Jie Qian,Jing Liu,Xiang Chen,Junfeng Sun

DOI: https://doi.org/10.1109/APSEC.2014.62

2014-01-01

Abstract:iCMTC is an advanced Communication Based Train Control system developed by CASCO Signal Ltd. For China's mass transit transportation. Some subsystems of iCMTC has been applied in Shanghai Metro Line 10. Zone Controller (ZC) is one of the subsystems of iCMTC. Modeling and verifying ZC is challenging due to the complexity of the block system and the behavior itself. We propose a formal approach to gradually specify the block system and lower complexity of the verification of ZC behavior. In recent years, there are many researches on railway systems. However, these studies use simple track networks, which makes them inadequate in industrial practice. To address this problem, we define specific block layouts (i.e., Double slip connection) as relations on sets. We also define mathematical properties of the relations so that the block system can be precisely described. For the purpose of reducing the complexity of verification, we propose an improved refinement mechanism based on the Event-B notation. Based on this refinement mechanism, we develop a Rodin plug-in to help us refine the system. We use this mechanism in modeling the ZC behavior, and achieve good results in automated proof. Several safety properties are considered and verified to ensure the safety and correctness of ZC.

Xi Wang,Tao Tang,Shuo Liu

DOI: https://doi.org/10.1049/cp.2013.2439

2013-01-01

Abstract:In CBTC (Communications Based Train Control) system, interlocking is considered to be one of the most fundamental system which features in logic complexity and high safety demand. Traditionally, the development and verification of interlocking system is entirely a manual process which relies too much on designers' experience and some corner-case bugs may not be revealed. In order to solve these problems, our emphasis is paid on formal modeling and model-based verification. This paper introduces an innovative modeling approach to construct system model, express main safety properties, and execute formally verification using SCADE. This method is proven to be helpful for improving the quality and efficiency of interlocking software in practice.

Zhengheng Yuan,Xiaohong Chen,Jing Liu,Yijun Yu,Haiying Sun,Tingliang Zhou,Zhi Jin

DOI: https://doi.org/10.1109/tits.2018.2869633

IF: 8.5

2018-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Formal methods have been applied widely to verifying the safety requirements of communication-based train control (CBTC) systems, while the problem situations could be much simplified. In industrial practices of CBTC systems, however, huge complexity arises, which renders those methods nearly impossible to apply. In this paper, we aim to reduce the state space of formal verification problems in zone controller, a sub-system of a typical CBTC. We achieve the simplification goal by reducing the total number of device variables. To do this, two projection methods are proposed based on problem frames and constraints, respectively. The problem frame-based method decomposes the system according to sub-properties through functional decomposition, while the constraint-based projection method removes redundant variables. Our industrial case study demonstrates the feasibility through an evaluation, confirming that these two methods are effective in reducing the state spaces of complex verification problems in this application domain.

Ehsan Ahmad,YunWei Dong,Brian Larson,JiDong Lü,Tao Tang,NaiJun Zhan

DOI: https://doi.org/10.1007/s11432-015-5346-2

2015-01-01

Science China Information Sciences

Abstract:Train control systems like most digital controllers are, by definition, hybrid systems as they interact with or try to control some aspects of the physical world. Detailed behavior modeling with constraints specification and formal verification, required for reliability prediction, is a great challenge for hybrid system designers. Train control systems further intensify this challenge with extensive interaction between computing units and their physical environment and their mutual dependence on each other. In this paper, we investigate behavior modeling and formal verification of Chinese Train Control System Level 3 (CTCS-3) using Architectural Analysis & Design Language (AADL) to cope with this challenge. AADL is an architecture description language for embedded systems and is based on model-based engineering paradigm. Along with structural modeling of embedded systems using the core language constructs, AADL also provides support for language extension through annex sublanguages. In system requirements specification document, the behavior of the CTCS-3 is specified as a set of basic operation scenarios that cooperate with each other to achieve safe and secure functionality of trains. Movement Authority (MA) scenario, explored in this paper, is considered as a basic and most crucial scenario to prevent trains from colliding with each other. The detailed discrete behavior of control system is modeled and verified using the Behavior Language for Embedded Systems with Software (BLESS) annex sublanguage of AADL, and the continuous behavior of train with the cyber–physical interaction (communication between train and control system) is modeled using the Hybrid annex sublanguage. The behavior of the MA scenario at system level is verified using the Hybrid Hoare Logic theorem prover. Behavior constraints are specified as assertions using first-order logic formulas augmented with a simple temporal operator.

