Xiao Han,Tao Tang,Jidong Lv,Haifeng Wang

DOI: https://doi.org/10.1007/978-3-319-33951-1_7

2016-01-01

Abstract:The complexity of railway control system makes some requirement deficiencies hard to find, which results in system failures. It is essential to locate those deficiencies using logs recorded during failure events. In this paper, a model checking based failure analysis approach was proposed and applied to a case of abnormal emergency brake. First, a system model describing the system requirement and an event model depicting the logs were constructed. Next the compositional model was verified through model checking in UPPAAL which then produced a counterexample trace that describes the system behaviour in the failure event. By analysing this trace, an inadequacy was found in the requirement and a modification strategy was brought up which was formally verified to be effective.

Jiao Chen,Tao Tang,Yu Lim

DOI: https://doi.org/10.1109/cac.2017.8243767

2017-01-01

Abstract:The most of Chinese high-speed railway lines are using CTCS-3 train control system to ensure the safety of the train. In the CTCS-3 train control system, the way of the location for on-board equipment is different from the ground equipment. The way of location for on-board equipment is based on the balise positioning and speed transmitter, but the ground equipment is based on the track circuit. Due to existence of different positioning methods, comparing to ground equipment, the on-board equipment determines whether the train occupies the next block section is different. In this paper, the model checking method is adopted. First of all, the model of CTCS-3 train control system equipment related to the positioning scenario in the inter block operation of trains which are established by timed automata. Then, the UPPAAL tool is used to carry out the model test, verifying the items that are not passed. Combined with the train when normal operate on the railway, but the train abnormally output emergency braking, and analysis of the train with the low-speed, when it occupies the next Block Section, the impact of traffic causes, and make recommendations.

LIU Jin-tao,TANG Tao,ZHAO Lin,LI Xian

DOI: https://doi.org/10.3969/j.issn.1001-8360.2013.10.009

2013-01-01

Abstract:By utilizing the UML-supported low-level extensibility mechanisms, the UML was extended to cater to the compositeness of the train control systems. Semi-formalized modelling of the CTCS-3 System was carried out with the extended UML and the fault event mechanism was adopted to describe the faults of the system. The rule of transforming the UML model to the PHAVer model and the method of establishing the fault monitor model were presented. The content of functional verification of the system model and acquisition of the minimal cut set were elaborated. Taking RBC handover for example, the method of UML merging with calculation of reachable sets was applied in modeling and analyzing. The result shows that the UML and reachable sets combined method is suitable for function safety analysis of the CTCS-3 System.

Zhao Tianshi,Sun Chao,Huang Yinxia

DOI: https://doi.org/10.3969/j.issn.1000-7458.2012.12.006

2012-01-01

Abstract:The CTCS-3 Train Control System is a kind of typical safety critical systems and its system assessment is complex.Through converting non-formal system requirements into semi-formal requirements,We use safety several analysis tools,such as hazard and operability studies,fault tree analysis,event tree analysis and reason and result analysis,to provide suitable risk assessment techniques for CTCS-3 Train Control System.

Yu Liu,Tao Tang,Kaicheng Li,Chenling Li

DOI: https://doi.org/10.2991/iccnce.2013.90

2013-01-01

Abstract:As a safety critical system, train control system matters in passengers life and properties. It is important that how to guarantee the safety of train control system. Safety testing is an effective method to detect the safety holes and bugs in the system. However, most safety testing for train control system is manually executed based on expertise, which leads to a huge testing workload. Besides, manual generation will easily cause the problem of missing test cases.In this paper, a model-based safety test method is introduced, hoping to solve this problem. We select a core function of onboard system in Chinese Train Control System level 3 (CTCS-3) as representative to study the method. This function was analyzed by Fault Tree Analysis (FTA) firstly, and a set of timed automata network model of this function is built using the tools of UPPAAL, the bottom events are used to turn to fault models, injected into the whole system model. Then COVER, the real-time test case generation tool, is used to generate the safety test cases from the system model (included fault models) automatically, and states transition criteria is customized based on preferences to achieve user-defined test, the test accuracy and efficiency is improved.

