Abstract
We discuss a new “flavour” of distributed interlocking systems, where the proper interlocking logic is allocated on cloud computers using conventional (i.e. commercial-off-the-shelf) multi-core hardware and operating systems. The servers in the cloud communicate with intelligent track elements over internet connections. Interlocking logic may even be geographically distributed on more than one server farm, introducing a new dimension of fault tolerance. This technology has been announced 2018 by Siemens Mobility, and the certification is currently underway. In this paper, it is analysed how the new distribution concept affects verification, validation, and certification. In particular, the complexity of the cloud system suggests to create a collection of scenario models instead of a single comprehensive model specifying the expected behaviour of the system. The use of scenario models is well known from the autonomous vehicle domain, but, to our best knowledge, it is the first time that this approach is also applied in the railway domain. We discuss verification-related and test-related implications of the scenario approach. In particular, solutions are proposed for determining whether a collection of scenario models is complete, and for deciding whether sufficient test coverage has been achieved for a given scenario. The material presented here is based on a collaboration between Siemens and Verified Systems International, a company specialised on verification and validation of safety-critical systems.
This work has been partially funded by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) – project number 407708394.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
See, for example, https://www.mobility.siemens.com/global/en/portfolio/rail/automation/signaling-on-board-and-crossing-products/axle-counting-systems.html, where 2-out-of-2 track vacancy detectors are described.
- 2.
More details about the model-based construction of test oracles are explained in [21].
- 3.
The name is motivated by the collection of soccer player pictures provided with some product and the question how many products need to be bought in order get at least one picture of every player.
- 4.
For example, condition \(0< x \wedge x < 10\) has size 10.
- 5.
References
Roadmap to a Single European Transport Area - Towards a competitive and resource efficient transport system. Technical report, European Union - EUR-Lex (2011). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52011DC0144, white paper
CENELEC: EN 50128:2011 Railway applications - Communication, signalling and processing systems - Software for railway control and protection systems (2011)
Chow, T.S.: Testing software design modeled by finite-state machines. IEEE Trans. Softw. Eng. SE-4(3), 178–186 (1978)
Cristian, F.: Probabilistic clock synchronization. Distrib. Comput. 3(3), 146–158 (1989). https://doi.org/10.1007/BF01784024
Dorofeeva, R., El-Fakih, K., Yevtushenko, N.: An improved conformance testing method. In: Wang, F. (ed.) FORTE 2005. LNCS, vol. 3731, pp. 204–218. Springer, Heidelberg (2005). https://doi.org/10.1007/11562436_16
Ferrante, N., Saltalamacchia, M.: The coupon collector’s problem. Materials matemàtics, pp. 1–35 (2014). http://mat.uab.cat/matmat_antiga/PDFv2014/v2014n02.pdf
Gärtner, F.C.: Fundamentals of fault-tolerant distributed computing in asynchronous environments. ACM Comput. Surv. 31(1), 1–26 (1999). https://doi.org/10.1145/311531.311532
Gülker, J.: Certification of the coded monoprocessor as ATP according to European standards. In: Proceedings of the 7th International Conference on Automated People Movers 1999, pp. 96–101. IDA (1999)
Hauer, F., Schmidt, T., Holzmüller, B., Pretschner, A.: Did we test all scenarios for automated and autonomous driving systems? In: 2019 IEEE Intelligent Transportation Systems Conference, ITSC 2019, Auckland, New Zealand, 27–30 October 2019, pp. 2950–2955. IEEE (2019). https://doi.org/10.1109/ITSC.2019.8917326
Haxthausen, A.E., Peleska, J.: Formal development and verification of a distributed railway control system. IEEE Trans. Softw. Eng. 26(8), 687–701 (2000)
Herdt, V., Große, D., Drechsler, R.: Fast and accurate performance evaluation for RISC-V using virtual prototypes. In: 2020 Design, Automation & Test in Europe Conference & Exhibition, DATE 2020, Grenoble, France, 9–13 March 2020, pp. 618–621. IEEE (2020). https://doi.org/10.23919/DATE48585.2020.9116522
Hierons, R.M.: Testing from a nondeterministic finite state machine using adaptive state counting. IEEE Trans. Comput. 53(10), 1330–1342 (2004). https://doi.org/10.1109/TC.2004.85. http://doi.ieeecomputersociety.org/10.1109/TC.2004.85
Huang, W., Özoguz, S., Peleska, J.: Safety-complete test suites. Softw. Qual. J. 27(2), 589–613 (2019). https://doi.org/10.1007/s11219-018-9421-y
Huang, W., Peleska, J.: Complete model-based equivalence class testing for nondeterministic systems. Formal Aspects Comput. 29(2), 335–364 (2017). https://doi.org/10.1007/s00165-016-0402-2
Huang, W., Peleska, J.: Model-based testing strategies and their (in)dependence on syntactic model representations. STTT 20(4), 441–465 (2018). https://doi.org/10.1007/s10009-017-0479-9
Hübner, F., Huang, W., Peleska, J.: Experimental evaluation of a novel equivalence class partition testing strategy. Softw. Syst. Model. 18(1), 423–443 (2019). https://doi.org/10.1007/s10270-017-0595-8, published online 2017
Hungar, H.: Scenario-based validation of automated driving systems. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11246, pp. 449–460. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03424-5_30
Kuhn, D.R., Kacker, R.N., Lei, Y.: Introduction to Combinatorial Testing. CRC Press (2013)
Lardennois, R.: Safety: single coded processor architecture combined with ASIC provide a cost efficient and flexible solution to safety issues. IFAC Proc. Volumes 27(12), 971–976 (1994). http://www.sciencedirect.com/science/article/pii/S1474667017476002, iFAC Symposium on Transportation Systems: Theory and Application of Advanced Technology, Tianjin, PRC, 24–26 August. https://doi.org/10.1016/S1474-6670(17)47600-2
Object Management Group: OMG Systems Modeling Language (OMG SysML), Version 1.6. Technical report, Object Management Group (2019). http://www.omg.org/spec/SysML/1.4
Peleska, J.: Industrial-strength model-based testing - state of the art and current challenges. In: Petrenko, A.K., Schlingloff, H. (eds.) Proceedings Eighth Workshop on Model-Based Testing, Rome, Italy, 17th March 2013. Electronic Proceedings in Theoretical Computer Science, vol. 111, pp. 3–28. Open Publishing Association (2013). https://doi.org/10.4204/EPTCS.111.1
Peleska, J.: Model-based avionic systems testing for the airbus family. In: 23rd IEEE European Test Symposium, ETS 2018, Bremen, Germany, 28 May–1 June 2018, pp. 1–10. IEEE (2018). https://doi.org/10.1109/ETS.2018.8400703
Peleska, J., Brauer, J., Huang, W.: Model-based testing for avionic systems proven benefits and further challenges. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11247, pp. 82–103. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03427-6_11
Peleska, J., Huang, W., Cavalcanti, A.: Finite complete suites for CSP refinement testing. Sci. Comput. Program. 179, 1–23 (2019). https://doi.org/10.1016/j.scico.2019.04.004. http://www.sciencedirect.com/science/article/pii/S0167642319300620
Peleska, J., Huang, W., Hübner, F.: A novel approach to HW/SW integration testing of route-based interlocking system controllers. In: Lecomte, T., Pinger, R., Romanovsky, A. (eds.) RSSRail 2016. LNCS, vol. 9707, pp. 32–49. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-33951-1_3
Petrenko, A., Timo, O.N., Ramesh, S.: Test generation by constraint solving and FSM mutant killing. In: Wotawa, F., Nica, M., Kushik, N. (eds.) ICTSS 2016. LNCS, vol. 9976, pp. 36–51. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47443-4_3
Simão, A., Petrenko, A., Yevtushenko, N.: On reducing test length for FSMs with extra states. Softw. Test. Verification Reliab. 22(6), 435–454 (2012). https://doi.org/10.1002/stvr.452. https://onlinelibrary.wiley.com/doi/abs/10.1002/stvr.452
Steffens, S., Siemens Mobility GmbH: Safety@COTS Multicore, Distributed Smart Safe System DS3. In: Innovationstag ETCS Stellwerk smartrail 4.0. pp. 35–47 (2018). https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjTnZe9tfXqAhVOeMAKHWmuBn4QFjAAegQIARAB&url=https%3A%2F%2Fwww.smartrail40.ch%2Fservice%2Fdownload.asp%3Fmem%3D0%26path%3D%255Cdownload%255Cdownloads%255C2018%252011%252013%2520Innovationstag%2520ETCS%2520Stellwerk_smartrail%25204.0.pdf&usg=AOvVaw0UXmG4VZsVLc-HqG6e3ZOJ, presentation slides
Vasilevskii, M.P.: Failure diagnosis of automata. Kibernetika (Transl.) 4, 98–108 (1973)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Peleska, J. (2020). New Distribution Paradigms for Railway Interlocking. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation: Applications. ISoLA 2020. Lecture Notes in Computer Science(), vol 12478. Springer, Cham. https://doi.org/10.1007/978-3-030-61467-6_28
Download citation
DOI: https://doi.org/10.1007/978-3-030-61467-6_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-61466-9
Online ISBN: 978-3-030-61467-6
eBook Packages: Computer ScienceComputer Science (R0)