3,085 research outputs found
Verification of interlocking systems using statistical model checking
In the railway domain, an interlocking is the system ensuring safe train
traffic inside a station by controlling its active elements such as the signals
or points. Modern interlockings are configured using particular data, called
application data, reflecting the track layout and defining the actions that the
interlocking can take. The safety of the train traffic relies thereby on
application data correctness, errors inside them can cause safety issues such
as derailments or collisions. Given the high level of safety required by such a
system, its verification is a critical concern. In addition to the safety, an
interlocking must also ensure that availability properties, stating that no
train would be stopped forever in a station, are satisfied. Most of the
research dealing with this verification relies on model checking. However, due
to the state space explosion problem, this approach does not scale for large
stations. More recently, a discrete event simulation approach limiting the
verification to a set of likely scenarios, was proposed. The simulation enables
the verification of larger stations, but with no proof that all the interesting
scenarios are covered by the simulation. In this paper, we apply an
intermediate statistical model checking approach, offering both the advantages
of model checking and simulation. Even if exhaustiveness is not obtained,
statistical model checking evaluates with a parametrizable confidence the
reliability and the availability of the entire system.Comment: 12 pages, 3 figures, 2 table
Towards Model Checking Executable UML Specifications in mCRL2
We describe a translation of a subset of executable UML (xUML) into the process algebraic specification language mCRL2. This subset includes class diagrams with class generalisations, and state machines with signal and change events. The choice of these xUML constructs is dictated by their use in the modelling of railway interlocking systems. The long-term goal is to verify safety properties of interlockings modelled in xUML using the mCRL2 and LTSmin toolsets. Initial verification of an interlocking toy example demonstrates that the safety properties of model instances depend crucially on the run-to-completion assumptions
Automatic instantiation of abstract tests on specific configurations for large critical control systems
Computer-based control systems have grown in size, complexity, distribution
and criticality. In this paper a methodology is presented to perform an
abstract testing of such large control systems in an efficient way: an abstract
test is specified directly from system functional requirements and has to be
instantiated in more test runs to cover a specific configuration, comprising
any number of control entities (sensors, actuators and logic processes). Such a
process is usually performed by hand for each installation of the control
system, requiring a considerable time effort and being an error prone
verification activity. To automate a safe passage from abstract tests, related
to the so called generic software application, to any specific installation, an
algorithm is provided, starting from a reference architecture and a state-based
behavioural model of the control software. The presented approach has been
applied to a railway interlocking system, demonstrating its feasibility and
effectiveness in several years of testing experience
Applied Bounded Model Checking for Interlocking System Designs
In this article the verification and validation of interlocking systems is investigated. Reviewing both geographical and route-related interlocking, the verification objectives can be structured from a perspective of computer science into (1) verification of static semantics, and (2) verification of behavioural (operational) semantics. The former checks that the plant model â that is, the software components reflecting the physical components of the interlocking system â has been set up in an adequate way. The latter investigates trains moving through the network, with the objective to uncover potential safety violations. From a formal methods perspective, these verification objectives can be approached by theorem proving, global, or bounded model checking. This article explains the techniques for application of bounded model checking techniques, and discusses their advantages in comparison to the alternative approaches
- âŠ