Systematic software development using VDM (2nd ed.)
Systematic software development using VDM (2nd ed.)
Proving properties of a safety-critical system
Software Engineering Journal - Special issue on safety-critical systems
Information and Classification: Concepts, Methods, and Applications: Proceedings of the 16th Annual Conference of the "Gesellschaft Fur Klassifikation E. V." University of Dortmund, April 1-3, 1992
Safety in Railway Signalling Data: A Behavioural Analysis
HUG '93 Proceedings of the 6th International Workshop on Higher Order Logic Theorem Proving and its Applications
Formal approach to railway applications
Formal methods and hybrid real-time systems
| Hi-index | 0.00 |
Interlockings-systems which control railway signals-are modeled as situated automata holding in memory an image of their trackside environment. Interlocking functionality is generic, but each interlocking consults a geographic database which specifies the topography of its environment. A 'calculus o hazard' comprising a theory of trackside geography and generic state of trackside environments is set up using a predicate calculus based on incidence relations. The calculus is sufficiently expressive for the articulation hazard defence rules-which are obtained from a typical IEC fault modes and effects analysis (FMEA)-free of area-specific reference. Safety of an interlocking is formulated as an NP-complete proof problem expressing the invariance of a set of hazard defence predicates of the calculus. A scaleable approach to this proof problem is developed by representing a signalling area as a set of weakly interacting localities of low combinatorial complexity. The approach uses Galois connection tools borrowed from formal concept analysis.