Abstract
In this paper, an efficient approach to data validation of distributed geographical interlocking systems (IXLs) is presented. In the distributed IXL paradigm, track elements are controlled by local computers communicating with other control components over local and wide area networks. The overall control logic is distributed over these track-side computers and remote server computers that may even reside in one or more cloud server farms. Redundancy is introduced to ensure fail-safe behaviour, fault-tolerance, and to increase the availability of the overall system. To cope with the configuration-related complexity of such distributed IXLs, the software is designed according to the digital twin paradigm: physical track elements are associated with software objects implementing supervision and control for the element. The objects communicate with each other and with high-level IXL control components in the cloud over logical channels realised by distributed communication mechanisms. The objective of this article is to explain how configuration rules for this type of IXLs can be specified by temporal logic formulae interpreted on Kripke Structure representations of the IXL configuration. Violations of configuration rules can be specified using formulae from a well-defined subset of LTL. By decomposing the complete configuration model into sub-models corresponding to routes through the model, the LTL model checking problem can be transformed into a CTL checking problem for which highly efficient algorithms exist. Specialised rule violation queries that are hard to express in LTL can be simplified and checked faster by performing sub-model transformations adding auxiliary variables to the states of the underlying Kripke Structures. Further performance enhancements are achieved by checking each sub-model concurrently. The approach presented here has been implemented in a model checking tool which is applied by Siemens Mobility for data validation of geographical IXLs.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Behm P, Benoit P, Faivre A, Meynadier J-M (1999) Météor: A successful application of B in a large project. In: Wing JM, Woodcock J, Davies J (eds) FM'99—Formal methods, world congress on formal methods in the development of computing systems. Toulouse, France, September 20–24, 1999, Proceedings, Volume I, volume 1708 of lecture notes in computer science. Springer, pp 369–387
Badeau F, Doche-Petit M (2012) Formal data validation with event-B. arXiv:1210.7039 [cs], October
Biere A, Heljanko K, Junttila T, Latvala T, Schuppan V (2006) Linear encodings of bounded LTL model checking. Log Methods Comput Sci 2(5), November. arXiv: cs/0611029
Bjørner D (2003) New results and current trends in formal techniques for the development of software for transportation systems. In: Proceedings of the symposium on formal methods for railway operation and control systems (FORMS'2003), Budapest/Hungary. L'Harmattan Hongrie, May 15–16
Basile D, ter Beek MH, Fantechi A, Gnesi SM, Piattino FA, Trentini D, Ferrari A (2018) On the industrial uptake of formal methods in the railway domain. In: Furia CA, Winter K (eds) Integrated formal methods, lecture notes in computer science. Springer International Publishing, pp 20–29
CENELEC (2011) EN 50128:2011 railway applications—communication, signalling and processing systems—software for railway control and protection systems
Clarke, E.M., Grumberg, O., Peled, D.A.: Model checking. The MIT Press, Cambridge (1999)
Celebi, B.T., Kaymakci, O.T.: Verifying the accuracy of interlocking tables for railway signalling systems using abstract state machines. J Mod Transp 24(4), 277–283 (December 2016)
Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to algorithms, 3rd edn. The MIT Press (2009)
Fantechi A (2012) Distributing the challenge of model checking interlocking control tables. In: Margaria T, Steffen B (eds) Leveraging applications of formal methods, verification and validation. Applications and case studies, volume 7610 of lecture notes in computer science. Springer, Berlin, pp 276–289
Fantechi A, Fokkink W, Morzenti A (2012) Some trends in formal methods applications to railway signaling. In: Formal methods for industrial critical systems. Wiley, pp 61–84
Fredj M, Leger S, Feliachi A, Ordioni J (2017) OVADO. In: Fantechi A, Lecomte T, Romanovsky A (eds) Reliability, safety, and security of railway systems. Modelling, analysis, verification, and certification, lecture notes in computer science. Springer International Publishing, pp 87–98
Ferrari A, Magnani G, Grasso D, Fantechi A (2011) Model checking interlocking control tables. In: Schnieder E, Tarnai G (eds) Proceedings of formal methods for automation and safety in railway and automotive systems (FORMS/FORMAT 2010), Braunschweig, Germany. Springer