Lei Bu,Xin Chen,Linzhang Wang,Xuandong Li

IF: 4.755

2011-01-01

Clinical Orthopaedics and Related Research

Abstract:Communication Based Train Control (CBTC) system is the state-of-the-art train control system. In a CBTC system, to guarantee the safety of train operation, trains communicate with each other intensively and adjust their control modes autonomously by computing critical control parameters, e.g. velocity range, according to the information they get. As the correctness of the control parameters generated are critical to the safety of the system, a method to verify these parameters is a strong desire in the area of train control system. In this paper, we present our ideas of how to model and verify the control parameter calculations in a CBTC system efficiently. - As the behavior of the system is highly nondeterministic, it is difficult to build and verify the complete behavior space model of the system online in advance. Thus, we propose to model the system according to the ongoing behavior model induced by the control parameters. - As the parameters are generated online and updated very quickly, the verification result will be meaningless if it is given beyond the time bound, since by that time the model will be changed already. Thus, we propose a method to verify the existence of certain dangerous scenarios in the model online quickly. To demonstrate the feasibility of these proposed approaches, we present the composed linear hybrid automata with readable shared variables as a modeling language to model the control parameters calculation and give a path-oriented reachability analysis technique for the scenario-based verification of this model. We demonstrate the model built for the CBTC system, and show the performance of our technique in fast online verification. Last but not least, as CBTC system is a typical CPS system, we also give a short discussion of the potential directions for CPS verification in this paper.

Kailong Zhang,Jiwei Li,Zhou Lu,Mei Luo,Xiao Wu

DOI: https://doi.org/10.1109/ihmsc.2013.113

2013-01-01

Abstract:Cyber-Physical System(CPS) is now a new evolutional morphology of embedded systems. With features of merging computation and physical processes together, the traditional verification and simulation methods have being challenged recently. After analyzed the state-of-art of related research, a new simulation environment is studied according to the characters of a special autonomous cyber-physical system-Unmanned Aerial Vehicle, and designed to be scene-driven, modeling and reconfigurable. In this environment, a novel CPS-in-loop architecture, which can support simulations under different customized scenes, is studied firstly to ensure its opening and flexibility. And as another foundation, some dynamics models of CPS and atmospheric ones of relative sensors are introduced to simulate the motion of CPS and the change of its posture. On the basis above, the reconfigurable scene-driven mechanisms that are Based on hybrid events are mainly excogitated. Then, different scenes can be configured in terms of special verification requirements, and then each scene will be decomposed into a spatio-temporal event sequence and scheduled by a scene executor. With this environment, not only the posture of CPS, but also the autonomy of its behavior can be verified and observed. It will be meaningful for the design of such autonomous CPS.

Wei Guodong,Yuan Lei,Ma Lianchuan

DOI: https://doi.org/10.1088/1742-6596/1654/1/012079

2020-10-01

Journal of Physics: Conference Series

Abstract:Abstract Under the new situation, high-speed maglev transportation has gradually become the new development direction of the railway field in the future. Its vehicle operation control system (VOCS for short) as a key subsystem has a great impact on the safety and stability of the entire high-speed maglev train control system. The high-speed maglev VOCS has the characteristics of complex system structure and frequent interaction between its modules. Finding hidden safety hazards and design errors in the system design and development process and ensuring the safety and efficiency of system design and development has become an important task of related projects. On this background, modelling and simulation of typical scenarios of high-speed maglev VOCS are absolutely necessary in the early stage of project development, drawing on the traditional wheel-rail vehicle system simulation verification research results, with the help of advanced computer simulation methods. Using Simulink / Stateflow tools for the parking point stepping functional scenario as an example, the validity and correctness of the high-speed maglev VOCS were verified to ensure the operation safety of the high-speed maglev train through.

