Skip to main content
SpringerLink
Log in

Formal Verification of an Industrial Safety-Critical Traffic Tunnel Control System

  • Conference paper
  • First Online:
Integrated Formal Methods (IFM 2019)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11918))

Included in the following conference series:

Abstract

Over the last decades, significant progress has been made on formal techniques for software verification. However, despite this progress, these techniques are not yet structurally applied in industry. To reduce the well-known industry–academia gap, industrial case studies are much-needed, to demonstrate that formal methods are now mature enough to help increase the reliability of industrial software. Moreover, case studies also help researchers to get better insight into industrial needs.

This paper contributes such a case study, concerning the formal verification of an industrial, safety-critical traffic tunnel control system that is currently employed in Dutch traffic. We made a formal, process-algebraic model of the informal design of the tunnel system, and analysed it using mCRL2. Additionally, we deductively verified that the implementation adheres to its intended behaviour, by proving that the code refines our mCRL2 model, using VerCors. By doing so, we detected undesired behaviour: an internal deadlock due to an intricate, unlucky combination of timing and events. Even though the developers were already aware of this, and deliberately provided us with an older version of their code, we demonstrate that formal methods can indeed help to detect undesired behaviours within reasonable time, that would otherwise be hard to find.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    To illustrate, Technolution also delivers commercial software written in Rust.

  2. 2.

    On a Macbook with an Intel Core i5 CPU with 2.9 GHz, and 8Gb internal memory.

  3. 3.

    Both these languages can be translated into one another, and we are actively working on mechanising these translations.

References

  1. Beers, R.: Pre-RTL formal verification: an intel experience. In: DAC, pp. 806–811 (2008). https://doi.org/10.1145/1391469.1391675

  2. Blanchard, A., Kosmatov, N., Lemerre, M., Loulergue, F.: A case study on formal verification of the anaxagoros hypervisor paging system with Frama-C. In: NĂºĂ±ez, M., GĂ¼demann, M. (eds.) FMICS 2015. LNCS, vol. 9128, pp. 15–30. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-19458-5_2

    Chapter  Google Scholar 

  3. Blom, S., Darabi, S., Huisman, M., Oortwijn, W.: The VerCors tool set: verification of parallel and concurrent software. In: Polikarpova, N., Schneider, S. (eds.) IFM 2017. LNCS, vol. 10510, pp. 102–110. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66845-1_7

    Chapter  Google Scholar 

  4. Bunte, O., et al.: The mCRL2 toolset for analysing concurrent systems. In: Vojnar, T., Zhang, L. (eds.) TACAS 2019. LNCS, vol. 11428, pp. 21–39. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17465-1_2

    Chapter  Google Scholar 

  5. Calcagno, C., et al.: Moving fast with software verification. In: Havelund, K., Holzmann, G., Joshi, R. (eds.) NFM 2015. LNCS, vol. 9058, pp. 3–11. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17524-9_1

    Chapter  Google Scholar 

  6. Clarke, E.M.: The birth of model checking. In: Grumberg, O., Veith, H. (eds.) 25 Years of Model Checking. LNCS, vol. 5000, pp. 1–26. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-69850-0_1

    Chapter  Google Scholar 

  7. Cok, D.R.: Java automated deductive verification in practice: lessons from industrial proof-based projects. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11247, pp. 176–193. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03427-6_16

    Chapter  Google Scholar 

  8. FilliĂ¢tre, J.: Deductive software verification. STTT 13(5), 397–403 (2011). https://doi.org/10.1007/s10009-011-0211-0

    Article  Google Scholar 

  9. van Glabbeek, R., Höfner, P., Portmann, M., Tan, W.: Modelling and verifying the AODV routing protocol. Distrib. Comput. 29(4), 279–315 (2016). https://doi.org/10.1007/s00446-015-0262-7

    Article  MathSciNet  MATH  Google Scholar 

  10. de Gouw, S., Rot, J., de Boer, F.S., Bubel, R., Hähnle, R.: OpenJDK’s Java.utils.Collection.sort() is broken: the good, the bad and the worst case. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 273–289. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_16