Geisler, S., Haxthausen, A.E.: Stepwise development and model checking of a distributed interlocking system–using RAISE. In: Havelund, K., Peleska, J., Roscoe, B., de Vink, E.P. (eds.) Formal methods–22nd international symposium, FM 2018, held as part of the federated logic conference, FloC 2018, Oxford, UK, July 15–17, 2018, Proceedings. lecture notes in computer science, vol. 10951, pp. 277–293. Springer (2018)
Hong, L.V., Haxthausen, A.E., Peleska, J.: Formal modelling and verification of interlocking systems featuring sequential release. Sci Comput Program 133, 91–115 (2017)
Haxthausen AE, Østergaard PH (2016) On the use of static checking in the verification of interlocking systems. In: Leveraging applications of formal methods, verification and validation: discussion, dissemination, applications, Part II, volume 9953 of lecture notes in computer science. Springer International Publishing AG, pp 266–278
Haxthausen, A.E., Peleska, J., Pinger, R.: Applied bounded model checking for interlocking system designs. In: Counsell, S., Núñez, M. (eds.) SEFM workshops. lecture notes in computer science, vol. 8368, pp. 205–220. Springer (2013)
Hansen D, Schneider D, Leuschel M (2016) Using B and ProB for data validation projects. In: Butler M, Schewe K-D, Mashkoor A, Biro M (eds) Abstract state machines, alloy, B, TLA, VDM, and Z, lecture notes in computer science. Springer International Publishing, pp 167–182
James, P., Moller, F., Nga, N.H., Roggenbach, M., Schneider, S.A., Treharne, H.: Techniques for modelling and verifying railway interlockings. Int J Softw Tools Technol Transf 16(6), 685–711 (2014)
Keming W, Zheng W, Chuandong Z (2019) Formal modeling and data validation of general railway interlocking system. WIT Trans Built Environ 181
Lecomte T, Burdy L, Leuschel M (2012) Formally checking large data sets in the railways. CoRR, abs/1210.6815
Laroussinie F, Meyer A, Petonnet E (2010) Counting LTL. In: Markey N, Wijsen J (eds) TIME 2010—17th international symposium on temporal representation and reasoning, Paris, France, 6–8 September 2010. IEEE Computer Society, pp 51–58
Moller, F., Nguyen, H.N., Roggenbach, M., Schneider, S., Treharne, H.: Defining and model checking abstractions of complex railway models using CSP\(\parallel \)B. In: Biere, A., Nahir, A., Vos, T. (eds.) Hardware and software: verification and testing. lecture notes in computer science, vol. 7857, pp. 193–208. Springer, Berlin (2013)
Manna, Z., Pnueli, A.: The temporal logic of reactive and concurrent systems–specification. Springer (1992)
Pachl J (2002) Railway operation and control. VTD Rail Publishing, January
Peleska, J.: New distribution paradigms for railway interlocking. In: Margaria, T., Steffen, B. (eds.) Leveraging applications of formal methods, verification and validation:applications–9th international symposium on leveraging applications of formal methods, ISoLA 2020, Rhodes, Greece, October 20–30, 2020, Proceedings, Part III. lecture notes in computer science, vol. 12478, pp. 434–448. Springer (2020)
Peleska J, Krafczyk N, Haxthausen AE, Pinger R (2019) Efficient data validation for geographical interlocking systems. In: Dutilleul SC, Lecomte T, Romanovsky AB (eds) Reliability, safety, and security of railway systems. Modelling, analysis, verification, and certification—third international conference, RSSRail 2019, Lille, France, June 4–6, 2019, Proceedings, volume 11495 of lecture notes in computer science. Springer, pp 142–158
Sistla, A.P.: Safety, liveness and fairness in temporal logic. Form Aspects Comput 6(5), 495–511 (1994)
Steffens S, Siemens Mobility GmbH (2018) Safety@COTS multicore, distributed smart safe system DS3. In: Innovationstag ETCS stellwerk smartrail 4.0. Presentation Slides, pp 35–47
Winter K (2012) Symbolic model checking for interlocking systems. In: Railway safety, reliability and security: technologies and system engineering. IGI Global, pp 298–315
Funding
Open Access funding enabled and organized by Projekt DEAL.
Author information
Authors and Affiliations
Corresponding author
Additional information
Alessandro Fantechi and Jim Woodcock
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Funded by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation)—Project number 407708394.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Peleska, J., Krafczyk, N., Haxthausen, A.E. et al. Efficient data validation for geographical interlocking systems. Form Asp Comp 33, 925–955 (2021). https://doi.org/10.1007/s00165-021-00551-6
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-021-00551-6