Improving Railway Data Validation with ProB

In this chapter, we describe the successful application of ProB on industrial projects realized by Siemens. Siemens are successfully using the B-method to develop software components for zone controller and carbonne controller of CBTC systems. However, the development contains certain assumptions about the actual rail network topology which have to be validated separately in order to ensure safe operation. For this task, Siemens has developed custom proof rules for AtelierB. AtelierB, however, was unable to deal with properties related to large constants (relations with thousands of tuples). These properties thus had to be validated by hand at great expense (and they need to be revalidated whenever the rail network infrastructure changes). In this chapter we show how we were able to use ProB to overcome this challenge. We describe the deployment and current use of ProB in the SIL4 development chain at Siemens. This achievement required the extension of the ProB kernel for large sets as well as an improved constraint propagation phase. We also outline some of the effort and features that were required in moving from a tool capable of dealing with medium-sized examples towards a tool able to deal with actual industrial specifications. Notably, a new parser and type checker had to be developed. We also touch upon the issue of validating ProB.