Abstract
This chapter describes some approaches and emerging trends for verification and model-based testing of railway control systems. We describe state-of-the-art methods and associated tools for verifying interlocking systems and their configuration data, using bounded model checking and k-induction. Using real-world models of novel Danish interlocking systems, it is exemplified how this method scales up and is suitable for industrial application. For verification of the integrated HW/SW system performing the interlocking control tasks, a modelbased hardware-in-the-loop testing approach is presented. The trade-off between complete test strategies capable of uncovering every error in implementations of a given fault domain on the one hand, and on the other hand the unmanageable load of test cases typically created by these strategies is discussed. Pragmatic approaches resulting in manageable test suites with good test strength are explained. Interlocking systems represent just one class of many others, where concrete system instances are created from generic representations, using configuration data for determining the behaviour of the instances. We explain how the systematic transition from generic to concrete instances in the development path is complemented by associated transitions in the verification and testing paths.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
M. Aanffis and H. P. Thai. Modelling and Verification of Relay Interlocking Systems. Master’s thesis, Technical University of Denmark, DTU Informatics, E-mail: reception@imm.dtu.dk, 2012.
Istvan Babcsanyi. Equivalence of Mealy and Moore Automata. Acta Cybernetica, 14:541–552, 2000.
Patrick Behm, Paul Benoit, Alain Faivre, and Jean-Marc Meynadier. Meteor: A successful application of b in a large project. In J. Wing, J. Woodcock, and J. Davies, editors, FM’99 – Formal Methods, volume 1708 of Lecture Notes in Computer Science, pages 369–387, Berlin Heidelberg, 1999. Springer.
Armin Biere, Alessandro Cimatti, Edmund M. Clarke, and Yunshan Zhu. Symbolic Model Checking without BDDs. In Rance Cleaveland, editor, Tools and Algorithms for Construction and Analysis of Systems, 5th International Conference, TACAS ’99, Held as Part of the European Joint Conferences on the Theory and Practice of Software, ETAPS’99, Amsterdam, The Netherlands, March 22-28, 1999, Proceedings, volume 1579 of Lecture Notes in Computer Science, pages 193-207. Springer, 1999.
Armin Biere, Keijo Heljanko, Tommi Junttila, Timo Latvala, and Viktor Schuppan. Linear encodings of bounded LTL model checking. Logical Methods in ComputerScience, 2(5), November 2006. arXiv: cs/0611029.
Dines Bjprner. New Results and Current Trends in Formal Techniques for the Development of Software for Transportation Systems. In Proceedings of the Symposium on Formal Methods for Railway Operation and Control Systems (FORMS’2003), Budapest/Hungary. L’Harmattan Hongrie, May 15-16 2003.
Cecile Braunstein, Anne E. Haxthausen, Wen ling Huang, Felix Hubner, Jan Pe- leska, Uwe Schulze, and Linh Hong Vu. Complete model-based equivalence class testing for the ETCS ceiling speed monitor. In S. Merz and J. Pang, editors, Proceedings of the ICFEM 2014, volume 8829 of Lecture Notes in Computer Science, pages 380–395. Springer Berlin Heidelberg, November 2014.
Cécile Braunstein, Wen-ling Huang, Jan Peleska, Uwe Schulze, Felix Hübner, Anne E. Haxthausen, and Linh Hong Vu. A SysML test model and test suite for the ETCS ceiling speed monitor. Technical report, Embedded Systems Testing Benchmarks Site, 2014-04-30. Available under http://www.mbt-benchmarks.org.
Edmund M. Clarke, Orna Grumberg, and Doron A. Peled. Model Checking. The MIT Press, Cambridge, Massachusetts, 1999.
Leonardo De Moura, Harald Rueß, and Maria Sorea. Bounded Model Checking and Induction: From Refutation to Verification. In Computer Aided Verification, pages 14–26. Springer, 2003.
Ulrich W. Eisenecker and Krzysztof Czarnecki. Generative Programming: Methods, Tools, and Applications. Addison-Wesley, 2000.
ERTMS. Annex A for ETCS Baseline 3 and GSM-R Baseline 0, April 2012.
CENELEC European Committee for Electrotechnical Standardization. EN 50128:2011 – Railway applications – Communications, signalling and processing systems – Software for railway control and protection systems. 2011.
Alessandro Fantechi. Twenty-Five Years of Formal Methods and Railways: What Next? In Steve Counsell and Manuel Nunez, editors, Software Engineering and Formal Methods, volume 8368 of Lecture Notes in Computer Science, pages 167183. Springer, 2014.
Alessio Ferrari, Gianluca Magnani, Daniele Grasso, and Alessandro Fantechi. Model Checking Interlocking Control Tables. In Eckehard Schnieder and Geza Tarnai, editors, FORMS/FORMAT 2010 – Formal Methods for Automation and Safety in Railway and Automotive Systems, pages 107–115. Springer, 2010.
A. E. Haxthausen and J. Peleska. Formal Development and Verification of a Distributed Railway Control System. IEEE Transaction on Software Engineering, 26(8):687–701, 2000.
Anne E. Haxthausen. Automated Generation of Formal Safety Conditions from Railway Interlocking Tables. International Journal on Software Tools for Technology Transfer (STTT), Special Issue on Formal Methods for Railway Control Systems, 16(6):713–726, 2014.
Anne E. Haxthausen, Marie Le Bliguet, and Andreas A. Kjffir. Modelling and Verification of Relay Interlocking Systems. In Christine Choppy and Oleg Sokol- sky, editors, 15th Monterey Workshop: Foundations of Computer Software, Future Trends and Techniques for Development, number 6028 in Lecture Notes in Computer Science, pages 141–153. Springer, 2010. Invited paper.
Anne E. Haxthausen and Jan Peleska. Efficient Development and Verification of Safe Railway Control Software. In Railways: Types, Design and Safety Issues, pages 127–148. Nova Science Publishers, Inc., 2013.
Anne E. Haxthausen, Jan Peleska, and Sebastian Kinder. A Formal Approach for the Construction and Verification of Railway Control Systems. In Formal Aspects of Computing, volume 23, pages 191–219. Springer, 2011.
Wen-ling Huang and Jan Peleska. Complete model-based equivalence class testing. International Journal on Software Tools for Technology Transfer, pages 1–19, 2014.
Phillip James and Markus Roggenbach. Automatically Verifying Railway Interlockings Using SAT-based Model Checking. In Electronic Communications of the EASST, volume 35. EASST, 2011.
Helge Loding and Jan Peleska. Timed moore automata: test data generation and model checking. In Proc. 3rd International Conference on Software Testing, Verification and Validation (ICST’10). IEEE Computer Society, 2010.
Kirsten Mewes. Domain-specific Modelling of Railway Control Systems with Integrated Verification and Validation. PhD thesis, University of Bremen, 2010. http://www.dr.hut-verlag.de/978-3-86853-359-0.html.
Jan Peleska. Industrial-Strength Model-Based Testing – State of the Art and Current Challenges. In Alexander K. Petrenko and Holger Schlingloff, editors, Proceedings 8th Workshop on Model-Based Testing, Rome, Italy, volume 111 of Electronic Proceedings in Theoretical Computer Science, pages 3-28. Open Publishing Association, 2013.
Jan Peleska, Daniel Große, Anne E. Haxthausen, and Rolf Drechsler. Automated verification for train control systems. In E. Schnieder and G. Tarnai, editors, Formal Methods for Automation and Safety in Railway and Automotive Systems, Braunschweig, Germany, December, 2004, pages 252-265. Technical University of Braunschweig, ISBN 3-9803363-8-7, 2004.
Jan Peleska, Artur Honisch, Florian Lapschies, Helge Löding, Hermann Schmid, Peer Smuda, Elena Vorobev, and Cornelia Zahlten. A real-world benchmark model for testing concurrent real-time systems in the automotive domain. In Burkhart Wolff and Fatiha Zaidi, editors, Testing Software and Systems. Proceedings of the 23rd IFIP WG 6.1 International Conference, ICTSS 2011, volume 7019 of LNCS, pages 146–161, Heidelberg Dordrecht London New York, November 2011. IFIP WG 6.1, Springer.
Jan Peleska, Elena Vorobev, and Florian Lapschies. Automated test case generation with SMT-solving and abstract interpretation. In Mihaela Bobaru, Klaus Havelund, Gerard J. Holzmann, and Rajeev Joshi, editors, Nasa Formal Methods, Third International Symposium, NFM 2011, volume 6617 of LNCS, pages 298–312, Pasadena, CA, USA, April 2011. Springer.
A. Petrenko, N. Yevtushenko, and G. v. Bochmann. Fault models for testing in context. In Reinhard Gotzhein and Jan Bredereke, editors, Formal Description Techniques IX – Theory, application and tools, pages 163–177. Chapman & Hall, 1996.
Mary Sheeran, Satnam Singh, and Gunnar Stalmarck. Checking safety properties using induction and a SAT-solver. In Jr. Hunt, Warren A. and Steven D. Johnson, editors, Formal Methods in Computer-Aided Design, volume 1954 of Lecture Notes in Computer Science, pages 127–144. Springer Berlin Heidelberg, 2000.
J.G. Springintveld, F.W. Vaandrager, and P.R. D’Argenio. Testing timed automata. Theoretical Computer Science, 254(1–2):225–257, March 2001.
Linh Hong Vu, Anne E. Haxthausen, and Jan Peleska. A Domain-Specific Language for Railway Interlocking Systems. In Eckehard Schnieder and Geza Tarnai, editors, FORMS/FORMAT 2014 – 10th Symposium on Formal Methods for Automation and Safety in Railway and Automotive Systems, pages 200-209. Institute for Traffic Safety and Automation Engineering, Technische Universitöat Braunschweig, 2014.
Linh Hong Vu, Anne E. Haxthausen, and Jan Peleska. Formal Modeling and Verification of Interlocking Systems Featuring Sequential Release. In Formal Techniques for Safety-Critical Systems, volume 476 of Communications in Computer and Information Science. Springer International Publishing Switzerland, 2015.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer Fachmedien Wiesbaden
About this chapter
Cite this chapter
Haxthausen, A., Peleska, J. (2015). Model Checking and Model-Based Testing in the Railway Domain. In: Drechsler, R., Kühne, U. (eds) Formal Modeling and Verification of Cyber-Physical Systems. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-09994-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-658-09994-7_4
Published:
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-09993-0
Online ISBN: 978-3-658-09994-7
eBook Packages: Computer ScienceComputer Science (R0)