Performability evaluation of the ERTMS/ETCS – Level 3

Abstract Level 3 of the ERTMS/ETCS improves the capacity of railways by replacing fixed-block signalling, which prevents a train to enter a block occupied by another train, with moving block signalling, which allows a train to proceed as long as it receives radio messages ensuring that the track ahead is clear of other trains. If messages are lost, a train must stop for safety reasons within a given deadline, even though the track ahead is clear, making the availability of the communication link crucial for successful operation. We combine analytic evaluation of failures due to burst noise and connection losses with numerical solution of a non-Markovian model representing also failures due to handovers between radio stations. In so doing, we show that handovers experienced by a pair of chasing trains periodically affect the availability of the radio link, making behavior of the overall communication system recurrent over the hyper-period of periodic message releases and periodic arrivals at cell borders. As a notable aspect, non-Markovian transient analysis within two hyper-periods is sufficient to derive an upper bound on the first-passage time distribution to an emergency brake, permitting to achieve a trade-off between railway throughput and stop probability. A sensitivity analysis is performed with respect to train speed and headway distance, permitting to gain insight into the consequences of system-level design choices.

[1]  Gianfranco Ciardo,et al.  A Characterization of the Stochastic Process Underlying a Stochastic Petri Net , 1994, IEEE Trans. Software Eng..

[2]  Antonio Puliafito,et al.  Analysis and Evaluation of Non-Markovian Stochastic Petri Nets , 2000, Computer Performance Evaluation / TOOLS.

[3]  Mohamed Sallak,et al.  Modeling of ERTMS Level 2 as an SoS and Evaluation of its Dependability Parameters Using Statecharts , 2014, IEEE Systems Journal.

[4]  Günter Hommel,et al.  Towards modeling and evaluation of ETCS real-time communication and operation , 2005, Journal of Systems and Software.

[5]  Laura Carnevali,et al.  Non-Markovian Performability Evaluation of ERTMS/ETCS Level 3 , 2015, EPEW.

[6]  Enrico Vicario,et al.  Static Analysis and Dynamic Steering of Time-Dependent Systems , 2001, IEEE Trans. Software Eng..

[7]  Laura Carnevali,et al.  Using Stochastic State Classes in Quantitative Evaluation of Dense-Time Reactive Systems , 2009, IEEE Transactions on Software Engineering.

[8]  Enrico Vicario,et al.  Performance Evaluation of Fischer's Protocol through Steady-State Analysis of Markov Regenerative Processes , 2016, 2016 IEEE 24th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS).

[9]  A. G. Foord,et al.  Systems safety-a real example (European rail traffic management system, ERTMS) , 2001 .

[10]  William H. Sanders,et al.  Möbius 2.3: An extensible tool for dependability, security, and performance evaluation of large and complex system models , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[11]  Peter J. Haas,et al.  Stochastic Petri Nets: Modelling, Stability, Simulation , 2002 .

[12]  David L. Dill,et al.  Timing Assumptions and Verification of Finite-State Concurrent Systems , 1989, Automatic Verification Methods for Finite State Systems.

[13]  Didier Lime,et al.  Expressiveness and analysis of scheduling extended time Petri nets , 2003 .

[14]  Francesco Longo,et al.  Applying Symbolic Techniques to the Representation of Non-Markovian Models with Continuous PH Distributions , 2009, EPEW.

[15]  Günter Hommel,et al.  A train control system case study in model-based real time system design , 2003, Proceedings International Parallel and Distributed Processing Symposium.

[16]  Jan Magott,et al.  Dependability and Safety Analysis of ETCS Communication for ERTMS Level 3 Using Performance Statecharts and Analytic Estimation , 2014, DepCoS-RELCOMEX.

[17]  Hoon Choi,et al.  Markov Regenerative Stochastic Petri Nets , 1994, Perform. Evaluation.

[18]  Mohamed Ghazel,et al.  Formalizing a subset of ERTMS/ETCS specifications for verification purposes , 2014 .

[19]  Lorenzo Ridi,et al.  Transient analysis of non-Markovian models using stochastic state classes , 2012, Perform. Evaluation.

[20]  Francesco Flammini,et al.  A MULTIFORMALISM MODULAR APPROACH TO ERTMS/ETCS FAILURE MODELING , 2014 .

[21]  Armin Zimmermann Modeling and evaluation of stochastic Petri nets with TimeNET 4.1 , 2012, 6th International ICST Conference on Performance Evaluation Methodologies and Tools.

[22]  Laura Carnevali,et al.  A Framework for Simulation and Symbolic State Space Analysis of Non-Markovian Models , 2011, SAFECOMP.

[23]  Pierre Dersin,et al.  Performance Evaluation of Train Moving-Block Control , 2016, QEST.

[24]  Gerald S. Shedler,et al.  Numerical Analysis of Deterministic and Stochastic Petri Nets with Concurrent Deterministic Transitions , 1996, Perform. Evaluation.

[25]  Axel Thümmler,et al.  Transient Analysis of Deterministic and Stochastic Petri Nets with Concurrent Deterministic Transitions , 1999, Perform. Evaluation.

[26]  Holger Hermanns,et al.  From StoCharts to MoDeST: a comparative reliability analysis of train radio communications , 2005, WOSP '05.

[27]  M. Diaz,et al.  Modeling and Verification of Time Dependent Systems Using Time Petri Nets , 1991, IEEE Trans. Software Eng..

[28]  Francesco Flammini,et al.  UML Based Reverse Engineering for the Verification of Railway Control Logics , 2006, 2006 International Conference on Dependability of Computer Systems.