Zhao Tianshi,Sun Chao,Huang Yinxia

DOI: https://doi.org/10.3969/j.issn.1000-7458.2012.12.006

2012-01-01

Abstract:The CTCS-3 Train Control System is a kind of typical safety critical systems and its system assessment is complex.Through converting non-formal system requirements into semi-formal requirements,We use safety several analysis tools,such as hazard and operability studies,fault tree analysis,event tree analysis and reason and result analysis,to provide suitable risk assessment techniques for CTCS-3 Train Control System.

LIU Jin-tao,TANG Tao,ZHAO Lin,LIU Lei

DOI: https://doi.org/10.3969/j.issn.1001-8360.2015.08.006

2015-01-01

Abstract:The formal definition of control actions in CTCS level‐3 system is proposed .In respect with the sequential re‐lations of control actions ,the temporal logic of control acctions is designed .Based on such temporal logic ,the formal definition for the control relationship model is given ,with which the control action relationships in the train control sys‐tem can be modeled .With the depth first search ,the control relationship model is analyzed to achieve the automatic i‐dentification of inadequate control actions proposed in STPA (System‐Theoretic Process Analysis ) .In the case of RBC handover scene of the CTCS level‐3 train control system ,the STPA method based on control relationship model is used to analyze the functional safety of the train control system .The results show that the proposed method is suitable for the functional safety analysis of the CTCS level‐3 system .

Yu Liu,Tao Tang,Kaicheng Li,Chenling Li

DOI: https://doi.org/10.2991/iccnce.2013.90

2013-01-01

Abstract:As a safety critical system, train control system matters in passengers life and properties. It is important that how to guarantee the safety of train control system. Safety testing is an effective method to detect the safety holes and bugs in the system. However, most safety testing for train control system is manually executed based on expertise, which leads to a huge testing workload. Besides, manual generation will easily cause the problem of missing test cases.In this paper, a model-based safety test method is introduced, hoping to solve this problem. We select a core function of onboard system in Chinese Train Control System level 3 (CTCS-3) as representative to study the method. This function was analyzed by Fault Tree Analysis (FTA) firstly, and a set of timed automata network model of this function is built using the tools of UPPAAL, the bottom events are used to turn to fault models, injected into the whole system model. Then COVER, the real-time test case generation tool, is used to generate the safety test cases from the system model (included fault models) automatically, and states transition criteria is customized based on preferences to achieve user-defined test, the test accuracy and efficiency is improved.

Jintao Liu,Tao Tang,Lin Zhao,Tianhua Xu,Wei Zheng

DOI: https://doi.org/10.1109/ISORCW.2012.12

2012-01-01

Abstract:Chinese Train Control System Level 3(CTCS-3) is a typical complex cyber-physical system. The complexity of functionality of CTCS-3 brings some challenges to the safety analysis with the typical methods. In this paper, we propose the method of functional safety analysis based on the hybrid automata, where the faults are modeled as fault events to present the fault situation of system, moreover, the transition from hybrid automata to PHAVer model and the fault monitor which can monitor the malfunction in the reachability analysis are elaborated. At last, we take the speed supervision of CTCS-3 as an example, and the experimental results show the validity and feasibility of this method.

LIU Jintao,TANG Tao,ZHAO Lin,LIU Lei

DOI: https://doi.org/10.3969/j.issn.1001-4632.2014.05.13

2014-01-01

Abstract:System-Theoretic Process Analysis(STPA)was extended with formal method.In the extension,the extended UML model of the system was established and transformed into PHAVer model.The formal definition and the structure of fault model were also proposed,with which the fault model of the system was set up.Then,the PHAVer model and the fault model were integrated into one PHAVer model which included all the faults.Based on this integrated model,factors causing inadequate control were identified with the reachable set analysis,which performed the safety analysis of the system.Taking radio block center handover of CTCS-3level system for example,STPA merging with formal method was taken for analyzing the given hazard.The result shows that the proposed method is suitable for the functional safety analysis of CTCS-3level system.

Shangguan Wei,Cai Baigen,Wang Yan,Wang Jingjing,Wang Yaju

DOI: https://doi.org/10.3969/j.issn.1000-7458.2010.05.002

2010-01-01

Abstract:CTCS-3 train operation control system is one complex security system with lots of functions,which means that deep research on modeling and verification of train operation control system should be carried out.On the basis of analysis of advantages and disadvantages of UML modeling and colored Petri net,this paper proposes a modeling and verification method based on UML and colored Petri net (CPN).By analyzing the simulation result,the conclusion could be obtained that application of the method could have positive research significance for modeling and verification of CTCS-3 train operation control system.

