Model Checking Railway Interlocking Systems
نویسنده
چکیده
For supporting the analysis of railway interlocking systems in the early stage of their design we propose the use of model checking. We investigate the use of the formal modelling language CSP and the corresponding model checker FDR. In this paper, we describe the basics of this formalism and introduce our formal model of a railway interlocking system. Checking this model against the given safety requirements, the signalling principles, we get useful counterexamples that help to debug the given interlocking design. This work provides a successful example of how formal methods can be used to support the industrial development process.
منابع مشابه
Formal Modeling and Verification of Interlocking Systems Featuring Sequential Release
In this paper, we present a method and an associated tool suite for formal verification of the new ETCS level 2 based Danish railway interlocking systems. We have made a generic and reconfigurable model of the system behavior and generic high-level safety properties. This model accommodates sequential release – a feature in the new Danish interlocking systems. The generic model and safety prope...
متن کاملDecomposing scheme plans to manage verification complexity
Several formal methods have been proposed for the specification and safety verification of railway applications. In order to be successful they need industrial strength tools to support the animation, proof, model checking and simulation of such systems. The complexity of railway systems means that capability of the analysis tools have consistently been improving. In our approach we propose tha...
متن کاملUsing Symbolic Model Checking to Verify the Railway Stations of Hoorn-Kersenboogerd and Heerhugowaard
Stålmarck’s proof procedure is a method of tautology checking that has been used to verify railway interlocking software. Recently, it has been proposed [SS98] that the method has potential to increase the capacity of formal verification tools for hardware. In this paper, we examine this potential in light of an experiment in the opposite direction: the application of symbolic model checking to...
متن کاملModelling Large Railway Interlockings and Model Checking Small Ones
This paper describes the results to date of a feasibility study on model checking applied to railway interlockings. Our approach, in contrast to others, targets a high-level description of interlocking systems, namely the logical view of its operation. The result is a formal model that can be discussed with and validated by our industry partners and, moreover, provides a formal semantics for th...
متن کاملAutomatically Verifying Railway Interlockings using SAT-based Model Checking
In this paper, we demonstrate the successful application of various SATbased model checking techniques to verify train control systems. Starting with a propositional model for a control system, we show how execution of the system can be modelled via a finite automaton. We give algorithms to perform SAT-based model checking over such an automaton. In order to tackle state-space explosion we prop...
متن کامل