A Formal Specification and Validation of a Critical System in Presence of Byzantine Errors

This paper describes an experience in formal specification and fault tolerant behavior validation of a railway critical system. The work, performed in the context of a real industrial project, had the following main targets: (a) to validate specific safety properties in the presence of byzantine system components or of some hardware temporary faults; (b) to design a formal model of a critical railway system at a right level of abstraction so that could be possible to verify certain safety properties and at the same time to use the model to simulate the system. For the model specification we used the PROMELA language, while the verification was performed using the SPIN model checker. Safety properties were specified by means of both assertions and temporal logic formulae. To make the problem of validation tractable in the SPIN environment, we used ad hoca bstraction techniques.

[1]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[2]  Stefania Gnesi,et al.  A Formal Verification Environment for Railway Signaling System Design , 1998, Formal Methods Syst. Des..

[3]  Matthew J. Morley Safety-Level Communication in Railway Interlockings , 1997, Sci. Comput. Program..

[4]  R. Bell,et al.  IEC 61508: functional safety of electrical/electronic/ programme electronic safety-related systems: overview , 1999 .

[5]  Wan Fokkink Safety Criteria for Hoorn-Kersenboogerd Railway Station , 1995 .

[6]  Martin Peschke,et al.  Design and Validation of Computer Protocols , 2003 .

[7]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[8]  E. Clarke Automatic verification of finite-state concurrent systems , 1994, Proceedings Ninth Annual IEEE Symposium on Logic in Computer Science.

[9]  Cindy Eisner,et al.  Using Symbolic Model Checking to Verify the Railway Stations of Hoorn-Kersenboogerd and Heerhugowaard , 1999, CHARME.

[10]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[11]  Edsger W. Dijkstra,et al.  Guarded commands, non-determinacy and a calculus for the derivation of programs , 1975, Language Hierarchies and Interfaces.

[12]  P. Larsen Lessons Learned from Applying Formal Speci � cation in Industry , 1995 .

[13]  Peter Liggesmeyer,et al.  Qualitätssicherung Software-basierter technischer Systeme – Problembereiche und Lösungsansätze , 1998, Informatik-Spektrum.

[14]  Fausto Giunchiglia,et al.  Formal Verification of a Railway Interlocking System using Model Checking , 1998, Formal Aspects of Computing.

[15]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[16]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[17]  Peter Gorm Larsen,et al.  Applying Formal Specification in Industry , 1996, IEEE Softw..

[18]  J. F. Groote,et al.  The safety guaranteeing system at station Hoorn-Kersenboogerd , 1994, COMPASS '95 Proceedings of the Tenth Annual Conference on Computer Assurance Systems Integrity, Software Safety and Process Security'.

[19]  Giorgio Mongardi DEPENDABLE COMPUTING FOR RAILWAY CONTROL SYSTEMS , 1993 .