Lei Bu,Qixin Wang,Xinyue Ren,Shaopeng Xing,Xuandong Li

DOI: https://doi.org/10.1109/tcad.2019.2935062

IF: 2.9

2020-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Unlike standalone embedded devices, behaviors of a cyber-physical system (CPS) are highly dynamic. Many parameter values (e.g., those related to nature environment and third party black box functions) are unknown offline. Furthermore, distributed sub-CPSs may exchange data online. In this article, we first propose the concept of parametric hybrid automata (PHA) to describe such complex CPSs. As some PHA parameter values are unknown until runtime, conventional offline model checking is infeasible. Instead, we propose to carry out PHA model checking online, as a fault prediction mechanism. However, this usage is challenged by the high time cost of state reachability verification, which is the conventional focus of model checking. To address this challenge, we propose that the model checking shall focus on online scenario reachability validation instead. Furthermore, we propose a mechanism to compose/decompose scenarios. Our scenario reachability validation can exploit linear programming to achieve polynomial time cost. Evaluations on a state-of-the-art train control system show that our approach can cut online model checking time cost from over 1 h to within 200 ms.

Ruijun Cheng,Jin Zhou,Dewang Chen,Yongduan Song

DOI: https://doi.org/10.1016/j.ress.2015.09.014

IF: 7.247

2016-01-01

Reliability Engineering & System Safety

Abstract:This paper presents a parameter analysis method to solve the parameter uncertainty problem for hybrid system and explore the correlation of key parameters for distributed control system. For improving the reusability of control model, the proposed approach provides the support for obtaining the constraint sets of all uncertain parameters in the abstract linear hybrid automata (LHA) model when satisfying the safety requirements of the train control system. Then, in order to solve the state space explosion problem, the online verification method is proposed to monitor the operating status of high-speed trains online because of the real-time property of the train control system. Furthermore, we construct the LHA formal models of train tracking model and movement authority (MA) generation process as cases to illustrate the effectiveness and efficiency of the proposed method. In the first case, we obtain the constraint sets of uncertain parameters to avoid collision between trains. In the second case, the correlation of position report cycle and MA generation cycle is analyzed under both the normal and the abnormal condition influenced by packet-loss factor. Finally, considering stochastic characterization of time distributions and real-time feature of moving block control system, the transient probabilities of wireless communication process are obtained by stochastic time petri nets.

Qianzhu Zhao,Jing Liu,Xiang Chen,Tengfei Li,Junfeng Sun,Lipeng Zhang

DOI: https://doi.org/10.1109/tase52547.2021.00032

2021-01-01

Abstract:Safety is critical for the new technology of the communication-based train control (CBTC) system, the train-to-train CBTC (T2T-CBTC) system, which establishes direct communication between trains. In this paper, we define a parametric spatio-temporal hybrid modeling language (StHML(p)), focusing on the extension of spatio-temporal elements and probability parameters, to model the T2T-CBTC system. The parameters are risk states which come from the uncertain environment. To this end, we present a safety-risk prediction method based on a deep recurrent neural network for the T2T-CBTC system, which takes into account highly imbalanced data of the system, to predict the risk states through environment data. To verify StHML(p) model, we propose a mapping algorithm to transform StHML(p) into NSHA (Networks of Stochastic Hybrid Automaton) and employe the statistical model checker UPPAAL-SMC for verifying quantitative properties. Finally, we implement our approach in an T2T-CBTC system.

Xingyu Xing,Tangrui Zhou,Junyi Chen,Lu Xiong,Zhuoping Yu

DOI: https://doi.org/10.1109/iv48863.2021.9575425

2021-01-01

Abstract:Hazard analysis is a quite significant step to ensure vehicle safety in the early stage of vehicle development according to current standards. However, the complexity of the Advanced Driving Assistance System (ADAS) and Automated Driving Systems (ADS), which consist of various software and hardware components, makes it difficult to identify system hazards. Nowadays, System-Theoretic Process Analysis (STPA), a hazard analysis method for complex systems, is applied to ADAS, and simple ADS gradually and proved applicable. This paper introduced Finite State Machine (FSM) to complement the STPA for its weakness in analyzing high-level autonomous vehicles with multiple automated modes and functions. Firstly, previous applications of STPA to ADAS and ADS and their limitations are analyzed. Secondly, the hazardous event is defined. An extended method combining STPA and FSM is proposed to model the vehicle states and environmental conditions and analyze unexpected behaviors. Finally, a case study on an autonomous vehicle is given to compare the traditional STPA and the extended method. Comparing with the traditional STPA, the proposed method can identify more hazardous events and give more detailed information about hazardous events to generate testing scenarios.

Ying Lu,Qiming Li,Zhipeng Zhou

DOI: https://doi.org/10.3969/j.issn.1001-0505.2010.05.043

2010-01-01

Abstract:In order to quantify the safety risk of the subway operation and identify the critical event associated to the risk, the causal relationships of the accidents are established by using the Bayesian network from the perspective of organizational and human errors. Based on the fuzzy set theory, the fuzzy semantics and the integral value method are applied to quantify the conditional probability of basic events. A case of fire accident due to human errors during the subway operation is used to deduce the fire risk probability according to the Bayesian network rule. The results show that the fuzzy Bayesian network can predict the safety risk of the subway operation and the obtained risk probability reflects the situation of the subway system. The sensitivity analysis results show that the over-temperature of the axle, which causes the highest sensitivity factor, is the critical event causing fire accident. On-site management is the most important event among the top-events causing the over-temperature of the axle. Therefore, strengthening the on-site management can effectively reduce the probability of the accident.

Yan Wang,Xiaohong Chen

DOI: https://doi.org/10.1109/smartworld.2018.00268

2018-01-01

Abstract:As one of the core subsystems of the rail transit system, the safety of the interlocking system should be the goal of the development. The accident prediction of interlocking system is an important way to ensure the safety. Different from our previous discrete model based prediction approach, in this paper, considering the characteristics of equipment fault stochasticity, real time and continuous physical environment, we propose an approach to build hybrid system models for interlocking systems using stochastic hybrid automata (SHA), constructing monitor system and predicting accidents in interlocking systems. The main contributions include: (1) An accident prediction framework for interlocking system based on SHA is constructed; and (2) the hybrid system models and accident prediction model of interlocking systems are presented; and (3) an automatic generation algorithm of the monitor model is designed and implemented. Finally, a case study is presented to illustrate the feasibility and effectiveness of our approach, and an evaluation is carried out to compare the advantages of this approach with the previous discrete prediction approach.

Yalan Chen,Jing Xun,Yafei Liu,Ronghui Liu,Shibo He,Xin Wan,Zicong Zhao

DOI: https://doi.org/10.2139/ssrn.4282959

2022-01-01

Abstract:Online learning about train trajectory optimization is essential for automatic train operation (ATO) on railways when dealing with varying operational environments and constraints. Reinforcement learning (RL) can partly enable autonomous learning skills with objectives and environmental interactions. However, shortcomings in perceiving risks in various operational conditions still exist. This paper proposes a safe RL-based train trajectory optimization approach to address the mentioned issues with high-risk perception and boundaries. To promptly deal with potentially unsafe states and actions of train operation, a high-risk state space (HRSS) is designed and its boundaries are analyzed. This approach avoids setting artificial penalty hyperparameters when safety constraints are violated. With the HRSS, the safe RL algorithm can generate safe actions to modify the exploration process. This enables the ATO to achieve autonomous learning and high-risk avoidance during online optimization. Simulation-based experiments verify that the proposed method can generate optimal train trajectories with guaranteed safety margins within 2s, and improve efficiency compared to the common RL algorithm. Under different online scheduling conditions, the proposed method still guarantees safety and effectiveness.

