Xin CHEN,Peng JIANG,Yi-Fan ZHANG,Chao HUANG,Yan ZHOU

DOI: https://doi.org/10.13328/j.cnki.jos.004780

2015-01-01

Abstract:The train control system is a safety-critical system. To assure its safety, it requires the testing process to cover all possible runs in its safety-critical scenarios. Existing methods of scenario modeling and test case generation cannot completely satisfy the requirement. The paper focuses on the methods of modeling safety-critical scenarios in train control system and the tools for automatically generating test cases for the system. UML activity diagram is extended with event-driven and time characteristic description mechanism to satisfy the requirement of modeling safety-critical scenarios. A simple path coverage criterion is also proposed to define the coverage of all possible runs in a scenario and a method is provided for automatic test case generation. The experiment on ground train control system shows the effectiveness and limitation of the proposed method.

Haotong Xu,Kaicheng Li,Lei Yuan,Qiang Fu

DOI: https://doi.org/10.1117/12.2652804

2022-01-01

Abstract:In order to meet the needs of railway operations in western China, the development of Chinese New Train Control System (CTCS-N) has been launched. To obtain complete and correct system requirements for CTCS-N early in system development, this paper applies the scenario-based requirements analysis method in software engineering to the requirements analysis of CTCS-N. This method takes the system operation scenario as input, analyzes the behaviors of the scenario based on ontology theory, and extracts the system requirements contained in the scenario based on SWRL (Semantic Web Rule Language) reasoning rules. Furthermore, the timed automata (TA) network model is constructed for requirement verification. Based on the design of the CTCS-N architecture, the above method is used to analyze the requirements based on the train integrity monitoring scenario as an example. The result shows that the method can effectively obtain the system requirements and provides a reference for the requirements development of CTCS-N.

Ru Niu,Tao Tang,Lisagor, O.,McDermid, John

DOI: https://doi.org/10.1109/soli.2011.5986609

2011-01-01

Abstract:Ensuring safety in railway signalling system is always considered as significant as a guarantee of the safe and efficient operation of the whole railway. In fact, safety analysis of the signalling system with distributed computer technique is becoming extraordinarily difficult because of the frequent and complex interaction between components and the various backup modes. The dominant approaches are subjective, difficult to be reused, not well structured, thus leaving the safety analysis process time-consuming and error-prone. This paper develops a hierarchical methodology for safety analysis based on the failure propagation model and state-transition model. Unlike traditional safety analyses, the proposed approach demonstrates more accurate representation of practical failure behaviour in computer-based signalling system. Dynamic properties, system structure and failures in component level are separately modelled in different layers, and connected with synthesis laws. The analysis can be easily refined as the system design progresses and automatically produces safety-related information to help engineer in making design decisions. The preliminary design of Communication Based Train Control (CBTC) system for Yizhuang Line in Beijing is used to demonstrate the approach.

Shuxia Lu,Ru Niu,Tao Tang

DOI: https://doi.org/10.1109/icirt.2018.8641590

2018-01-01

Abstract:Chinese first independent developed railway control system for fully automatic operation has been equipped on Beijing Yanfang Line, which come into service on the beginning of 2018. The mismatching between newly defined functions for driver-less operation and traditional CBTC system is an issue in the phase of integration testing, especially in abnormal or seldom scenarios. In the paper, a newly safety analysis method-STPA is applied on Fully automatic operation metro to capture causal scenarios. A causal scenario identification method is proposed to help extract abnormal operational scenarios of Fully automated operation metro, which can be used to improve emergency response ability by system design and is meaningful for the safe operation of Beijing Yanfang Line.

Zhao Tianshi,Sun Chao,Huang Yinxia

DOI: https://doi.org/10.3969/j.issn.1000-7458.2012.12.006

2012-01-01

Abstract:The CTCS-3 Train Control System is a kind of typical safety critical systems and its system assessment is complex.Through converting non-formal system requirements into semi-formal requirements,We use safety several analysis tools,such as hazard and operability studies,fault tree analysis,event tree analysis and reason and result analysis,to provide suitable risk assessment techniques for CTCS-3 Train Control System.

