A Category Theoretic View of Nondeterministic Recursive Program Schemes

Deterministic recursive program schemes (RPS\u27s) have a clear category theoretic semantics presented by Ghani et al. and by Milius and Moss. Here we extend it to nondeterministic RPS\u27s. We provide a category theoretic notion of guardedness and of solutions. Our main result is a description of the canonical greatest solution for every guarded nondeterministic RPS, thereby giving a category theoretic semantics for nondeterministic RPS\u27s. We show how our notions and results are connected to classical work

Modellbasiertes Testen zeitbezogener LST-Anforderungen unter Berücksichtigung der RCA

Die automatische Generierung von Testfällen aus Verhaltensmodellen von Systemen kann die Effizienz und Qualität des Designs von Tests standardmäßiger funktionaler Anforderungen steigern. Anhand eines konkreten Modells und Testfallgenerators wird der Frage nachgegangen, wie sich daneben auch Tests typischer zeitbezogener Anforderungen an Leit- und Sicherungstechnik generieren lassen. Zugleich werden Erfahrungen mit der Modellierung gemäß "Reference CCS Architecture" gesammelt

Testfallgenerierungsgestützte Validierung und Verifikation von EULYNX-Spezifikationen

Aktuell spezifizieren Initiativen wie EULYNX und RCA Schnittstellen und Teilsysteme künftiger Leit- und Sicherungstechnikarchitekturen. Da eine breite Nutzung der Spezifikationen als Standards beabsichtigt ist, ist eine hohe Qualität unabdingbar. Dieser Artikel stellt eine Fallstudie vor, in der Aktivitäten zur Validierung und Verifikation der EULYNX-Weichenspezifikation auf Basis der Inspektion automatisch aus einem Modell des spezifizierten Verhaltens generierter Testfälle durchgeführt wurden. Die Methode, die die bereits modellbasierte Spezifikation ausnutzt, erwies sich als effizient und konnte verschiedene Probleme der Spezifikation ermitteln

Test Case Generation for a Level Crossing Controller

Formal methods (FM) can be used for the precise specification, property-ensuring development and exhaustive property verification of systems. Thus they are especially suited for highly safety or mission critical applications. Railway signaling systems clearly belong to these applications, and there are indeed several industrial projects where FM have been successfully applied; especially to core interlocking and communication-based train control (CBTC) systems. But despite their potential, FM are not very wide-spread in the sector. Work Package 5 of the X2Rail-2 project seeks to foster the use of FM in railway signaling by providing an introduction and overview of formal methods and demonstrating their use and benefit. For the latter, four different formal and one classical development methods are applied by different project partners to a level crossing (LX) controller specified by the Swedish railway infrastructure manager Trafikverket. For all of these developments, the safety properties from the LX specification are planned to be formally verified afterwards using the High Level Language (HLL). Since that means proving them exhaustively, they are of less interest for testing. However, there are further non-safety functional requirements in the specification which remain for testing. The extended abstract at hand reports on an automatic test case generation (TCG) approach of a test suite testing these requirements. In fact, this approach is based on formal methods as well, since the test case generator applies symbolic execution and theorem solving techniques: given a behavioral model of the system under test (SUT), the former method finds feasible paths through the model, while the latter completes the test case by determining suitable test data. This way, the test design task is partly automated, ensures a structural coverage of the model and the modeling process usually leads to a high test suite quality. The different LX controller implementations are tested as black box systems, each one with the same generated test cases. In order to simplify the integration of the different implementations with the test environment, a common test interface has been drawn up

Verification Report

The main input for this deliverable was the Moving Block Specification (Deliverable D4.1, X2Rail-5), defining an ETCS L3 trackside system with moving block ("L3 trackside"). This document describes safety requirements for L3 trackside, in terms of a fault tree-based approach applied at the system of systems (SoS) level, evaluation and refinement of safety hazards for L3 trackside, and results from Formal Methods (FMs) application for V&V of requirements.Safety requirements for L3 trackside implementations should, if fulfilled, ensure that all relevant safety hazards are mitigated. In principle, this should be possible to achieve by: 1. Using a systematic approach to determine the safety hazards at the system of systems level, and apportion the relevant hazards to the L3 trackside subsystem, and 2. Defining safety requirements that are configurable for the different types of L3 trackside systems, and other static configuration data

