Synopsis
Complex physical systems have several degrees of freedom. They only work correctly when their control parameters obey corresponding constraints. Based on the informal specification of the European Train Control System (ETCS), we design a controller for its cooperation protocol. For the free parameters of the system, we successively identify constraints that are required to ensure collision freedom. We formally prove the parameter constraints to be sharp by characterising them equivalently in terms of reachability properties of the hybrid system dynamics. We use the calculus of our differential dynamic logic for hybrid systems and formally verify controllability, safety, liveness, and reactivity properties of the ETCS protocol that entail collision freedom. We prove that the ETCS protocol remains correct even in the presence of perturbation by disturbances in the dynamics.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Quesel, J.D.: A theorem prover for differential dynamic logic. Master’s thesis, University of Oldenburg, Department of Computing Science. Correct System Design Group (2007)
Meyer, R., Faber, J., Hoenicke, J., Rybalchenko, A.: Model checking duration calculus: A practical approach. Formal Aspects of Computing pp. 1–25 (2008). DOI 10.1007/s00165-008-0082-7
Alur, R., Henzinger, T.A., Ho, P.H.: Automatic symbolic verification of embedded systems. IEEE T. Software Eng. 22(3), 181–201 (1996)
Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement for symbolic model checking. J. ACM 50(5), 752–794 (2003). DOI 10.1145/876638.876643
Cimatti, A., Roveri, M., Tonetta, S.: Requirements validation for hybrid systems. In: A. Bouajjani, O. Maler (eds.) CAV, LNCS, vol. 5643. Springer (2009). DOI 10.1007/ 978-3-642-02658-4_17
Frehse, G.: PHAVer: Algorithmic verification of hybrid systems past HyTech. In: Morari and Thiele [212], pp. 258–273. DOI 10.1007/b106766
Damm, W., Mikschl, A., Oehlerking, J., Olderog, E.R., Pang, J., Platzer, A., Segelken, M., Wirtz, B.: Automating verification of cooperation, control, and design in traffic applications. In: C.B. Jones, Z. Liu, J. Woodcock (eds.) Formal Methods and Hybrid Real-Time Systems, LNCS, vol. 4700, pp. 115–169. Springer (2007). DOI 10.1007/978-3-540-75221-9_6
ERTMS User Group: ERTMS/ETCS System requirements specification. http://www.era.europa.eu (2002)
Frehse, G.: PHAVer: algorithmic verification of hybrid systems past HyTech. STTT 10(3), 263–279 (2008). DOI 10.1007/s10009-007-0062-x
Platzer, A., Quesel, J.D.: European Train Control System: A case study in formal verification. Tech. Rep. 54, Reports of SFB/TR 14 AVACS (2009). ISSN: 1860-9821, http://www.avacs.org.
Batt, G., Belta, C., Weiss, R.: Model checking genetic regulatory networks with parameter uncertainty. In: Bemporad et al. 41, pp. 61–75. DOI 10.1007/978-3-540-71493-4_8
Platzer, A., Quesel, J.D.: KeYmaera: A hybrid theorem prover for hybrid systems. In: Armando et al. [18], pp. 171–178. DOI 10.1007/978-3-540-71070-7_15
Platzer, A., Quesel, J.D.: European Train Control System: A case study in formal verification. In: K. Breitman, A. Cavalcanti (eds.) ICFEM, LNCS, vol. 5885, pp. 246–265. Springer (2009). DOI 10.1007/978-3-642-10373-5_13
Henzinger, T.A.: The theory of hybrid automata. In: LICS, pp. 278–292. IEEE Computer Society, Los Alamitos (1996)
Pnueli, A., Rosner, R.: On the synthesis of a reactive module. In: POPL, pp. 179–190 (1989). DOI 10.1145/75277.75293
Tomlin, C.J., Lygeros, J., Sastry, S.: A game theoretic approach to controller design for hybrid systems. Proc. IEEE 88(7), 949–970 (2000). DOI 10.1109/5.871303
Clarke, E.M., Emerson, E.A.: Design and synthesis of synchronization skeletons using branching-time temporal logic. In: D. Kozen (ed.) Logic of Programs, LNCS, vol. 131, pp. 52–71. Springer (1981)
Mysore, V., Piazza, C., Mishra, B.: Algorithmic algebraic model checking II: Decidability of semi-algebraic model checking and its applications to systems biology. In: Peled and Tsay [226], pp. 217–233. DOI 10.1007/11562948_18
Frehse, G., Jha, S.K., Krogh, B.H.: A counterexample-guided approach to parameter synthesis for linear hybrid automata. In: Egerstedt and Mishra [111], pp. 187–200. DOI 10.1007/978-3-540-78929-1_14
Lafferriere, G., Pappas, G.J., Sastry, S.: O-minimal hybrid systems. Mathematics of Control, Signals, and Systems 13(1), 1–21 (2000). DOI 10.1007/PL00009858
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Platzer, A. (2010). European Train Control System. In: Logical Analysis of Hybrid Systems. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14509-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-14509-4_7
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14508-7
Online ISBN: 978-3-642-14509-4
eBook Packages: Computer ScienceComputer Science (R0)