Jin Tao Liu,Tao Tang,Jie Bei Zhu,Lin Zhao

DOI: https://doi.org/10.1177/0954409716664931

2016-01-01

Abstract:A high-speed railway train control system plays a key role in ensuring the safe operation of the trains. To ensure the safety of high-speed railway train control systems, it is vital to perform hazard analysis on them. In this context, this paper proposes a novel hazard analysis method which extends a previously reported system-theoretic hazard analysis method system-theoretic process analysis. The proposed method improves the standard system-theoretic process analysis to capture the temporal relations between inadequate control actions leading to hazards. These temporal relations are crucial for investigating the causes of hazards. To depict the temporal relations of control actions of high-speed railway train control systems, a new temporal logic called control action temporal logic is proposed first. Then based on this temporal logic, a new control action relation model is added into the process of system-theoretic process analysis. This model depicts the relations (including temporal relations) between control actions. In order to identify both the inadequate control actions and their temporal relations, an algorithm is designed and used. Finally, the effectiveness of the proposed method is verified through the hazard analysis on the Chinese Train Control System level 3.

LIU Hongjie,TANG Tao,JIN Xiayao,DU Heng

DOI: https://doi.org/10.11860/j.issn.1673-0291.2018.02.012

2018-01-01

Abstract:Modern level crossing control systems are mostly computer-based and communication-based control systems.The causal factors in this type of system are mostly due to the fact that the complex interaction scenarios between system components have not been fully identified and controlled.In order to avoid the occurrence of level crossing accidents,this paper proposes a set of safety analysis methods for railway signal systems based on System Theory Process Analysis (STPA).With the improvement of the traditional STPA and the XSTAMPP,this paper takes the level crossing control system as a case for safety analysis.The results achieve the automatic generation of safety requirements based on the hazards analysis results and solved the problem that the traditional STPA process is too dependent on labor.Meanwhile,the safety requirements of the level crossing control system are automatically converted into a formal specification of the Linear Temporal Logic (LTL) language description,which avoids the possible ambiguity in the natural language description of the traditional STPA analysis results.It provides references for a model-based system design,testing and verification.

Lian-chuan Ma,Dongmei Huang,Jian-cheng Mu,Yuan Cao

DOI: https://doi.org/10.2991/AIEA-16.2016.61

2016-11-12

Abstract:Commercial off-the-shelf (COTS) software and hardware components are widely used in the design of train control system. In order to satisfy the application requirements of the safety computer in train control system, it is necessary to analyze its safety properties. In this paper, a method of safety analysis for the safety computer is proposed. The safety properties of the safety computer in train control system are verified by establishing the system model of safety mechanism, and establishing a safety base in safety computer management units (SCMU), and measuring the safety of each part of the system step by step, and then establishing a safety chain. Finally, tests are carried out through a designed software fault injection tool to demonstrate the effectiveness of the proposed method.

Computer Science,Engineering

Xiuchao WANG,Weikai MIAO,Yisong WANG,Danzhu BAO,Jing YANG

DOI: https://doi.org/10.3969/j.issn.1000-3428.2017.07.008

2017-01-01

Abstract:Since there is no requirements analysis tool for on-board train control software,requirements analysis researchers are unable to get expected data.Aiming at this problem,this paper proposes a requirements analysis method based on model extraction and designs a Control Software Requirements Analysis(CSRA) tool.It constructs an executable model by extracting the requirement items of requirements description documents,uses data flow method to analyze the model and obtain the Variable Dependency Diagram (VDD) and State Transition Diagram (STD).By using dynamic analysis,it gets the expected output data based on the requirements description documents and compares the data with real output data to generate an visual analysis report of the control software.Experimental results show that the proposed method can help requirements analysis researchers quickly find errors in software implementation,which provides a guarantee for the safe running of trains.

Jintao Liu,Hongwei Wang,Wei Zheng

DOI: https://doi.org/10.1109/CAC51589.2020.9326468

2020-01-01

Abstract:Safety analysis is an essential way to ensure the safe operation of high-speed railway train control systems. It is of significance to design special modeling language and modeling method for safety analysis of high-speed railway train control systems. This will contribute to improving the accuracy of safety analysis. According to the composition of safety analysis model of high-speed train control system, the characteristic elements of the safety analysis model are extracted On the base of the characteristic elements, the OIL extension mechanism is used to realize the stereotype design of UML classes and UML messages. As a result. an extended UML for safety modelling of high-speed railway train control systems is formed The proposed modelling language is applied to a typical scenario of Chinese high-speed railway. The results show the effectiveness of the proposed method.