ShangGuan Wei,Wang Jian,Wang Yan,Gou Chen-xi

DOI: https://doi.org/10.1109/iita.2009.489

2009-01-01

Abstract:Because of complexity of CTCS-3 train control system, interworking testing and function evaluation could not be operated directly on the system, which means that deep research on modeling and simulation of train operation control system should be carried out. This paper proposes a modeling and verification method based on UML and colored Petri net. On the basis of analysis of advantages and disadvantages of UML modeling, colored Petri net is used as formal specification of UML modeling, which improves scalability of formal method and make up for the deficiency of UML, as lack of analysis of model and verification method. Aiming at sequence diagram, dynamic model of UML, colored Petri net is suggested as a modeling method. Sequence diagram of communication between on-board and RBC during conversion from CTCS-3 to CTCS-2 is designed and transformed into colored Petri net model. Based on information interaction between objects to each other, colored Petri net model of onboard and RBC is obtained. Using CPN tools, the model is simulated and analyzed boundedness and deadlock of model. Thus, correctness of model is verified.

Yujie Sun,Kaicheng Li,Lei Yuan,Guodong Wei

DOI: https://doi.org/10.1109/itsc.2019.8916779

2019-01-01

Abstract:Fault-based safety tests are used to verify the safety functions of Chinese Train Control System (CTCS). The complex failure modes of the system bring some challenges to generate test cases including possible failure modes for specific safety functions. In this paper, we propose a method of generating safety test cases for train control systems based on fault models. The train-ground transmission function of train control systems is selected as the research object. The failure modes which may occur in the process of train-ground information transmission are obtained by using Failure Mode and Effect Analysis (FMEA). Then, the extended UML sequence diagram is used to describe the information interaction process of the train operation scenes in which failure modes are injected. The fault extended hybrid automata models of the system are established and verified. The safety test cases containing the faults are generated by an improved test case generation tool for hybrid system. Finally, the application of this method is illustrated by combining the wireless message's loss with RBCs' handover scene. The result shows that this method can generate safety test cases including faults, which are able to provide guidance for safety tests of CTCS.

LIU Jintao,TANG Tao,XU Tianhua,ZHAO Lin

2011-01-01

Abstract:With the method which integrated UML with symbolic model checking,the formal verification of CTCS-3 level system requirement specification was carried out.The UML model of requirement specification was extended and abstracted using event and visible-variable abstraction methods.According to the transformation rules,the NuSMV model of requirement specification was established.Verification for domain independent and domain dependent properties of NuSMV model was elaborated.Additionally,the approach of the counterexample was proposed for tracking,locating and correcting errors.Taking the mode switch in the requirement specification for example,the proposed formal verification method was adopted for the verification of mode switch.The result of verification shows that mode switch can satisfy the requirements of liveness,transition,non-deadlock,determinacy and safety.The process of verification shows that the method which integrates UML with symbolic model checking is suitable for the verification of CTCS-3 level system requirement specification.

ZHAO Xiaoyu,CHENG Ruijun,CHENG Yu,MA Xiaoping

DOI: https://doi.org/10.3969/j.issn.1001-8360.2016.11.012

2016-01-01

Abstract:In view of the hybrid characteristics of high speed train control system,a formal modeling and pa-rameter analysis method was proposed based on Hybrid Unified Modeling Language.UML2.0 and its extensi-bility mechanism were used to model the hybrid behaviors of the train control system.The transformation rules from HUML model to HYTECH model were defined so as to convert HUML model into linear hybrid automa-ta (LHA).Safety requirements of train control system were added into the established HYTECH model in or-der to set up safety HYTECH model.Then,the safety HYTECH models were automatically analyzed by a model checking tool HYTECH.In the light of the proposed modeling method based on UML Profile,the track-ing model of“Moving Block System”was taken as the case study and HUML controller model for following train was set up.The corresponding value range of unknown control parameters was obtained through the cal-culation of the reachable set of safety HYTECH model.The verification results showed the effectiveness of HUML based train control system modeling and analysis method.

Wumei Tang,Bin Ning,Tianhua Xu,Lin Zhao

DOI: https://doi.org/10.1109/iccet.2010.5486079

2010-01-01

Abstract:The Chinese train control system level 3 (CTCS-3) system requirement specification required to be high-quality should satisfy the quality attributes, such as correctness, completeness, consistency, and traceability. In order to prove that these quality attributes are satisfied, we present a scenario-based approach using UML sequence diagram and model checking to modeling and verify the specification. The mapping between scenario and sequence diagram ensures correctness of the modeling, and enhances the traceability of the verification. The expressiveness of sequence diagram and the precise semantics of model checker are outstanding and proved in practical applications. The formal techniques used in this paper provide a certain level of confidence because of their rigor and completeness.

Jidong Lv,Haifeng Wang,Hongjie Liu,Lu Zhang,Tao Tang

DOI: https://doi.org/10.1109/icirt.2016.7588752

2016-01-01

Abstract:Potential faults in safety critical systems may lead to system failures thus bring huge human injuries. How to ensure the correctness of the system during the system development is very important. System function testing has been regarded as an effective approach which normally applied in the final stage of system development to ensure the consistence of system functions and specifications. In this paper, an integrated model-based test case generation method combining Hybrid Communicating Sequential Processes (HCSP) and Timed Automata is introduced, in which HCSP is used to formally model the scenarios of the system, while Timed Automata is used to verify the system properties in HCSP models. To bridge the gap between the HCSP model and Timed Automata model, transition rules are defined according to the characteristics of systems. Based on the Network Timed Automaton model, a tool chain (UPPAAL and CoVer) is presented to automatically generate test case with coverage criteria in a simple and flexible manner. The tool chain is also applied to analyze the typical Radio Block Center (RBC) handover scenario in Chinese Train Control System Level 3 (CTCS-3). Logical and timing properties of the case study are verified and different test case suites of Vital Computer (VC) components in RBC handover model are automatically generated with different coverage criteria.

XIE Yu-fei,TANG Tao,XU Tian-hua,ZHAO Lin

DOI: https://doi.org/10.3969/j.issn.1001-8360.2011.07.011

2011-01-01

Abstract:The specifications of the CTCS-3 train control system is the basis of design and development of the CTCS-3 train control system,and it is crucial for realization of good interoperability and high efficiency and security of the system.However,specifications compiled by experience or intuitive thought inevitably bring about defects or hidden dangers.So it is necessary to carry out modeling and formal verification of the system specifications.The paper proposes the method of modeling and formal verification of the CTCS-3 train control system specifications.The method establishes a track chain of the system specifications,model,model checking tools and verification results so as to ensure the consistency of the system specifications,models and program codes.Our practice has proved that this method is feasible and efficient.

Jiao Chen,Tao Tang,Yu Lim

DOI: https://doi.org/10.1109/cac.2017.8243767

2017-01-01

Abstract:The most of Chinese high-speed railway lines are using CTCS-3 train control system to ensure the safety of the train. In the CTCS-3 train control system, the way of the location for on-board equipment is different from the ground equipment. The way of location for on-board equipment is based on the balise positioning and speed transmitter, but the ground equipment is based on the track circuit. Due to existence of different positioning methods, comparing to ground equipment, the on-board equipment determines whether the train occupies the next block section is different. In this paper, the model checking method is adopted. First of all, the model of CTCS-3 train control system equipment related to the positioning scenario in the inter block operation of trains which are established by timed automata. Then, the UPPAAL tool is used to carry out the model test, verifying the items that are not passed. Combined with the train when normal operate on the railway, but the train abnormally output emergency braking, and analysis of the train with the low-speed, when it occupies the next Block Section, the impact of traffic causes, and make recommendations.

HAN Xiao,TANG Tao,L(U) Jidong,SHANG Linyu

DOI: https://doi.org/10.3969/j.issn.1001-8360.2017.03.011

2017-01-01

Abstract:The complexity of CTCS-3 train control system makes some requirement errors hard to find, resulting in system failures.Those errors can be located by using logs recorded during system failure.With a model checking based failure analysis approach, the requirement model of the on-board subsystem of CTCS-3 train control system was first established using timed automata, while an event model depicting the failure scenario was constructed utilizing log data recorded during the failure.Next the combined model was model-checked in UPPAAL which then produced a counter-example path that described the system behavior in the failure event.By analyzing this path, errors in the requirement were found and eliminated, and the system was modified accordingly.An actual failure event in which a train with CTCS-3 system accidentally initiated an emergency brake was analyzed using this approach and a requirement flaw was located.The modification towards this flaw was verified to be effective.

