Abstract.
We describe a case study in system-level verification of a computerized railway interlocking developed by ADtranz Spain, installed and put into test use at a subway station in Madrid. The formal modelling and analysis was carried out by personell at ADtranz Sweden using a tool for automatic formal modelling of the interlocking system and the commerical verification software NP-Tools, which is based on Stålmarck's patented proof procedure.
The case study took about one man week in total, of which most of the time was spent modelling safety requirements. The analysis discovered an error that had passed the traditional verification phase.
The actual analysis time, disproving the safety requirements by supplying a countermodel, was done in a matter of seconds. The corrected software could be proved to fulfil the safety requirements in the same amount of time.
This case study is one of many carried out by ADtranz during 1995-98 in the process in which they have replaced the traditional techniques used for system level verification of safety with formal techniques. We give an overview of the formal methods and tools used which today are integrated in the development environment at ADtranz.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Author information
Authors and Affiliations
Additional information
Received March 1997 / Accepted in revised form July 1998
Rights and permissions
About this article
Cite this article
Borälv, A. Case Study: Formal Verification of a Computerized Railway Interlocking. Form Aspects Comput 10, 338–360 (1998). https://doi.org/10.1007/s001650050021
Issue Date:
DOI: https://doi.org/10.1007/s001650050021