Simplifying the Formal Verification of Safety Requirements in Zone Controllers Through Problem Frames and Constraint-Based Projection

Formal methods have been applied widely to verifying the safety requirements of communication-based train control (CBTC) systems, while the problem situations could be much simplified. In industrial practices of CBTC systems, however, huge complexity arises, which renders those methods nearly impossible to apply. In this paper, we aim to reduce the state space of formal verification problems in zone controller, a sub-system of a typical CBTC. We achieve the simplification goal by reducing the total number of device variables. To do this, two projection methods are proposed based on problem frames and constraints, respectively. The problem frame-based method decomposes the system according to sub-properties through functional decomposition, while the constraint-based projection method removes redundant variables. Our industrial case study demonstrates the feasibility through an evaluation, confirming that these two methods are effective in reducing the state spaces of complex verification problems in this application domain.

[1]  Jing Liu,et al.  Safety Requirements Specification and Verification for Railway Interlocking Systems , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[2]  Ranjit Jhala,et al.  Microarchitecture Verification by Compositional Model Checking , 2001, CAV.

[3]  Kedar S. Namjoshi,et al.  Parameterized Compositional Model Checking , 2016, TACAS.

[4]  Jeff Magee,et al.  Concurrency - state models and Java programs , 2006 .

[5]  Zhi Jin,et al.  An Ontology of Problem Frames for Guiding Problem Frame Specification , 2007, KSEM.

[6]  Fausto Giunchiglia,et al.  Formal Verification of a Railway Interlocking System using Model Checking , 1998, Formal Aspects of Computing.

[7]  Anne Elisabeth Haxthausen,et al.  Formal Development and Verification of a Distributed Railway Control System , 1999, World Congress on Formal Methods.

[8]  Kenneth L. McMillan,et al.  Applying SAT Methods in Unbounded Symbolic Model Checking , 2002, CAV.

[9]  Parosh Aziz Abdulla,et al.  Designing Safe, Reliable Systems Using Scade , 2004, ISoLA.

[10]  Helen M. Edwards,et al.  Problem frames: analyzing and structuring software development problems , 2002, Softw. Test. Verification Reliab..

[11]  Edmund M. Clarke,et al.  Compositional model checking , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[12]  Michael Meyer zu Hörste Modelling and Simulation of Train Control Systems using Petri Nets , 1999 .

[13]  Jing Xu,et al.  Decomposing Automatic Train Control Verification System with Projection , 2015, 2015 Asia-Pacific Software Engineering Conference (APSEC).

[14]  Cliff B. Jones,et al.  Systematic software development using VDM , 1986, Prentice Hall International Series in Computer Science.

[15]  Jean-Louis Boulanger,et al.  A Method to Model Guidelines for Developing Railway Safety-Critical Systems With Uml , 2007, ICSOFT.

[16]  Sérgio Vale Aguiar Campos,et al.  Symbolic Model Checking , 1993, CAV.

[17]  Eckehard Schnieder,et al.  Scenario-based system design with colored Petri nets: an application to train control systems , 2018, Software & Systems Modeling.

[18]  Thierry Le Sergent SCADE: A Comprehensive Framework for Critical System and Software Engineering , 2011, SDL Forum.

[19]  Paul Benoit,et al.  Météor: A Successful Application of B in a Large Project , 1999, World Congress on Formal Methods.

[20]  Xiaohong Chen,et al.  Capturing Requirements from Expected Interactions Between Software and Its Interactive Environment: An Ontology Based Approach , 2016, Int. J. Softw. Eng. Knowl. Eng..

[21]  Kenneth L. McMillan,et al.  Parameterized Verification of the FLASH Cache Coherence Protocol by Compositional Model Checking , 2001, CHARME.

[22]  Zhi Jin,et al.  Performing Projection in Problem Frames Using Scenarios , 2009, 2009 16th Asia-Pacific Software Engineering Conference.

[23]  Håkan L. S. Younes,et al.  Verification and planning for stochastic processes with asynchronous events , 2004 .

[24]  Yan Wang,et al.  Predicting Accidents in Interlocking Systems: An SHA Model-Based Approach , 2017 .

[25]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[26]  Kirsten Mark Hansen Validation of a Railway Interlocking Model , 1994, FME.

[27]  Zhi Jin,et al.  Dptool: A Tool for Supporting the Problem Description and Projection , 2010, 2010 18th IEEE International Requirements Engineering Conference.

[28]  Orna Grumberg,et al.  Learning-Based Compositional Model Checking of Behavioral UML Systems , 2015, FACS.

[29]  Eckehard Schnieder,et al.  Formal Modelling and Simulation of Train Control Systems Using Petri Nets , 1999, World Congress on Formal Methods.