techniques have been proposed in order to push the applicability bounds toward industrial size. Winter et al suggest using ordering strategies optimized for interlocking models [23]. A number of high-level abstractions for reducing the complexity of interlocking models are presented in [15].…”

Section: Related Workmentioning

confidence: 99%

“…Thus, automated verification of interlocking systems is an active research topic, investigated by several research groups, see e.g. [10,8,23,15,9,14]. As part of the RobustRailS research project 3 , our work aims at establishing a holistic method supporting the verification of such systems.…”

Section: Introductionmentioning

confidence: 99%

Formal Modeling and Verification of Interlocking Systems Featuring Sequential Release

Haxthausen

Peleskã

2015

Communications in Computer and Information Science

View full text Add to dashboard Cite

Abstract. In this paper, we present a method and an associated tool suite for formal verification of the new ETCS level 2 based Danish railway interlocking systems. We have made a generic and reconfigurable model of the system behavior and generic high-level safety properties. This model accommodates sequential release -a feature in the new Danish interlocking systems. The generic model and safety properties can be instantiated with interlocking configuration data, resulting in a concrete model in the form of a Kripke structure, and in high-level safety properties expressed as state invariants. Using SMT based bounded model checking (BMC) and inductive reasoning, we are able to verify the properties for model instances corresponding to railway networks of industrial size. Experiments also show that BMC is efficient for finding bugs in the railway interlocking designs.

show abstract

Optimising Ordering Strategies for Symbolic Model Checking of Railway Interlockings

Cited by 27 publications

References 18 publications

Efficient verification of railway infrastructure designs against standard regulations

Efficient verification of railway infrastructure designs against standard regulations

Compositional Verification of Multi-station Interlocking Systems

Formal Modeling and Verification of Interlocking Systems Featuring Sequential Release

Contact Info

Product

Resources

About