LIU Jin-tao,TANG Tao,ZHAO Lin,LIU Lei

DOI: https://doi.org/10.3969/j.issn.1001-8360.2015.08.006

2015-01-01

Abstract:The formal definition of control actions in CTCS level‐3 system is proposed .In respect with the sequential re‐lations of control actions ,the temporal logic of control acctions is designed .Based on such temporal logic ,the formal definition for the control relationship model is given ,with which the control action relationships in the train control sys‐tem can be modeled .With the depth first search ,the control relationship model is analyzed to achieve the automatic i‐dentification of inadequate control actions proposed in STPA (System‐Theoretic Process Analysis ) .In the case of RBC handover scene of the CTCS level‐3 train control system ,the STPA method based on control relationship model is used to analyze the functional safety of the train control system .The results show that the proposed method is suitable for the functional safety analysis of the CTCS level‐3 system .

LIU Jintao,TANG Tao,XU Tianhua,ZHAO Lin

2011-01-01

Abstract:With the method which integrated UML with symbolic model checking,the formal verification of CTCS-3 level system requirement specification was carried out.The UML model of requirement specification was extended and abstracted using event and visible-variable abstraction methods.According to the transformation rules,the NuSMV model of requirement specification was established.Verification for domain independent and domain dependent properties of NuSMV model was elaborated.Additionally,the approach of the counterexample was proposed for tracking,locating and correcting errors.Taking the mode switch in the requirement specification for example,the proposed formal verification method was adopted for the verification of mode switch.The result of verification shows that mode switch can satisfy the requirements of liveness,transition,non-deadlock,determinacy and safety.The process of verification shows that the method which integrates UML with symbolic model checking is suitable for the verification of CTCS-3 level system requirement specification.

Cheng Ruijun,Zhao Lin,He Liyun

DOI: https://doi.org/10.3969/j.issn.1000-7458.2013.02.029

2013-01-01

Abstract:Using property-based analysis method,a formal verification of CTCS-3 level system requirement specification was carried out.Firstly,a UML model of the requirement specification was established and then transformed into PSL model.Secondly,the original model was continuously revised through simulation to attain a realizable PSL model.Finally,we use verification tools to test the related properties of the PSL model and locate and correct errors by using counter examples.Taking the mode conversion in the requirement specification as an example,we utilize this method to verify the reachability,transition and deadlock of the model.The verification shows that the property-based analysis method is suitable for the requirement specification verification of CTCS-3 level system.

Wumei Tang,Bin Ning,Tianhua Xu,Lin Zhao

DOI: https://doi.org/10.1109/iccet.2010.5486079

2010-01-01

Abstract:The Chinese train control system level 3 (CTCS-3) system requirement specification required to be high-quality should satisfy the quality attributes, such as correctness, completeness, consistency, and traceability. In order to prove that these quality attributes are satisfied, we present a scenario-based approach using UML sequence diagram and model checking to modeling and verify the specification. The mapping between scenario and sequence diagram ensures correctness of the modeling, and enhances the traceability of the verification. The expressiveness of sequence diagram and the precise semantics of model checker are outstanding and proved in practical applications. The formal techniques used in this paper provide a certain level of confidence because of their rigor and completeness.

Haotong Xu,Kaicheng Li,Lei Yuan,Qiang Fu

DOI: https://doi.org/10.1117/12.2652804

2022-01-01

Abstract:In order to meet the needs of railway operations in western China, the development of Chinese New Train Control System (CTCS-N) has been launched. To obtain complete and correct system requirements for CTCS-N early in system development, this paper applies the scenario-based requirements analysis method in software engineering to the requirements analysis of CTCS-N. This method takes the system operation scenario as input, analyzes the behaviors of the scenario based on ontology theory, and extracts the system requirements contained in the scenario based on SWRL (Semantic Web Rule Language) reasoning rules. Furthermore, the timed automata (TA) network model is constructed for requirement verification. Based on the design of the CTCS-N architecture, the above method is used to analyze the requirements based on the train integrity monitoring scenario as an example. The result shows that the method can effectively obtain the system requirements and provides a reference for the requirements development of CTCS-N.

Yong Zhang,Jiawei Li,Aled R. Walters,Xuting Duan,Daxin Tian

DOI: https://doi.org/10.1109/itsc55140.2022.9922206

2022-01-01

Abstract:The train-to-train (T2T) based Train-centric Control System (TcCS) is one promising advanced solution to save the life-cycle cost of the railway signalling system by reducing a large number of the ground equipment when compared to the widely used CTCS/ETCS system. However, the reliability performance influence for the transportation mission introduced by this new solution has never been studied. In order to address this problem, we built a reliability model of the whole transportation mission based on the Phase Mission Systems (PMS) modelling methodology. In this paper, the structure of both control systems is described first. Then the fault tree models in three phases of the whole mission under different control systems are constructed according to the railway signalling control principles. The numerical analysis is carried out based on the Binary Decision Diagram (BDD) calculation method, according to relevant reliability parameters of the basic equipment. The results under CTCS-3 and TcCS are then analysed and compared in each phase of the mission, which shows the reliability influence on the transportation mission under different control systems.

W. ShangGuan,J. Xiao,B. Cai,B. Heydecker,J. Wang

DOI: https://doi.org/10.2495/crs140171

2014-01-01

Abstract:Reliability is one of the key problems of an automatic system, especially to the huge, complex, multiple target-based, safety critical and reliability-dependent train control system.A system reliability analysis method based on a dynamic fault tree was proposed to analyse possible fault causes of a whole system in a HLA (High Level Architecture) simulation platform, and according to the principle of the dynamic fault tree model, the conversion from dynamic logic gates to Markov Chain was achieved.The reliability analysis through the dynamic fault tree method of train-ground communication subsystem was completed, which included a qualitative and quantitative analysis.A test of train-ground communication failure was established based on the fault injection method, the fault injection tool in a simulation environment enabled each module of the train control system running according to the fault testing program.The simulation result shows that compared with the conventional static fault tree analysis method, using dynamic fault tree analysis can conduct a better reliability analysis, using the fault injection method that can evaluate and test a simulation system based on HLA effectively, which can improve the reliability of the simulation system.

Lin Zhao,Tao Tang,Ruijun Cheng,Liyun He

2013-01-01

Journal of Computational Information Systems

Abstract:Defects in requirements specification of train control system may have fatal consequences.In this paper, we present a property based requirements analysis approach for train control system, which provides support for constructing precise, complete, and consistent requirements specification, and analyzing them with formal techniques. By using some requirement fragments from the train control system as a realistic example, we demonstrate the effectiveness of this approach. Copyright © 2013 Binary Information Press.

XIE Yu-fei,TANG Tao,XU Tian-hua,ZHAO Lin

DOI: https://doi.org/10.3969/j.issn.1001-8360.2011.07.011

2011-01-01

Abstract:The specifications of the CTCS-3 train control system is the basis of design and development of the CTCS-3 train control system,and it is crucial for realization of good interoperability and high efficiency and security of the system.However,specifications compiled by experience or intuitive thought inevitably bring about defects or hidden dangers.So it is necessary to carry out modeling and formal verification of the system specifications.The paper proposes the method of modeling and formal verification of the CTCS-3 train control system specifications.The method establishes a track chain of the system specifications,model,model checking tools and verification results so as to ensure the consistency of the system specifications,models and program codes.Our practice has proved that this method is feasible and efficient.

Wen Zhong,Yan Wang,Xiaohong Chen

DOI: https://doi.org/10.1007/978-981-10-7796-8_15

2018-01-01

Abstract:Although train control system (TCS) is regarded relatively safe, accidents still happened from time to time. In this paper, we propose a simulation based approach to elicit new requirements from accidents and then modify the TCS to provide a more reliable and safer system. A Modelica system model is constructed to describe the structure and interactions of TCS according to the continuous behavior and discrete fault event of TCS devices. A Modelica accident model is also defined based on the system model in order to predict accidents. These Modelica models are simulated in Open Modelica until all scenarios (paths) are covered. By analyzing the simulation results which indicate the causes of accidents, we elicit new requirements, and modify the original system model. Simulation is used again to show that these modifications could effectively avoid such accidents. A case study is provided to validate our approach.

Xiuchao WANG,Weikai MIAO,Yisong WANG,Danzhu BAO,Jing YANG

DOI: https://doi.org/10.3969/j.issn.1000-3428.2017.07.008

2017-01-01

Abstract:Since there is no requirements analysis tool for on-board train control software,requirements analysis researchers are unable to get expected data.Aiming at this problem,this paper proposes a requirements analysis method based on model extraction and designs a Control Software Requirements Analysis(CSRA) tool.It constructs an executable model by extracting the requirement items of requirements description documents,uses data flow method to analyze the model and obtain the Variable Dependency Diagram (VDD) and State Transition Diagram (STD).By using dynamic analysis,it gets the expected output data based on the requirements description documents and compares the data with real output data to generate an visual analysis report of the control software.Experimental results show that the proposed method can help requirements analysis researchers quickly find errors in software implementation,which provides a guarantee for the safe running of trains.

Lian-chuan Ma,Dongmei Huang,Jian-cheng Mu,Yuan Cao

DOI: https://doi.org/10.2991/AIEA-16.2016.61

2016-11-12

Abstract:Commercial off-the-shelf (COTS) software and hardware components are widely used in the design of train control system. In order to satisfy the application requirements of the safety computer in train control system, it is necessary to analyze its safety properties. In this paper, a method of safety analysis for the safety computer is proposed. The safety properties of the safety computer in train control system are verified by establishing the system model of safety mechanism, and establishing a safety base in safety computer management units (SCMU), and measuring the safety of each part of the system step by step, and then establishing a safety chain. Finally, tests are carried out through a designed software fault injection tool to demonstrate the effectiveness of the proposed method.

Computer Science,Engineering

Jintao Liu,Tao Tang,Lin Zhao,Tianhua Xu,Wei Zheng

DOI: https://doi.org/10.1109/ISORCW.2012.12

2012-01-01

Abstract:Chinese Train Control System Level 3(CTCS-3) is a typical complex cyber-physical system. The complexity of functionality of CTCS-3 brings some challenges to the safety analysis with the typical methods. In this paper, we propose the method of functional safety analysis based on the hybrid automata, where the faults are modeled as fault events to present the fault situation of system, moreover, the transition from hybrid automata to PHAVer model and the fault monitor which can monitor the malfunction in the reachability analysis are elaborated. At last, we take the speed supervision of CTCS-3 as an example, and the experimental results show the validity and feasibility of this method.

Shangguan Wei,Cai Baigen,Wang Yan,Wang Jingjing,Wang Yaju

DOI: https://doi.org/10.3969/j.issn.1000-7458.2010.05.002

2010-01-01

Abstract:CTCS-3 train operation control system is one complex security system with lots of functions,which means that deep research on modeling and verification of train operation control system should be carried out.On the basis of analysis of advantages and disadvantages of UML modeling and colored Petri net,this paper proposes a modeling and verification method based on UML and colored Petri net (CPN).By analyzing the simulation result,the conclusion could be obtained that application of the method could have positive research significance for modeling and verification of CTCS-3 train operation control system.

YUAN Lei,L Ji-dong,LIU Yu,LI Chen-ling,ZHAO Wei-hui

DOI: https://doi.org/10.3969/j.issn.1001-8360.2014.08.010

2014-01-01

Abstract:As a core subsystem in CTCS-3(Chinese Train Control System Level 3) ,the onboard subsystem is a typical safety-critical system ,which guarantees the safety of train movements.The test case generation method is the key and basic technology for function testing of the onboard subsystem.In this paper ,the timed automata network model was established using tool UPPAAL and it was declared that the non-determinitic essence of the model led to the test cases not all-inclusive.Thus ,a new test generation algorithm was given and used to gener-ate test cases of the functions of the onboard subsystem based on the Observer automata.A complete model transition function test set was derived with tool CoVer which was proved to be more efficient and reusable.