Kailong Zhang,Xiaowu Li,Ce Xie,Yujia Wang,Liuyang Li,Chao Fei,Arnaud de La Fortelle,Zongtao Duan

DOI: https://doi.org/10.4018/ijsi.2019010103

2019-01-01

International Journal of Software Innovation

Abstract:With the emerging vehicular network and the possible diverse applications, intelligent transportation systems (ITS) have been evolving to Cooperative ITS (C-ITS) with connected intelligent vehicles, and the topics in this field have raised more and more research interests recently. However, subjecting to the immaturity of V2X communication technology, the difficulty and high cost to deploy such large scale ITS with intelligent vehicles, emerging studies are stuck with the verification of these big C-ITS. As more and more expected, intelligent vehicles will play important roles in the future smart cities and societies, as diverse mobility carriers. Focusing on new features of these carriers, mainly covering cyber-physical fusion, vehicular networking, service-carrier and so on, one new ITS simulator QoS-CITS for such service-oriented C-ITS is designed and developed. To enhance the adaptability, a scenario reconfigurable architecture is firstly designed, in which scenes can be described via XML file. On this basis, the authors have implemented all reservation-based models of traffic objects, state-driven behaviors, cooperation mechanisms, and policies, which are proposed for service-oriented C-ITS. Through a series of experiments are conducted with different parameters and typical scenes, all simulation functions are efficiently verified. And finally, some important conclusions drawn from large amount of experiments via QoS-CITS are exhibited. It's important to note that, researchers can conduct various experiments, both the traditional Passing-Through-Intersection (PTI) problem and service-oriented cooperation, via setting parameters of QoS-CITS according to their requirements, and can also analyze the performance with statistics data recorded automatically.

Yonghua Xiong,Ke Li,Zhentao Liu,Jinhua She

DOI: https://doi.org/10.20965/jaciii.2021.p0248

2021-01-01

Journal of Advanced Computational Intelligence and Intelligent Informatics

Abstract:In recent years, there have been several breakthroughs in the theoretical research of servo control algorithms. However most of these control algorithms remain in the simulation stage. They are difficult to be applied directly to practical platforms or complex industrial sites because of the lack of an experimental system suitable for the verification of their effectiveness. To address this problem, we designed a multi-function servo control algorithm verification experiment system (MVES) within the MATLAB/Simulink theoretical simulation model directly to communicate with the TwinCAT 3 PLC master program to perform different servo control experiments. The MVES supports various Simulink models. However, its and the operation is simple and convenient, which greatly reduces the workload of the algorithm test and has important practical value. Two sets of comparative experiments were used to verify the versatility and superiority of MVES.

Franco Mazzanti,Alessio Ferrari

DOI: https://doi.org/10.4204/EPTCS.268.4

2018-03-28

Abstract:Communications-based Train Control (CBTC) systems are metro signalling platforms, which coordinate and protect the movements of trains within the tracks of a station, and between different stations. In CBTC platforms, a prominent role is played by the Automatic Train Supervision (ATS) system, which automatically dispatches and routes trains within the metro network. Among the various functions, an ATS needs to avoid deadlock situations, i.e., cases in which a group of trains block each other. In the context of a technology transfer study, we designed an algorithm for deadlock avoidance in train scheduling. In this paper, we present a case study in which the algorithm has been applied. The case study has been encoded using ten different formal verification environments, namely UMC, SPIN, NuSMV/nuXmv, mCRL2, CPN Tools, FDR4, CADP, TLA+, UPPAAL and ProB. Based on our experience, we observe commonalities and differences among the modelling languages considered, and we highlight the impact of the specific characteristics of each language on the presented models.

Software Engineering,Formal Languages and Automata Theory,Logic in Computer Science,Systems and Control

Wen Su,Fan Yang,Xiaofeng Wu,Jian Guo,Huibiao Zhu

DOI: https://doi.org/10.1109/compsacw.2011.76

2011-01-01

Abstract:The mode conversion and positioning of the vehicle subsystem of the Communication Based Train Control System (CBTC), need to be safe and reliable, being two critical components. To meet this requirement, we apply formal methods in the design of rail transport systems. This paper studies the specification and verification of the mode conversion and positioning system. The mode conversion system is studied by using Communicating Sequential Processes (CSP) combined with simple data structure. The positioning system is explored by combining CSP with Object-Z (OZ). Based on the achieved model, the safety property verification and simulation are proceeded by the automatic process analysis toolkit PAT.

