Xiaohong Chen,Zhiwei Zhong,Zhi Jin,Min Zhang,Tong Li,Xiang Chen,Tingliang Zhou

DOI: https://doi.org/10.1109/re.2019.00040

2019-01-01

Abstract:Consistency verification of safety requirements is an important but still challenging task for safety-critical systems such as rail transit systems. That is mainly because requirements are typically written in natural language and with strong time constraints. Driven by the practical need from industry, in this paper we propose a systematic approach to specify safety requirements in a quasi-natural language and automatically verify their consistency using formal methods. Specifically, we define a domain specific language SafeNL to specify safety requirements, and then automatically transform them into formal constraints defined in the Clock Constraint Specification Language (CCSL). The transformed constraints can be automatically and efficiently verified by model checking. We conduct two practical case studies to analyze the safety requirements of an interlocking system in CASCO Signal Ltd. Results of the studies show the validity and utility of our approach can pragmatically contribute to industrial practice. We also report some lessons learned from case studies.

Yike Huang,Xiaohong Chen,Zhi Jin,Tingliang Zhou

DOI: https://doi.org/10.1109/rew61692.2024.00035

2024-01-01

Abstract:The importance of real-time requirements inconsistency detection is increasingly manifested in safety -critical system development. Most existing tools use state-based detection methods for real-time requirements verification, but they sometimes struggle to efficiently detect results when faced with complex system requirements. Moreover, adding device properties into the verification has increased the complexity of the state space. As a complementary, in this paper, we present a lightweight efficient method for real-time requirements existence inconsistency detection for safety-critical systems. We reduce the real-time existential inconsistencies detection problem into a constraint solving problem. The real-time requirements and involved device properties are encoded into SMT formulas, which can be detected quickly by using a constraint solver such as Z3. Through a case study and experimental evaluation, it is shown that our method can efficiently detect real-time existential inconsistencies in requirements. This provides a practical solution to detect certain types of errors in the early stage, avoiding possible future expensive costs.

Xiaohong Chen,Juan Zhang,Zhi Jin,Min Zhang,Tong Li,Xiang Chen,Tingliang Zhou

DOI: https://doi.org/10.1109/tits.2023.3324022

IF: 8.5

2023-12-05

IEEE Transactions on Intelligent Transportation Systems

Abstract:Consistency verification of safety requirements is crucial for the success of safety-critical systems, particularly railway systems. However, this task often requires significant time spent on interaction and communication between domain experts, who possess in-depth knowledge of safety requirements in a specific domain, and formal experts, who have the necessary skills to apply verification tools and techniques. To enhance time efficiency and productivity, we propose an approach to empower domain experts with formal methods for verifying safety requirements' consistency. This involves transforming natural requirements into formal models and using formal methods for verification. The approach also localizes inconsistent requirements to provide feedback to domain experts. Communication between domain experts and formal experts can be facilitated through the pattern language SafeNL. By adopting this approach, domain experts can utilize formal verification without extensive consultation with formal experts. Two practical case studies with CASCO Signal Ltd. validate its effectiveness, practicality, as well as a significant reduction of time compared to traditional methods (at least 90% reduction). This reduction in time is primarily due to reduced communication needs and more efficient localization. Evaluations show that SafeNL is user-friendly and the approach performs well in modular systems while scalability is somewhat limited.

engineering, electrical & electronic,transportation science & technology, civil

Chao Wu,Zhong Hua Huang,Yu Ting Yang,Yue Liu

DOI: https://doi.org/10.1088/1742-6596/1756/1/012002

2021-01-01

Journal of Physics: Conference Series

Abstract:Abstract In the iterative process of the update of the information service system, the continuous improvement of the system is restricted due to problems such as non-standard, incomplete, and strong ambiguity in the description of requirements. It makes it difficult to verify the consistency and integrity of requirements. In this paper, we focus on the huge requirements of complex information service system, and propose research on requirement itemized extraction and structured description technology based on natural language processing and requirement item keyword extraction and standardized expression technology. The library management system is used as the verification object to verify the effectiveness of the method proposed in this paper.

