Using symbolic CTL model checking to verify the railway stations of Hoorn-Kersenboogerd and Heerhugowaard

Abstract.We examine the application of symbolic CTL model checking to railway interlocking software. We show that the railway interlocking systems examined exhibit the characteristics of robustness and locality, and that these characteristics allow optimizations to the model checking algorithms not possible in the general case. In order to gain a better understanding of robustness and locality, we examine in detail a small railway interlocking.

[1]  Stefania Gnesi,et al.  A Formal Verification Environment for Railway Signaling System Design , 1998, Formal Methods Syst. Des..

[2]  Cindy Eisner,et al.  A methodology for formal design of hardware control with application to cache coherence protocols , 2000, Proceedings 37th Design Automation Conference.

[3]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[4]  Rance Cleaveland,et al.  Pragmatics of model checking: an STTT special section , 1999, International Journal on Software Tools for Technology Transfer.

[5]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[6]  W. Fokkink,et al.  Veriflcation of Interlockings: from Control Tables to Ladder Logic Diagrams , 1998 .

[7]  Randal E. Bryant,et al.  Formal verification by symbolic evaluation of partially-ordered trajectories , 1995, Formal Methods Syst. Des..

[8]  Amit Goel,et al.  Formal verification of an IBM CoreConnect processor local bus arbiter core , 2000, DAC.

[9]  Kavita Ravi,et al.  Hints to accelerate Symbolic Traversal , 1999, CHARME.

[10]  Edmund M. Clarke,et al.  Characterizing Correctness Properties of Parallel Programs Using Fixpoints , 1980, ICALP.

[11]  Cindy Eisner,et al.  Using Symbolic Model Checking to Verify the Railway Stations of Hoorn-Kersenboogerd and Heerhugowaard , 1999, CHARME.

[12]  Ásgeir Th. Eiríksson The Formal Design of 1M-gate ASICs , 2000, Formal Methods Syst. Des..

[13]  Wan Fokkink Safety Criteria for Hoorn-Kersenboogerd Railway Station , 1995 .

[14]  Jan Friso Groote,et al.  The Propositional Formula Checker HeerHugo , 2000, Journal of Automated Reasoning.

[15]  Zohar Manna,et al.  Temporal Verification of Reactive Systems , 1995, Springer New York.

[16]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[17]  Ilan Beer,et al.  On-the-Fly Model Checking of RCTL Formulas , 1998, CAV.

[18]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[19]  Edmund M. Clarke,et al.  Efficient generation of counterexamples and witnesses in symbolic model checking , 1995, DAC '95.

[20]  Gunnar Stålmarck,et al.  Formal Verification in Railways , 1999 .

[21]  Jayadev Misra,et al.  Interactive verification exploiting program design knowledge: a model-checker for unity , 1996 .

[22]  J. F. Groote,et al.  The safety guaranteeing system at station Hoorn-Kersenboogerd , 1994, COMPASS '95 Proceedings of the Tenth Annual Conference on Computer Assurance Systems Integrity, Software Safety and Process Security'.

[23]  Adnan Aziz,et al.  Model Checking the IBM Gigahertz Processor: An Abstraction Algorithm for High-Performance Netlists , 1999, CAV.

[24]  Ching-Tsun Chou,et al.  The Mathematical Foundation fo Symbolic Trajectory Evaluation , 1999, CAV.

[25]  C. Eisner,et al.  RuleBase: an industry-oriented formal verification tool , 1996, 33rd Design Automation Conference Proceedings, 1996.

[26]  Chen-Shang Lin,et al.  On the OBDD-Representation of General Boolean Functions , 1992, IEEE Trans. Computers.

[27]  Bernd Finkbeiner,et al.  Verifying Temporal Properties of Reactive Systems: A STeP Tutorial , 2000, Formal Methods Syst. Des..

[28]  David Notkin,et al.  Improving efficiency of symbolic model checking for state-based system requirements , 1998, ISSTA '98.

[29]  Ilan Beer,et al.  Efficient Model Checking by Automated Ordering of Transition Relation Partitions , 1994, CAV.

[30]  Rance Cleaveland,et al.  Local model checking and protocol analysis , 1999, International Journal on Software Tools for Technology Transfer.

[31]  Armin Biere,et al.  Verifiying Safety Properties of a Power PC Microprocessor Using Symbolic Model Checking without BDDs , 1999, CAV.

[32]  Ofer Shtrichman Tuning SAT Checkers for Bounded Model Checking , 2000, CAV 2000.

[33]  Amir Pnueli,et al.  Applications of Temporal Logic to the Specification and Verification of Reactive Systems: A Survey of Current Trends , 1986, Current Trends in Concurrency.

[34]  Mary Sheeran,et al.  A Tutorial on Stålmarck's Proof Procedure for Propositional Logic , 2000, Formal Methods Syst. Des..

[35]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .