APPLICATION OF FORMAL METHODS TO THE RAILWAY SIGNALLING SYSTEMS

To better analyze the reliability of software used in automated train operations, formal methods need to be developed and applied by which specifications for the software can be described in a way that makes it possible to use automatic proofs to verify the software's performance. This paper reports on proof obligations that have been developed for the digital automated train control track database. An outline of the formal methods for systematic analysis is given. Specifications are written in mathematically or logically structured terms, so that they can be checked by a computer using a syntax. Although it may take more time initially to describe the specifications with formal methods, it is good at detecting errors, which can save time and money later. Formal methods are hoped to reduce errors caused by mistaken specifications. The report then applies the use of formal methods to specifications for the digital automated train control track database which is different from the previous track database in that calculations that determine what instructions should be issued to trains sharing blocks of track are issued on board the train, meaning that on-board software must operate safely. Describes the structure of the database and gives examples of formal specifications. Proof obligations are generated . Shows the graphical user interface of the automatic proof generating function, which is a toolkit based on high order logic. Next are interactive proofs, which has a proof tree and whose screen is shown. In the test of the formal specifications for the digital automated train control track database, 188 proof obligations are generated and 90% are proved automatically and the rest are proved interactively. The proof engine needs more work to speed the interactive proving process and to extend the engine's scope to other specifications.