Integrating Automatic Verification of Safety Requirements in Railway Interlocking System Design

A Railway Interloc king System (RIS) is an Embedded System (namely a Supervisory Control System) that ensures the safe op eration of the devic es in a R ailway Station. Of course a RIS is a Safet y Critical System. In this p aper we explore the p ossibility of integrating automatic formal veri cation methods in a given industry RIS design ow. The main obstructions to be over come in our work are: selecting a formal veri cation tool that is eÆcient enough to solve the veri c ationproblems at hand and devising a cost e e ctive integration strategy for such tool. Eventually we were able to devise a successful integration strategy meeting the above constr aints.This is done without requiring major modi c ation in the preexistent design ow nor retraining of personnel. We run veri cation experiments for a RIS designed for the Singapore Subway. Such experiments show that the RIS design ow obtained from our integration strategy will inde edbe able to automatically verify real life RIS designs. ENEA C.R.-CASACCIA, TISGI Section, Via Anguillarese, 301, S.Maria di Galeria I-00060 ROMA ITAL Y, email: [email protected] url: http://tisgi.casaccia.enea.it This researc h has been partially supported by ESPRIT project ISA-EUNET EP27450 CASPUR, c/o CICS Universita' di Roma \La Sapienza", Piazzale Aldo Moro 5, I-00185, Roma ITAL Y email: [email protected] This researc h has been partially supported by ENEA System Assurance, ALSTOM TRANSPORT SpA, Via di Corticella 75, I-40128 Bologna ITAL Y email: [email protected] url: http://www.alstom.com This researc h has been partially supported by ESPRIT project ISA-EUNET EP27450 Contact Author. Area Informatica, Univ ersit a di L'Aquila, Coppito I-67100 L'Aquila ITAL Y email: [email protected] url: http://univaq.it/ tronci Tel: +39 0862 433129; Fax: +39 0862 433180. This researc h has been partially supported by MURST project TOSCA and by ENEA.