Model checking railway interlocking systems
ACSC '02 Proceedings of the twenty-fifth Australasian conference on Computer science - Volume 4
A Formal Object-Oriented Analysis for Software Reliability: Design for Verification
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
Evaluating dynamic correctness properties of domain reference architectures
Journal of Systems and Software - Special issue: Best papers on Software Engineering from the SEKE'01 Conference
Tool support for checking railway interlocking designs
SCS '05 Proceedings of the 10th Australian workshop on Safety critical systems and software - Volume 55
Simulated time for testing railway interlockings with TTCN-3
FATES'05 Proceedings of the 5th international conference on Formal Approaches to Software Testing
Automated verification of executable UML models
FMCO'10 Proceedings of the 9th international conference on Formal Methods for Components and Objects
Optimising ordering strategies for symbolic model checking of railway interlockings
ISoLA'12 Proceedings of the 5th international conference on Leveraging Applications of Formal Methods, Verification and Validation: applications and case studies - Volume Part II
| Hi-index | 0.00 |
This paper describes an experiment in formal specification and validation performed in the context of an industrial joint project. The project involved an Italian company working in the field of railway engineering, Ansaldobreda Segnalamento Ferroviario, and the CNR Institutes IEI and CNUCE of Pisa. Within the project, two formal models have been developed describing different aspects of a safety-critical system used in the management of medium-large railway networks. Validation of safety and liveness properties has been performed on both models. Safety properties have been checked primarily in presence of Byzantine faults as well as of silent faults embedded in the models themselves. Liveness properties have been more focused on a communication protocol used within the system. Properties have been specified by means of assertions or temporal logical formulae. We used PROMELA as specification language, while the verification was performed using the verification tool suite SPIN.