Zhao Xianqiong,Li Kaicheng,Tang Tao,Yuan Lei

DOI: https://doi.org/10.3969/j.issn.1000-7458.2010.08.002

2010-01-01

Abstract:CTCS-3 is a typically safety-critical system.For a safety-critical system,it is vital that there is security risks in its System Requirement Specification(SRS).The SRS of CTCS-3 is covered by 14 operational scenarios,so it is reasonable and necessary to analyze these operational scenarios.This paper propose a method to analyze and verify the operational scenarios on the basis of UML and CSP and take the RBC exchange scenario as a study case to verify its aliveness,dead-lock,live-lock,deterministic property and part of safety property.

R. Niu,T. Tang

DOI: https://doi.org/10.2495/cr100751

2010-01-01

Abstract:Ensuring safety in railway signalling systems is always considered as significant as a guarantee of the safe and efficient operation of the whole railway. In fact, safety analysis of the signalling system with distributed computer technique is becoming extraordinarily difficult, because of the frequent and complex interaction between components and the various backup modes. The dominant approaches are subjective, difficult to reuse and not well structured, thus leaving the safety analysis process time-consuming and error-prone. This paper develops a hierarchical methodology for safety analysis based on the failure propagation model and state-transition model. Unlike traditional safety analyses, the proposed approach demonstrates more accurate representation of practical failure behaviour in a computer-based signalling system. Dynamic properties, system structure and failures at the component level are separately modelled in different layers, and connected with synthesis laws. The analysis can be easily refined as the system design progresses and automatically produces safety-related information to help the engineer in making design decisions. The preliminary design of the Communication Based Train Control (CBTC) system for the Yizhuang Line in Beijing is used to demonstrate this approach.

W. Tang,B. Ning,T. Xu,L. Zhao

DOI: https://doi.org/10.2495/cr100691

2010-01-01

Abstract:The high quality System Requirement Specification (SRS) is at the heart of the design and development of the European Train Control System level 2 (ETCS L2) with high safety and efficiency. However, the SRS, written in natural language with a shortage of rigorous mathematic foundation, makes it difficult to meet the high quality attributes of SRS, such as correctness, completeness and consistency. In order to tackle the above problems, the integration of a scenario-based model with a formal method, which is recommended to model and verify safety critical system (e.g., train control system), is proposed to improve the quality of the SRS for ETCS L2. First, the relevant operational scenarios are extracted from the SRS, then the corresponding UML sequence diagrams are constructed and finally the sequence diagrams are verified by the formal analysis tool (i.e., NuSMV) through a series transformation rules from UML sequences to NuSMV. The output analysis results facilitate improvement of the SRS qualities. Within the above modeling and verification process, the key mapping relationship is presented to ensure the consistency and traceability between the UML sequence model and the NuSMV specification.

YU Gang,LIU Xiao-wen,XIONG Jing,XU Zhong-wei,DU Jun-wei

DOI: https://doi.org/10.3969/j.issn.1001-8360.2013.07.012

2013-01-01

Abstract:The safety of the train control center directly affects the safety of high-speed railway operation.In order to achieve more essential formalized definition of safety requirements,a novel modeling method based on the safety behavior model was proposed.In terms of the features of safety requirements,the safety behavior model defined the safety factors to describe the metric relation among the state,behavior and risk of the system.It adopted a new safety constraint rule to describe the safety constraint behaviors,safety response behaviors and safety failure behaviors of the software.The effectiveness of the proposed method is verified through application in safety tests of high-speed train control center in China.

Li Han,Jing Liu,Tingliang Zhou,Junfeng Sun,Xiaohong Chen

DOI: https://doi.org/10.1109/compsac.2016.182

2016-01-01

Abstract:The integration of formal methods and requirements analysis increases the dependability of safety-critical systems. However it is still very difficult to obtain all of the safety requirements in practice, and formally construct the safety requirements model as well. In this paper, we propose an approach to capture safety requirements and formally describe them by classifying and developing safety requirements specification patterns. Our classification is a result of extracting safety properties from a variety of sources, such as interlocking tables and existing safety relevant functional requirements of railway interlocking system. They contain safety properties at analysis level and design level respectively. Furthermore, safety specification patterns based on the classification are used to formally describe and organize the safety requirements for formal verification. Finally, a tool called SRSV has been developed to enhance the process from deriving safety requirements to verifying. We applied it to the interlocking system at Mohe station in China, and the generated safety properties were then checked to hold by the verification tool.

