Skip to main content
Springer Nature Link
Log in

Modelling, Visualisation and Proof of an ETCS Level 3 Moving Block System

  • Conference paper
  • First Online:
Reliability, Safety, and Security of Railway Systems. Modelling, Analysis, Verification, and Certification (RSSRail 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14198))

Abstract

This work aims to formally ensure the safety of modern moving block systems. For this a proof model was developed in Event-B which captures several safety critical aspects. The new model identifies several key concepts, that are at the heart of the mathematical safety proof and which should later be at the heart of the safety case for a moving block system with trackside train detection. Some of the key concepts were inspired by earlier CBTC models and adapted for ETCS moving block, and a few novel key concepts were developed to deal safely with delays of train position reports and trackside train detection.

The invariants of the proof model have proven mathematically with the Rodin toolset, thereby establishing safety properties of the modelled system. The proof model can also be animated and visualised using the ProB validation tool. By necessity, the proof model abstracts away from irrelevant details and still has some restrictions in scope (such as linear topology). Nonetheless, even with current restrictions, the key concepts already proved valuable when reasoning about safety of moving block systems. In the article we also present our modelling and tooling methodology, outlining the importance of complementing proof with animation. We also explain the importance of inductive properties and argue that a train-centric approach is more promising for proof of a moving block system than a track-centric approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://www.clearsy.com/en/ertms-en/.

References

  1. Hybrid ERTMS/ETCS Level 3. Principles Ref: 16E042, Version: 1A, EEIG ERTMS Users Group, 123–133 Rue Froissart, 1040 Brussels, Belgium (2017)

    Google Scholar 

  2. Abrial, J.-R.: The B-Book. Cambridge University Press, Cambridge (1996)

    Book  MATH  Google Scholar 

  3. Abrial, J.-R.: Modeling in Event-B: System and Software Engineering. Cambridge University Press, Cambridge (2010)

    Book  MATH  Google Scholar 

  4. Abrial, J.-R., Butler, M., Hallerstede, S., Voisin, L.: An open extensible tool environment for event-B. In: Liu, Z., He, J. (eds.) ICFEM 2006. LNCS, vol. 4260, pp. 588–605. Springer, Heidelberg (2006). https://doi.org/10.1007/11901433_32

    Chapter  Google Scholar 

  5. Biere, A., Kröning, D.: SAT-based model checking. In: Handbook of Model Checking, pp. 277–303. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-10575-8_10

    Chapter  MATH  Google Scholar 

  6. Borälv, A.: Case study: formal verification of a computerized railway interlocking. Formal Aspects Comput. 10(4), 338–360 (1998)

    Article  MATH  Google Scholar 

  7. Breton, N., Fonteneau, Y.: S3: proving the safety of critical systems. In: Lecomte, T., Pinger, R., Romanovsky, A. (eds.) RSSRail 2016. LNCS, vol. 9707, pp. 231–242. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-33951-1_17

    Chapter  Google Scholar 

  8. Butler, M., et al.: Formal modelling techniques for efficient development of railway control products. In: Fantechi, A., Lecomte, T., Romanovsky, A. (eds.) RSSRail 2017. Lecture Notes in Computer Science, vol. 10598, pp. 71–86. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68499-4_5

    Chapter  Google Scholar 

  9. Butler, M., et al.: The first twenty-five years of industrial use of the B-method. In: ter Beek, M.H., Ničković, D. (eds.) FMICS 2020. LNCS, vol. 12327, pp. 189–209. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58298-2_8

    Chapter  Google Scholar 

  10. Su, W., Chen, J., Khan, S.: Insulin pump: modular modeling of hybrid systems using event-B. In: Butler, M., Raschke, A., Hoang, T.S., Reichl, K. (eds.) ABZ 2018. LNCS, vol. 10817, pp. 403–408. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91271-4_31

    Chapter  Google Scholar 

  11. Chaki, S., Gurfinkel, A.: BDD-based symbolic model checking. In: Handbook of Model Checking, pp. 219–245. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-10575-8_8

    Chapter  MATH  Google Scholar 

  12. Marques-Silva, J., Malik, S.: Propositional SAT solving. In: Handbook of Model Checking, pp. 247–275. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-10575-8_9

