Interlocking tables are the functional specification defining the routes on
which the passage of the train is allowed. Associated with the route, the
states and actions of all related signalling equipment are also specified. It
is well-known that designing and verifying the interlocking tables are labour
intensive, tedious and prone to errors. To assist the verification process and
detect errors rapidly, we formally model and analyse the interlocking tables
using Coloured Petri Nets (CPNs). Although a large interlocking table can be
easily modelled, analysing the model is rather difficult due to the state
explosion problem and undesired safe deadlocks. The safe deadlocks are when no
train collides but the train traffic cannot proceed any further. For ease of
analysis we incorporate automatic route setting and automatic route cancelling
functions into the model. These help reducing the number of the deadlocks. We
also exploit the new features of CPN Tools; prioritized transitions; inhibitor
arcs; and reset arcs. These help reducing the size of the state spaces. We also
include a fail safe specification called flank protection into the interlocking
model.Comment: In Proceedings FSFMA 2014, arXiv:1407.195