Shaobin Liu,Xiaohong Chen,Zhi Jin,Min Zhang

DOI: https://doi.org/10.1109/hpcc-dss-smartcity-dependsys57074.2022.00175

2022-01-01

Abstract:Many safety-critical systems need to meet increasing real-time requirements, which asks for formal inconsistency analysis. However, most of the current formal approaches are unfriendly to domain experts. It is a heavy burden for them to formalize the natural language requirements and use formal methods to analyze the inconsistency. To help the domain experts, in this paper, we define a real-time requirements pattern language, and propose an automated real-time requirements inconsistency analysis approach based on constraint solving. A case study on automotive lighting systems shows the feasibility of our approach.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.1109/ICCASM.2010.5620084

2010-01-01

Abstract:A modeling and verification methodology is presented for railway interlocking system which is regarded as a safety-critical system. The methodology utilizes UML (Unified Modeling Language) to model the function requirement and FSM (Finite State Machine) to verify the safety requirements of the specification. The device specifications of railway interlocking system are modeled with UML, and dynamic behaviors of the device and whole system are modeled with FSM, the safety specification is translated LTL (Linear Temporal Logic) and analyzed with NuSMV. We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.2991/iccasm.2012.212

2012-01-01

Abstract:A verification methodology is presented for railway interlocking system which is regarded as a safety-critical system.The methodology utilizes UML to model the function requirement and LTL to verify the safety requirements of the specification.The device specifications of railway interlocking system are modeled with UML, then translate into FSM.The safety specification is translated LTL and analyzed with NuSMV.We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

Kexin WANG,Zhijiang SHAO,T.Biegler Lorenz

DOI: https://doi.org/10.3969/j.issn.0438-1157.2013.12.023

2013-01-01

Abstract:Simulation and optimization based on equation-oriented models benefit the most from advanced modeling and optimization methods. However, linearly dependent and inconsistent constraints that arise from poor models or nonlinear programming(NLP) algorithms result in failure in practice. A method to detect the inconsistent constraints in this case is proposed. The detection is based on the infeasible system identification of NLP solvers and takes advantage of the structure of linearly dependent systems. Efficiency of the detection process can be improved significantly through proper linear solver invocations. Numerical experiments on examples derived from CUTE and COPS test sets demonstrate the effectiveness of the proposed method. © All Rights Reserved.

Xiaohong Chen,Kun Ruan,Zhi Jin,Junhu Li,Lingling Zheng

DOI: https://doi.org/10.1109/isssr58837.2023.00032

2023-01-01

Abstract:Formal methods have demonstrated tremendous potential for verifying requirements consistency, particularly for safety-critical systems. In our previous research, we included environment characteristics in the scope of formal specification verification for embedded systems and proposed a requirement consistency verification method based on an environment model. However, we found that this method was not sufficiently efficient. To address this issue, this paper defines this environment model introduced inconsistency as mutually exclusive inconsistency, based on its representation characteristics, and proposes an efficient static verification approach for embedded systems. We reduce the consistency verification problem to the traversal of a graph. To support the proposed approach, we implement a requirement consistency verification tool, called Env-Consistency, and apply it to industrial cases. To illustrate the advantages of this approach, several sets of comparative experiments are designed, which demonstrates our approach is both effective and efficient.

XF Zhu,Z Jin

DOI: https://doi.org/10.1109/cit.2005.96

2005-01-01

Abstract:Management of requirements inconsistency is key to the development of complex trustworthy software system, and precise measurement is precondition for the management of requirements inconsistency properly. But at present, although there are a lot of work on the detection of requirements inconsistency, most of them are limited in treating requirements inconsistency according to heuristic rules, we still lacks of promising method for handling requirements inconsistency properly.Based on an abstract requirements refinement process model, this paper takes domain ontology as infrastructure for the refinement of software requirements, the aim of which is to get requirements descriptions that are comparable. Thus we can measure requirements inconsistency based on tangent plane of requirements refinement tree, after we have detected inconsistent relations of leaf nodes at semantic level.

Zhe Chen,Gilles Motet

DOI: https://doi.org/10.1109/depend.2009.18

2009-06-01

Abstract:Safety is an important element of dependability. It is defined as the absence of accidents. Most accidents involving software-intensive systems have been system accidents, which are caused by unsafe inter-system or inter-component interactions. To validate the absence of system hazards concerning dysfunctional interactions, industrials call for approaches of modeling system safety requirements and interaction constraints among components. This paper proposes such a formalism, namely interface control systems (or shortly C-Systems). An interface C-System is composed of an interface automaton and a controlling automaton, which formalizes safe interactions and restricts system behavior at the meta level. This framework differs from the framework of traditional model checking. It explicitly separates the tasks of product engineers and safety engineers, and provides a top-down technique for modeling a system with safety constraints, and for automatically composing a safe system that conforms to safety requirements. The contributions of this work include formalizing safety requirements and a way of automatically ensuring system safety.