    Chapter  Google Scholar 

  13. Comptier, M., Deharbe, D., Perez, J.M., Mussat, L., Pierre, T., Sabatier, D.: Safety analysis of a CBTC system: a rigorous approach with event-B. In: Fantechi, A., Lecomte, T., Romanovsky, A. (eds.) RSSRail 2017. Lecture Notes in Computer Science, vol. 10598, pp. 148–159. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68499-4_10

    Chapter  Google Scholar 

  14. Comptier, M., Leuschel, M., Mejia, L.-F., Perez, J.M., Mutz, M.: Property-based modelling and validation of a CBTC zone controller in event-B. In: Collart-Dutilleul, S., Lecomte, T., Romanovsky, A. (eds.) RSSRail 2019. LNCS, vol. 11495, pp. 202–212. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-18744-6_13

    Chapter  Google Scholar 

  15. Dghaym, D., Dalvandi, M., Poppleton, M., Snook, C.F.: Formalising the hybrid ERTMS level 3 specification in iUML-B and event-B. Int. J. Softw. Tools Technol. Transf. 22(3), 297–313 (2020)

    Article  Google Scholar 

  16. Dollé, D., Essamé, D., Falampin, J.: B dans le transport ferroviaire. L’expérience de Siemens transportation systems. Technique et Science Informatiques, 22(1), 11–32 (2003)

    Google Scholar 

  17. Essamé, D., Dollé, D.: B in large-scale projects: the Canarsie line CBTC experience. In: Julliand, J., Kouchnarenko, O. (eds.) B 2007. LNCS, vol. 4355, pp. 252–254. Springer, Heidelberg (2006). https://doi.org/10.1007/11955757_21

    Chapter  Google Scholar 

  18. Fantechi, A., Lecomte, T., Romanovsky, A.B.: (eds.) Proceedings RSSRail 2017, LNCS 10598. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68499-4

  19. Ferrari, A., et al.: Survey on formal methods and tools in railways: the ASTRail approach. In: Collart-Dutilleul, S., Lecomte, T., Romanovsky, A. (eds.) RSSRail 2019. LNCS, vol. 11495, pp. 226–241. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-18744-6_15

    Chapter  Google Scholar 

  20. Fotso, S.J.T., Frappier, M., Laleau, R., Mammar, A.: Modeling the hybrid ERTMS/ETCS level 3 standard using a formal requirements engineering approach. Int. J. Softw. Tools Technol. Transf. 22(3), 349–363 (2020)

    Article  Google Scholar 

  21. Fuchs, N.E.: Specifications are (preferably) executable. Softw. Eng. J. 7(5), 323–334 (1992)

    Article  Google Scholar 

  22. Hansen, D., et al.: Using a formal B model at runtime in a demonstration of the ETCS hybrid level 3 concept with real trains. In: Butler, M., Raschke, A., Hoang, T.S., Reichl, K. (eds.) ABZ 2018. LNCS, vol. 10817, pp. 292–306. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91271-4_20

    Chapter  Google Scholar 

  23. Haxthausen, A.E., Nguyen, H.N., Roggenbach, M.: Comparing formal verification approaches of interlocking systems. In: Lecomte, T., Pinger, R., Romanovsky, A. (eds.) RSSRail 2016. LNCS, vol. 9707, pp. 160–177. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-33951-1_12

    Chapter  Google Scholar 

  24. Hayes, I., Jones, C.B.: Specifications are not (necessarily) executable. Softw. Eng. J. 4(6), 330–338 (1989)

    Article  Google Scholar 

  25. Hoang, T.S., Butler, M., Reichl, K.: The hybrid ERTMS/ETCS level 3 case study. In: Butler, M., Raschke, A., Hoang, T.S., Reichl, K. (eds.) ABZ 2018. LNCS, vol. 10817, pp. 251–261. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91271-4_17

    Chapter  MATH  Google Scholar 

  26. Holzmann, G.J.: Explicit-state model checking. In: Handbook of Model Checking, pp. 153–171. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-10575-8_5

    Chapter  MATH  Google Scholar 

  27. Krings, S., Bendisposto, J., Leuschel, M.: From failure to proof: the ProB disprover for B and event-B. In: Calinescu, R., Rumpe, B. (eds.) SEFM 2015. LNCS, vol. 9276, pp. 199–214. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22969-0_15

