Towards Safety Analysis of ERTMS/ETCS Level 2 in Real-Time Maude

ERTMS/ETCS is a European signalling, control and train protection system. In this paper, we model and analyse this complex system of systems, including its hybrid elements, on the design level in Real-Time Maude. Our modelling allows us to formulate safety properties in physical rather than in logical terms. We systematically validate our model by simulation and error injection. Using the Real-Time Maude model-checker, we effectively verify a number of small rail systems.

[1]  Marco Roveri,et al.  Formal Verification and Validation of ERTMS Industrial Railway Train Spacing System , 2012, CAV.

[2]  Marco Roveri,et al.  Formalization and validation of a subset of the European Train Control System , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[3]  Peter Csaba Ölveczky,et al.  Abstraction and Completeness for Real-Time Maude , 2006, WRLA.

[4]  T. Henzinger The theory of hybrid automata , 1996, LICS 1996.

[5]  Stefano Marrone,et al.  Dynamic State Machines for Formalizing Railway Control System Specifications , 2014, FTSCS.

[6]  Markus Roggenbach,et al.  Encapsulating Formal Methods within Domain Specific Languages: A Solution for Verifying Railway Scheme Plans , 2014, Math. Comput. Sci..

[7]  José Meseguer,et al.  The Maude LTL Model Checker , 2004, WRLA.

[8]  Anne Elisabeth Haxthausen,et al.  Formal Modeling and Verification of Interlocking Systems Featuring Sequential Release , 2014, FTSCS.

[9]  Peter Csaba Ölveczky,et al.  The Real-Time Maude Tool , 2008, TACAS.

[10]  Peter Csaba Ölveczky,et al.  Semantics and pragmatics of Real-Time Maude , 2007, High. Order Symb. Comput..

[11]  Faron Moller,et al.  On modelling and verifying railway interlockings: Tracking train lengths , 2014, Sci. Comput. Program..

[12]  Faron Moller,et al.  Techniques for modelling and verifying railway interlockings , 2014, International Journal on Software Tools for Technology Transfer.

[13]  Peter Csaba Ölveczky,et al.  Formal Modeling and Analysis of the OGDC Wireless Sensor Network Algorithm in Real-Time Maude , 2007, FMOODS.