Advertisement

From Formal Test Objectives to TTCN-3 for Verifying ETCS Complex Software Control Systems

Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1250)

Abstract

The design of a practical but accurate software methodology to guarantee systems correctness and safety is still a big challenge. Where test coverage is dissatisfying, formal analysis grants much higher potential to discover errors or safety vulnerabilities during the design phase of a system. However, formal verification methods often require a strong technical background that limits their usage. In this paper, we present a framework based on testing and verification to ensure the correctness and safety of complex distributed software systems. As a result of the application of our methodology we obtain a more reliable system, in terms of functionality, safety and robustness and a reduction of the time necessary for verification. In order to show the applicability of our solution we applied it on a real industrial case study, that is the European Train Control System (ETCS)  [14]. We specify the system using the SDL language  [24], and we use a test generation tool to generate abstract test cases in TTCN-3. Based on these standardized tests, we verify using model-checking, some critical properties of the system, in particular these regarding safety requirements. We analyse a real train accident and we demonstrate how the accident could have been avoided if the ETCS system was used.

Keywords

Formal verification Safety Model checking Software control systems 

References

  1. 1.
    Ameur-Boulifa, R., Cavalli, A.R., Maag, S.: Verifying complex software control systems from test objectives: application to the ETCS system. In: Proceedings of the 14th International Conference on Software Technologies, ICSOFT 2019, Prague, Czech Republic, 26–28 July 2019, pp. 397–406 (2019).  https://doi.org/10.5220/0007918203970406
  2. 2.
    Ameur-Boulifa, R., Henrio, L., Kulankhina, O., Madelaine, E., Savu, A.: Behavioural semantics for asynchronous components. J. Log. Algebraic Methods Program. 89, 1–40 (2017)MathSciNetzbMATHCrossRefGoogle Scholar
  3. 3.
    Andres, C., Cavalli, A., Yetvushenko, N.: On modeling and testing the european train control system, technical report 09013 lor, telecom sudparis. Technical report, March 2013Google Scholar
  4. 4.
    Abbaspour Asadollah, S., Inam, R., Hansson, H.: A survey on testing for cyber physical system. In: El-Fakih, K., Barlas, G., Yevtushenko, N. (eds.) ICTSS 2015. LNCS, vol. 9447, pp. 194–207. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-25945-1_12CrossRefGoogle Scholar
  5. 5.
    Belghiat, A., Chaoui, A.: A Pi-calculus-based approach for the verification of UML2 sequence diagrams. In: 2015 10th International Joint Conference on Software Technologies (ICSOFT), vol. 2, pp. 1–8. IEEE (2015)Google Scholar
  6. 6.
    Bérard, B., et al.: Systems and Software Verification: Model-checking Techniques and Tools. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-662-04558-9
  7. 7.
    Berthomieu, B., et al.: The syntax and semantics of FIACRE. In: Deliverable number F.3.2.11 of project TOPCASED (2012)Google Scholar
  8. 8.
    Bougacha, R., Wakrime, A.A., Kallel, S., Ayed, R.B., Collart-Dutilleul, S.: A model-based approach for the modeling and the verification of railway signaling system. In: Proceedings of the 14th International Conference on Evaluation of Novel Approaches to Software Engineering, pp. 367–376. SCITEPRESS-Science and Technology Publications, Lda (2019)Google Scholar
  9. 9.
    Bozga, M., Graf, S., Mounier, L.: IF-2.0: a validation environment for component-based real-time systems. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 343–348. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45657-0_26CrossRefGoogle Scholar
