The RAISE specification language
The RAISE specification language
Safety Critical Computer Systems
Safety Critical Computer Systems
Formal Methods Diffusion: Past Lessons and Future Prospects
SAFECOMP '00 Proceedings of the 19th International Conference on Computer Safety, Reliability and Security
From Complex Specifications to a Working Prototype. A Protocol Engineering Case Study
FME '01 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods for Increasing Software Productivity
Wireless protocol testing and validation supported by formal methods: a hands-on report
Journal of Systems and Software - Special issue: Software engineering education and training
Automating verification of cooperation, control, and design in traffic applications
Formal methods and hybrid real-time systems
A domain-oriented, model-based approach for construction and verification of railway control systems
Formal methods and hybrid real-time systems
Inferring additional knowledge from QTCN relations
Information Sciences: an International Journal
An abstract model for proving safety of multi-lane traffic manoeuvres
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Development of Control Systems Guided by Models of their Environment
Electronic Notes in Theoretical Computer Science (ENTCS)
ISPA'06 Proceedings of the 4th international conference on Parallel and Distributed Processing and Applications
| Hi-index | 0.00 |
In this article, we introduce the concept for a distributed railway control system and present the specification and verification of the main algorithm used for safe distributed control. Our design and verification approach is based on the RAISE method, starting with highly abstract algebraic specifications which are transformed into directly implementable distributed control processes by applying a series of refinement and verification steps. Concrete safety requirements are derived from an abstract version that can be easily validated with respect to soundness and completeness. Complexity is further reduced by separating the system model into a domain model and a controller model. The domain model describes the physical system in absence of control and the controller model introduces the safety-related control mechanisms as a separate entity monitoring observables of the physical system to decide whether it is safe for a train to move or for a point to be switched.