Safety Analysis of a CBTC System: A Rigorous Approach with Event-B

Comptier, Mathieu; Déharbe, David; Perez, Julien Molinero; Mussat, Louis; Pierre, Thibaut; Sabatier, Denis

doi:10.1007/978-3-319-68499-4_10

Cited by 22 publications

(6 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many papers concern the verification on a higher abstraction level, in which control systems are treated as black boxes, interchanging signals. For example, in [20,21] B-Method and Atelier-B toolkit are used. The application of CSP B and ProB is described in [22].…”

Section: Related Workmentioning

confidence: 99%

Temporal Verification of Relay-Based Railway Traffic Control Systems Using the Integrated Model of Distributed Systems

et al. 2022

View full text Add to dashboard Cite

Relay-based traffic control systems are still used in railway control systems. Their correctness is most often verified by manual analysis, which does not guarantee correctness in all conditions. Passenger safety, control reliability, and failure-free operation of all components require formal proof of the control system’s correctness. Formal evidence allows certification of control systems, ensuring that safety will be maintained in correct conditions and the in event of failure. The operational safety of systems in the event of component failure cannot be manually checked practically in the event of various types of damage to one component, pairs of components, etc. In the article, we describe the methodology of automated system verification using the IMDS (integrated model of distributed systems) temporal formalism and the Dedan tool. The novelty of the presented verification methodology lays in graphical design of the circuit elements, automated verification liberating the designer from using temporal logic, checking partial properties related to fragments of the circuit, and fair verification preventing the discovering of false deadlocks. The article presents the verification of an exemplary relay traffic control system in the correct case, in the case of damage to elements, and the case of an incorrect sequence of signals from the environment. The verification results are shown in the form of sequence diagrams leading to the correct/incorrect final state.

show abstract

Section: Related Workmentioning

confidence: 99%

Temporal Verification of Relay-Based Railway Traffic Control Systems Using the Integrated Model of Distributed Systems

et al. 2022

View full text Add to dashboard Cite

show abstract

“…To accomplish the first task, we decided to derive a formal B model from the HL3 specification. The decision was based on diverse work (e.g., [7,[10][11][12][13][14][15]) which provided evidence that B is well suited for the railway domain. Moreover, first experiments were very promising: in a few days it was possible to model some simpler transitions of the HL3 specification.…”

Section: Requirements and Modelling Strategymentioning

confidence: 99%

“…However, we ourselves do not yet have enough understanding of HL3 specification to understand why it is safe and how a proof and refinement strategy should look like. Developing a system-level proof of HL3 specification is worthy of another research project, and can get inspiration from successful use of Event-B for similar demonstrations for the Flushing line in New York [14] or the Octys line in Paris [15].…”

Section: Comparisonmentioning

confidence: 99%

Validation and real-life demonstration of ETCS hybrid level 3 principles using a formal B model

Hansen

Leuschel

Körner

et al. 2020

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

In this article, we present a concrete realisation of the ETCS hybrid level 3 concept, whose practical viability was evaluated in a field demonstration in 2017. Hybrid level 3 introduces virtual subsections as subdivisions of classical track sections with trackside train detection. Our approach introduces an add-on for the radio block centre (RBC) of Thales, called virtual block function (VBF), which computes the occupation states of the virtual subsections using the train position reports, train integrity information, and the track occupation states. From the perspective of the RBC, the VBF behaves as an interlocking that transmits all signal aspects for virtual signals introduced for each virtual subsection to the RBC. We report on the development of the VBF, implemented as a formal B model executed at runtime using ProB and successfully used in a field demonstration to control real trains. Keywords B-method • Animation • Model-based testing • Model checking • ETCS

show abstract

“…Successful applications of FMs on configuration data have been conducted in the past [30]. FMs applications on CBTC systems can be found for other mechanisms/parts of the CBTC system, such as track circuits or emergency cancellation functions, as reported in the article by Comptier et al [31]. In this article, it is described how Event-B and Atelier B were utilized to perform rigorous safety analysis of the multi-supplier interoperable Octys (Open Control of Train Interchangeable and Integrated system) CBTC system which has been deployed on Paris metro lines 3, 5 and 9 starting 2010 as reported in the article.…”

Section: Communications-based Train Control (Cbtc)mentioning

confidence: 99%

Research Directions Regarding the Adoption of Formal Methods in the Railway Signaling Sector: Determinants and Next Steps for Future-Proof Railways

Rizopoulos

Olsson

Lindahl

et al. 2020

WIT Transactions on the Built Environment

View full text Add to dashboard Cite

The terms Formal Methods (FMs) refer to a set of techniques and software toolkits that, based on mathematical rigor, can enhance safety, security, and the efficient operation of a wide range of systems. Considering that several innovative FMs applications have been performed over the last few decades, the utility of toolkits that are based on FMs has already been showcased in several industrial settings, such as the avionics and automotive industries, medical devices, computer software, and hardware systems, and finally, the railways and the railway-signalling sector. The current article focuses on the last of the aforementioned sectors, that of railway signalling, and aims to analyse research directions that regard the adoption of FMs in signalling. Despite the benefits and the availability of reports on the topic, the implementation of the adoption of FMs can be considered yet to be successful in most organizations that develop related systems. The authors have observed that this implementation lag in the adoption of FMs may stem from the absence of systematic approaches to the study of adoption. In that regard, a set of five Research Questions (RQs) is introduced in this article for the adoption of FMs in railway signalling systems. Furthermore, answers regarding two of those questions are given within the current article regarding: (i) studies on the adoption of FMs, and (ii) successful applications and benefits of FMs. The remaining three RQs are intended to point out issues for future research. By providing answers to all five RQs, it is expected that a map for the demand of FMs applications in railway signalling is introduced in the following years, as well as the role of the potential stakeholders in those applications.

show abstract

Safety Analysis of a CBTC System: A Rigorous Approach with Event-B

Cited by 22 publications

References 4 publications

Temporal Verification of Relay-Based Railway Traffic Control Systems Using the Integrated Model of Distributed Systems

Temporal Verification of Relay-Based Railway Traffic Control Systems Using the Integrated Model of Distributed Systems

Validation and real-life demonstration of ETCS hybrid level 3 principles using a formal B model

Research Directions Regarding the Adoption of Formal Methods in the Railway Signaling Sector: Determinants and Next Steps for Future-Proof Railways

Contact Info

Product

Resources

About