Railway modelling in CSP||B: the double junction case study

This paper reports on recent work in verifying railway systems through CSP || B modelling and analysis. Our motivation is to develop a modelling and verification approach accessible to railway engineers: it is vital that they can validate the models and verification conditions, and - in the case of design errors - obtain comprehendable feedback. In this paper we run through a full production cycle on a real double junction case study, supplied by our industrial partner, who contributed at every stage. As our formalization is, by design, near to their way of thinking, they are comfortable with it and trust it. Without putting much effort on optimization for verification, the scale of the models analyzed is comparable with the work of other groups.

[1]  Alessio Ferrari,et al.  Model Checking Interlocking Control Tables , 2010, FORMS/FORMAT.

[2]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[3]  Kirsten Winter,et al.  Model Checking Railway Interlocking Systems , 2002, ACSC.

[4]  Michael J. Butler,et al.  ProB: an automated analysis toolset for the B method , 2008, International Journal on Software Tools for Technology Transfer.

[5]  Jim Davies,et al.  The Mechanical Verification of Solid State Interlocking Geographic Data , 1997 .

[6]  Steve A. Schneider,et al.  CSP theorems for communicating B machines , 2005, Formal Aspects of Computing.

[7]  Kirsten Winter,et al.  Optimising Ordering Strategies for Symbolic Model Checking of Railway Interlockings , 2012, ISoLA.

[8]  Carroll Morgan,et al.  Of wp and CSP , 1990 .

[9]  N. Ammad,et al.  Practical formal validation method for interlocking systems , 2011 .

[10]  Marco Roveri,et al.  Formal Verification and Validation of ERTMS Industrial Railway Train Spacing System , 2012, CAV.

[11]  Markus Roggenbach,et al.  Designing Domain Specific Languages for Verification: First Steps , 2011, ATE.

[12]  Michael J. Oudshoorn Proceedings of the 26th Australasian computer science conference - Volume 16 , 2003 .

[13]  W. Fokkink,et al.  Veriflcation of Interlockings: from Control Tables to Ladder Logic Diagrams , 1998 .

[14]  Markus Roggenbach,et al.  Combining event-based and state-based modelling for railway verification , 2012 .

[15]  Michael Leuschel,et al.  Under consideration for publication in Formal Aspects of Computing Automated Property Verification for Large Scale B Models with ProB , 2010 .

[16]  Anne Elisabeth Haxthausen,et al.  Formal Development and Verification of a Distributed Railway Control System , 1999, World Congress on Formal Methods.

[17]  Denis Sabatier,et al.  Formal Proofs for the NYCT Line 7 (Flushing) Modernization Project , 2012, ABZ.

[18]  Matthew J. Morley Safety in Railway Signalling Data: A Behavioural Analysis , 1993, HUG.

[19]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[20]  Stefania Gnesi,et al.  On the Adoption of Model Checking in Safety-Related Software Industry , 2011, SAFECOMP.

[21]  Neil J. Robinson,et al.  Modelling Large Railway Interlockings and Model Checking Small Ones , 2003, ACSC.

[22]  J L Boulanger,et al.  Validation And Verification Of METEOR Safety Software , 2000 .

[23]  Markus Roggenbach,et al.  Automatically Verifying Railway Interlockings using SAT-based Model Checking , 2010, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[24]  Anne Elisabeth Haxthausen,et al.  A formal approach for the construction and verification of railway control systems , 2011, Formal Aspects of Computing.