Verification of railway interlocking systems

Busard, Simon; Cappart, Quentin; Limbrée, Christophe; Pecheur, Charles; Schaus, Pierre

doi:10.4204/eptcs.184.2

Cited by 19 publications

(17 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The aim of statistical model checking is to approximate, in a controlled manner, the probability of satisfaction or violation of a property. Unlike classical model checking approaches where an exhaustive exploration of the state space is conducted (Busard et al [6] experimented the limitation of this approach for SSI language), statistical model checking only requires a sample of simulations. On this section, we describe the statistical model checking algorithms used in our approach.…”

Section: Verification By Statistical Model Checkingmentioning

confidence: 99%

Verification of Interlocking Systems Using Statistical Model Checking

Cappart

Limbrée

Schaus

et al. 2017

2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE)

Self Cite

View full text Add to dashboard Cite

Abstract-1 In the railway domain, an interlocking is the system ensuring safe train traffic inside a station by controlling its active elements such as the signals or points. Modern interlockings are configured using particular data, called application data, reflecting the track layout and defining the actions that the interlocking can take. The safety of the train traffic relies thereby on application data correctness, errors inside them can cause safety issues such as derailments or collisions. Given the high level of safety required by such a system, its verification is a critical concern. In addition to the safety, an interlocking must also ensure that availability properties, stating that no train would be stopped forever in a station, are satisfied. Most of the research dealing with this verification relies on model checking. However, due to the state space explosion problem, this approach does not scale for large stations. More recently, a discrete event simulation approach limiting the verification to a set of likely scenarios, was proposed. The simulation enables the verification of larger stations, but with no proof that all the interesting scenarios are covered by the simulation. In this paper, we apply an intermediate statistical model checking approach, offering both the advantages of model checking and simulation. Even if exhaustiveness is not obtained, statistical model checking evaluates with a parametrizable confidence the reliability and the availability of the entire system.

show abstract

Section: Verification By Statistical Model Checkingmentioning

confidence: 99%

Verification of Interlocking Systems Using Statistical Model Checking

Cappart

Limbrée

Schaus

et al. 2017

2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE)

Self Cite

View full text Add to dashboard Cite

show abstract

“…In [5] the authors build a model of railway operation constrained by imported signalling data. A model checker automatically explores train movement scenarios (i.e., model states) and reports on violation of safety properties.…”

Section: Introductionmentioning

confidence: 99%

Formal Verification of Signalling Programs with SafeCap

Iliasov

Taylor²,

Laibinis

et al. 2018

Developments in Language Theory

View full text Add to dashboard Cite

SafeCap is a modern toolkit for modelling, simulation and formal verification of railway networks. This paper discusses the use of SafeCap for formal analysis and fully-automated scalable safety verification of solid state interlocking (SSI) programs-a technology at the heart of many railway signalling solutions. The focus of the work is on making it easy for signalling engineers to use the developed technology and thus to help with its smooth industrial deployment. In this paper we explain the formal foundations of the proposed method, its tool support, and their application to real life railway verification problems.

show abstract

“…Model checking has proved particularly attractive for tackling the safety of interlocking, and various model checkers and temporal logics have been used, see e.g. [7,10,17,35,43,56]. Critically evaluating practicality, [13] investigated applicability of model checking for interlocking tables using NuSMV or Spin, two prominent representatives of BDD-based symbolic model checking, respectively explicit state model checking.…”

Section: Related Workmentioning

confidence: 99%

“…-Capacity analysis and timetabling can be performed using e.g. OpenTrack, 6 LUKS, 7 or Treno. 8 The main export target for our use case was OpenTrack, which is a simulation tool that allows stochastic capacity analysis, running time analysis, and other types of analyses.…”

Section: Proposed Railway Signalling Design Tool Chainmentioning

confidence: 99%

Efficient verification of railway infrastructure designs against standard regulations

Luteberget

Johansen

2017

Form Methods Syst Des

View full text Add to dashboard Cite

In designing safety-critical infrastructures s.a. railway systems, engineers often have to deal with complex and large-scale designs. Formal methods can play an important role in helping automate various tasks. For railway designs formal methods have mainly been used to verify the safety of so-called interlockings through model checking, which deals with state change and rather complex properties, usually incurring considerable computational burden (e.g., the state-space explosion problem). In contrast, we focus on static infrastructure models, and are interested in checking requirements coming from design guidelines and regulations, as usually given by railway authorities or safety certification bodies. Our goal is to automate the tedious manual work that railway engineers do when ensuring compliance with regulations, through using software that is fast enough to do verification on-the-fly, thus being able to be included in the railway design tools, much like a compiler in an IDE. In consequence, this paper describes the integration into the railway design process of formal methods for automatically extracting railway models from the CAD railway designs and for describing relevant technical regulations and expert knowledge as properties to be checked on the models. We employ a variant of Datalog and use the standardized "railway markup language" railML as basis and exchange format for the formalization. We developed a prototype tool and integrated it in industrial railway CAD software, developed under the name RailCOMPLETE . This on-the-fly verification tool is a help for the engineer while doing the designs, and is not a replacement to other more heavy-weight software like for doing interlocking verification or capacity analysis. Our tool, through the export into railML, can be easily integrated with these other tools. We apply our tool chain in a Norwegian railway project, the upgrade of the Arna railway station.

show abstract

Verification of railway interlocking systems

Cited by 19 publications

References 7 publications

Verification of Interlocking Systems Using Statistical Model Checking

Verification of Interlocking Systems Using Statistical Model Checking

Formal Verification of Signalling Programs with SafeCap

Efficient verification of railway infrastructure designs against standard regulations

Contact Info

Product

Resources

About