Fei Yan,Tao Tang,Hongwei Yan

DOI: https://doi.org/10.1109/icirt.2016.7588764

2016-01-01

Abstract:Beijing Metro plans to open an Automated Urban Guided Transport (AUGT) Line at the end of 2017. The line will follow GOA4 requirements according to IEC62290-2014 and IEC62267-2009. The main difference between the AUGT line and existing line is no driver or attended people on the train. The system will realize the following functions: Ensure safety movement, Driving Supervising guideway, supervising passenger transfer, Operating a train and Ensuring detection and management of emergency situations. Traditionally, HAZOP (Hazard Operability analysis) or FMEA (Failure Mode and Effect Analysis) method will be used to do the hazard analysis. But the main challenge is that most of human operation and behavior are replaced by equipment in AUGT and it is very difficult to deal with emergency condition. Finally, an operational scenario based method has been used to do hazard analysis which combined with STPA (Systems-Theoretic Process Analysis). As we know, STPA is a systematic analysis method from the view of safety control and it is good at human related error and management related analysis. In this paper, STPA has been used to compare with traditional method. The conclusions are: 1) STPA is more focusing on the safety related interaction and we can easily find the main clue by safety constraints compared to HAZOP; 2) Process Model Analysis should be done in each of scenario in order to find detail safety control measures; 3) In order to identify what could cause the unsafe control action or how control actions may not be executed properly, we also can use low layer control process model to do STPA analysis if we find it is still complex. We can regard this means as nested control process model.

Ru Niu,Tao Tang,Oleg Lisagor,John A. McDermid

DOI: https://doi.org/10.1109/ICVES.2011.5983787

2011-01-01

Abstract:Recent developments in the modern control systems show a clear trend for increasing integration of a number of safety-related electronic systems - such as railway signalling system and x-by-wire systems - that are replacing traditional mechanical controls. These applications promise improved performance and safety through continuous high-capacity realtime data exchanges and reconfiguration in abnormal situations. However, safety analysis of networked systems is becoming extraordinarily difficult because of the complexity of interactions between components and the number of possible backup modes. The traditional analysis techniques are subjective and do not facilitate reuse, thus, making the safety analysis process time-consuming and error-prone. This paper extends the failure propagation model with a set of temporal operators, in order to demonstrate more accurate representation of practical failure behaviors of networked control systems. Computation laws of temporal operators and combinatorial operators are abstracted to transform complex temporal expressions into a standard form. In this way, the models can be solved automatically. The preliminary design of Communication Based Train Control (CBTC) system for Yizhuang Line in Beijing is used to demonstrate the approach.

Guoqiang Cai,Limin Jia,Ye Zhang

2007-01-01

Abstract:This paper addresses one of the challenges that must be overcome in a complex software development project, namely designing systems that meet requirements reflecting a continuously changing organizational environment and identifying safety control requirements. The authors propose a new method integrating safety authority and requirements analysis, opposing to delaying safety analysis until design or implementation. It defines the behavioral and functional requirements of the system's software component and describes in terms of a safety operational model. Application shows these contributions.

Xueying Song,Lei Qi,Shiyan Liu,Shuiting Ding,Daqing Li

DOI: https://doi.org/10.1016/j.ress.2024.110205

IF: 7.247

2024-01-01

Reliability Engineering & System Safety

Abstract:Safety analysis of complex systems, such as aero-engines, has always been a challenging problem. In particular, the risk propagation caused by system functional interactions has become increasingly prominent, leading to the difficulty of traditional safety analysis methods. Existing methods are mostly based on manual experience and deduction with difficulty to completely analyze the whole system safety regions. In this paper, a model-based framework is proposed by combining Finite State Machine Network (FSMN) and phase space theory to perform safety analysis of complex systems from function-logic perspective. We first construct the system model and system state-transition network based on FSMN. Then combining with phase space theory, we identify system safety regions of the entire operating space from macro perspective, and investigate the system risk propagation from micro perspective. An aero-engine system is taken as an example to illustrate the proposed method. Our results show that this method has the ability to effectively identify the potential risk factors and explore emergent unknown risks, which can provide guidance for formulating safety testing.

Lin Zhao,Tao Tang,Ruijun Cheng,Liyun He

2013-01-01

Journal of Computational Information Systems

Abstract:Defects in requirements specification of train control system may have fatal consequences.In this paper, we present a property based requirements analysis approach for train control system, which provides support for constructing precise, complete, and consistent requirements specification, and analyzing them with formal techniques. By using some requirement fragments from the train control system as a realistic example, we demonstrate the effectiveness of this approach. Copyright © 2013 Binary Information Press.