Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.1109/ICCASM.2010.5620084

2010-01-01

Abstract:A modeling and verification methodology is presented for railway interlocking system which is regarded as a safety-critical system. The methodology utilizes UML (Unified Modeling Language) to model the function requirement and FSM (Finite State Machine) to verify the safety requirements of the specification. The device specifications of railway interlocking system are modeled with UML, and dynamic behaviors of the device and whole system are modeled with FSM, the safety specification is translated LTL (Linear Temporal Logic) and analyzed with NuSMV. We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.2991/iccasm.2012.212

2012-01-01

Abstract:A verification methodology is presented for railway interlocking system which is regarded as a safety-critical system.The methodology utilizes UML to model the function requirement and LTL to verify the safety requirements of the specification.The device specifications of railway interlocking system are modeled with UML, then translate into FSM.The safety specification is translated LTL and analyzed with NuSMV.We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

CHEN Feng,LI Weihua,CHEN Hao,L(U) Zheng

2011-01-01

Abstract:In order to improve the analysis and design of software safety,on the basis of current researches on safety model and verification technology,a modeling and checking method is proposed for object-oriented software safety.Establishing non-formal UML models of software safety,safety extended deterministic finite automata and linear temporal logic are used to create the formal models and describe the safety properties separately.Through a model checker,we get the verification result.This approach realizes the combination of software safety model and verification technology.Experimental results show that the method can analyze and verify the safety properties effectively in the early stage of software design.

Chen Hai-yan,Dong Wei,Wang Ji,Chen Huo-wang

DOI: https://doi.org/10.1007/bf03160241

2001-01-01

Abstract:Formal verification has been widely needed in the development of safety critical systems. In order to introduce the design verification activity in UML developing process, we have developed a verifier of UML Statecharts by using the model checker SMV. The approach is to transform a system model in UML Statecharts to one in SMV input language via an intermediate language and then to verify the system properties specified in CTL by invoking SMV. The current experiences, including the formal verification of a simplified directory based cache coherence protocol in UML Statecharts, show that automatic verification can be integrated as a new step of the software process nicely.

A Cimatti,F Giunchiglia,G Mongardi,D Romano,F Torielli,P Traverso

DOI: https://doi.org/10.1007/3-540-49646-7_22

1998-01-01

Abstract:This paper describes an industrial application in formal verification. The analyzed system is the Safety Logic of an interlocking system for the control of railway stations developed by Ansaldo. The Safety Logic is a process-based software architecture, which can be configured to implement different functions and control stations of different topology.The applied technique, model checking, allows for the representation of the analyzed system as a finite state machines. Specialized algorithms allow for the automatic and efficient verification of requirements by means of an exhaustive exploration of the state space.In this paper we describe how a formal model of the Safety Logic has been develped in the language of the SPIN model checker. This model retains the configurability features of the Safety Logic. Furthermore, we discuss how the automated verification of several significant process configurations was carried out without incurring into the state explosion problem.

Xi Wang,Lei Ma,Tao Tang

DOI: https://doi.org/10.1177/1687814016649115

2016-01-01

Abstract:With the development of automatic control and communication technology, communication-based train control system is adopted by more and more urban mass transit system to automatically supervise the train speed to follow a desired trajectory. Taking reliability, availability, maintainability, and safety into consideration, 2 × 2-out-of-2 safety computer platform is usually utilized as the hardware platform of safety-critical subsystem in communication-based train control. To enhance the safety integrity level of safety computer platform, safety-related logics have to be verified before integrating them into practical systems. Therefore, a significant problem of developing safety computer platform is how to guarantee that system behaviors will satisfy the function requirements as well as responding to external events and processes within the limit of right time. Based on the qualitative and quantitative analysis of function and timing characteristics, this article introduces a formal modeling and verification approach for this real-time system. In the proposed method, timed automata network model for 2 × 2-out-of-2 safety computer platform is built, and system requirements are specified and formalized as computation tree logic properties which can be verified by UPPAAL model checker.

Xi Wang,Tao Tang,Shuo Liu

DOI: https://doi.org/10.1049/cp.2013.2439

2013-01-01

Abstract:In CBTC (Communications Based Train Control) system, interlocking is considered to be one of the most fundamental system which features in logic complexity and high safety demand. Traditionally, the development and verification of interlocking system is entirely a manual process which relies too much on designers' experience and some corner-case bugs may not be revealed. In order to solve these problems, our emphasis is paid on formal modeling and model-based verification. This paper introduces an innovative modeling approach to construct system model, express main safety properties, and execute formally verification using SCADE. This method is proven to be helpful for improving the quality and efficiency of interlocking software in practice.