Xiao Han,Tao Tang,Jidong Lv,Haifeng Wang

DOI: https://doi.org/10.1007/978-3-319-33951-1_7

2016-01-01

Abstract:The complexity of railway control system makes some requirement deficiencies hard to find, which results in system failures. It is essential to locate those deficiencies using logs recorded during failure events. In this paper, a model checking based failure analysis approach was proposed and applied to a case of abnormal emergency brake. First, a system model describing the system requirement and an event model depicting the logs were constructed. Next the compositional model was verified through model checking in UPPAAL which then produced a counterexample trace that describes the system behaviour in the failure event. By analysing this trace, an inadequacy was found in the requirement and a modification strategy was brought up which was formally verified to be effective.

Tang Tao

2010-01-01

Abstract:The coordination between the on-board equipment of Chinese Train Control System Level 3 (CTCS-3)and the Radio Block Center(RBC)is realized by the collision avoidance protocol(CAP).According to the safety requirement for train collision avoidance,the model of CAP is represented by safety use case diagram and safety class diagram in the safety UML to implement the following safety functions:the train speed can never exceed the desired speed in any interval and the train position is never beyond the end of Movement Authority (MA).The safety function of CAP is implemented by the formal refinement of the continuous and discrete collision avoidance strategies.The former gives the static structure,the dynamic interaction and the continuous control strategy of CAP in the case that the speed and the position of the train are continuous variables.Otherwise,the latter has achieved the discretization for the continuous collision avoidance strategy by discrete logic.The CAP real-time program code is generated through the further refinement of the discrete collision avoidance strategy.The correctness and the safety of the refinement for the continuous and discrete collision avoidance strategies as well as the final code generation have been guaranteed by the rigorous reasoning based on the formal logic-Weakly monotonic time extension of iterative Duration Calculus(WDC*).

Zhao Xianqiong,Li Kaicheng,Tang Tao,Yuan Lei

DOI: https://doi.org/10.3969/j.issn.1000-7458.2010.08.002

2010-01-01

Abstract:CTCS-3 is a typically safety-critical system.For a safety-critical system,it is vital that there is security risks in its System Requirement Specification(SRS).The SRS of CTCS-3 is covered by 14 operational scenarios,so it is reasonable and necessary to analyze these operational scenarios.This paper propose a method to analyze and verify the operational scenarios on the basis of UML and CSP and take the RBC exchange scenario as a study case to verify its aliveness,dead-lock,live-lock,deterministic property and part of safety property.

W. ShangGuan,J. Xiao,B. Cai,B. Heydecker,J. Wang

DOI: https://doi.org/10.2495/crs140171

2014-01-01

Abstract:Reliability is one of the key problems of an automatic system, especially to the huge, complex, multiple target-based, safety critical and reliability-dependent train control system.A system reliability analysis method based on a dynamic fault tree was proposed to analyse possible fault causes of a whole system in a HLA (High Level Architecture) simulation platform, and according to the principle of the dynamic fault tree model, the conversion from dynamic logic gates to Markov Chain was achieved.The reliability analysis through the dynamic fault tree method of train-ground communication subsystem was completed, which included a qualitative and quantitative analysis.A test of train-ground communication failure was established based on the fault injection method, the fault injection tool in a simulation environment enabled each module of the train control system running according to the fault testing program.The simulation result shows that compared with the conventional static fault tree analysis method, using dynamic fault tree analysis can conduct a better reliability analysis, using the fault injection method that can evaluate and test a simulation system based on HLA effectively, which can improve the reliability of the simulation system.

Qixuan Kang,Chunming Li,Linguo Chai,Wei Shangguan,Baigen Cai

DOI: https://doi.org/10.1109/cac59555.2023.10451323

2023-01-01

Abstract:With the continuous advancement of the construction of urban modernization in China, the collaborative operation of multi-standard rail transit lines has become a hot research topic in railway signaling systems. This article analyzes the characteristics of CTCS-2(Chinese Train Control System Level 2) and CBTC (Communication Based Train Control System), constructs a scheme for switching from CTCS-2 to CBTC, and studies the layout of switching scenarios and switching process. The process of information transmission in the switching process is simulated by combining UML (Unified Modeling Language) and HTCPN (Hierarchical Time Colored Petri Nets), and the model is simulated and verified by CPN Tools. The simulation results show that the combination of UML and HTCPN models is feasible, and the constructed model can meet the real-time requirements of the system.