Formalizing a subset of ERTMS/ETCS specifications for verification purposes

ERTMS is the standard railway control-command and signaling system which aims to ensure railway interoperability throughout Europe while enhancing safety and competitiveness. ERTMS is composed of two main subsystems which include GSM-R, a radio system for enabling communication between the train and the traffic management center and ETCS, an automatic train protection system (ATP) to replace the existing national ATP systems. The ERTMS specifications are defined by means of standard documents which set out the requirements ensuring interoperability. These documents evolve regularly to give rise to successive versions. The ERTMS/ETCS standard defines different levels and operation modes according to various trackside and onboard setups and some operational conditions. Given the complexity and the high criticality of railway operation, verification and validation (V&V) are crucial tasks in railway application development. In this paper, after setting the background and the motivations, a mechanizable formalization of a subset of ERTMS/ETCS specifications relative to ETCS modes and transitions is developed. The present work aims to offer a readily available model for formal V&V. Using formal techniques to check SRS is highly recommended to tackle the complexity of the defined requirements and prevent specification errors. Model-checking technique, which is targeted here, offers exhaustive analysis of the system behavior based on its model and is highly automated, since it is supported by software tools. Based on the last available version of SRS specifications, a progressive process is undertaken to get a formal model which makes explicit the various modes characterized by their respective active functions, as well as the numerous combinations of conditions for switching between modes. The various steps guiding the translation of the SRS literal specifications into a formal model are explained. As will be shown through different examples, the obtained model is a convenient basis to check safety, interoperability and liveness properties.

[1]  Armand Toguyéni,et al.  Validation of a New Functional Design of Automatic Protection Systems at Level Crossings with Model-Checking Techniques , 2012, IEEE Transactions on Intelligent Transportation Systems.

[2]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[3]  Wan Fokkink,et al.  Some Trends in Formal Methods Applications to Railway Signaling , 2012, FMICS 2012.

[4]  Etienne Côme,et al.  Combined use of sensor data and structural knowledge processed by Bayesian network: Application to a railway diagnosis aid scheme , 2008 .

[5]  Ehsan Jafarian,et al.  Application of fuzzy fault tree analysis for evaluation of railway safety risks: an evaluation of root causes for passenger train derailment , 2012 .

[6]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[7]  Marta Z. Kwiatkowska,et al.  PRISM 4.0: Verification of Probabilistic Real-Time Systems , 2011, CAV.

[8]  Andrew Nash,et al.  RAILML - A STANDARD DATA INTERFACE FOR RAILROAD APPLICATIONS , 2004 .

[9]  Edmund M. Clarke,et al.  Symbolic model checking for sequential circuit verification , 1993, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[10]  Julie Beugin,et al.  Simulation-based evaluation of dependability and safety properties of satellite technologies for railway localization , 2012 .

[11]  Gabriele Malavasi,et al.  Simulation of stochastic elements in railway systems using self-learning processes , 2001, Eur. J. Oper. Res..

[12]  Wang Yi,et al.  UPPAAL - a Tool Suite for Automatic Verification of Real-Time Systems , 1996, Hybrid Systems.

[13]  Hana Kubatova,et al.  Dependability Evaluation of Real Railway Interlocking Device , 2008, 2008 11th EUROMICRO Conference on Digital System Design Architectures, Methods and Tools.

[14]  Cecília Vale,et al.  Stochastic model for the geometrical rail track degradation process in the Portuguese railway Northern Line , 2013, Reliab. Eng. Syst. Saf..

[15]  Ziyou Gao,et al.  Intelligent Railway Systems in China , 2006, IEEE Intelligent Systems.

[16]  Mohamed Ghazel,et al.  Assisting Specification and Consistency-Check of Temporal Requirements for Critical Systems , 2010, Software Engineering Research and Practice.

[17]  Vincenzo Punzo,et al.  Supporting the design of railway systems by means of a Sobol variance-based sensitivity analysis , 2013 .

[18]  Jun-Feng Wang CTCS-2I: New Train Control System Suitable for Trains with Speeds up to 350 km/h , 2011 .

[19]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[20]  Frédéric Badeau,et al.  Using B as a High Level Programming Language in an Industrial Project: Roissy VAL , 2005, ZB.

[21]  Mohamed Ghazel,et al.  A Formal Framework for the Formalization of Informal Requirements , 2012, SOCO 2012.

[22]  Stavros Tripakis,et al.  KRONOS: A Model-Checking Tool for Real-Time Systems (Tool-Presentation for FTRTFT '98) , 1998, FTRTFT.

[23]  Wang Xi,et al.  Model checking-based safety verification for railway signal safety protocol-I , 2013 .