Skip to main content
SpringerLink
Log in

Automated generation of formal safety conditions from railway interlocking tables

  • FMRCS
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

This paper describes a tool for extracting formal safety conditions from interlocking tables for railway interlocking systems. The tool has been applied to generate safety conditions for the interlocking system at Stenstrup station in Denmark, and the SAL model checker tool has been used to check that these conditions were satisfied by a model of the relay circuits implementing the interlocking system at Stenstrup station.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Notes

  1. They are also used for some computer based interlocking systems.

  2. More general Kripke models allow non-propositional variables provided these have finite domains. However, for the models presented in this article, propositional variables are sufficient.

  3. In the models we are considering, there is only one possible initial state. More general Kripke structures allow for a set of initial states.

  4. \(R\) is total means that for all \(s\in S\) there is a state \(s'\in S\) such that \((s,s')\in R\)

  5. Note that we only consider SAL specifications for which the relation defined in this way is total (as required for Kripke structures). We use the SAL deadlock checker to check that.

  6. Note: two routes can only share a locking relay when at least one point is required to be set in different positions for the two routes.

References

  1. Aanæs, M., Thai, H.P.: Modelling and verification of relay interlocking systems. Technical Report IMM-MSC-2012-14, DTU Informatics. Master thesis supervised by Anne Haxthausen, ah@imm.dtu.dk, Technical University of Denmark (2012)

  2. Banci, M., Fantechi, A., Gnesi, S.: Some experiences on formal specification of railway interlocking systems using Statecharts (2005)

  3. Bjørner, D.: New results and current trends in formal techniques for the development of software for transportation systems. In: Tanai, G., Schnieder, E. (eds.) Proceedings of the Symposium on Formal Methods for Railway Operation and Control Systems (FORMS’2003), Budapest/Hungary. L’Harmattan Hongrie, 15–16 May 2003, pp. 3–22

  4. Bliguet, M.L., Kjær, A.A.: Modelling interlocking systems for railway stations. Technical Report IMM-M.Sc.-2008-68, DTU Informatics. Master thesis supervised by Anne Haxthausen, ah@imm.dtu.dk, Technical University of Denmark (2008)

  5. Cao, Y., Xu, T., Tang, T., Wang, H., Zhao, L.: Automatic generation and verification of interlocking tables based on domain specific language for computer based interlocking systems (DSL-CBI). In: Proceedings of the IEEE International Conference on Computer Science and Automation Engineering (CSAE 2011), pp. 511–515. IEEE (2011)

  6. Clarke, E.M., Grumberg, O., Peled, D.A.: Model checking. The MIT Press, Cambridge (1999)

  7. de Moura, L., Owre, S., Shankar, N.: The SAL language manual. Technical Report SRI-CSL-01-02, SRI International, 2003. Available from http://sal.csl.sri.com

  8. Eriksson, L.-H.: Using formal methods in a retrospective safety case. In: Computer safety, reliability, and security—23rd International Conference, SAFECOMP 2004, volume 3219 of Lecture Notes in Computer Science. Springer, Berlin, Heidelberg (2004)

  9. European Committee for Electrotechnical Standardization: EN 50128:2011—Railway applications—communications, signalling and processing systems—software for railway control and protection systems. CENELEC, Brussels (2011)

  10. Fantechi, A.: The role of formal methods in software development for railway applications. In: Railway safety, reliability and security: technologies and system engineering, pp. 282–297. IGI Global, USA (2012)

  11. Ferrari, A., Magnani, G., Grasso, D., Fantechi, A.: Model checking interlocking control tables. In: Schnieder, E., Tarnai G. (eds.) Proceedings of formal methods for automation and safety in railway and automotive systems (FORMS/FORMAT 2010). Springer, Berlin, Heidelberg (2011)

  12. Haxthausen, A.E.: Towards a framework for modelling and verification of relay interlocking systems. In: 16th Monterey Workshop: modelling, development and verification of adaptive systems: the grand challenge for robust software, number 6662 in Lecture Notes in Computer Science. Springer, Berlin, Heidelberg (2011) (Invited paper)

