Modelling the Hybrid ERTMS/ETCS Level 3 Case Study in Spin

The Spin model checker has been successfully applied to the modelling, validation, and verification of different safety-critical systems. In this paper, we model and validate the Hybrid ERTMS/ETCS Level 3 Case Study using Spin; in particular, we show the assumptions we made to keep the state space limited, and present the problems and ambiguities that arose during the modelling. Although Spin offers several advantages in terms of validation and verification facilities, its modelling language Promela is limited if compared to higher level notations of other formal methods. Therefore, we discuss the advantages and disadvantages of using the tool, and how it could be improved in terms of modelling facilities.

[1]  Paolo Arcaini,et al.  AsmetaSMV: A Way to Link High-Level ASM Models to Low-Level NuSMV Specifications , 2010, ASM.

[2]  Jean-Raymond Abrial,et al.  Modeling in event-b - system and software engineering by Jean-Raymond Abrial , 2010, SOEN.

[3]  Gösta Kjellsson,et al.  Glossary of terms and abbreviations , 1997 .

[4]  Jessica Chen,et al.  Translation from Adapted UML to Promela for CORBA-Based Applications , 2004, SPIN.

[5]  Michael Leuschel,et al.  The High Road to Formal Validation: , 2008, ABZ.

[6]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[7]  Egon Börger,et al.  Abstract State Machines. A Method for High-Level System Design and Analysis , 2003 .

[8]  Sudeepa Roy,et al.  Tool for Translating Simulink Models into Input Language of a Model Checker , 2006, ICFEM.

[9]  Thai Son Hoang,et al.  The Hybrid ERTMS/ETCS Level 3 Case Study , 2018, ABZ.

[10]  Arvind,et al.  Getting Formal Verification into Design Flow , 2008, FM.

[11]  Michael Leuschel,et al.  Visualising Event-B Models with B-Motion Studio , 2009, FMICS.

[12]  Philippe Dhaussy,et al.  Extending the Translation from SDL to Promela , 2002, SPIN.

[13]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[14]  Michael J. Butler,et al.  ProB: an automated analysis toolset for the B method , 2008, International Journal on Software Tools for Technology Transfer.

[15]  Angelo Gargantini,et al.  A Scenario-Based Validation Language for ASMs , 2008, ABZ.

[16]  Michael R. Lowry,et al.  Formal Analysis of a Space-Craft Controller Using SPIN , 2001, IEEE Trans. Software Eng..