Yu Jiang,Yixiao Yang,Han Liu,Hui Kong,Ming Gu,Jiaguang Sun,Lui Sha

DOI: https://doi.org/10.1109/rtas.2016.7461337

2016-01-01

Abstract:Simulink is widely used for model driven development (MDD) of industrial software systems. Typically, the Simulink based development is initiated from Stateflow modeling, followed by simulation, validation and code generation mapped to physical execution platforms. However, recent industrial trends have raised the demands of rigorous verification on safety-critical applications, which is unfortunately challenging for Simulink. In this paper, we present an approach to bridge the Stateflow based model driven development and a well- defined rigorous verification. First, we develop a self- contained toolkit to translate Stateflow model into timed automata, where major advanced modeling features in Stateflow are supported. Taking advantage of the strong verification capability of Uppaal, we can not only find bugs in Stateflow models which are missed by Simulink Design Verifier, but also check more important temporal properties. Next, we customize a runtime verifier for the generated nonintrusive VHDL and C code of Stateflow model for monitoring. The major strength of the customization is the flexibility to collect and analyze runtime properties with a pure software monitor, which opens more opportunities for engineers to achieve high reliability of the target system compared with the traditional act that only relies on Simulink Polyspace. We incorporate these two parts into original Stateflow based MDD seamlessly. In this way, safety-critical properties are both verified at the model level, and at the consistent system implementation level with physical execution environment in consideration. We apply our approach on a train controller design, and the verified implementation is tested and deployed on a real hardware platform.

ZhiWei Wu,Jing Liu,Xiang Chen

DOI: https://doi.org/10.1109/ASE.2019.00143

2019-01-01

Abstract:ABSTRACTEnsure the correctness of safety critical systems play a key role in the worldwide software engineering. Over the past years we have been helping CASCO Signal Ltd which is the Chinese biggest high speed railway company to develop high speed railway safety critical software. We have also contributed specific methods for developing better safety critical software, including a search-based model-driven software development approach which uses SysML diagram refinement method to construct SysML model and SAT solver to check the model. This talk aims at sharing the challenge of developing high speed railway safety critical system, what we learn from develop a safety critical software with a Chinese high speed railway company, and we use ZC subsystem as a case study to show the systematic model-driven safety critical software development method.

Tengfei Li,Junfeng Sun,Xinjun Lv,Xiang Chen,Jing Liu,Haiying Sun

DOI: https://doi.org/10.1109/COMPSAC57700.2023.00279

2023-01-01

Abstract:Great achievements have improved the efficiency and effectiveness of formal verification fairly, such that it is now applicable to industrial-scale software. However, verifying a full software system is still considered too complex. In practice, industrial control software models to be verified may result in state space explosion. We propose a problem frame-based approach that takes the full software system as input and tries to decompose the full software model into some smaller modules. Our approach decomposes the whole safety requirements to sub safety requirements, and the verification problem of the whole model is projected to sub verification problem according to the decomposed safety requirements. The sub verification problems check the projected sub models against the the sub safety requirements. We carry out an extensive evaluation based on the trackside subsystems in rail transit. Verifying the decomposed model can lead to a significant performance gain, due to the fact that abstract models reduce too much state space.

Huixing Fang,Jianqi Shi,Huibiao Zhu,Jian Guo,Kim Guldstrand Larsen,Alexandre David

DOI: https://doi.org/10.1007/s10009-014-0318-1

2014-05-27

International Journal on Software Tools for Technology Transfer

Abstract:For hybrid systems, hybrid automata-based tools are capable of verification, while Matlab Simulink/Stateflow is proficient in simulation. We propose a co-verification procedure, in which the verification tool SpaceEx/PHAVer and simulation tool Matlab are integrated to analyze and verify hybrid systems. For the application of this procedure, a platform screen door system (PSDS, a subsystem of the subway control system), is modeled with hybrid automata and Simulink/Stateflow charts, respectively. The models of PSDS are simulated by Matlab and verified by SpaceEx/PHAVer. The simulation and verification results indicate that the sandwiched situation can be avoided under time interval conditions. We improve the model with four trains and four stations on a subway line and analyze the urgent control scenario for the safety distance requirement. In this paper, the Simulink/Stateflow model is a refinement of the SpaceEx/PHAVer model, which is closer to a final implementation. Moreover, the two models are complementary for some features (e.g.,visualization of simulation, correctness proving by verification), stressing different aspects of the overall system and permitting complementary analysis techniques, i.e., verification versus simulation. We conclude that this integration procedure is competent in verifying subway control systems.

