Advertisement

Validation of the Hybrid ERTMS/ETCS Level 3 using Spin

  • Paolo ArcainiEmail author
  • Jan Kofroň
  • Pavel Ježek
ABZ 2018
  • 10 Downloads

Abstract

The Hybrid ERTMS/ETCS Level 3 is a standard for the management and interoperation of signalling for railways by the European Union. Its aim was to increase the throughput of railway tracks, by integrating the physical information coming from the trackside detection system with information transmitted by the train itself regarding its position and integrity. In this paper, we propose a formal model of the Hybrid ERTMS/ETCS Level 3 (ver. 1A) in Promela and its validation using Spin. We describe how we derived the model from the informal requirements and the abstractions we applied during this process; moreover, we explain how we validated and verified the model, and the ambiguities we detected in the requirements document. Although Spin provides very good verification facilities, it lacks a proper support for performing user-driven validation by simulation and scenario specification; therefore, we propose two facilities built upon the Promela language (having different expressive power) that allow for easy specification of scenario execution.

Keywords

ERTMS/ETCS Spin Promela Validation Verification 

Notes

References

  1. 1.
    Hoang, T.S., Butler, M., Reichl, K.: The Hybrid ERTMS/ETCS Level 3 Case Study. In: Butler, M., Raschke, A., Hoang, T.S., Reichl, K. (eds.) Abstract State Machines, Alloy, B, TLA, VDM, and Z, pp. 251–261. Springer, Cham (2018)CrossRefGoogle Scholar
  2. 2.
    Hybrid ERTMS/ETCS Level 3, version 1A. Technical report, EEIG ERTMS Users Group, 07 (2017)Google Scholar
  3. 3.
    Leuschel, M.: The high road to formal validation. In: Börger, E., Butler, M., Bowen, J.P., Boca, P. (eds.) Abstract State Machines, B and Z: First International Conference, ABZ 2008, London, UK, September 16–18, 2008. Proceedings, pp. 4–23. Springer, Berlin (2008)CrossRefGoogle Scholar
  4. 4.
    Börger, E., Raschke, A.: Modeling Companion for Software Practitioners. Springer, Berlin (2018)CrossRefGoogle Scholar
  5. 5.
    Abrial, J.-R.: Modeling in Event-B: System and Software Engineering. Cambridge University Press, Cambridge (2010)CrossRefGoogle Scholar
  6. 6.
    Arcaini, P., Gargantini, A., Riccobene, E.: AsmetaSMV: a way to link high-level ASM models to low-level NuSMV specifications. In: Proceedings of the 2nd International Conference on Abstract State Machines, Alloy, B and Z (ABZ 2010). LNCS, vol. 5977, pp. 61–74. Springer (2010)Google Scholar
  7. 7.
    Leuschel, M., Butler, M.: ProB: an automated analysis toolset for the B method. Int. J. Softw. Tools Technol. Transf. 10(2), 185–203 (2008)CrossRefGoogle Scholar
  8. 8.
    Chen, J., Cui, H.: Translation from adapted UML to Promela for CORBA-based applications. In: Graf, S., Mounier, L. (eds.) Model Checking Software, pp. 234–251. Springer, Berlin (2004)CrossRefGoogle Scholar
  9. 9.
    Prigent, A., Cassez, F., Dhaussy, P., Roux, O.: Extending the translation from SDL to Promela. In: Bošnački, D., Leue, S. (eds.) Mod. Check. Softw., pp. 79–94. Springer, Berlin (2002)CrossRefGoogle Scholar
  10. 10.
    Meenakshi, B., Bhatnagar, A., Roy, S.: Tool for translating Simulink models into input language of a model checker. In: Liu, Z., He, J. (eds.) Formal Methods and Software Engineering, pp. 606–620. Springer, Berlin (2006)CrossRefGoogle Scholar
  11. 11.
    Holzmann, G.J.: The SPIN Model Checker-Primer and Reference Manual. Addison-Wesley, Boston (2004)Google Scholar
