Skip to main content
SpringerLink
Log in

Model Checking and Model-Based Testing in the Railway Domain

  • Chapter
  • First Online:
Formal Modeling and Verification of Cyber-Physical Systems

Abstract

This chapter describes some approaches and emerging trends for verification and model-based testing of railway control systems. We describe state-of-the-art methods and associated tools for verifying interlocking systems and their configuration data, using bounded model checking and k-induction. Using real-world models of novel Danish interlocking systems, it is exemplified how this method scales up and is suitable for industrial application. For verification of the integrated HW/SW system performing the interlocking control tasks, a modelbased hardware-in-the-loop testing approach is presented. The trade-off between complete test strategies capable of uncovering every error in implementations of a given fault domain on the one hand, and on the other hand the unmanageable load of test cases typically created by these strategies is discussed. Pragmatic approaches resulting in manageable test suites with good test strength are explained. Interlocking systems represent just one class of many others, where concrete system instances are created from generic representations, using configuration data for determining the behaviour of the instances. We explain how the systematic transition from generic to concrete instances in the development path is complemented by associated transitions in the verification and testing paths.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Aanffis and H. P. Thai. Modelling and Verification of Relay Interlocking Systems. Master’s thesis, Technical University of Denmark, DTU Informatics, E-mail: reception@imm.dtu.dk, 2012.

    Google Scholar 

  2. Istvan Babcsanyi. Equivalence of Mealy and Moore Automata. Acta Cybernetica, 14:541–552, 2000.

    MATH  MathSciNet  Google Scholar 

  3. Patrick Behm, Paul Benoit, Alain Faivre, and Jean-Marc Meynadier. Meteor: A successful application of b in a large project. In J. Wing, J. Woodcock, and J. Davies, editors, FM’99 – Formal Methods, volume 1708 of Lecture Notes in Computer Science, pages 369–387, Berlin Heidelberg, 1999. Springer.

    Google Scholar 

  4. Armin Biere, Alessandro Cimatti, Edmund M. Clarke, and Yunshan Zhu. Symbolic Model Checking without BDDs. In Rance Cleaveland, editor, Tools and Algorithms for Construction and Analysis of Systems, 5th International Conference, TACAS ’99, Held as Part of the European Joint Conferences on the Theory and Practice of Software, ETAPS’99, Amsterdam, The Netherlands, March 22-28, 1999, Proceedings, volume 1579 of Lecture Notes in Computer Science, pages 193-207. Springer, 1999.

    Google Scholar 

  5. Armin Biere, Keijo Heljanko, Tommi Junttila, Timo Latvala, and Viktor Schuppan. Linear encodings of bounded LTL model checking. Logical Methods in ComputerScience, 2(5), November 2006. arXiv: cs/0611029.

    Google Scholar 

  6. Dines Bjprner. New Results and Current Trends in Formal Techniques for the Development of Software for Transportation Systems. In Proceedings of the Symposium on Formal Methods for Railway Operation and Control Systems (FORMS’2003), Budapest/Hungary. L’Harmattan Hongrie, May 15-16 2003.

    Google Scholar 

  7. Cecile Braunstein, Anne E. Haxthausen, Wen ling Huang, Felix Hubner, Jan Pe- leska, Uwe Schulze, and Linh Hong Vu. Complete model-based equivalence class testing for the ETCS ceiling speed monitor. In S. Merz and J. Pang, editors, Proceedings of the ICFEM 2014, volume 8829 of Lecture Notes in Computer Science, pages 380–395. Springer Berlin Heidelberg, November 2014.

    Google Scholar 

  8. Cécile Braunstein, Wen-ling Huang, Jan Peleska, Uwe Schulze, Felix Hübner, Anne E. Haxthausen, and Linh Hong Vu. A SysML test model and test suite for the ETCS ceiling speed monitor. Technical report, Embedded Systems Testing Benchmarks Site, 2014-04-30. Available under http://www.mbt-benchmarks.org.

  9. Edmund M. Clarke, Orna Grumberg, and Doron A. Peled. Model Checking. The MIT Press, Cambridge, Massachusetts, 1999.

    Google Scholar 

  10. Leonardo De Moura, Harald Rueß, and Maria Sorea. Bounded Model Checking and Induction: From Refutation to Verification. In Computer Aided Verification, pages 14–26. Springer, 2003.

