Safety in railway signalling data: A behavioural analysis
Higher Order Logic is used to analyse safety properties of a computer based railway signal control system. British Rail's Solid State Interlocking is a data driven controller whose behaviour is governed by rules stored in a geographic database. The correctness of these data are highly critical to the system's safe operation. Taking as our starting point Gordon's implementation of program logics in Higher Order Logic, we formalise the data correctness problem in a natural way, designing tactics to automate much of the verification task. Our approach requires quadratic time and linear space, and is thought to be adequate for the current generation of Solid State Interlockings. Properly formalised, the compositional proof strategy we suggest will allow us to scale up our analyses arbitrarily.
KeywordsSafety-critical systems application specific languages railway signalling higher-order logic
Unable to display preview. Download preview PDF.
- [AC91]Will Atkinson and Jim Cunningham. Proving properties of a safety critical system. Software Engineering Journal, pages 41–50, March 1991.Google Scholar
- [Bri90]British Railways Board. SSI data preparation guide. Issue SSI8003, February 1990.Google Scholar
- [Cri87]A. H. Cribbens. Solid State Interlocking (SSI): an integrated electronic signalling system for mainline railways. IEE Proc., 134(3): 148–158, May 1987.Google Scholar
- [Gor89]M. J. C. Gordon. Mechanizing Programming Logics in Higher Order Logic. In P. A. Subrahmanyam and Graham Birtwistle, editors, Current Trends in Hardware Verification and Automated Theorem Proving. Springer-Verlag, 1989.Google Scholar
- [Gri81]David Gries. The Science of Programming. Spriner-Verlag, 1981.Google Scholar
- [IM92]Michael Ingleby and Ian Mitchell. Proving Safety of a Railway Signalling System Incorporating Geographic Data. In Proceedings of IFAC SAFECOMP '92, October 1992.Google Scholar
- [Mit90]I. H. Mitchell. Proposal for an SSI data checking tool. Internal publication by B.R. Research, Safety Systems Unit, June 1990.Google Scholar
- [Mor91]M. J. Morley. Modelling British Rail's Interlocking Logic — Geographic Data Correctness. Technical Report ECS-LFCS-91-186, University of Edinburgh, November 1991.Google Scholar
- [SS90]G. Stålmark and M. Säflund. Modelling and verifying systems and software in propositional logic. In Proceedings of SAFECOMP '90, pages 31–36, 1990.Google Scholar
- [Tre93]Gavan Tredoux. Mechanizing nondeterministic programming logics in higher order logic. Monograph, March 1993.Google Scholar