European Train Control System: A Case Study in Formal Verification

Authors:
André Platzer;Jan-David Quesel
Affiliations:
Computer Science Department, Carnegie Mellon University, Pittsburgh;Department of Computing Science, University of Oldenburg, Germany
Venue:
ICFEM '09 Proceedings of the 11th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Year:
2009

Citing 15
Cited 13

Automatic Symbolic Verification of Embedded Systems

IEEE Transactions on Software Engineering
The theory of hybrid automata

LICS '96 Proceedings of the 11th Annual IEEE Symposium on Logic in Computer Science
Counterexample-guided abstraction refinement for symbolic model checking

Journal of the ACM (JACM)
Model checking Duration Calculus: a practical approach

Formal Aspects of Computing
Differential Dynamic Logic for Hybrid Systems

Journal of Automated Reasoning
A Counterexample-Guided Approach to Parameter Synthesis for Linear Hybrid Automata

HSCC '08 Proceedings of the 11th international workshop on Hybrid Systems: Computation and Control
Logical Verification and Systematic Parametric Analysis in Train Control

HSCC '08 Proceedings of the 11th international workshop on Hybrid Systems: Computation and Control
KeYmaera: A Hybrid Theorem Prover for Hybrid Systems (System Description)

IJCAR '08 Proceedings of the 4th international joint conference on Automated Reasoning
Requirements Validation for Hybrid Systems

CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Computing differential invariants of hybrid systems as fixedpoints

Formal Methods in System Design
Differential-algebraic Dynamic Logic for Differential-algebraic Programs

Journal of Logic and Computation
Model checking genetic regulatory networks with parameter uncertainty

HSCC'07 Proceedings of the 10th international conference on Hybrid systems: computation and control
Automating verification of cooperation, control, and design in traffic applications

Formal methods and hybrid real-time systems
Algorithmic algebraic model checking II: decidability of semi-algebraic model checking and its applications to systems biology

ATVA'05 Proceedings of the Third international conference on Automated Technology for Verification and Analysis
PHAVer: algorithmic verification of hybrid systems past hytech

HSCC'05 Proceedings of the 8th international conference on Hybrid Systems: computation and control

Automatic verification of parametric specifications with complex topologies

IFM'10 Proceedings of the 8th international conference on Integrated formal methods
Decidability and complexity for the verification of safety properties of reasonable linear hybrid automata

Proceedings of the 14th international conference on Hybrid systems: computation and control
Toward online hybrid systems model checking of cyber-physical systems' time-bounded short-run behavior

ACM SIGBED Review - Work-in-Progress (WiP) Session of the 2nd International Conference on Cyber Physical Systems
A core language for executable models of cyber physical systems: work in progress report

ACM SIGBED Review - Work-in-Progress (WiP) Session of the 2nd International Conference on Cyber Physical Systems
Logic and compositional verification of hybrid systems

CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Hierarchical reasoning for the verification of parametric systems

IJCAR'10 Proceedings of the 5th international conference on Automated Reasoning
Towards Formal Verification of Freeway Traffic Control

ICCPS '12 Proceedings of the 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems
Generating invariants of hybrid systems via sums-of-squares of polynomials with rational coefficients

Proceedings of the 2011 International Workshop on Symbolic-Numeric Computation
Logics of Dynamical Systems

LICS '12 Proceedings of the 2012 27th Annual IEEE/ACM Symposium on Logic in Computer Science
Formal verification and validation of ERTMS industrial railway train spacing system

CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Logical analysis of hybrid systems: a complete answer to a complexity challenge

DCFS'12 Proceedings of the 14th international conference on Descriptional Complexity of Formal Systems
Validation of requirements for hybrid systems: A formal approach

ACM Transactions on Software Engineering and Methodology (TOSEM)
Hierarchical reasoning and model generation for the verification of parametric hybrid systems

CADE'13 Proceedings of the 24th international conference on Automated Deduction

Quantified Score

Hi-index	0.00

Visualization

Abstract

Complex physical systems have several degrees of freedom. They only work correctly when their control parameters obey corresponding constraints. Based on the informal specification of the European Train Control System (ETCS), we design a controller for its cooperation protocol. For its free parameters, we successively identify constraints that are required to ensure collision freedom. We formally prove the parameter constraints to be sharp by characterizing them equivalently in terms of reachability properties of the hybrid system dynamics. Using our deductive verification tool KeYmaera, we formally verify controllability, safety, liveness, and reactivity properties of the ETCS protocol that entail collision freedom. We prove that the ETCS protocol remains correct even in the presence of perturbation by disturbances in the dynamics. We verify that safety is preserved when a PI controlled speed supervision is used.