A Model-based Approach for the Modeling and the Verification of Railway Signaling System (original) (raw)
Related papers
A UML approach for modeling and verification of Railway signalling Systems specifications
This paper proposes a UML based approach for the modeling and the verification of Railway signalling Systems specifications. Particularly, we consider the European Rail Traffic Management System (ERTMS) and the European Train Control System (ETCS) specifications. First, the architecture of ERTMS/ETCS is described. The validation and verification procedure is also introduced. Then, class, sequences and use case diagrams related to the technical specifications of ERTMS/ETCS are presented. A case study from the technical specification of ERTMS/ETCS which represents the operation of "Establishing a communication session" between ERTMS/ETCS On-board equipment and RBC (Radio Block Center) to initiate a communication session is also proposed. Finally, a formal verification using B method is proposed to show how to verify some safety properties of railway signalling systems and to complete the verification procedure performed using UML.
A Uml Approach for Modeling and Verifying of Railway Signalling Systems Specifications
2014
This paper proposes a UML based approach for the modeling and the verification of Railway signalling Systems specifications. Particularly, we consider the European Rail Traffic Management System (ERTMS) and the European Train Control System (ETCS) specifications. First, the architecture of ERTMS/ETCS is described. The validation and verification procedure is also introduced. Then, class, sequences and use case diagrams related to the technical specifications of ERTMS/ETCS are presented. A case study from the technical specification of ERTMS/ETCS which represents the operation of "Establishing a communication session" between ERTMS/ETCS On-board equipment and RBC (Radio Block Center) to initiate a communication session is also proposed. Finally, a formal verification using B method is proposed to show how to verify some safety properties of railway signalling systems and to complete the verification procedure performed using UML.
Towards a Tool-Based Domain Specific Approach for Railway Systems Modeling and Validation
Third International Conference on Reliability, Safety, and Security of Railway Systems (RSSRail)., 2019
In the railway field, graphical representations of domain concepts are omnipresent thanks to their ability to share standardized information with common knowledge about several railway mechanisms: track circuits, signalling rules.. . This paper proposes a domain specific approach for railway systems modeling and validation by combining the Model-Driven Engineering (MDE) paradigm and a formal method. First, an example of a graphical DSL is defined thanks to MDE tools, and then the formal B method is used to define its underlying operational semantics and to guarantee the correctness of the model's behaviour with respect to its safety properties. Our approach is assisted by the Meeduse tool which animates and visualizes execution scenarios of domain models. Starting from a given model designed in the DSL tool, Meeduse asks ProB to animate B operations and gets the reached state by means of B variables valuations. Then, it translates back these valuations to the initial DSL resulting in automatic modifications of the domain model. Our approach allows a more pragmatic domain-centric animation than current visual animation techniques since the resulting DSL tool allows domain experts, who are not necessarily trained in formal methods, to design and validate by themselves the various domain models.
24th International Conference on Formal Methods for Industrial Critical Systems (FMICS), 2019
In order to assist domain experts, several tools exist for the definition of graphical or textual domain specific modeling languages (DSMLs). The resulting models are useful, but not sufficient, for an overall understanding of the system, especially when formal methods are being applied. Indeed, formal methods failures often result from misunderstandings of the requirements, even if the system is entirely proved. This is confirmed by several industrial experiments which showed that the poor readability of the formal notations is not convenient for communication with domain experts and hence the validation activity is often tedious, time consuming and complex. In order to circumvent this shortcoming, we propose to make domain specific models provable and also executable thanks to the animation of their expected behaviour directly in a dedicated DSML tool. Our approach starts from an intuitive description of the system's operational semantics thanks to high-level Petri-nets which abstract away structural constraints and focus on safety-critical behaviours. Then we take benefit of the B method in order to refine and prove these operational semantics on the one hand, and to merge them with the static semantics of a given DSML, on the other hand. This work is applied to the design of ERTMS/ETCS 3 which is an emergent solution for railway system management.
A formal verification environment for railway signaling system design
Formal Methods in …, 1998
A fundamental problem in the design and development of embedded control systems is the verification of safety requirements. Formal methods, offering a mathematical way to specify and analyze the behavior of a system, together with the related support tools can successfully be applied in the formal proof that a system is safe. However, the complexity of real systems is such that automated tools often fail to formally validate such systems.
Automatic Transformation of SysML Model to Event-B Model for Railway CCS Application
Springer LNCS , 2021
Digitalisation and innovation among the railway systems entail effort-demanding challenges, especially when considering how crucial it is to verify safety requirements and proof security levels. The early Verification and Validation (V&V) of railway systems detect critical issues and avoid severe consequences due to software failure. This paper aims to distinguish the subset of SysML language, which can be verified and usable by a systems engineer. As we are interested in proving safety properties expressed using invariants on states, we consider the Event-B method for this purpose. Later the selected SysML subset is used for automatic transformation and finally performing the verification using a formal verification tool. The transformation is applied on a simple point machine case study from DB Netz AG; First, a SysML model is designed using the Windchill modeler, then automatically transformed to Event-B and finally imported into the RODIN platform for formal verification.
2012
This paper is concerned with the formal modelling of signalling and point control in the domain of railway engineering. Rules for handling interlocking to ensure railway safety and liveness are often intricate and challenging to verify. We develop a CSP||B model taking a "natural modelling" approach, where the models are as close as possible to the domain model, providing traceability and ease of understanding to the domain expert. This leads to a natural separation between the global modelling of the tracks in B, and the CSP encapsulation of the local views of the individual trains following the driving rules. The approach is illustrated through a small case study (Mini-Alvey), and the model provides verification through formal proofs or informative counter example traces if verification fails.
UML-based design and formal analysis of a safety-critical railway control software module
2003
A new equipment of safety relevance has been developed to upgrade ageing relay-based railway interlocking systems in Hungary. In course of the design process formal methods have been used in the development of a module realising a well-separable function of the system. Namely, the UML-based design process was extended by model based analysis and validation. The first kind of analysis checked the completeness and consistency of the behavioural description of the module. In the subsequent phases, the functional design was enriched by modelling the potential faults and their effects. This kind of extension allowed the analysis of the error propagation and testability.
Urban Rail Transit
This paper presents a formal model-based methodology to support railway engineers in the design of safe electronic urban railway control systems. The purpose of our research is to overcome the deficiencies of existing traditional design methodologies, namely the incompleteness and the potential presence of contradictions in the system specification resulting from non-formal development techniques. We illustrate the application of the methodology via a case study of a tram-road level crossing protection system. It was chosen partly because it has a simple architecture and a small number of elements, thus it fits the scope limitations of this article. At the same time, it is suitable for presenting all essential features of our methodology. The proposed solution provides a specification/verification environment that facilitates the construction of correct, complete, consistent, and verifiable functional specifications during the development, while hiding all the formal method-related ...