Formal Verification of Train Control with Air Pressure Brakes

Train control technology enhances the safety and efficiency of railroad operation by safeguarding the motion of trains to prevent them from leaving designated areas of operation and colliding with other trains. It is crucial for safety that the trains engage their brakes early enough in order to make sure they never leave the safe part of the track. Efficiency considerations, however, also require that the train does not brake too soon, which would limit operational suitability. It is surprisingly subtle to reach the right tradeoffs and identify the right control conditions that guarantee safe motion without being overly conservative.

[1]  Nancy A. Lynch,et al.  The generalized railroad crossing: a case study in formal verification of real-time systems , 1994, 1994 Proceedings Real-Time Systems Symposium.

[2]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[3]  Arne Borälv Case Study: Formal Verification of a Computerized Railway Interlocking , 1998, Formal Aspects of Computing.

[4]  Fausto Giunchiglia,et al.  Model Checking Safety Critical Software with SPIN: An Application to a Railway Interlocking System , 1998, SAFECOMP.

[5]  Hardi Hungar,et al.  On the Verification of Cooperating Traffic Agents , 2003, FMCO.

[6]  Frank Ortmeier,et al.  Formal Safety Analysis of a Radio-Based Railroad Crossing Using Deductive Cause-Consequence Analysis (DCCA) , 2005, EDCC.

[7]  Daniel Dollé,et al.  B in Large-Scale Projects: The Canarsie Line CBTC Experience , 2007, B.

[8]  André Platzer,et al.  Differential Dynamic Logic for Hybrid Systems , 2008, Journal of Automated Reasoning.

[9]  Bill Moore Ede,et al.  North American Joint Positive Train Control Project , 2009 .

[10]  Bill Moore Ede,et al.  Development of an Adaptive Predictive Braking Enforcement Algorithm , 2009 .

[11]  Anne Elisabeth Haxthausen,et al.  A formal approach for the construction and verification of railway control systems , 2011, Formal Aspects of Computing.

[12]  André Platzer,et al.  European Train Control System: A Case Study in Formal Verification , 2009, ICFEM.

[13]  André Platzer,et al.  Logical Analysis of Hybrid Systems - Proving Theorems for Complex Dynamics , 2010 .

[14]  André Platzer,et al.  Logics of Dynamical Systems , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[15]  Marco Roveri,et al.  Formal Verification and Validation of ERTMS Industrial Railway Train Spacing System , 2012, CAV.

[16]  Michael Leuschel,et al.  Improving Railway Data Validation with ProB , 2013, Industrial Deployment of System Engineering Methods.

[17]  Husain Abdulrahman Ahmad,et al.  Dynamic Braking Control for Accurate Train Braking Distance Estimation under Different Operating Conditions , 2013 .

[18]  Alessio Ferrari,et al.  The Metrô Rio case study , 2013, Sci. Comput. Program..

[19]  Tao Tang,et al.  Verifying Chinese Train Control System under a Combined Scenario by Theorem Proving , 2013, VSTTE.

[20]  Alessandro Fantechi,et al.  Validation of Railway Interlocking Systems by Formal Verification, A Case Study , 2013, SEFM Workshops.

[21]  Nathan Fulton,et al.  KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems , 2015, CADE.

[22]  Alexander Romanovsky,et al.  Formal Analysis of Railway Signalling Data , 2016, 2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE).

[23]  André Platzer,et al.  A Complete Uniform Substitution Calculus for Differential Dynamic Logic , 2016, Journal of Automated Reasoning.

[24]  André Platzer,et al.  Formally verified differential dynamic logic , 2017, CPP.

[25]  Anne Elisabeth Haxthausen,et al.  Formal modelling and verification of interlocking systems featuring sequential release , 2014, Sci. Comput. Program..