  10. 10.
    Bozga, M., Graf, S., Ober, I., Ober, I., Sifakis, J.: The IF toolset. In: Bernardo, M., Corradini, F. (eds.) SFM-RT 2004. LNCS, vol. 3185, pp. 237–267. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-30080-9_8zbMATHCrossRefGoogle Scholar
  11. 11.
    Bundell, G.A.: Aspects of the safety analysis of an on-board automatic train operation supervisor. In: 2009 IEEE International Conference on Systems, Man and Cybernetics, pp. 3223–3230. IEEE (2009)Google Scholar
  12. 12.
    Cavalli, A.R., Grepet, C., Maag, S., Tortajada, V.: A validation model for the DSR protocol. In: 24th International Conference on Distributed Computing Systems Workshops (ICDCS 2004 Workshops), 23–24 March 2004, Hachioji, Tokyo, Japan, pp. 768–773 (2004).  https://doi.org/10.1109/ICDCSW.2004.1284120
  13. 13.
    Che, X., Lalanne, F., Maag, S.: A logic-based passive testing approach for the validation of communicating protocols. In: ENASE 2012 - Proceedings of the 7th International Conference on Evaluation of Novel Approaches to Software Engineering, Wroclaw, Poland, 29–30 June 2012, pp. 53–64 (2012)Google Scholar
  14. 14.
    ERTMS Commission Group - European Commission: delivering an effective and interoperable European Rail Traffic Management System (ERTMS) – the way ahead. Technical report, SWD(2017), p. 375, November 2017. https://ec.europa.eu/transport/sites/transport/files/swd20170375-ertms-the-way-ahead.pdf
  15. 15.
    ETSI-ES-201-873-1: Methods for testing and specification (MTS), the testing and test control notation version 3, part 1: Ttcn-3 core language, v4.11.1. Technical report, April 2019Google Scholar
  16. 16.
    Ferrante, O., Scholte, E., Rollini, S., North, R., Manica, L., Senni, V.: A methodology for formal requirements validation and automatic test generation and application to aerospace systems. Technical report, SAE Technical Paper (2018)Google Scholar
  17. 17.
    Fraser, G., Wotawa, F., Ammann, P.E.: Testing with model checkers: a survey. Softw. Test. Verification Reliab. 19(3), 215–261 (2009)CrossRefGoogle Scholar
  18. 18.
    Garavel, H., Lang, F., Mateescu, R., Serwe, W.: CADP 2010: a toolbox for the construction and analysis of distributed processes. In: Abdulla, P.A., Leino, K.R.M. (eds.) TACAS 2011. LNCS, vol. 6605, pp. 372–387. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19835-9_33zbMATHCrossRefGoogle Scholar
  19. 19.
    Garousi, V., Felderer, M., Karapıçak, Ç.M., Yılmaz, U.: Testing embedded software: a survey of the literature. Inf. Softw. Technol. 104, 14–45 (2018)CrossRefGoogle Scholar
  20. 20.
    Ghazel, M.: Formalizing a subset of ERTMS/ETCS specifications for verification purposes. Transp. Res. Part C Emerg. Technol. 42, 60–75 (2014)CrossRefGoogle Scholar
  21. 21.
    Godefroid, P.: Between testing and verification: Dynamic software model checking (2016)Google Scholar
  22. 22.
    Hennessy, M., Lin, H.: Symbolic bisimulations. Theor. Comput. Sci. 138(2), 353–389 (1995)MathSciNetzbMATHCrossRefGoogle Scholar
  23. 23.
    Henrio, L., Madelaine, E., Min, Z.: pNets: an expressive model for parameterised networks of processes. In: 2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing, pp. 492–496. IEEE (2015)Google Scholar
  24. 24.
    ITU-T: Recommandation Z.100: CCITT Specification and Description Language (SDL, 1999, updated 2019). Technical report, ITU-T, October 2019Google Scholar
  25. 25.
    Jesus Valdivia, L., Solas, G., Añorga, J., Arrizabalaga, S., Adin, I., Mendizabal, J.: ETCS on-board unit safety testing: saboteurs, testing strategy and results. Promet-Traffic Transp. 29(2), 213–223 (2017)CrossRefGoogle Scholar
  26. 26.
    Kahani, N., Bagherzadeh, M., Cordy, J.R., Dingel, J., Varró, D.: Survey and classification of model transformation tools. Softw. Syst. Model. 18(4), 2361–2397 (2018).  https://doi.org/10.1007/s10270-018-0665-6CrossRefGoogle Scholar