    Chapter  Google Scholar 

  28. Lamport, L.: Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley, Boston (2002)

    Google Scholar 

  29. Limbrée, C., Cappart, Q., Pecheur, C., Tonetta, S.: Verification of railway interlocking - compositional approach with OCRA. In: Lecomte, T., Pinger, R., Romanovsky, A. (eds.) RSSRail 2016. LNCS, vol. 9707, pp. 134–149. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-33951-1_10

    Chapter  Google Scholar 

  30. Leuschel, M., Butler, M.J.: ProB: an automated analysis toolset for the B method. STTT 10(2), 185–203 (2008)

    Article  Google Scholar 

  31. Leuschel, M., Falampin, J., Fritz, F., Plagge, D.: Automated property verification for large scale B models with ProB. Formal Asp. Comput. 23(6), 683–709 (2011)

    Article  MathSciNet  Google Scholar 

  32. Leuschel, M., Mutz, M., Werth, M.: Modelling and validating an automotive system in classical B and event-B. In: Raschke, A., Méry, D., Houdek, F. (eds.) ABZ 2020. LNCS, vol. 12071, pp. 335–350. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-48077-6_27

    Chapter  Google Scholar 

  33. Mammar, A., Frappier, M., Fotso, S.J.T., Laleau, R.: A formal refinement-based analysis of the hybrid ERTMS/ETCS level 3 standard. Int. J. Softw. Tools Technol. Transf. 22(3), 333–347 (2020)

    Article  Google Scholar 

  34. Mazzanti, F., Basile, D.: A formal methods demonstrator for railways. ERCIM News 121, 2020 (2020)

    Google Scholar 

  35. Sabatier, D.: Using formal proof and B method at system level for industrial projects. In: Lecomte, T., Pinger, R., Romanovsky, A. (eds.) RSSRail 2016. LNCS, vol. 9707, pp. 20–31. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-33951-1_2

    Chapter  Google Scholar 

  36. ter Beek, M.H., et al.: Adopting formal methods in an industrial setting: the railways case. In: ter Beek, M.H., McIver, A., Oliveira, J.N. (eds.) FM 2019. LNCS, vol. 11800, pp. 762–772. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30942-8_46

    Chapter  Google Scholar 

  37. Werth, M., Leuschel, M.: VisB: a lightweight tool to visualize formal models with SVG graphics. In: Raschke, A., Méry, D., Houdek, F. (eds.) ABZ 2020. LNCS, vol. 12071, pp. 260–265. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-48077-6_21

    Chapter  Google Scholar 

  38. X2Rail-3. Advanced signalling, automation and communication system (IP2 and IP5). Deliverable D4.2: Moving block specifications. Part 2 - System definition. Technical report (2020). https://projects.shift2rail.org

Download references

Acknowledgement

We thank anonymous referees for their useful feedback.

Author information

Authors and Affiliations

  1. Institut für Informatik, Universität Düsseldorf, Universitätsstr. 1, 40225, Düsseldorf, Germany

    Michael Leuschel

  2. Ground Transportation Deutschland GmbH, Stuttgart, Germany

    Nader Nayeri

Authors
  1. Michael Leuschel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nader Nayeri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Leuschel .

Editor information

Editors and Affiliations

  1. Technische Universität Berlin, Berlin, Germany

    Birgit Milius

  2. Université Gustave Eiffel, Villeneuve d’Ascq, France

    Simon Collart-Dutilleul

  3. CLEARSY Systems Engineering, Aix en Provence, France

    Thierry Lecomte

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Leuschel, M., Nayeri, N. (2023). Modelling, Visualisation and Proof of an ETCS Level 3 Moving Block System. In: Milius, B., Collart-Dutilleul, S., Lecomte, T. (eds) Reliability, Safety, and Security of Railway Systems. Modelling, Analysis, Verification, and Certification. RSSRail 2023. Lecture Notes in Computer Science, vol 14198. Springer, Cham. https://doi.org/10.1007/978-3-031-43366-5_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-43366-5_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-43365-8

  • Online ISBN: 978-3-031-43366-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics