The RobustRailS Verification Tool Set

Relaterede dokumenter
Lovkrav vs. udvikling af sundhedsapps

Basic statistics for experimental medical researchers

Breaking Industrial Ciphers at a Whim MATE SOOS PRESENTATION AT HES 11

Project Step 7. Behavioral modeling of a dual ported register set. 1/8/ L11 Project Step 5 Copyright Joanne DeGroat, ECE, OSU 1

Design by Contract Bertrand Meyer Design and Programming by Contract. Oversigt. Prædikater

Sustainable use of pesticides on Danish golf courses

ERTMS baserede signalsystemer på lille syd

H2020 DiscardLess ( ) Lessons learnt. Chefkonsulent, seniorrådgiver Erling P. Larsen, DTU Aqua, Denmark,

Uheldsmodeller på DTU Transport - nu og fremover

SOFTWARE PROCESSES. Dorte, Ida, Janne, Nikolaj, Alexander og Erla

Design by Contract. Design and Programming by Contract. Oversigt. Prædikater

DSB s egen rejse med ny DSB App. Rubathas Thirumathyam Principal Architect Mobile

IBM Network Station Manager. esuite 1.5 / NSM Integration. IBM Network Computer Division. tdc - 02/08/99 lotusnsm.prz Page 1

Railways and DSB traffic transition for the future

Bilag 8. TDC technical requirements for approval of splitterfilters and inline filters intended for shared access (ADSL or VDSL over POTS).

Black Jack --- Review. Spring 2012

Particle-based T-Spline Level Set Evolution for 3D Object Reconstruction with Range and Volume Constraints

Brug sømbrættet til at lave sjove figurer. Lav fx: Få de andre til at gætte, hvad du har lavet. Use the nail board to make funny shapes.

Trolling Master Bornholm 2014

Small Autonomous Devices in civil Engineering. Uses and requirements. By Peter H. Møller Rambøll

Linear Programming ١ C H A P T E R 2

Skidding System. Challenge Us

Øg sporbarhed og produktivitet gennem integration

frame bracket Ford & Dodge

Strings and Sets: set complement, union, intersection, etc. set concatenation AB, power of set A n, A, A +

DANSK INSTALLATIONSVEJLEDNING VLMT500 ADVARSEL!

Engineering of Chemical Register Machines

Special VFR. - ved flyvning til mindre flyveplads uden tårnkontrol som ligger indenfor en kontrolzone

Maskindirektivet og Remote Access. Arbejdstilsynet Dau konference 2015 Arbejdsmiljøfagligt Center Erik Lund Lauridsen

Titel: Barry s Bespoke Bakery

Generalized Probit Model in Design of Dose Finding Experiments. Yuehui Wu Valerii V. Fedorov RSU, GlaxoSmithKline, US

GIGABIT COLOR IP PHONE

GÅ-HJEM-MØDE OM FM OG INNOVATION

Learnings from the implementation of Epic

The New Line Copenhagen-Ringsted. Bentleyusers.dk 14 November 2011

l i n d a b presentation CMD 07 Business area Ventilation

Trolling Master Bornholm 2014

Trafikstyrelsen for Jernbane og Færger, den 28. maj 2008 PER JACOBSEN. / Lise Aaen Kobberholm

IPv6 Application Trial Services. 2003/08/07 Tomohide Nagashima Japan Telecom Co., Ltd.

Strækningsoversigt ETCS

United Nations Secretariat Procurement Division

QUICK START Updated:

how to save excel as pdf

Projektledelse i praksis

Introduction Ronny Bismark

Finn Gilling The Human Decision/ Gilling September Insights Danmark 2012 Hotel Scandic Aarhus City

Applications. Computational Linguistics: Jordan Boyd-Graber University of Maryland RL FOR MACHINE TRANSLATION. Slides adapted from Phillip Koehn

Vina Nguyen HSSP July 13, 2008

RoE timestamp and presentation time in past

Design til digitale kommunikationsplatforme-f2013

mandag den 23. september 13 Konceptkommunikation

User Manual for LTC IGNOU

Healthcare Apps. OUH Odense University Hospital & Svendborg Hospital. Kiel, Germany, November /12/13

To set new standards of lifting and transportation equipment for wind turbine components. Our product groups

Sortering fra A-Z. Henrik Dorf Chefkonsulent SAS Institute

Sikkerhedsvejledning

Engelsk. Niveau D. De Merkantile Erhvervsuddannelser September Casebaseret eksamen. og

Communicate and Collaborate by using Building Information Modeling

The two traction/speed curves can be seen below. Red for diesel, Green for electric.

PARALLELIZATION OF ATTILA SIMULATOR WITH OPENMP MIGUEL ÁNGEL MARTÍNEZ DEL AMOR MINIPROJECT OF TDT24 NTNU

IPTV Box (MAG250/254) Bruger Manual

Challenges for the Future Greater Helsinki - North-European Metropolis

USERTEC USER PRACTICES, TECHNOLOGIES AND RESIDENTIAL ENERGY CONSUMPTION

Bilag. Resume. Side 1 af 12

Susan Svec of Susan s Soaps. Visit Her At:

Agenda. The need to embrace our complex health care system and learning to do so. Christian von Plessen Contributors to healthcare services in Denmark

Heuristics for Improving

QUICK START Updated: 18. Febr. 2014

Maskinsikkerhed Risikovurdering Del 2: Praktisk vejledning og metodeeksempler

Valg af Automationsplatform

SR - Supplerende Sikkerhedsbestemmelser

The effects of occupant behaviour on energy consumption in buildings

Health surveys. Supervision (much more) from the patients perspective. Charlotte Hjort Head of dep., MD, ph.d., MPG

MSE PRESENTATION 2. Presented by Srunokshi.Kaniyur.Prema. Neelakantan Major Professor Dr. Torben Amtoft

what is this all about? Introduction three-phase diode bridge rectifier input voltages input voltages, waveforms normalization of voltages voltages?

Boligsøgning / Search for accommodation!

Motorway effects on local population and labor market

IBM Software Group. SOA v akciji. Srečko Janjić WebSphere Business Integration technical presales IBM Software Group, CEMA / SEA IBM Corporation

Skriftlig Eksamen Beregnelighed (DM517)

Shared space - mellem vision og realitet. - Lyngby Idrætsby som case

ECE 551: Digital System * Design & Synthesis Lecture Set 5

Quality indicators for clinical pharmacy services

A Strategic Partnership between Aarhus University, Nykredit & PwC. - Focusing on Small and Medium-sized Enterprises

Nye fjernvarmesystemer. Svend Svendsen DTU BYG

International Workshop on Language Proficiency Implementation

Elite sports stadium requirements - views from Danish municipalities

Info og krav til grupper med motorkøjetøjer

DIVAR VIGTIGT! / IMPORTANT! MÅL / DIMENSIONS. The DIVAR wall lamp comes standard. with 2.4 m braided cord and a plug in power supply (EU or UK).

Gusset Plate Connections in Tension

DET KONGELIGE BIBLIOTEK NATIONALBIBLIOTEK OG KØBENHAVNS UNIVERSITETS- BIBLIOTEK. Index

Teknologispredning i sundhedsvæsenet DK ITEK: Sundhedsteknologi som grundlag for samarbejde og forretningsudvikling

TLS-N: Non-repudiation over TLS Enabling Ubiquitous Content Signing

Varenr.: højre venstre º højre med coating º venstre med coating

Automatic Code Orchestration from Descriptive Implementations

Knowledge FOr Resilient

INSTALLATION INSTRUCTIONS STILLEN FRONT BRAKE COOLING DUCTS NISSAN 370Z P/N /308960!

Kapacitetsanalyser af jernbanestrækninger. Alex Landex & Lars Wittrup Jensen

Business Opening. Very formal, recipient has a special title that must be used in place of their name

Gevinstrealisering i Banedanmark

The X Factor. Målgruppe. Læringsmål. Introduktion til læreren klasse & ungdomsuddannelser Engelskundervisningen

Transkript:

The RobustRailS Verification Tool Set for Safety Verification of Interlocking Systems Linh, H. Vu, Technical University of Denmark Anne E. Haxthausen, Technical University of Denmark Jan Peleska, University of Bremen

RobustRailS Verification Method & Tools ERTMS niveau 2: Interoperabel jernbane uden ydre signaler Fjernstyringscentral Trafikleder Radioblokcenter Sikringsanlæg GSM-R data Fast mærke ETCS Akseltællere Eurobalise (Km-sten) Figur 4.2 ERTMS niveau 2: Interoperabel jernbane uden ydre signaler. Eurobalise (Km-sten) Togdetektering Sporskiftedrev Strækningshastigheden vil desuden kunne øges på enkelte strækninger, når der er installeret et nyt signalsystem, idet togkontrol og førerrumssignalering er en sikkerhedsmæssig forudsætning for strækningshastigheder over 120 km/t, jf. kapitel 6. Method and tool set for automated, formal safety verification of interlocking systems. Were developed by Linh H. Vu, Anne Haxthausen, Jan Peleska, in collaboration with the Danish railways in the RobustRailS. research project. RobustRailS research project, 2012-2017: Funded by the Danish Innovation Fund. Partners: 4 DTU departments, Bremen University, Banedanmark, Traffic Authorities, DSB, DSB S-train. Det nye togkontrolsystem kan håndtere hastigheder på mere end 200 km/t. Det vil således være sporets udformning, der vil være begrænsende i forhold til hastighedsopgraderinger. En række strækninger, hvor hastigheden i dag begrænses af signalsystemet, vil uden videre kunne anvendes ved den hastighed sporet giver mulighed for. Togkontrolsystemet i ERTMS udfører de samme funktioner som det nuværende danske ATC system. Det vil således stadig være lokomotivføreren, som varetager styringen af toget. Togkontrolsystemet vil fortsat være en sikkerhedsfunktion, der nedbremser toget, hvis lokomotivføreren ikke reagerer korrekt på signalerne. 4.3.3 Teknisk udviklingsstade for ERTMS niveau 1 og 2 Fastlæggelsen af ERTMS-standarden for niveau 1 og 2 handler om, at der skal opnås enighed om, hvilken løsning blandt flere allerede eksisterende løsninger, der skal være den fælles standard. Derefter skal det sikres, at de valgte løsninger for de forskellige funktioner kan fungere sammen. Fastlæggelsen af ERTMS-standarden handler således ikke om at udvikle nye løsninger, men om at opnå enighed om hvilke løsninger der skal anvendes og få produkterne til at fungere sammen. Problemstillingen er uafhængig af valget af ERTMS niveau 1 eller niveau 2. 38 Goal: to develop methods for achieving punctual and safe railway operations for the Danish Re-signaling Program implementing ERTMS/ETCS Level 2. methods for efficient safety verification... 2 RobustRailS Verification Tool Set 17.06.2019

Background: Challenges Errors in interlocking systems may have very severe consequences. Conventional specification & verification methods may be time consuming and not give sufficient guaranties for correctness. Bugs typically first found during testing expensive to fix. Need to get it right from the beginning. 3 RobustRailS Verification Tool Set 17.06.2019

Smarter Specification and Verification Methods state space reachable states :safe states :unsafe states Use Formal Methods and Automation: strongly recommended by CENELEC 50128 for safety-critical software efficient to avoid bugs to catch bugs early, before implementation and test saves time and money 4 RobustRailS Verification Tool Set 17.06.2019

b10 mb10 DOWN mb11 t10 t11 mb20 t20 mb12 t12 mb21 mb13 t13 t14 UP mb14 mb15 b14 RobustRailS Verification Method & Tools (0) develop or generate Possible human manipulation route from to path points markerboards conflicts 1a mb10 mb13 t10;t11;t12 t11:+;t13:- mb11;mb12;mb20 1b;2a;2b;3;4;5a;5b;6b;7. 7 mb20 mb11 t11;t10 t11:- mb10;mb12 1a;1b;2a;2b;3;5b;6a 8 mb21 mb14 t13;t14 t13:- mb13;mb15 1b;2a;4;5a;5b;6a;6b (step 2.1) generator model safety requirements (step 2.2) Model checker investigates: does model meet the requirements? 1.1 Input: track plan. (step 1) static checker 1.2 The tool automatically generates a route control table, if not provided. 1.3 The tool checks that the track plan and route control table are correct. 2.1 The tool generates a formal model of the behaviour of the interlocking system x formal safety requirements (e.g no train collisions). 2.2 A model checker (dis-)proves the model meets the requirements. 3.1 The tool generates test cases and a test oracle for software integration testing. 5 RobustRailS Verification Tool Set 17.06.2019