    Google Scholar 

  11. Ulrich W. Eisenecker and Krzysztof Czarnecki. Generative Programming: Methods, Tools, and Applications. Addison-Wesley, 2000.

    Google Scholar 

  12. ERTMS. Annex A for ETCS Baseline 3 and GSM-R Baseline 0, April 2012.

    Google Scholar 

  13. CENELEC European Committee for Electrotechnical Standardization. EN 50128:2011 – Railway applications – Communications, signalling and processing systems – Software for railway control and protection systems. 2011.

    Google Scholar 

  14. Alessandro Fantechi. Twenty-Five Years of Formal Methods and Railways: What Next? In Steve Counsell and Manuel Nunez, editors, Software Engineering and Formal Methods, volume 8368 of Lecture Notes in Computer Science, pages 167183. Springer, 2014.

    Google Scholar 

  15. Alessio Ferrari, Gianluca Magnani, Daniele Grasso, and Alessandro Fantechi. Model Checking Interlocking Control Tables. In Eckehard Schnieder and Geza Tarnai, editors, FORMS/FORMAT 2010 – Formal Methods for Automation and Safety in Railway and Automotive Systems, pages 107–115. Springer, 2010.

    Google Scholar 

  16. A. E. Haxthausen and J. Peleska. Formal Development and Verification of a Distributed Railway Control System. IEEE Transaction on Software Engineering, 26(8):687–701, 2000.

    Article  Google Scholar 

  17. Anne E. Haxthausen. Automated Generation of Formal Safety Conditions from Railway Interlocking Tables. International Journal on Software Tools for Technology Transfer (STTT), Special Issue on Formal Methods for Railway Control Systems, 16(6):713–726, 2014.

    Google Scholar 

  18. Anne E. Haxthausen, Marie Le Bliguet, and Andreas A. Kjffir. Modelling and Verification of Relay Interlocking Systems. In Christine Choppy and Oleg Sokol- sky, editors, 15th Monterey Workshop: Foundations of Computer Software, Future Trends and Techniques for Development, number 6028 in Lecture Notes in Computer Science, pages 141–153. Springer, 2010. Invited paper.

    Google Scholar 

  19. Anne E. Haxthausen and Jan Peleska. Efficient Development and Verification of Safe Railway Control Software. In Railways: Types, Design and Safety Issues, pages 127–148. Nova Science Publishers, Inc., 2013.

    Google Scholar 

  20. Anne E. Haxthausen, Jan Peleska, and Sebastian Kinder. A Formal Approach for the Construction and Verification of Railway Control Systems. In Formal Aspects of Computing, volume 23, pages 191–219. Springer, 2011.

    Google Scholar 

  21. Wen-ling Huang and Jan Peleska. Complete model-based equivalence class testing. International Journal on Software Tools for Technology Transfer, pages 1–19, 2014.

    Google Scholar 

  22. Phillip James and Markus Roggenbach. Automatically Verifying Railway Interlockings Using SAT-based Model Checking. In Electronic Communications of the EASST, volume 35. EASST, 2011.

    Google Scholar 

  23. Helge Loding and Jan Peleska. Timed moore automata: test data generation and model checking. In Proc. 3rd International Conference on Software Testing, Verification and Validation (ICST’10). IEEE Computer Society, 2010.

    Google Scholar 

  24. Kirsten Mewes. Domain-specific Modelling of Railway Control Systems with Integrated Verification and Validation. PhD thesis, University of Bremen, 2010. http://www.dr.hut-verlag.de/978-3-86853-359-0.html.

  25. Jan Peleska. Industrial-Strength Model-Based Testing – State of the Art and Current Challenges. In Alexander K. Petrenko and Holger Schlingloff, editors, Proceedings 8th Workshop on Model-Based Testing, Rome, Italy, volume 111 of Electronic Proceedings in Theoretical Computer Science, pages 3-28. Open Publishing Association, 2013.