Ming Chai,Haifeng Wang,Tao Tang,Hongjie Liu

DOI: https://doi.org/10.1016/j.jss.2021.110962

IF: 3.5

2021-07-01

Journal of Systems and Software

Abstract:<p>With the growing complexity of railway control systems, it is required to preform runtime safety checks of system executions that go beyond conventional runtime monitoring of pre-programmed safety conditions. Runtime verification is a lightweight and rigorous formal method that dynamically analyses execution traces against some formal specifications. A challenge in applying this method in railway systems is defining a suitable monitoring specification language, i.e., a language that is expressive, of reasonable complexity, and easy to understand. In this paper, we propose parameterized modal live sequence charts (PMLSCs) by introducing the alphabet of the specification into charts to distinguish between silent events and unexpected events. We further investigate the expressiveness and complexity theories of the language. In particular, we prove that PMLSCs are closed under negation and the complexity of a subclass of PMLSCs is linear, which allows the language to be used to monitor a system online. Finally, we use PMLSCs to monitor an RBC system in the Chinese high-speed railway and evaluate the performance. The experimental results show that the PMLSC has high monitoring efficiency, and can reduce false alarm rate by introducing alphabets of charts.</p>

computer science, theory & methods, software engineering

Alexei Iliasov,Dominic Taylor,Linas Laibinis,Alexander Romanovsky

DOI: https://doi.org/10.48550/arXiv.2108.10091

2021-08-23

Software Engineering

Abstract:The increasing complexity of modern interlocking poses a major challenge to ensuring railway safety. This calls for application of formal methods forassurance and verification of their safety. We have developed an industry-strength toolset, called SafeCap, for formal verification of interlockings. Our aim was to overcome the main barriers in deploying formal methods in industry. The approach proposed verifies interlocking data developed by signalling engineers in the ways they are designed by industry. It ensures fully-automated verification of safety properties using the state of the art techniques (automated theorem provers and solvers), and provides diagnostics in terms of the notations used by engineers. In the last two years SafeCap has been successfully used to verify 26 real-world mainline interlockings, developed by different suppliers and design offices. SafeCap is currently used in an advisory capacity, supplementing manual checking and testing processes by providing an additional level of verification and enabling earlier identification of errors. We are now developing a safety case to support its use as an alternative to some of these activities.

Xin CHEN,Peng JIANG,Yi-Fan ZHANG,Chao HUANG,Yan ZHOU

DOI: https://doi.org/10.13328/j.cnki.jos.004780

2015-01-01

Abstract:The train control system is a safety-critical system. To assure its safety, it requires the testing process to cover all possible runs in its safety-critical scenarios. Existing methods of scenario modeling and test case generation cannot completely satisfy the requirement. The paper focuses on the methods of modeling safety-critical scenarios in train control system and the tools for automatically generating test cases for the system. UML activity diagram is extended with event-driven and time characteristic description mechanism to satisfy the requirement of modeling safety-critical scenarios. A simple path coverage criterion is also proposed to define the coverage of all possible runs in a scenario and a method is provided for automatic test case generation. The experiment on ground train control system shows the effectiveness and limitation of the proposed method.

Alessandro Cimatti,Marco Roveri,Angelo Susi,Stefano Tonetta

DOI: https://doi.org/10.4204/EPTCS.20.7

2012-06-27

Abstract:The validation of requirements is a fundamental step in the development process of safety-critical systems. In safety critical applications such as aerospace, avionics and railways, the use of formal methods is of paramount importance both for requirements and for design validation. Nevertheless, while for the verification of the design, many formal techniques have been conceived and applied, the research on formal methods for requirements validation is not yet mature. The main obstacles are that, on the one hand, the correctness of requirements is not formally defined; on the other hand that the formalization and the validation of the requirements usually demands a strong involvement of domain experts. We report on a methodology and a series of techniques that we developed for the formalization and validation of high-level requirements for safety-critical applications. The main ingredients are a very expressive formal language and automatic satisfiability procedures. The language combines first-order, temporal, and hybrid logic. The satisfiability procedures are based on model checking and satisfiability modulo theory. We applied this technology within an industrial project to the validation of railways requirements.