b10 mb10 DOWN mb11 t10 t11 mb20 t20 mb12 t12 mb21 mb13 t13 t14 UP mb14 mb15 b14 RobustRailS Verification Method & Tools (0) develop or generate Possible human manipulation route from to path points markerboards conflicts 1a mb10 mb13 t10;t11;t12 t11:+;t13:- mb11;mb12;mb20 1b;2a;2b;3;4;5a;5b;6b;7. 7 mb20 mb11 t11;t10 t11:- mb10;mb12 1a;1b;2a;2b;3;5b;6a 8 mb21 mb14 t13;t14 t13:- mb13;mb15 1b;2a;4;5a;5b;6a;6b (step 2.1) generator model safety requirements (step 2.2) Model checker investigates: does model meet the requirements? (step 1) static checker Verification in three steps: The static checking step is used to find errors in the control table. The model checking step is used to find errors in the control algorithms. The model-based testing step is used to find errors in the implemented system. Features: Model hiding : Models automatically generated from domain-specific railway specifications can be used by railway engineers without background in formal methods. Verification based on induction reasoning using bounded model checking pushes the limits for state space explosion. 6 RobustRailS Verification Tool Set 17.06.2019

b10 mb10 DOWN mb11 t10 t11 mb20 t20 mb12 t12 mb21 mb13 t13 UP t14 mb14 route from to path points markerboards conflicts 1a mb10 mb13 t10;t11;t12 t11:+;t13:- mb11;mb12;mb20 1b;2a;2b;3;4;5a;5b;6b;7. 7 mb20 mb11 t11;t10 t11:- mb10;mb12 1a;1b;2a;2b;3;5b;6a 8 mb21 mb14 t13;t14 t13:- mb13;mb15 1b;2a;4;5a;5b;6a;6b Untitled layer Roskilde Station Gadstrup St. Havdrup St. Lille Skensved St. Køge St. Herfølge St. Tureby St. Haslev St. Holme-Olstrup St. Næstved St. EDL mb15 b14 Applications of the Method & Tools (0) develop or generate Possible human manipulation (step 2.1) generator model safety requirements (step 2.2) Model checker investigates: does model meet the requirements? (step 1) static checker The Early Deployment Line, Roskilde - Næstved, in Denmark [Vu, Haxthausen, Peleska 2017]: Untitled map Florence station in Italy [Fantechi, Haxthausen, Macedo 2017]: 7 RobustRailS Verification Tool Set 17.06.2019

Untitled layer Roskilde Station Gadstrup St. Havdrup St. Lille Skensved St. Køge St. Herfølge St. Tureby St. Haslev St. Holme-Olstrup St. Næstved St. EDL t25 t26 t27 t28 Compositional Verification Suggested by Fantechi, Haxthausen, Macedo 2017-.... Goal: to further increase the scalability of the verification method. Idea: cut the interlocking logic of large layouts into separate, more manageable, portions, so that proving safety of the portions implies safety of the whole. E8 E26 t13 T1 t7 t11 T16 T19 E1 E19 A station B station T2 E10 t5 t8 t10 t12 T15 E24 T18 E2 E17 E12 E22 T3 E3 t6 t9 T14 E15 T17 Experiments show: compositional verification is 2.5 3 faster, uses 30 40% less memory. Early Deployment Line (EDL) in Denmark and Florence Station in Italy Untitled map 8 RobustRailS Verification Tool Set 17.06.2019

Thank you for your attention. 9 RobustRailS Verification Tool Set 17.06.2019

2024 © DocPlayer.dk Fortrolighedspolitik | Servicevilkår | Feedback