Validation process for railway interlocking systems

Model Checking Railway Interlocking Systems

For supporting the analysis of railway interlocking systems in the early stage of their design we propose the use of model checking. We investigate the use of the formal modelling language CSP and the corresponding model checker FDR. In this paper, we describe the basics of this formalism and introduce our formal model of a railway interlocking system. Checking this model against the given safe...

Verification of railway interlocking systems

In the railway domain, an interlocking is the system ensuring a safe train traffic inside a station by controlling its active elements such as the switches or the signals. Modern interlockings are configured using particular data, called application data, reflecting the topology of the station and defining the actions that the interlocking can take. The safety of the train traffic relies thereb...

Modelling Interlocking Systems for Railway Stations

Practical formal validation method for interlocking systems

Today, the main issue is to answer the following question: have we finally recognized that when it comes to software, the delivery of absolute numerical safety targets is considered to be impossible, and the methods contained in the CENELEC standard produce a “probability” that certain unsafe failure rates will be archived, rather than an absolute assurance? We know that checks that are underta...

Specifying Railway Interlocking Requirements for Practical Use

An essentially complete formal specification of safety requirements for railway interlockings has been developed. The work is part of as project with the Swedish National Rail Administration investigating the feasibility of using formal methods for the analysis of interlockings in a production setting. An overview of the specification is given and two ongoing case studies on verifying interlock...