Abstract
The decentralised railway signalling systems have a potential to increase capacity, availability and reduce maintenance costs of railway networks. However, given the safety-critical nature of railway signalling and the complexity of novel distributed signalling solutions, their safety should be guaranteed by using thorough system validation methods. To achieve such a high-level of safety assurance of these complex signalling systems, scenario-based testing methods are far from being sufficient despite that they are still widely used in the industry. Formal verification is an alternative approach which provides a rigorous approach to verifying complex systems and has been successfully used in the railway domain. Despite the successes, little work has been done in applying formal methods for distributed railway systems. In our research we are working towards a multifaceted formal development methodology of complex railway signalling systems. The methodology is based on the Event-B modelling language which provides an expressive modelling language, a stepwise development and a proof-based model verification. In this paper, we present the application of the methodology for the development and verification of a distributed protocol for reservation of railway sections. The main challenge of this work is developing a distributed protocol which ensures safety and liveness of the distributed railway system when message delays are allowed in the model.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Abrial J R (1996) The B-book: assigning programs to meanings. Cambridge University Press, New York
Abrial JR (2013) Modeling in Event-B: system and software engineering. Cambridge University Press, New York
Back RJR (1990) Refinement calculus, part II: parallel and reactive programs. In: de Bakker JW, de Roever WP, Rozenberg G (eds) Stepwise refinement of distributed systems models, formalisms, correctness. Springer, Berlin, pp 67–93
Behm P, Benoit P, Faivre A, Meynadier JM (1999) Météor: a successful application of B in a large project. In Wing JM, Woodcock K, Davies J (eds) FM’99—formal methods. Springer, Berlin, pp 369–387
Bernstein PA, Shipman DW, Rothnie JB Jr (1980) Concurrency control in a system for distributed databases (SDD-1). ACM Trans Database Syst 5(1):18–51
Cansell D, Méry D (2006) Formal and incremental construction of distributed algorithms: on the distributed reference counting algorithm. Theor Comput Sci 364(3):318–337
Déharbe D, Fontaine P, Guyot Y, Voisin L (2014) Integrating SMT Solvers in Rodin. Sci Comput Program 94(P2):130–143
Essamé D, Dollé D (2006) B in large-scale projects: the Canarsie line CBTC experience. In: Julliand J, Kouchnarenko O (eds) B 2007: formal specification and development in B. Springer, Berlin, pp 252–254
Eswaran Kapali P, Gray Jim, Lorie Raymond A, Traiger Irving L (1976) The Notions of Consistency and Predicate Locks in a Database System. Commun. ACM, 19(11):624–633
Fantechi A, Haxthausen AE (2018) Safety interlocking as a distributed mutual exclusion problem. In Howar F, Barnat J (eds) Formal methods for industrial critical systems. Springer, Cham, pp 52–66
Fantechi A, Haxthausen AE, Nielsen MBR (2017) Model checking geographically distributed interlocking systems using UMC. In: 25th Euromicro international conference on parallel, distributed and network-based processing (PDP), pp 278–286
Geisler S, Haxthausen AE (2021) Stepwise development and model checking of a distributed interlocking system using RAISE. Formal Aspects Comput 33:87–125
Gray J, Reuter A (1992) Transaction processing: concepts and techniques, 1st edn. Morgan Kaufmann Publishers Inc., San Francisco
Hawblitzel C, Howell J, Kapritsos M, Lorch JR, Parno B, Roberts ML, Setty S, Zill B (2017) IronFleet: proving safety and liveness of practical distributed systems. Commun ACM 60(7):83–92
Hoang TS, Kuruma H, Basin D, Abrial JR (2009) Developing topology discovery in Event-B. Sci Comput Program 74(11):879– 899
Hinton A, Kwiatkowska M, Norman G, Parker D (2006) PRISM: a tool for automatic verification of probabilistic systems. In: Hermanns H, Palsberg J (eds) Tools and algorithms for the construction and analysis of systems. Springer, Berlin, pp 441–444
Hoang TS (2014) Reasoning about almost-certain convergence properties using Event-B. Sci Comput Program 81:108–121
Haxthausen AE, Peleska J (2000) Formal development and verification of a distributed railway control system. IEEE Trans Softw Eng 26(8):687–701
Iliasov A, Laibinis L, Troubitsyna E, Romanovsky A (2011) Formal derivation of a distributed program in Event B. In: Qin S, Qiu Z ( eds) Formal methods and software engineering. Springer, Berlin, pp 420–436
Iliasov A, Stankaitis P, Adjepon-Yamoah D, Romanovsky A (2016) Rodin platform Why3 plug-in. In: Proceedings of the 5th international conference on abstract state machines, alloy, B, TLA, VDM, and Z, ABZ 2016. Springer, Berlin, pp 275–281
INTO-CPS Project (2016) Deliverable D1.2-Case studies 2. Available at https://into-cps.org/publications/
Leuschel M, Butler M (2003) ProB: a model checker for B. In: Araki K, Gnesi S, Mandrioli D (eds) FME 2003: formal methods. Springer, Berlin, pp 855–874
Lecomte T, Déharbe D, Fournier P, Oliveira M (2020) The CLEARSY safety platform: 5 years of research, development and deployment. Sci Comput Program 199:102524
Morley MJ (1996) Safety assurance in interlocking design. PhD thesis, University of Edinburgh. College of Science and Engineering. School of Informatics
Newcombe C (2014) Why Amazon Chose TLA+. In: Ait Ameur Y, Schewe KD (eds) Abstract state machines, alloy, B, TLA, VDM, and Z. Springer, Berlin, pp 25–39
Stankaitis P, Dupont G, Singh NK, Ait-Ameur Y, Iliasov A, Romanovsky A (2019) Modelling hybrid train speed controller using proof and refinement. In: 2019 24th International conference on engineering of complex computer systems (ICECCS), pp 107–113
Stankaitis P, Iliasov A (2017) Theories, techniques and tools for engineering heterogeneous railway networks. In: Fantechi A, Lecomte T, Romanovsky A (eds) Reliability, safety, and security of railway systems. Modelling, analysis, verification, and certification. Springer, Cham, pp 241–250
Stankaitis P, Iliasov A, Ait-Ameur Y, Kobayashi T, Ishikawa F, Romanovsky A(2019)Arefinement based method for developing distributed protocols. In: IEEE 19th international symposium on high assurance systems engineering (HASE), pp 90–97
Stankaitis P, Iliasov A, Kobayashi T, Aït-Ameur Y, Ishikawa F, Romanovsky A (2020) Formal distributed protocol development for reservation of railway sections. In: Raschke A, Méry D, Houdek F (eds) Rigorous state-based methods. Springer, Cham, pp 203–219
The RODIN platform (2006). Available at https://sourceforge.net/projects/rodin-b-sharp/files/Core_Rodin_Platform/
Whitwam F, Kanner A (2012) Control of automatic guided vehicles without wayside INterlocking. Patent US 20120323411 A1
Acknowledgements
This work is supported by an iCASE studentship and funded by EPSRC/UK and Siemens Rail Automation (grant number EP/P510580/1). This work was partially supported by the EPSRC STRATA platform grant (EP/N023641/1).
Author information
Authors and Affiliations
Corresponding author
Additional information
Alessandro Fantechi, Anne Haxthausen and Jim Woodcock
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Stankaitis, P., Iliasov, A., Kobayashi, T. et al. A refinement-based development of a distributed signalling system. Form Asp Comp 33, 1009–1036 (2021). https://doi.org/10.1007/s00165-021-00567-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-021-00567-y