Introducing Time in an Industrial Application of Model-Checking

The safety of many industrial systems is directly related totime. Model checking has been used to verify that safety requirementsare met by a model of the system. In many cases, however, time is excludedto limit the state space explosion. Two approaches to include timeconstraints are either to use model checking for timed systems, or to integratean explicit model of time using standard model checking. Thispaper presents a case study using the latter approach. We have workedclosely with one of Australia's largest railway companies, QueenslandRail, on a real industrial environment to produce models to verify thesafety of railway interlockings. Our models are written and optimised forthe symbolic model checker NuSMV. In this paper we introduce time intoour existing models and examine time in the context of level crossings.We also present quantitative data to show the feasibility of the approach.

[1]  Bruno Dutertre,et al.  Timed Systems in SAL , 2004 .

[2]  Thomas A. Henzinger,et al.  Hybrid Systems III , 1995, Lecture Notes in Computer Science.

[3]  Thomas A. Henzinger,et al.  Symbolic model checking for real-time systems , 1992, [1992] Proceedings of the Seventh Annual IEEE Symposium on Logic in Computer Science.

[4]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[5]  Teodor Rus,et al.  AMAST series in computing , 1993 .

[6]  Angelika Mader,et al.  Verification and Optimization of a PLC Control Schedule , 2000, SPIN.

[7]  Bruno Dutertre,et al.  Modeling and Verification of a Fault-Tolerant Real-Time Startup Protocol Using Calendar Automata , 2004, FORMATS/FTRTFT.

[8]  Kim G. Larsen,et al.  A Tutorial on Uppaal , 2004, SFM.

[9]  Yassine Lakhnech,et al.  Formal Techniques, Modelling and Analysis of Timed and Fault-Tolerant Systems , 2004, Lecture Notes in Computer Science.

[10]  E. Clarke,et al.  Real-time symbolic model checking for discrete time models , 1994 .

[11]  Chaiwat Sathawornwichit,et al.  A parametric model checking approach for real-time systems design , 2005, 12th Asia-Pacific Software Engineering Conference (APSEC'05).

[12]  Paul Strooper,et al.  Tool support for checking railway interlocking designs , 2006 .

[13]  Stavros Tripakis,et al.  The Tool KRONOS , 1996, Hybrid Systems.

[14]  George J. Milne,et al.  Correct Hardware Design and Verification Methods , 2003, Lecture Notes in Computer Science.

[15]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[16]  Joseph Sifakis,et al.  Tools and Applications II: The IF Toolset , 2004 .

[17]  Ansgar Fehnker,et al.  Verification and optimization of a PLC control schedule , 2000, International Journal on Software Tools for Technology Transfer.

[18]  Leslie Lamport,et al.  Real-Time Model Checking Is Really Simple , 2005, CHARME.

[19]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[20]  Klaus Havelund,et al.  SPIN Model Checking and Software Verification , 2000, Lecture Notes in Computer Science.

[21]  A. Prasad Sistla,et al.  Quantitative temporal reasoning , 1990, Real-Time Systems.

[22]  Ron Koymans,et al.  Specifying real-time properties with metric temporal logic , 1990, Real-Time Systems.

[23]  Fausto Giunchiglia,et al.  NUSMV: A New Symbolic Model Verifier , 1999, CAV.

[24]  Paul A. Strooper,et al.  Model-Based Variable and Transition Orderings for Efficient Symbolic Model Checking , 2006, FM.