A. Cimatti,F. Giunchiglia,G. Mongardi,D. Romano,F. Torielli,P. Traverso

DOI: https://doi.org/10.1007/s001650050022

1998-01-01

Formal Aspects of Computing

Abstract:In this paper we describe an industrial application of formal methods. We have used model checking techniques to model and formally verify a rather complex software, i.e. part of the “safety logic” of a railway interlocking system. The formal model is structured to retain the reusability and scalability properties of the system being modelled. Part of it is defined once for all at a low cost, and re-used. The rest of the model can be mechanically generated from the designers' current specification language. The model checker is “hidden” to the user, it runs as a powerful debugger. Its performances are impressive: exhaustive analysis of quite complex configurations with respect to rather complex properties are run in the order of minutes. The main reason for this achievement is essentially a carefully designed model, which exploits all the behaviour evolution constraints. The re-usability/scalability of the model and the fact that formal verification is automatic and efficient are the key factors which open up the possibility of a real usage by designers at design time. We have thus assessed the possibility of introducing the novel technique in the development cycle with an advantageous costs/benefits relation.

YANG Jun,GE Hai-tong,ZHENG Fei-jun,YAN Xiao-lang

DOI: https://doi.org/10.3321/j.issn:1008-9497.2006.04.012

2006-01-01

Abstract:Being a formal verification method,model checking is used frequently in hardware and software design.Firstey the Kripke structure which is used to describe the behavior of a system and the CTL logic which is used to describe the property of a system were introduced.Then two model checking algorithms were introduced: one is the labeling algorithm,the other is the algorithm based on fixpoint.In the end,the symbolic model checking which can reduce the possibility of memory explosion was introduced.

Wu Xiao-dan,NING Bin

DOI: https://doi.org/10.3969/j.issn.1004-373X.2011.06.015

2011-01-01

Abstract:UML is a widely used object-oriented visual unified modeling language,but it is lack of precise semantics discription,and difficult to analyze and verify the UML model so as to confirm if the specifications meet the desired requirement.The symbolic model checking is an automated checking technique that can effectively ensure the system creditability.In order to verify the correctness of the UML model,the UML model is translated to the SMV model,and then the symbolic model checker is adopted to test the model.It is helpful to detect the system errors at the beginning of the design.

Lu Chen,Jian Jiao,Jiping Fan,Fuchun Ren

DOI: https://doi.org/10.1109/rams.2016.7447978

2016-01-01

Abstract:Fault propagation identification is an indispensable task in complex system safety analysis. With the growing of system scale and complexity, it is hard for the traditional safety analysis techniques, which depend mainly on analysts' personal skills and experiences, to keep completeness and timeliness; moreover, some failure modes may be neglected and failure effects misjudged during the analysis. Formal science provides a new way to solve this problem, where formal verification method such as model checking can automatically validate whether the system design satisfies the given safety requirements, which can reduce an analysts' repetitive work and design cost, and improve the efficiency and quality of safety analysis. However, there is lack of a deliberate and reasonable way to build system models because of the diversity and flexibility of languages used for model checking, which results in that it is difficult to specify and model system quickly and accurately, and leads to some deviation in model checking. In this paper, a system modeling and safety property specifying approach using symbolic language SMV is proposed, including guidance on the mapping relationships between the formal language elements and system functions, architecture and failure modes; moreover, how to define system specifications and safety requirements using temporal logic formulas is discussed as well. Finally, a case study about airborne system safety analysis is provided, in which the counter-examples that do not meet system specifications can be identified automatically using model checker NuSMV to find out fault events and their propagation that can result in accidents.

V Hartonas-Garmhausen,S Campos,A Cimatti,E Clarke,F Giunchiglia

DOI: https://doi.org/10.1016/s0167-6423(99)00016-7

IF: 1.039

2000-01-01

Science of Computer Programming

Abstract:Ensuring the correctness of computer systems used in life-critical applications is very difficult. The most commonly used verification methods, simulation and testing, are not exhaustive and can miss errors. This work describes an alternative verification technique based on symbolic model checking that can automatically and exhaustively search the state space of the system and verify if properties are satisfied or not. The method also provides useful quantitative timing information about the behavior of the system. We have applied this technique using the Verus tool to a complex safety-critical system designed to control medium and large-size railway stations. We have identified some anomalous behaviors in the model with serious potential consequences in the actual implementation. The fact that errors can be identified before a safety-critical system is deployed in the field not only eliminates sources of very serious problems, but also makes it significantly less expensive to debug the system.

Shiyang Yu,Lianchuan Ma,Yuan Cao

DOI: https://doi.org/10.1109/mape.2017.8250817

2017-01-01

Abstract:The next generation of train-control safety computer is designed as double-redundant systems as safety-critical system. Due to the complexity of the safety computer logic, the active-standby switching between the two subsystems involves multiple state transition under several different conditions. The correctness of the switching process needs to be confirmed by formal verification. In this paper, the UML is used to establish the model and the NuSMV is used to formalize the model. An analysis of multiple-faults situation and the dual-hoststate is carried out. According to the result of model checking, an improvement was proposed to optimize the switching process.

Yan Cao,Qiuzi Lu,Tianhua Xu,Tao Tang,Haifeng Wang,Yongcheng Xu

DOI: https://doi.org/10.1109/ssiri-c.2011.28

2011-01-01

Abstract:The Computer Based Interlocking System (CBI) is used to ensure safe train movements at a railway station. For a given station, all the train routes and the concrete safety rules associated with these are defined in the interlocking table. Currently, the development and verification of interlocking tables is entirely manual process, which is inefficient and error-prone due to the complexity of the CBI and the human interferences. Besides, the complexity and volume of the verification results tend to make users feel extremely non-understandable. In order to tackle these problems, we introduce a toolset based on Domain Specific Language for Computer Based Interlocking Systems (DSL-CBI) to automatically generate and verify the interlocking table, and then mark the conflicting routes in the railway station. In this paper, we also discuss the advantages of the toolset and the significant contribution in developing CBI based on the proposed toolset.

Zhou Conghua,Chen Zhenyu,Ju Shiguang

2008-01-01

Journal of Computer Research and Development

Abstract:For concurrent software systems, linear temporal logic SE-LTL is a specification language with high expressive power and the ability to reason about both states and events. Until now, the SE-LTL model checking algorithm is still explicit, and the state explosion is the primary verification difficulty. A bounded model checking procedure is introduced for SE-LTL which reduces model checking to propositional satisfiability. This new technique avoids the space blow up of BDDs, and sometimes speeds up the verification. For SE-LTL-X the procedure and stuttering equivalent technique is further integrated. The experiment result shows that the integration can reduce the verification time very much.

Nan Zhang,Zhenhua Duan,Cong Tian

DOI: https://doi.org/10.1007/s11432-015-0882-6

2016-01-01

Science China Information Sciences

Abstract:>Model checking,proposed by Clarke and Emerson[1]as well as Queille and Sifakis[2],is an automatic verification approach for hardware and software systems.However,as Clarke pointed out[3],model checking suffers from(1)the state explosion problem,which is typically caused by models growing exponentially in the number of parallel components or data elements of an argument system;(2)different notations used to model a system and required properties;(3)the expressive

R. Wang,X. Song,M. Gu

DOI: https://doi.org/10.1049/iet-sen:20070009

2007-01-01

IET Software

Abstract:Validation is an important task in complex embedded system designs. A method of modelling and analysing embedded systems with programmable logic controllers is presented. Controllers and physical plants are modelled using timed automata. The system requirements are specified and formalised as computational tree logic properties. It is demonstrated that the designed model satisfies the required properties by resorting to a symbolic model checker, Uppaal, for real-time systems. A realistic example, the steeve controller of a theatre, illustrates the strategies. The safety and time constraint requirements are validated by Uppaal. The experimental results demonstrate the effectiveness of the approach presented here.

Junyan Qian,Baowen Xu,Yingzhou Zhang

2007-01-01

Journal of Computational Information Systems

Abstract:Model checking is an automatic formal verification technique for a finite state system. Iterative abstraction refinement has emerged recently as the leading approach to software model checking. We present a methodology for automatically verifying programs against safety specifications based on finite state machine. As the first step, an initial abstract model is automatically extracted from source code using predicate abstraction and theorem proving. In order to reduce time complexities of this process, we partition the set of candidate predicates into subsets, and then construct abstract model independently.

Yanyan Gao,Xi Li

DOI: https://doi.org/10.1109/samos.2013.6621107

2013-01-01

Abstract:SystemC has become a de-facto standard language for SoC and ASIP designs. The verification of implementation with SystemC is the key to guarantee the correctness of designs and prevent the errors from propagating to the lower levels. The gap between SystemC TLM model and its corresponding formal model makes it hard to perform automated translation between them. SystemC describes process behavior in sequential statements and usually employs intermediate variables, while most model checking languages for hardware only describe parallel behaviors, in which the usage of intermediate variables not only increases state space and may prolong execution time, but also introduce potential errors. For a model checking language which supports parallel description, the elimination of redundant intermediate variables is requisite and also an efficient way to reduce the state space. This paper intends to solve these issues: (1) proposing an extraction method that can implement the translation from a description which supports sequential execution to a description supports parallel execution; (2) identifying and removing redundant intermediate variables. In this paper, a novel mechanism is presented to automatically extract behavior description from SystemC to a widespreadly used model checking language SMV. We have implemented a tool SC2SMV and performed actual extraction process on it to demonstrate the effectiveness of the method presented in this paper.

WANG Chang-chun,DONG Wei

DOI: https://doi.org/10.3969/j.issn.1007-130x.2006.03.029

2006-01-01

Abstract:Model checking is an important way in developing high confidence software and hardware systems. Nowadays there exist many model checkers, including SMV. SMV can verify systems ranging from completely synchronous to completely asynchronous. In asynchronous system verification, SMV can describe processes, but cannot describe process blocking directly. This paper proposes a method to implement process blocking in SMV with fairness constraint.