  12. 12.
    Cimatti, A., Clarke, E.M., Giunchiglia, E., Giunchiglia, F., Pistore, M., Roveri, M., Sebastiani, R., Tacchella, A.: NuSMV version 2: an opensource tool for symbolic model checking. In: Proceedings International Conference on Computer-Aided Verification (CAV 2002). LNCS, vol. 2404. Springer (2002)Google Scholar
  13. 13.
    Git. https://git-scm.com/. Accessed 30 May 2019
  14. 14.
    The Spin model checker website. http://spinroot.com/. Accessed 30 May 2019
  15. 15.
    Arcaini, P., Ježek, P., Kofroň, J.: Modelling the Hybrid ERTMS/ETCS Level 3 Case Study in Spin. In: Butler, M., Raschke, A., Hoang, T.S., Reichl, K. (eds.) Abstract State Machines, Alloy, B, TLA, VDM, and Z. Springer, Cham (2018)Google Scholar
  16. 16.
    Drážní inspekce (The Rail Safety Inspection of the Czech Republic): Investigation Report of Railway Accident: Collision of a locomotive running solo as train No. 72461 with passenger train No. 5011 in Moravany station (2008). http://www.dicr.cz/uploads/Zpravy/MU/MU_Moravany.pdf. Accessed 30 May 2019
  17. 17.
    Das Eisenbahn-Bundesamt (EBA): The German Federal Railway Authority. Erweiterte Regelung zur Bedienung der Sandstreueinrichtung (2013). https://www.eba.bund.de/SharedDocs/Downloads/DE/GesetzeundRegelwerk/Allgemeinverf/34_allgvfg_sandstreu1.pdf?__blob=publicationFile&v=3. Accessed 30 May 2019
  18. 18.
    Ladenberger, L., Bendisposto, J., Leuschel, M.: Visualising Event-B models with B-Motion Studio. In: Alpuente, M., Cook, B., Joubert, C. (eds.) Formal Methods for Industrial Critical Systems: 14th International Workshop, FMICS 2009, Eindhoven, The Netherlands, November 2–3, 2009., pp. 202–204. Springer, Berlin (2009)CrossRefGoogle Scholar
  19. 19.
    Fraser, G., Wotawa, F., Ammann, P.E.: Testing with model checkers: a survey. Softw. Test. Verif. Reliab. 19(3), 215–261 (2009)CrossRefGoogle Scholar
  20. 20.
    Espada, A.R., del Mar Gallardo, M., Salmerón, A., Merino, P.: Using model checking to generate test cases for android applications. In: Pakulin, N., Petrenko, A.K., Schlingloff, B.-H. (eds.) Proceedings Tenth Workshop on Model Based Testing, London, UK, 18th April 2015, Volume 180 of Electronic Proceedings in Theoretical Computer Science, pp. 7–21. Open Publishing Association, London (2015)Google Scholar
  21. 21.
    Benerecetti, M., De Guglielmo, R., Gentile, U., Marrone, S., Mazzocca, N., Nardone, R., Peron, A., Velardi, L., Vittorini, V.: Dynamic state machines for modelling railway control systems. Sci. Comput. Program. 133, 116–153 (2017). Formal Techniques for Safety-Critical Systems (FTSCS 2014)CrossRefGoogle Scholar
  22. 22.
    Glossary of terms and abbreviations. Technical report, ERA * UNISIG * EEIG ERTMS USERS GROUP, 5 (2016)Google Scholar
  23. 23.
    Hybrid ERTMS/ETCS Level 3, version 1C. Technical report, EEIG ERTMS Users Group, 07 (2018)Google Scholar
  24. 24.
    Dick, J., Hull, E., Jackson, K.: Requirements Engineering, 4th edn. Springer, Berlin (2017)CrossRefGoogle Scholar
  25. 25.
    Cunha, A., Macedo, N.: Validating the Hybrid ERTMS/ETCS Level 3 concept with electrum. In: Butler, M., Raschke, A., Hoang, T.S., Reichl, K. (eds.) Abstract State Machines, Alloy, B, TLA, VDM, and Z, pp. 307–321. Springer, Cham (2018)CrossRefGoogle Scholar
  26. 26.
    Abrial, J.-R.: The ABZ-2018 case study with Event-B. In: Butler, M., Raschke, A., Hoang, T.S., Reichl, K. (eds.) Abstract State Machines, Alloy, B, TLA, VDM, and Z, pp. 322–337. Springer, Cham (2018)CrossRefGoogle Scholar