    Chapter  Google Scholar 

  11. Groote, J.F., Mousavi, M.R.: Modeling and Analysis of Communicating Systems. MIT Press, Cambridge (2014)

    Book  Google Scholar 

  12. Groote, J.F., Wijs, A.: An \(O(m\log n)\) algorithm for stuttering equivalence and branching bisimulation. In: Chechik, M., Raskin, J.-F. (eds.) TACAS 2016. LNCS, vol. 9636, pp. 607–624. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49674-9_40

    Chapter  MATH  Google Scholar 

  13. Huisman, M., Joosten, S.J.C.: Towards reliable concurrent software. Principled Software Development, pp. 129–146. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98047-8_9

    Chapter  Google Scholar 

  14. Hwong, Y., Keiren, J., Kusters, V., Leemans, S., Willemse, T.: Formalising and analysing the control software of the compact muon solenoid experiment at the large hadron collider. SCP 78(12), 2435–2452 (2013). https://doi.org/10.1007/978-3-642-29320-7_12

    Article  Google Scholar 

  15. mCRL2—Showcases. https://www.mcrl2.org/web/user_manual/showcases.html. Accessed July 2019

  16. Landelijke Tunnelstandaard (National Tunnel Standard). http://publicaties.minienm.nl/documenten/landelijke-tunnelstandaard. Accessed June 2019

  17. Oortwijn, W., Blom, S., Gurov, D., Huisman, M., Zaharieva-Stojanovski, M.: An abstraction technique for describing concurrent program behaviour. In: Paskevich, A., Wies, T. (eds.) VSTTE 2017. LNCS, vol. 10712, pp. 191–209. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72308-2_12

    Chapter  Google Scholar 

  18. Oortwijn, W., Blom, S., Huisman, M.: Future-based static analysis of message passing programs. In: PLACES, pp. 65–72 (2016). https://doi.org/10.4204/EPTCS.211.7

    Article  Google Scholar 

  19. Philippaerts, P., MĂ¼hlberg, J., Penninckx, W., Smans, J., Jacobs, B., Piessens, F.: Software verification with verifast: industrial case studies. SCP 82, 77–97 (2014). https://doi.org/10.1016/j.scico.2013.01.006

    Article  Google Scholar 

  20. Ruijters, E., Guck, D., van Noort, M., Stoelinga, M.: Reliability-centered maintenance of the electrically insulated railway joint via fault tree analysis: a practical experience report. In: DSN, pp. 662–669. IEEE Computer Society (2016). https://doi.org/10.1109/DSN.2016.67

  21. Silva, R., de Oliveira, J., Pinto, J.: A case study on model checking and deductive verification techniques of safety-critical software. In: SBMF, Federal University of Campina Grande (2012)

    Google Scholar 

  22. The Technolution. https://www.technolution.eu. Accessed June 2019

  23. Wiggelinkhuizen, J.: Feasibility of formal model checking in the Vitatron environment. Master’s thesis, Eindhoven University of Technology (2007)

    Google Scholar 

Download references

Acknowledgements

This work is partially supported by the NWO VICI 639.023.710 Mercedes project and by the NWO TOP 612.001.403 VerDi project.

Author information

Authors and Affiliations

  1. University of Twente, Enschede, The Netherlands

    Wytse Oortwijn & Marieke Huisman

Authors
  1. Wytse Oortwijn
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marieke Huisman
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Wytse Oortwijn or Marieke Huisman .

Editor information

Editors and Affiliations

  1. Chalmers University of Technology, Gothenburg, Sweden

    Wolfgang Ahrendt

  2. University of Oslo, Oslo, Norway

    Silvia Lizeth Tapia Tarifa

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Oortwijn, W., Huisman, M. (2019). Formal Verification of an Industrial Safety-Critical Traffic Tunnel Control System. In: Ahrendt, W., Tapia Tarifa, S. (eds) Integrated Formal Methods. IFM 2019. Lecture Notes in Computer Science(), vol 11918. Springer, Cham. https://doi.org/10.1007/978-3-030-34968-4_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-34968-4_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-34967-7

  • Online ISBN: 978-3-030-34968-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation