Skip to main content
SpringerLink
Log in

A formal refinement-based analysis of the hybrid ERTMS/ETCS level 3 standard

  • ABZ 2018
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

This paper presents a formal model of the case study proposed for the ABZ2018 conference, which concerns the Hybrid ERTMS/ETCS Level 3 Standard. This standard allows trains to communicate with a train supervisor to report their integrity and positions, thanks to an onboard train integrity monitoring system. The supervisor assigns trains a movement authority to control traffic and to avoid collisions. The standard also provides for trains that cannot communicate with the supervisor; these trains are detected by sensors on tracks and obey traffic signals set by the supervisor along the trackside. Using communication allows for a finer grain control of the tracks. Our model is derived using stepwise refinement with the Event-B method. We take into account the main features of the case study (VSS management, timers, ERTMS and non-ERTMS trains). Our model is decomposed into four refinements. All proof obligations have been discharged using the Rodin provers, except those related to the computation of the VSS state machine, which was found to be ambiguous (nondeterministic). Our model has been validated using ProB. The main safety property, which is that ERTMS trains do not collide, is proved. Our model focuses on the discrete control logic aspects of the case study.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Notes

  1. www.event-b.org.

  2. www3.hhu.de/stups/prob.

  3. www.atelierb.eu.

References

  1. Abrial, J.: Modeling in Event-B. Cambridge University Press, Cambridge (2010)

    Book  Google Scholar 

  2. Hoang, T.S., Butler, M.J., Reichl, K.: The hybrid ERTMS/ETCS level 3 case study. In: Butler, M.J., Raschke, A., Hoang, T.S., Reichl, K. (eds.): Abstract State Machines, Alloy, B, TLA, VDM, and Z—6th International Conference, ABZ 2018, Southampton, UK, June 5-8, 2018, Proceedings. Volume 10817 of Lecture Notes in Computer Science, pp. 251–261. Springer, Berlin (2018)

  3. EEIG ERTMS Users Group: Hybrid ERTMS/ETCS Level 3: Principles, Ref. 16E042 Version 1A. Technical report, Brussels, Belgium (2017)

  4. EEIG ERTMS Users Group: Hybrid ERTMS/ETCS Level 3: Principles, Ref. 16E042 Version 1C. Technical report, Brussels, Belgium (2018)

  5. Voisin, L., Abrial, J.: The Rodin platform has turned ten. In: Ameur, Y.A., Schewe, K. (eds.) Abstract State Machines, Alloy, B, TLA, VDM, and Z—4th International Conference, ABZ 2014, Toulouse, France, June 2–6, 2014. Proceedings. Volume 8477 of Lecture Notes in Computer Science, pp. 1–8. Springer, Berlin (2014)

  6. Leuschel, M., Butler, M.J.: Prob: an automated analysis toolset for the B method. STTT 10(2), 185–203 (2008)

    Article  Google Scholar 

  7. Mammar, A., Frappier, M., Fotso, S.J.T., Laleau, R.: An Event-B model of the hybrid ERTMS/ETCS level 3 standard. In: Butler, M.J., Raschke, A., Hoang, T.S., Reichl, K. (eds.): Abstract State Machines, Alloy, B, TLA, VDM, and Z—6th International Conference, ABZ 2018, Southampton, UK, June 5-8, 2018, Proceedings. Volume 10817 of Lecture Notes in Computer Science, pp. 353–366. Springer, Berlin (2018)

  8. Mammar, A., Frappier, M., Fotso, S.J.T., Laleau, R.: An Event-B Model of the Hybrid ERTMS/ETCS Level 3 Standard. http://info.usherbrooke.ca/mfrappier/abz2018-ERTMS-Case-Study (2018). Accessed Jan 2018

  9. Abrial, J.: The B-Book—Assigning Programs to Meanings. Cambridge University Press, Cambridge (2005)

    MATH  Google Scholar 

  10. Bouton, T., Oliveira, D.C.B.D., Déharbe, D., Fontaine, P.: veriT: an open, trustable and efficient SMT-solver. In: Schmidt, R.A. (ed.) Automated Deduction—CADE-22, 22nd International Conference on Automated Deduction, Montreal, Canada, August 2–7, 2009. Proceedings. Volume 5663 of Lecture Notes in Computer Science, pp. 151–156. Springer, Berlin (2009)

  11. Barrett, C., Tinelli, C.: CVC3. In: Damm, W., Hermanns, H. (eds.) Computer Aided Verification, 19th International Conference, CAV 2007, Berlin, Germany, July 3–7, 2007, Proceedings. Volume 4590 of Lecture Notes in Computer Science, pp. 298–302. Springer (2007)

  12. Pnueli, A.: The temporal logic of programs. In: 18th Annual Symposium on Foundations of Computer Science, Providence, Rhode Island, USA, 31 October–1 November 1977, pp. 46–57. IEEE Computer Society (1977)

  13. Clarke, E.M., Emerson, E.A.: Design and synthesis of synchronization skeletons using branching time temporal logic. In: Grumberg, O., Veith, H. (eds.) 25 Years of Model Checking–History, Achievements, Perspectives. Volume 5000 of Lecture Notes in Computer Science, pp. 196–215. Springer, Berlin (2008)

  14. Parnas, D.L., Madey, J.: Functional documents for computer systems. Sci. Comput. Program. 25(1), 41–61 (1995)

    Article  Google Scholar 

  15. Leuschel, M., Butler, M.J.: ProB: a model checker for B. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003: Formal Methods Europe, Pisa, Italy, September 8–14, 2003. Volume 2805 of LNCS, pp. 855–874. Springer, Berlin (2003)

  16. Arcaini, P., Jezek, P., Kofron, J.: Modelling the hybrid ERTMS/ETCS level 3 case study in spin. In: Butler, M.J., Raschke, A., Hoang, T.S., Reichl, K. (eds.): Abstract State Machines, Alloy, B, TLA, VDM, and Z—6th International Conference, ABZ 2018, Southampton, UK, June 5-8, 2018, Proceedings. Volume 10817 of Lecture Notes in Computer Science, pp. 277–291. Springer, Berlin (2018)

  17. Hansen, D., Leuschel, M., Schneider, D., Krings, S., Körner, P., Naulin, T., Nayeri, N., Skowron, F.: Using a formal B model at runtime in a demonstration of the ETCS hybrid level 3 concept with real trains. In: Butler, M.J., Raschke, A., Hoang, T.S., Reichl, K. (eds.): Abstract State Machines, Alloy, B, TLA, VDM, and Z—6th International Conference, ABZ 2018, Southampton, UK, June 5-8, 2018, Proceedings. Volume 10817 of Lecture Notes in Computer Science, pp. 292–306. Springer, Berlin (2018)

  18. Cunha, A., Macedo, N.: Validating the hybrid ERTMS/ETCS level 3 concept with electrum. In: Butler, M.J., Raschke, A., Hoang, T.S., Reichl, K. (eds.): Abstract State Machines, Alloy, B, TLA, VDM, and Z—6th International Conference, ABZ 2018, Southampton, UK, June 5-8, 2018, Proceedings. Volume 10817 of Lecture Notes in Computer Science, pp. 307–321. Springer, Berlin (2018)

  19. Abrial, J.: The ABZ-2018 case study with event-b. In: Butler, M.J., Raschke, A., Hoang, T.S., Reichl, K. (eds.): Abstract State Machines, Alloy, B, TLA, VDM, and Z—6th International Conference, ABZ 2018, Southampton, UK, June 5-8, 2018, Proceedings. Volume 10817 of Lecture Notes in Computer Science, pp. 322–337. Springer, Berlin (2018)

  20. Dghaym, D., Poppleton, M., Snook, C.F.: Diagram-led formal modelling using iUML-b for hybrid ERTMS level 3. In: Butler, M.J., Raschke, A., Hoang, T.S., Reichl, K. (eds.): Abstract State Machines, Alloy, B, TLA, VDM, and Z—6th International Conference, ABZ 2018, Southampton, UK, June 5-8, 2018, Proceedings. Volume 10817 of Lecture Notes in Computer Science, pp. 338–352. Springer, Berlin (2018)

  21. Fotso, S.J.T., Frappier, M., Laleau, R., Mammar, A.: Modeling the hybrid ERTMS/ETCS level 3 standard using a formal requirements engineering approach. In: Butler, M.J., Raschke, A., Hoang, T.S., Reichl, K. (eds.): Abstract State Machines, Alloy, B, TLA, VDM, and Z—6th International Conference, ABZ 2018, Southampton, UK, June 5-8, 2018, Proceedings. Volume 10817 of Lecture Notes in Computer Science, pp. 262–276. Springer, Berlin (2018)