  13. Haxthausen, A.E., Bliguet, M.L., Kjær, A.A.: Modelling and verification of relay interlocking systems. In: Choppy, C., Sokolsky, O. (eds.) 15th Monterey Workshop: foundations of computer software, pp. 141–153. Future trends and techniques for development, number 6028 in Lecture Notes in Computer Science. Springer, Berlin, Heidelberg (2010) (Invited paper)

  14. Haxthausen, A.E., Kjær, A.A., Bliguet, M.L.: Formal development of a tool for automated modelling and verification of relay interlocking systems. In: 17th International Symposium on Formal Methods (FM 2011), number 6664 in Lecture Notes in Computer Science, pp. 118–132. Springer, Berlin, Heidelberg (2011)

  15. Haxthausen, A.E., Peleska, J., Kinder, S.: A formal approach for the construction and verification of railway control systems. Formal aspects of computing, 23(2):191–219, (2011). The article is also available electronically on SpringerLink: http://www.springerlink.com/openhbreakurls.asp?genre=article&id=doi:10.1007/s00165-009-0143-6

  16. Manna, Z., Pnueli, A.: The temporal logic of reactive and concurrent systems. Springer, New York (1992)

    Book  Google Scholar 

  17. Mirabadi, A., Yazdi, M.B.: Automatic generation and verification of railway interlocking control tables using FSM and NuSMV. Transp. Probl. 4, 103–110 (2009)

    Google Scholar 

  18. Moller, F., Nguyen, H.N., Roggenbach, M., Schneider, S., Treharne, H.: Defining and model checking abstractions of complex railway models using CSP\(\parallel \)B. In: Hardware and Software: Verification and Testing, 8th International Haifa Verification Conference, number 7857 in Lecture Notes in Computer Science. Springer, Berlin, Heidelberg (2013)

  19. Schnieder, E., Tarnai, G. (eds.): Proceedings of formal methods for automation and safety in railway and automotive systems (FORMS/FORMAT 2010). Springer, Berlin, Heidelberg (2011)

  20. Symbolic Analysis Laboratory, SAL, home page: http://sal.csl.sri.com (2001)

  21. The RAISE Language Group: The RAISE specification language. The BCS Practitioners Series. Prentice Hall Int., UK (1992)

  22. The RAISE Method Group: The RAISE development method. The BCS Practitioners Series. Prentice Hall Int., UK (1995)

  23. Winter, K.: Optimising ordering strategies for symbolic model checking of railway interlockings. In: 5th International Symposium On Leveraging Applications of Formal Methods, Verification and Validation (ISOLA’2012), Part II, number 7610 in Lecture Notes in Computer Science, pp. 246–260. Springer, Berlin, Heidelberg (2012)

  24. Winter, K.: Symbolic model checking for interlocking systems. In: Railway safety, reliability and security: technologies and system engineering, pp. 298–315. IGI Global, USA (2012)

  25. Winter, K., Johnston, W., Robinson, P., Strooper, P., van den Berg, L.: Tool support for checking railway interlocking designs. In: Proceedings of the 10th Australian workshop on Safety Critical Systems and Software, vol. 55, SCS ’05, pp. 101–107. Australian Computer Society Inc., Darlinghurst (2006)

Download references

Acknowledgments

I would like to thank Kirsten Mark Hansen for providing the initial idea for this project and for many valuable discussions when she was employed at Railnet Denmark. Special thanks go to my former students Morten Aanæs and Hoang Phuong Thai who developed the first version of the generator tool described in this paper in their master thesis project supervised by me. The functionality of the tool was inspired by another master thesis made by my former students Marie Le Bliguet and Andreas A. Kjær. Finally, I would like to thank the reviewers for comments to a previous version of this paper. The work has been partially supported by the RobustRailS project granted by the Danish Council for Strategic Research.

Author information

Authors and Affiliations

  1. DTU Compute, Technical University of Denmark, 2800 , Lyngby, Denmark

    Anne E. Haxthausen

Authors
  1. Anne E. Haxthausen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anne E. Haxthausen.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Haxthausen, A.E. Automated generation of formal safety conditions from railway interlocking tables. Int J Softw Tools Technol Transfer 16, 713–726 (2014). https://doi.org/10.1007/s10009-013-0295-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-013-0295-9

Keywords

Search

Navigation