Software Engineering

Yan Zhang,Xiangwei Liu,Jin Shi,Tian Zhang,Zhuzhong Qian

DOI: https://doi.org/10.1109/IMIS.2014.8

2014-01-01

Abstract:Cyber-Physical Systems (CPS) play an important role in the safety-critical systems. It is very significant to verify whether some concerned behaviors exist in a CPS. Hybrid interface automata, extension of a non-hybrid version, are used to model a CPS. A scenario, described by MARTE sequence diagram, specifies the concerned behaviors. An algorithm is given for bounded checking the behavioral nonexistent consistency, namely, the behaviors specified by a scenario all do not exist in a hybrid interface automaton. The idea of the algorithm is, firstly, encoding the behavioral nonexistent consistency to an unconstrained dynamic programming, secondly, solving the unconstrained dynamic programming by a genetic algorithm. The algorithm can search the results on the real domain, and be applied to nonlinear as well as linear hybrid systems.

Josh Hunter,John McDermid,Simon Burton

2024-03-18

Abstract:As the railway industry increasingly seeks to introduce autonomy and machine learning (ML), several questions arise. How can safety be assured for such systems and technologies? What is the applicability of current safety standards within this new technological landscape? What are the key metrics to classify a system as safe? Currently, safety analysis for the railway reflects the failure modes of existing technology; in contrast, the primary concern of analysis of automation is typically average performance. Such purely statistical approaches to measuring ML performance are limited, as they may overlook classes of situations that may occur rarely but in which the function performs consistently poorly. To combat these difficulties we introduce SACRED, a safety methodology for producing an initial safety case and determining important safety metrics for autonomous systems. The development of SACRED is motivated by the proposed GoA-4 light-rail system in Berlin.

Software Engineering,Artificial Intelligence

Lian Yu,Shuang Su,Shan Luo,Yu Su

DOI: https://doi.org/10.1109/TASE.2008.46

2008-01-01

Abstract:For many event-driven systems, the completeness and consistency (C&C) are the most important characteristics of those software requirements. This paper presents a systematic approach to perform C&C analysis on the requirements, and an intelligent approach to correcting the inconsistencies identified. A formal scenario model is used to represent requirements such that scenario elements of condition guards, events and actions can be extracted automatically. Condition guards associated with a same event are constructed into a tree on which to perform completeness analysis and supplement missing specification. Consistency analysis focuses on three types of inconsistencies and is performed according to the intra-relations among condition guards and inter-relations with actions. An algorithm of inconsistent correction is proposed to guide eliminating the inconsistency identified interactively. Finally, we provide an example of car-alarm system to illustrate the proposed process and techniques.

Huixing Fang,Jianqi Shi,Huibiao Zhu,Jian Guo,Kim Guldstrand Larsen,Alexandre David

DOI: https://doi.org/10.1007/s10009-014-0318-1

2014-05-27

International Journal on Software Tools for Technology Transfer

Abstract:For hybrid systems, hybrid automata-based tools are capable of verification, while Matlab Simulink/Stateflow is proficient in simulation. We propose a co-verification procedure, in which the verification tool SpaceEx/PHAVer and simulation tool Matlab are integrated to analyze and verify hybrid systems. For the application of this procedure, a platform screen door system (PSDS, a subsystem of the subway control system), is modeled with hybrid automata and Simulink/Stateflow charts, respectively. The models of PSDS are simulated by Matlab and verified by SpaceEx/PHAVer. The simulation and verification results indicate that the sandwiched situation can be avoided under time interval conditions. We improve the model with four trains and four stations on a subway line and analyze the urgent control scenario for the safety distance requirement. In this paper, the Simulink/Stateflow model is a refinement of the SpaceEx/PHAVer model, which is closer to a final implementation. Moreover, the two models are complementary for some features (e.g.,visualization of simulation, correctness proving by verification), stressing different aspects of the overall system and permitting complementary analysis techniques, i.e., verification versus simulation. We conclude that this integration procedure is competent in verifying subway control systems.

computer science, software engineering

Xinhong Hei,Lining Chang,Weigang Ma,Guo Xie

2011-01-01

Abstract:The Unified Modeling Language (UML) has been introduced into the design of safety-critical computer systems substantially. Considering that UML is a semi-formal tool, which leads to the difficulty in system analysis and verification, in this paper, we propose the way of transforming the UML statechart into a Petri net model, and establish the transformation rules, which makes it easy to analyze and verify the decentralized system properties, including concurrency, synchronization as well as confiict. Finally, in order to demonstrate the effectiveness of the proposed methodology, we model a novel decentralized railway interlocking system which ensures train safety in stations, then analyze and verify the system. © 2011 ISSN 1881-803X.