  27. 27.
    Kapinski, J., Deshmukh, J.V., Jin, X., Ito, H., Butts, K.: Simulation-based approaches for verification of embedded control systems: an overview of traditional and advanced modeling, testing, and verification techniques. IEEE Control Syst. Mag. 36(6), 45–64 (2016)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Karna, A.K., Chen, Y., Yu, H., Zhong, H., Zhao, J.: The role of model checking in software engineering. Front. Comput. Sci. 12(4), 642–668 (2018).  https://doi.org/10.1007/s11704-016-6192-0CrossRefGoogle Scholar
  29. 29.
    Lee, D., Yannakakis, M.: Principles and methods of testing finite state machines - a survey. IEEE Trans. Comput. 84, 1090–1123 (1996)Google Scholar
  30. 30.
    Lee, D., Yannakakis, M.: Principles and methods of testing finite state machines - a Survey. Proc. IEEE 84, 1090–1123 (1996)CrossRefGoogle Scholar
  31. 31.
    Liu, Y., Tang, T., Liu, J., Zhao, L., Xu, T.: Formal modeling and verification of RBC handover of ETCS using differential dynamic logic. In: 2011 Tenth International Symposium on Autonomous Decentralized Systems, pp. 67–72. IEEE (2011)Google Scholar
  32. 32.
    Mateescu, R., Thivolle, D.: A model checking language for concurrent value-passing systems. In: Cuellar, J., Maibaum, T., Sere, K. (eds.) FM 2008. LNCS, vol. 5014, pp. 148–164. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-68237-0_12CrossRefGoogle Scholar
  33. 33.
    Merouane, K., Grepet, C., Maag, S.: A methodology for interoperability testing of a manet routing protocol. In: International Conference on Wireless and Mobile Communications, p. 5, March 2007.  https://doi.org/10.1109/ICWMC.2007.2
  34. 34.
    Mouttappa, P., Maag, S., Cavalli, A.: Using passive testing based on symbolic execution and slicing techniques: application to the validation of communication protocols. Comput. Netw. 57(15), 2992–3008 (2013)CrossRefGoogle Scholar
  35. 35.
    Mubeen, S., Nolte, T., Sjödin, M., Lundbäck, J., Lundbäck, K.-L.: Supporting timing analysis of vehicular embedded systems through the refinement of timing constraints. Softw. Syst. Model. 18(1), 39–69 (2017).  https://doi.org/10.1007/s10270-017-0579-8CrossRefGoogle Scholar
  36. 36.
    Petiot, G., Kosmatov, N., Giorgetti, A., Julliand, J.: How test generation helps software specification and deductive verification in Frama-C. In: Seidl, M., Tillmann, N. (eds.) TAP 2014. LNCS, vol. 8570, pp. 204–211. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-09099-3_16CrossRefGoogle Scholar
  37. 37.
    Platzer, A., Quesel, J.-D.: European train control system: a case study in formal verification. In: Breitman, K., Cavalcanti, A. (eds.) ICFEM 2009. LNCS, vol. 5885, pp. 246–265. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-10373-5_13CrossRefGoogle Scholar
  38. 38.
    Salem, M.O.B., Mosbahi, O., Khalgui, M., Frey, G.: R-UML: An UML profile for verification of flexible control systems. In: Lorenz, P., Cardoso, J., Maciaszek, L.A., van Sinderen, M. (eds.) ICSOFT 2015. CCIS, vol. 586, pp. 118–136. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-30142-6_7CrossRefGoogle Scholar
  39. 39.
    Willcock, C., Dei, T., Tobies, S., Keil, S., Engler, F., Schulz, S.: An Introduction to TTCN-3, 2nd edn. Wiley Publishing, Hoboken (2011)CrossRefGoogle Scholar
  40. 40.
    Yan, F., Gao, C., Tang, T., Zhou, Y.: A safety management and signaling system integration method for communication-based train control system. Urban Rail Transit 3(2), 90–99 (2017).  https://doi.org/10.1007/s40864-017-0051-7CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.LTCI, Télécom ParisTech, Institut Polytechnique de ParisPalaiseauFrance
  2. 2.Samovar, CNRS, Télécom SudParis, Institut Polytechnique de ParisPalaiseauFrance

Personalised recommendations