  22. Fotso, S.J.T., Frappier, M., Laleau, R., Mammar, A.: Modeling the Hybrid ERTMS/ETCS Level 3 Implementation through Goal Diagrams and Ontologies Using the FORMOSE Approach. http://info.usherbrooke.ca/mfrappier/abz2018-ERTMS-Case-Study-Formose (2018). Accessed Jan 2018

  23. Fotso, S.J.T., Mammar, A., Laleau, R., Frappier, M.: Event-B expression and verification of translation rules between SysML/KAOS domain models and B system specifications. In: Butler, M.J., Raschke, A., Hoang, T.S., Reichl, K. (eds.): Abstract State Machines, Alloy, B, TLA, VDM, and Z—6th International Conference, ABZ 2018, Southampton, UK, June 5-8, 2018, Proceedings. Volume 10817 of Lecture Notes in Computer Science, pp. 55–70. Springer, Berlin (2018)

  24. Alur, R., Dill, D.L.: A theory of timed automata. Theor. Comput. Sci. 126(2), 183–235 (1994)

    Article  MathSciNet  Google Scholar 

  25. Dutertre, B., Sorea, M.: Modeling and verification of a fault-tolerant real-time startup protocol using calendar automata. In: FORMATS/FTRTFT. Volume 3253 of Lecture Notes in Computer Science, pp. 199–214. Springer, Berlin (2004)

  26. Berger, U., James, P., Lawrence, A., Roggenbach, M., Seisenberger, M.: Verification of the european rail traffic management system in real-time maude. Sci. Comput. Program. 154, 61–88 (2018)

    Article  Google Scholar 

  27. Cansell, D., Méry, D., Rehm, J.: Time constraint patterns for Event-B development. In: B. Volume 4355 of Lecture Notes in Computer Science, pp. 140–154. Springer, Berlin (2007)

  28. Sarshogh, M.R., Butler, M.J.: Specification and refinement of discrete timing properties in Event-B. ECEASST 46, 1–15 (2011)

    Google Scholar 

  29. Mammar, A., Laleau, R.: Modeling a landing gear system in Event-B. STTT 19(2), 167–186 (2017)

    Article  Google Scholar 

  30. Silva, R., Pascal, C., Hoang, T.S., Butler, M.J.: Decomposition tool for Event-B. Softw. Pract. Exp. 41(2), 199–208 (2011)

    Article  Google Scholar 

  31. Iliasov, A., Troubitsyna, E., Laibinis, L., Romanovsky, A.B., Varpaaniemi, K., Ilic, D., Latvala, T.: Supporting reuse in Event-B development: Modularisation approach. In: ASM Volume 5977 of Lecture Notes in Computer Science, pp. 174–188. Springer, Berlin (2010)

  32. Fathabadi, A.S., Butler, M.J., Rezazadeh, A.: Language and tool support for event refinement structures In Event-B. Formal Asp. Comput. 27(3), 499–523 (2015)

    Article  MathSciNet  Google Scholar 

  33. Said, M.Y., Butler, M.J., Snook, C.F.: A method of refinement in UML-B. Softw. Syst. Model. 14(4), 1557–1580 (2015)

    Article  Google Scholar 

Download references

Acknowledgements

This research was supported in part by NSERC (Natural Sciences and Engineering Research Council of Canada) and the FORMOSE project funded by the French National Research Agency (ANR).

Author information

Authors and Affiliations

  1. SAMOVAR, CNRS UMR 5157, Télécom SudParis, Institut Polytechnique de Paris, Evry, France

    Amel Mammar

  2. GRIF, Département d’informatique, Faculté des sciences, Université de Sherbrooke, Sherbrooke, QC, Canada

    Marc Frappier & Steve Jeffrey Tueno Fotso

  3. Université Paris-Est, LACL, UPEC, IUT Sénart Fontainebleau, Fontainebleau, France

    Steve Jeffrey Tueno Fotso & Régine Laleau

Authors
  1. Amel Mammar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marc Frappier
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Steve Jeffrey Tueno Fotso
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Régine Laleau
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Amel Mammar.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mammar, A., Frappier, M., Tueno Fotso, S.J. et al. A formal refinement-based analysis of the hybrid ERTMS/ETCS level 3 standard. Int J Softw Tools Technol Transfer 22, 333–347 (2020). https://doi.org/10.1007/s10009-019-00543-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-019-00543-1

Keywords

Search

Navigation