Skip to main content
SpringerLink
Log in

Formal verification of safety protocol in train control system

  • Published:
Science China Technological Sciences Aims and scope Submit manuscript

Abstract

In order to satisfy the safety-critical requirements, the train control system (TCS) often employs a layered safety communication protocol to provide reliable services. However, both description and verification of the safety protocols may be formidable due to the system complexity. In this paper, interface automata (IA) are used to describe the safety service interface behaviors of safety communication protocol. A formal verification method is proposed to describe the safety communication protocols using IA and translate IA model into PROMELA model so that the protocols can be verified by the model checker SPIN. A case study of using this method to describe and verify a safety communication protocol is included. The verification results illustrate that the proposed method is effective to describe the safety protocols and verify deadlocks, livelocks and several mandatory consistency properties. A prototype of safety protocols is also developed based on the presented formally verifying method.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Heimdahl M P E. Safety and software intensive systems: challenges old and new. In: Conformance of Future of Software Engineering, 2007. Washington: IEEE Computer Society, 2007. 137–152

    Chapter  Google Scholar 

  2. Esposito R, Sanseviero A, Lazzaro A, et al. Formal verification of ERTMS euroradio safety critical protocol. In: Proceedings of FORMS 2003. Budapest: IEEE Computer Society, 2003. 21–29

  3. Diao Y F, Wang B D. Risk analysis of flood control operation mode with forecast information based on a combination of risk sources. Sci China Tech Sci, 2010, 53(7): 1949–1956

    Article  Google Scholar 

  4. Chu Y Y, Zhang H, Shen S F, et al. Development of a model to generate a risk map in a building fire. Sci China Tech Sci, 2010, 53(10): 2739–2747

    Article  Google Scholar 

  5. Xu T H, Tang T, Gao C H, et al. Dependability analysis of the data communication system in train control system. Sci China Tech Sci, 2009, 52(9): 2605–2618

    Article  MATH  Google Scholar 

  6. Gronbaek J, Madsen T K, Schwefel H P. Safe wireless communication solution for driver machine interface for train control systems. In: Proceedings of International Conference on Systems (ICONS 2008). Cancun: IEEE Computer Society, 2008. 208–213

    Google Scholar 

  7. Zhang Y, Tang T, Yan F. Study on model for analysis of CBTC data communication system (DCS) and its application (in Chinese). J China Railway Soc, 2011, 33(5): 60–65

    Google Scholar 

  8. Sinha P, Ren D Q. Formal verification of dependable distributed protocols. Inf Software Technol, 2003, 45(12): 873–888

    Article  Google Scholar 

  9. Clarke E M, Wing J M. Formal methods: state of the art and future directions. ACM Computing Surveys, 1996, 28(4): 626–643

    Article  Google Scholar 

  10. Lee J H, Hwang J G, Park G T. Performance evaluation and verification of communication protocol for railway signaling systems. Computer Standards & Interfaces, 2005, 27(3): 207–219

    Article  Google Scholar 

  11. Lee J D, Jung J I, Lee J H, et al. Verification and conformance test generation of communication protocol for railway signaling systems. Computer Standards & Interfaces, 2007, 29(2): 143–151

    Article  MathSciNet  Google Scholar 

  12. Lee J H, Hwang J G, Shin D, et al. Development of verification and conformance testing tools for a railway signaling communication protocol. Computer Standards & Interfaces, 2009, 31(2): 362–371

    Article  Google Scholar 

  13. Katsaros P. A roadmap to electronic payment transaction guarantees and a Colored Petri Net model checking approach. Inf Software Technol, 2009, 51(2): 235–257

    Article  MathSciNet  Google Scholar 

  14. Sinha P, Suri N. Modular composition of redundancy management protocols in distributed systems: an outlook on simplifying protocol level formal specification and verification. In: 21st International Conference on Distributed Computing Systems. Phoenix: IEEE Computer Society, 2001. 255–263

    Google Scholar 

  15. Sinha P, Suri N. On simplifying modular specification and verification of distributed protocols. In: Sixth IEEE International Symposium on High Assurance Systems Engineering. Boca Raton, Florida: IEEE Computer Society, 2001. 173–181

    Google Scholar 

  16. Ouzzif M, Erradi M, Mountassir H. Description of a teleconferencing floor control protocol and its implementation. Eng Appl Artif Intel, 2008, 21(3): 430–441

    Article  Google Scholar 

  17. Schäfer T, Knapp A, Merz S. Model checking UML state machines and collaborations. Elec Notes Theor Comp Sci, 2001, 55(3): 357–369

    Article  Google Scholar 

  18. Inverardi P, Muccini H, Pelliccione P. Automated check of architectural models consistency using SPIN. In: Proceeding of the 16th IEEE International Conference on Automated Software Engineering (ASE 2001). Los Alamitos: IEEE Computer Society, 2001. 346–349

    Chapter  Google Scholar 

  19. Alfaro L, Henzinger T A. Interface automata. In: 8th Eiropean Engineering Conference (ESEC) and 9th ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE-9). Vienna: ACM Press, 2001. 109–120