    Google Scholar 

  26. Jan Peleska, Daniel Große, Anne E. Haxthausen, and Rolf Drechsler. Automated verification for train control systems. In E. Schnieder and G. Tarnai, editors, Formal Methods for Automation and Safety in Railway and Automotive Systems, Braunschweig, Germany, December, 2004, pages 252-265. Technical University of Braunschweig, ISBN 3-9803363-8-7, 2004.

    Google Scholar 

  27. Jan Peleska, Artur Honisch, Florian Lapschies, Helge Löding, Hermann Schmid, Peer Smuda, Elena Vorobev, and Cornelia Zahlten. A real-world benchmark model for testing concurrent real-time systems in the automotive domain. In Burkhart Wolff and Fatiha Zaidi, editors, Testing Software and Systems. Proceedings of the 23rd IFIP WG 6.1 International Conference, ICTSS 2011, volume 7019 of LNCS, pages 146–161, Heidelberg Dordrecht London New York, November 2011. IFIP WG 6.1, Springer.

    Google Scholar 

  28. Jan Peleska, Elena Vorobev, and Florian Lapschies. Automated test case generation with SMT-solving and abstract interpretation. In Mihaela Bobaru, Klaus Havelund, Gerard J. Holzmann, and Rajeev Joshi, editors, Nasa Formal Methods, Third International Symposium, NFM 2011, volume 6617 of LNCS, pages 298–312, Pasadena, CA, USA, April 2011. Springer.

    Google Scholar 

  29. A. Petrenko, N. Yevtushenko, and G. v. Bochmann. Fault models for testing in context. In Reinhard Gotzhein and Jan Bredereke, editors, Formal Description Techniques IX – Theory, application and tools, pages 163–177. Chapman & Hall, 1996.

    Google Scholar 

  30. Mary Sheeran, Satnam Singh, and Gunnar Stalmarck. Checking safety properties using induction and a SAT-solver. In Jr. Hunt, Warren A. and Steven D. Johnson, editors, Formal Methods in Computer-Aided Design, volume 1954 of Lecture Notes in Computer Science, pages 127–144. Springer Berlin Heidelberg, 2000.

    Google Scholar 

  31. J.G. Springintveld, F.W. Vaandrager, and P.R. D’Argenio. Testing timed automata. Theoretical Computer Science, 254(1–2):225–257, March 2001.

    Article  MATH  MathSciNet  Google Scholar 

  32. Linh Hong Vu, Anne E. Haxthausen, and Jan Peleska. A Domain-Specific Language for Railway Interlocking Systems. In Eckehard Schnieder and Geza Tarnai, editors, FORMS/FORMAT 2014 – 10th Symposium on Formal Methods for Automation and Safety in Railway and Automotive Systems, pages 200-209. Institute for Traffic Safety and Automation Engineering, Technische Universitöat Braunschweig, 2014.

    Google Scholar 

  33. Linh Hong Vu, Anne E. Haxthausen, and Jan Peleska. Formal Modeling and Verification of Interlocking Systems Featuring Sequential Release. In Formal Techniques for Safety-Critical Systems, volume 476 of Communications in Computer and Information Science. Springer International Publishing Switzerland, 2015.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. DTU Compute, Technical University of Denmark, Lyngby, Denmark

    Anne E. Haxthausen

  2. Department of Mathematics and Computer Science, University of Bremen, Bremen, Germany

    Jan Peleska

Authors
  1. Anne E. Haxthausen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jan Peleska
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anne E. Haxthausen .

Editor information

Editors and Affiliations

  1. University of Bremen, Bremen, Germany

    Rolf Drechsler

  2. University of Bremen, Bremen, Germany

    Ulrich Kühne

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer Fachmedien Wiesbaden

About this chapter

Cite this chapter

Haxthausen, A., Peleska, J. (2015). Model Checking and Model-Based Testing in the Railway Domain. In: Drechsler, R., Kühne, U. (eds) Formal Modeling and Verification of Cyber-Physical Systems. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-09994-7_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-658-09994-7_4

  • Published:

  • Publisher Name: Springer Vieweg, Wiesbaden

  • Print ISBN: 978-3-658-09993-0

  • Online ISBN: 978-3-658-09994-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation