Abstract
The safety analysis of interlocking railway systems involves verifying freedom from collision, derailment and run-through (that is, trains rolling over wrongly-set points). Typically, various unrealistic assumptions are made when modelling trains within networks in order to facilitate their analyses. In particular, trains are invariably assumed to be shorter than track segments; and generally only a very few trains are allowed to be introduced into the network under consideration.
In this paper we propose modelling methodologies which elegantly dismiss these assumptions. We first provide a framework for modelling arbitrarily many trains of arbitrary length in a network; and then we demonstrate that it is enough with our modelling approach to consider only two trains when verifying safety conditions. That is, if a safety violation appears in the original model with any number of trains of any and varying lengths, then a violation will be exposed in the simpler model with only two trains.
Importantly, our modelling framework has been developed alongside – and in conjunction with – railway engineers. It is vital that they can validate the models and verification conditions, and – in the case of design errors – obtain comprehensible feedback. We demonstrate our modelling and abstraction techniques on two simple interlocking systems proposed by our industrial partner. As our formalization is, by design, near to their way of thinking, they are comfortable with it and trust it.
Original language | English |
---|---|
Pages (from-to) | 315-336 |
Journal | Science of Computer Programming |
Volume | 96 |
Issue number | 3 |
Early online date | 18 Apr 2014 |
DOIs | |
Publication status | Published - 15 Dec 2014 |
Externally published | Yes |
Bibliographical note
Published Open Access under an Elsevier user license - https://www.elsevier.com/about/policies/open-access-licenses/elsevier-user-licenseKeywords
- Railway verification
- CSP∥B
- Modelling and analysis