Validating the Hybrid ERTMS/ETCS Level 3 concept with Electrum

This paper reports on the development of a formal model for the Hybrid ERTMS/ETCS Level 3 concept in Electrum , a lightweight formal specification language that extends Alloy with mutable relations and temporal logic operators. We show how Electrum and its Analyzer can be used to perform scenario exploration to validate this model, namely to check that all the operational scenarios described in the reference document are admissible, and to reason about expected safety properties, which can be easily specified and model checked for arbitrary track configurations. We also show how the Analyzer can be used to depict scenarios (and counter-examples) in a graphical notation that is logic-agnostic, making them understandable by stakeholders without expertise in formal specification.

[1]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[2]  David Chemouil,et al.  Lightweight specification and analysis of dynamic systems with rich configurations , 2016, SIGSOFT FSE.

[3]  Paolo Arcaini,et al.  Modelling the Hybrid ERTMS/ETCS Level 3 Case Study in Spin , 2018, ABZ.

[4]  Marc Frappier,et al.  Modeling the hybrid ERTMS/ETCS level 3 standard using a formal requirements engineering approach , 2019, International Journal on Software Tools for Technology Transfer.

[5]  Amel Mammar,et al.  On the Use of Domain and System Knowledge Modeling in Goal-Based Event-B Specifications , 2016, ISoLA.

[6]  Alcino Cunha,et al.  Validating the Hybrid ERTMS/ETCS Level 3 concept with Electrum , 2018, International Journal on Software Tools for Technology Transfer.

[7]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[8]  John Adams Crohn's and Colitis UK. , 2014, Nursing standard (Royal College of Nursing (Great Britain) : 1987).

[9]  Alcino Cunha,et al.  Exploiting Partial Knowledge for Efficient Model Analysis , 2017, ATVA.

[10]  Thai Son Hoang,et al.  Rodin: an open toolset for modelling and reasoning in Event-B , 2010, International Journal on Software Tools for Technology Transfer.

[11]  Michael Leuschel,et al.  Using a Formal B Model at Runtime in a Demonstration of the ETCS Hybrid Level 3 Concept with Real Trains , 2018, ABZ.

[12]  Shin Nakajima,et al.  The SPIN Model Checker : Primer and Reference Manual , 2004 .

[13]  Jean-Raymond Abrial The ABZ-2018 case study with Event-B , 2019, International Journal on Software Tools for Technology Transfer.

[14]  Jean-Raymond Abrial,et al.  Modeling in event-b - system and software engineering by Jean-Raymond Abrial , 2010, SOEN.

[15]  Ofer Strichman,et al.  Bounded model checking , 2003, Adv. Comput..

[16]  José Creissac Campos,et al.  Improving the Visualization of Alloy Instances , 2018, F-IDE@FLoC.

[17]  Colin F. Snook,et al.  UML-B: Formal modeling and design aided by UML , 2006, TSEM.

[18]  Michael J. Butler,et al.  ProB: A Model Checker for B , 2003, FME.

[19]  Marc Frappier,et al.  An Event-B Model of the Hybrid ERTMS/ETCS Level 3 Standard , 2018, ABZ.

[20]  Alcino Cunha,et al.  An ORCID based synchronization framework for a national CRIS ecosystem , 2015, F1000Research.

[21]  Thai Son Hoang,et al.  The Hybrid ERTMS/ETCS Level 3 Case Study , 2018, ABZ.

[22]  Colin F. Snook,et al.  Diagram-Led Formal Modelling Using iUML-B for Hybrid ERTMS Level 3 , 2018, ABZ.