Techniques for modelling and verifying railway interlockings

We describe a novel framework for modelling railway interlockings which has been developed in conjunction with railway engineers. The modelling language used is CSP$$||$$||B. Beyond the modelling we present a variety of abstraction techniques which make the analysis of medium- to large-scale networks feasible. The paper notably introduces a covering technique that allows railway scheme plans to be decomposed into a set of smaller scheme plans. The finitisation and topological abstraction techniques are extended from previous work and are given formal foundations. All three techniques are applicable to other modelling frameworks besides CSP$$||$$||B. Being able to apply abstractions and simplifications on the domain model before performing model checking is the key strength of our approach. We demonstrate the use of the framework on a real-life, medium-size scheme plan.

[1]  Steve A. Schneider,et al.  CSP theorems for communicating B machines , 2005, Formal Aspects of Computing.

[2]  Markus Roggenbach,et al.  Automatically Verifying Railway Interlockings using SAT-based Model Checking , 2010, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[3]  Faron Moller,et al.  Using CSP | | B and ProB for railway modelling , 2012 .

[4]  Markus Roggenbach,et al.  OnTrack: An Open Tooling Environment for Railway Verification , 2013, NASA Formal Methods.

[5]  Neil J. Robinson,et al.  Modelling Large Railway Interlockings and Model Checking Small Ones , 2003, ACSC.

[6]  Faron Moller,et al.  Defining and Model Checking Abstractions of Complex Railway Models Using CSP||B , 2012, Haifa Verification Conference.

[7]  Markus Roggenbach,et al.  Combining event-based and state-based modelling for railway verification , 2012 .

[8]  Michael Leuschel,et al.  Under consideration for publication in Formal Aspects of Computing Automated Property Verification for Large Scale B Models with ProB , 2010 .

[9]  Markus Roggenbach,et al.  Using Domain Specific Languages to Support Verification in the Railway Domain , 2012, Haifa Verification Conference.

[10]  Matthew J. Morley Safety in Railway Signalling Data: A Behavioural Analysis , 1993, HUG.

[11]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[12]  Faron Moller,et al.  Automated Verification of Signalling Principles in Railway Interlocking Systems , 2009, Electron. Notes Theor. Comput. Sci..

[13]  J. Davenport Editor , 1960 .

[14]  Anne Elisabeth Haxthausen Automated Generation of Safety Requirements from Railway Interlocking Tables , 2012, ISoLA.

[15]  Martin Fowler,et al.  Domain-Specific Languages , 2010, The Addison-Wesley signature series.

[16]  Markus Roggenbach,et al.  Automatically Verifying Railway Interlockings using SAT-based Model Checking , 2010 .

[17]  Denis Sabatier,et al.  Formal Proofs for the NYCT Line 7 (Flushing) Modernization Project , 2012, ABZ.

[18]  Stefania Gnesi,et al.  On the Adoption of Model Checking in Safety-Related Software Industry , 2011, SAFECOMP.

[19]  Faron Moller,et al.  Automated Verification of Signalling Principles in Railway Interlockings , 2008 .

[20]  Marco Roveri,et al.  Formal Verification and Validation of ERTMS Industrial Railway Train Spacing System , 2012, CAV.

[21]  Faron Moller,et al.  On modelling and verifying railway interlockings: Tracking train lengths , 2014, Sci. Comput. Program..

[22]  Anne Elisabeth Haxthausen,et al.  Formal Development and Verification of a Distributed Railway Control System , 2000, IEEE Trans. Software Eng..

[23]  Marc Antoni Practical formal validation method for interlocking or automated systems , 2011 .

[24]  Kirsten Winter,et al.  Model Checking Railway Interlocking Systems , 2002, ACSC.

[25]  Carroll Morgan,et al.  Of wp and CSP , 1990 .

[26]  Alessio Ferrari,et al.  Model Checking Interlocking Control Tables , 2010, FORMS/FORMAT.

[27]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[28]  Faron Moller,et al.  Railway modelling in CSP||B: the double junction case study , 2012, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[29]  Faron Moller,et al.  Safety and Line Capacity in Railways - An Approach in Timed CSP , 2012, IFM.

[30]  W. Taha,et al.  Plenary talk III Domain-specific languages , 2008, 2008 International Conference on Computer Engineering & Systems.

[31]  Anne Elisabeth Haxthausen,et al.  Formal Development and Verification of a Distributed Railway Control System , 1999, World Congress on Formal Methods.

[32]  Dines Bjørner Dynamics of Railway Nets , 2003 .

[33]  Michael J. Butler,et al.  ProB: an automated analysis toolset for the B method , 2008, International Journal on Software Tools for Technology Transfer.

[34]  Jim Davies,et al.  The Mechanical Verification of Solid State Interlocking Geographic Data , 1997 .

[35]  Jean-Raymond Abrial,et al.  Modeling in Event-B: Train system , 2010 .

[36]  M Mernik,et al.  When and how to develop domain-specific languages , 2005, CSUR.