  27. 27.
    Mammar, A., Frappier, M., Fotso, S.J.T., Laleau, R.: An Event-B model of the hybrid ERTMS/ETCS Level 3 standard. In: Butler, M., Raschke, A., Hoang, T.S., Reichl, K. (eds.) Abstract State Machines, Alloy, B, TLA, VDM, and Z, pp. 353–366. Springer, Cham (2018)CrossRefGoogle Scholar
  28. 28.
    Dghaym, D., Poppleton, M., Snook, C.: Diagram-led formal modelling using iUML-B for Hybrid ERTMS Level 3. In: Butler, M., Raschke, A., Hoang, T.S., Reichl, K. (eds.) Abstract State Machines, Alloy, B, TLA, VDM, and Z, pp. 338–352. Springer, Cham (2018)CrossRefGoogle Scholar
  29. 29.
    Leue, S., Holzmann, G.J.: v-Promela: a visual, object-oriented language for SPIN. In: Proceedings 2nd IEEE International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC’99) (Cat. No.99-61702), pp. 14–23 (1999)Google Scholar
  30. 30.
    Hansen, D., Leuschel, M., Schneider, D., Krings, S., Körner, P., Naulin, T., Nayeri, N., Skowron, F.: Using a formal B model at runtime in a demonstration of the ETCS Hybrid Level 3 concept with real trains. In: Butler, M., Raschke, A., Hoang, T.S., Reichl, K. (eds.) Abstract State Machines, Alloy, B, TLA, VDM, and Z, pp. 292–306. Springer, Cham (2018)CrossRefGoogle Scholar
  31. 31.
    Bencomo, N., France, R.B., Cheng, B.H.C., Aßmann, U. (eds.): Models@run.time—Foundations, Applications, and Roadmaps [Dagstuhl Seminar 11481, November 27–December 2, 2011]. Lecture Notes in Computer Science, vol. 8378. Springer, Cham (2014)Google Scholar
  32. 32.
    Fotso, S.J.T., Frappier, M., Laleau, R., Mammar, A.: Modeling the hybrid ERTMS/ETCS Level 3 standard using a formal requirements engineering approach. In: Butler, M., Raschke, A., Hoang, T.S., Reichl, K. (eds.) Abstract State Machines, Alloy, B, TLA, VDM, and Z, pp. 262–276. Springer, Cham (2018)CrossRefGoogle Scholar
  33. 33.
    Fuxman, A., Liu, L., Mylopoulos, J., Pistore, M., Roveri, M., Traverso, P.: Specifying and analyzing early requirements in Tropos. Requir. Eng. 9(2), 132–150 (2004)CrossRefGoogle Scholar
  34. 34.
    Cimatti, A., Giunchiglia, F., Mongardi, G., Romano, D., Torielli, F., Traverso, P.: Formal verification of a railway interlocking system using model checking. Form. Asp. Comput. 10(4), 361–380 (1998)CrossRefGoogle Scholar
  35. 35.
    Gnesi, S., Latella, D., Lenzini, G., Abbaneo, C., Amendola, A.M., Marmo, P.: A formal specification and validation of a critical system in presence of byzantine errors. In: Graf, S., Schwartzbach, M. (eds.) Tools and Algorithms for the Construction and Analysis of Systems, pp. 535–549. Springer, Berlin (2000)CrossRefGoogle Scholar
  36. 36.
    Lamport, L., Shostak, R., Pease, M.: The byzantine generals problem. ACM Trans. Program. Lang. Syst. 4, 382–401 (1982)CrossRefGoogle Scholar
  37. 37.
    Mazzanti, F., Ferrari, A., Spagnolo, G.O.: Towards formal methods diversity in railways: an experience report with seven frameworks. Int. J. Softw. Tools Technol. Transf. 20(3), 263–288 (2018)CrossRefGoogle Scholar
  38. 38.
    Arvind, N.D., Katelman, M.: Getting formal verification into design flow. In: Cuellar, J., Maibaum, T., Sere, K. (eds.) FM 2008: Formal Methods: 15th International Symposium on Formal Methods, Turku, Finland, May 26–30, 2008 Proceedings, pp. 12–32. Springer, Berlin (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  1. 1.National Institute of InformaticsTokyoJapan
  2. 2.Faculty of Mathematics and PhysicsCharles UniversityPragueCzech Republic

Personalised recommendations