    Google Scholar 

  20. Alfaro L D, Henzinger T A. Interface theories for component-based design. In: Proceedings of the First International Workshop on Embedded Software. Tahoe City, CA: Springer, 2001. 148–165

    Google Scholar 

  21. Jin Y, Esser R, Lakos C, et al. Modular analysis of dataflow process networks. In: Joint European Conferences on Theory and Practice of Software. Warsaw: Springer, 2003. 184–199

    Google Scholar 

  22. Chakrabarti A, De Alfaro L, Henzinger T, et al. Interface compatibility checking for software modules. In: Proceedings of the 14th International Conference on Computer-Aided Verification. Copenhagen: Springer, 2002. 428–441

    Chapter  Google Scholar 

  23. Chakrabarti A, Alfaro L D, Henzinger T A, et al. Synchronous and bidirectional component interfaces. In: Proceedings of the 14th International Conference on Computer Aided Verification. Copenhagen: Springer, 2002. 414–427

    Chapter  Google Scholar 

  24. Lee E A, Xiong Y, Behavioral types for component-based design. Technical Report No. UCB/ERL M02/29, Berkeley, USA, 2002

  25. Kapus T. Using mobile TLA as a logic for dynamic I/O automata. IEICE Trans Inf Syst, 2009, 92(8): 1515–1522

    Article  Google Scholar 

  26. Refsdal A, Stølen K. Extending UML sequence diagrams to model trust-dependent behavior with the aim to support risk analysis. Sci Comp Progr, 2008, 74(1–2): 34–42

    Article  MATH  Google Scholar 

  27. Medvidovic N, Rosenblum D S, Redmiles D F, et al. Modeling software architectures in the Unified Modeling Language. ACM Trans Software Eng Methodol, 2002, 11(1): 2–57

    Article  Google Scholar 

  28. Li X D, Hu J, Bu L, et al. Consistency checking of concurrent models for scenario-based specifications. In: 12th International SDL Forum, SDL 2005: Model Driven, Grimstad. Berlin: Springer 2005. 1171–1180

    Google Scholar 

  29. Holzmann G J. The model checker SPIN. IEEE Trans Software Eng, 1997, 23(5): 279–295

    Article  MathSciNet  Google Scholar 

  30. Wang Y, Wei J, Wang Z Y. Model checking distributed control systems based on software architecture (in Chinese). J Software, 2004, 15(6): 823–833

    MATH  Google Scholar 

  31. Hu J, Yu X F, Zhang Y, et al. Checking component-based designs for scenario-based specifications (in Chinese). Chin J Comp, 2006, 29(4): 513–525

    Google Scholar 

  32. Bharadwaj R, Heitmeyer C L. Model checking complete requirements specifications using abstraction. Autom Software Eng, 1999, 6(1): 37–68

    Article  Google Scholar 

  33. Mikk E, Lakhnech Y, Siegel M, et al. Implementing statecharts in PROMELA/SPIN. In: Proceedings of the Second IEEE Workshop on Industrial Strength Formal Specification Techniques. Florida: IEEE Computer Society, 1998. 90–101

    Google Scholar 

  34. Lilius J, Paltor I P. VUML: a tool for verifying UML models. In: 14th IEEE International Conference on Automated Software Engineering (ASE’99). Florida: IEEE Computer Society, 1999. 255–258

    Chapter  Google Scholar 

  35. IEC, IEC 62280-2, Railway applications-communication, signaling and processing systems-part 2: safety-related communication in open transmission systems. New York: IEC, 2001

    Google Scholar 

  36. ERTMS/ETCS UNISIG Subset-037: Euroradio FIS. http://www.era.europa.eu/Document-Register/Documents/Subset-037%20v230.pdf. 2005

  37. Zhang Y, Zhao X Q, Zheng W, et al. System safety property-oriented test sequences generating method based on model checking. WIT Trans Built Environ, 2010, 144(1): 747–759

    Article  Google Scholar 

  38. Zhang Y, Tang T, Ma L C, et al. Modeling and simulation of the security communication protocol based on the switched Ethernet (in Chinese). J China Railway Soc, 2010, 32(3): 43–48

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Rail Traffic Control and Safety, Beijing Jiaotong University, Beijing, 100044, China

    Yan Zhang, Tao Tang, KePing Li, Li Zhu, Lin Zhao & TianHua Xu

  2. Railway Technologies Research Centre, Universidad Politécnica de Madrid, Madrid, 228006, Spain

    Jose Manuel Mera

Authors
  1. Yan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tao Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. KePing Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jose Manuel Mera
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Li Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Lin Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. TianHua Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tao Tang.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Zhang, Y., Tang, T., Li, K. et al. Formal verification of safety protocol in train control system. Sci. China Technol. Sci. 54, 3078–3090 (2011). https://doi.org/10.1007/s11431-011-4562-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11431-011-4562-2

Keywords

Search

Navigation