computer science, software engineering

Yinfeng Lu,Wenchuan Zhang,Xuejun Qian,Jiacheng Luo

DOI: https://doi.org/10.1088/1742-6596/2613/1/012009

2023-10-01

Journal of Physics: Conference Series

Abstract:Abstract In order to solve the problems of complex control logic and the difficulty of simulating function modules due to the high coupling degree of subway control circuits, a subway control circuit co-simulation system is designed in this paper. By analysing the components data and connection relationship in the subway control circuit schematic diagrams, the network topologies are automatically generated, and the mathematical relationships between nodes, branches and components states are established, so as to build a complete logical control model. The depth-first search (DFS) algorithm is adopted to search the effective path across the topology, the event management unit is added to solve the linkage control of the relay, and the logic function simulation of the function module is realized by embedded script. Finally, the feasibility of the simulation system is verified through the simulation test of the subway door control circuits and the analysis of the simulation results. The system is conducive to the functional test and algorithm verification at the subway design stage, and has a good application prospect in the field of subway driver training.

ZuXi Chen,HongKai Lin,Meng Mei,YongHua Zhu,XiaoYong Wang,ZhongWei Xu,XiangYu Luo

DOI: https://doi.org/10.1016/j.heliyon.2024.e31776

IF: 3.776

2024-05-24

Heliyon

Abstract:Safety-critical systems, such as the railway signal system, are subject to potentially high costs from failures, including loss of life and property damage. The use of new technology, including communication-based train control (CBTC) systems with software and computers, has changed the types of accidents that occur. Software-related issues and dysfunctional interactions between system components controlled by the software are increasingly the cause of incidents. Developing a "safe" safety-critical system requires accurate and complete safety requirements, which are the foundation of system development. Traditional hazard analysis techniques are insufficient for identifying the causes of accidents in modern railway signaling systems. Systems-Theoretic Process Analysis (STPA) is a powerful new hazard analysis method designed to address these limitations. Building upon this foundation, a hierarchical approach to safety requirement development has been further developed. This approach combines STPA analysis with a hierarchical modeling approach to establish traceability links from safety requirements to specific architectures, refine and allocate system-level safety requirements to relevant subsystems, and abstract safety requirements at higher hierarchical levels to enable easy changes to lower-level implementations. This paper employs the aforementioned methodology within the context of the CBTC system, thereby enhancing risk management and hazard analysis, enabling early insights, and facilitating the generation of safety requirements of CBTC System.

Xijiao Xiong,Jing Liu,Miaomiao Zhang,Zuohua Ding

DOI: https://doi.org/10.1109/COMPSACW.2010.46

2010-01-01

Abstract:Advances in automatic control technologies have made society extremely dependent on control software used in train operation and many other applications. Consequently, the trust ability of control software is crucial. This has led to an increased emphasis on setting up a mechanism that can be used to guarantee the correctness of the models. In this paper, we proposed a process to integrate the modeling and verification techniques in Model Driven Architecture (MDA) and reported a successful application of the method to Automatic Train Protection (ATP) system. The ATP models are constructed and refined based on Refinement Calculus of Object Systems (rCOS). A modeling and verification trustable MDA tool is developed to facilitate the process.

Xiaohong Chen,Zhiwei Zhong,Zhi Jin,Min Zhang,Tong Li,Xiang Chen,Tingliang Zhou

DOI: https://doi.org/10.1109/re.2019.00040

2019-01-01

Abstract:Consistency verification of safety requirements is an important but still challenging task for safety-critical systems such as rail transit systems. That is mainly because requirements are typically written in natural language and with strong time constraints. Driven by the practical need from industry, in this paper we propose a systematic approach to specify safety requirements in a quasi-natural language and automatically verify their consistency using formal methods. Specifically, we define a domain specific language SafeNL to specify safety requirements, and then automatically transform them into formal constraints defined in the Clock Constraint Specification Language (CCSL). The transformed constraints can be automatically and efficiently verified by model checking. We conduct two practical case studies to analyze the safety requirements of an interlocking system in CASCO Signal Ltd. Results of the studies show the validity and utility of our approach can pragmatically contribute to industrial practice. We also report some lessons learned from case studies.

LIU Qing-rong,YOU Li,XIA Wei-jie,CHEN Hua-wei

2011-01-01

Abstract:This paper presents the design scheme of the train control system based on CBTC simulation system.In this system,personal computer gets the information of the train about the data of speeds and the data of position.This article mainly introduces the train speed regulation and positioning,and it gives the relationship chart of VOBC and other equipments.