Proposed extension of specification approach to meet needs of RCA

This document is deliverable D10.2, describing extensions of the MBSE specification approach to needs of future Functional Railway System Architectures within Task 10.3 of work package WP10 Formal Methods for Functional Railway System Architecture, within the X2Rail-5 project. This deliverable is concerned with a specification approach meeting the needs in ongoing and future developments of ERTMS, and the European initiatives RCA and EULYNX. This is a rather large scope, whose general high-level goal may be formulated as: Determine a suitable approach to specify, verify, and validate system requirements, that can meet the needs of initiatives and projects RCA and EULYNX that define a future system architecture

A New Formal Methods Guidebook for the Railway Signalling Domain

Considerable know-how about formals methods (FMs) exists in the railway signalling domain, and FMs have been successfully applied e.g. for verification of interlockings or development of computer-based train control systems. But FMs expertise is not generally available or widespread, and there is a lack of FMs integration into standards, of recommendations for FMs use and of guidance on where and how to employ them. For these reasons, TD2.7 of Shift2Rail is currently preparing a FMs guidebook which aims to document know-how, experience, and recommendations, to pave the way for wider use of FMs for today's and future railway signalling systems. In this contribution, the guidebook contents are briefly presented, including why, when and for what purpose to apply FMs, what FMs are and which steps their application follows. Afterwards, an example application of the guidebook's FMs concepts is described

Ein KI-basierter Ansatz zur automatisierten Prüfung von Fahrdienstleiteranzeigen

Übereinstimmungsprüfungen von Fahrdienstleiteranzeigen mit der geplanten Projektierung werden bislang vollständig manuell durchgeführt. Weite Teile der Prüfung können jedoch automatisiert durchgeführt werden. Es werden ein entsprechender konzeptioneller Aufbau beschrieben und eine KI-basierte prototypische Umsetzung vorgestellt. Eine Weiterentwicklung scheint angesichts der hohen Bilderkennungsrate und des Einsatzpotentials vielversprechend

Cause of Death and Predictors of All-Cause Mortality in Anticoagulated Patients With Nonvalvular Atrial Fibrillation : Data From ROCKET AF

M. Kaste on työryhmän ROCKET AF Steering Comm jäsen.Background-Atrial fibrillation is associated with higher mortality. Identification of causes of death and contemporary risk factors for all-cause mortality may guide interventions. Methods and Results-In the Rivaroxaban Once Daily Oral Direct Factor Xa Inhibition Compared with Vitamin K Antagonism for Prevention of Stroke and Embolism Trial in Atrial Fibrillation (ROCKET AF) study, patients with nonvalvular atrial fibrillation were randomized to rivaroxaban or dose-adjusted warfarin. Cox proportional hazards regression with backward elimination identified factors at randomization that were independently associated with all-cause mortality in the 14 171 participants in the intention-to-treat population. The median age was 73 years, and the mean CHADS(2) score was 3.5. Over 1.9 years of median follow-up, 1214 (8.6%) patients died. Kaplan-Meier mortality rates were 4.2% at 1 year and 8.9% at 2 years. The majority of classified deaths (1081) were cardiovascular (72%), whereas only 6% were nonhemorrhagic stroke or systemic embolism. No significant difference in all-cause mortality was observed between the rivaroxaban and warfarin arms (P=0.15). Heart failure (hazard ratio 1.51, 95% CI 1.33-1.70, P= 75 years (hazard ratio 1.69, 95% CI 1.51-1.90, P Conclusions-In a large population of patients anticoagulated for nonvalvular atrial fibrillation, approximate to 7 in 10 deaths were cardiovascular, whereasPeer reviewe