Lin Zuo

DOI: https://doi.org/10.1007/s00500-023-08919-x

IF: 3.732

2023-07-13

Soft Computing

Abstract:In recent years, most cities in China have started operating rail transit, but rail transit is mostly located underground and in relatively closed locations. When safety incidents occur, it will cause great safety hazards. Therefore, rail safety operation is very important. With the rapid growth of China's economy and society, as well as the continuous advancement of urbanization, the development speed of rail transit is becoming faster and more important, making China's rail system appear increasingly grand and complex, and the degree of hidden dangers is also becoming increasingly severe. To solve these problems, machine learning processing technology should be applied to urban subways, which is undoubtedly a very effective attempt. Therefore, we are committed to exploring machine learning based object recognition technology to better assist us in achieving public safety warning for urban rail transit. Therefore, this article constructs a comprehensive system framework to collect valuable information from monitoring images, thereby more accurately identifying and recording dangerous signals. Due to the development of modernization, the urban rail transit system has become increasingly complex. It is not only an infrastructure, but also provides support for business, society, energy, and information transmission. This article focuses on the important aspects of the safe operation of urban rail transit public safety networks based on machine learning algorithms. The system test results are relatively satisfactory, but we cannot accurately predict all possible risks, and due to the uncertainty of probability.

computer science, artificial intelligence, interdisciplinary applications

Ming Chai,Haifeng Wang,Tao Tang,Hongjie Liu

DOI: https://doi.org/10.1016/j.jss.2021.110962

IF: 3.5

2021-07-01

Journal of Systems and Software

Abstract:<p>With the growing complexity of railway control systems, it is required to preform runtime safety checks of system executions that go beyond conventional runtime monitoring of pre-programmed safety conditions. Runtime verification is a lightweight and rigorous formal method that dynamically analyses execution traces against some formal specifications. A challenge in applying this method in railway systems is defining a suitable monitoring specification language, i.e., a language that is expressive, of reasonable complexity, and easy to understand. In this paper, we propose parameterized modal live sequence charts (PMLSCs) by introducing the alphabet of the specification into charts to distinguish between silent events and unexpected events. We further investigate the expressiveness and complexity theories of the language. In particular, we prove that PMLSCs are closed under negation and the complexity of a subclass of PMLSCs is linear, which allows the language to be used to monitor a system online. Finally, we use PMLSCs to monitor an RBC system in the Chinese high-speed railway and evaluate the performance. The experimental results show that the PMLSC has high monitoring efficiency, and can reduce false alarm rate by introducing alphabets of charts.</p>

computer science, theory & methods, software engineering

Lei Bu,Qixin Wang,Xin Chen,Linzhang Wang,Tian Zhang,Jianhua Zhao,Xuandong Li

DOI: https://doi.org/10.1145/2000367.2000368

2011-01-01

Abstract:Many Cyber-Physical Systems (CPS) are highly nondeterministic. This often makes it impractical to model and predict the complete system behavior. To address this problem, we propose that instead of offline modeling and verification, many CPS systems should be modeled and verified online, and we shall focus on the system's time-bounded behavior in short-run future , which is more describable and predictable. Meanwhile, as the system model is generated/updated online, the verification has to be fast. It is meaningless to tell an online model is unsafe when it is already out-dated. To demonstrate the feasibility of our proposal, we study two cases of our ongoing projects, one on the modeling and verification of a train control system, and the other on a Medical Device Plug-and-Play (MDPnP) application. Both cases are about safety-critical CPS systems. Through these two cases, we exemplify how to build online models that describe the time-bounded short-run behavior of CPS systems; and we show that fast online modeling and verification is possible.

Yu Cheng,Jinzhao Liu,Xinliang Jiang,Xinyu Du,Ruijun Cheng

DOI: https://doi.org/10.1007/s11227-024-06110-z

IF: 3.3

2024-05-30

The Journal of Supercomputing

Abstract:Online quantitative safety monitoring is the key technology for ensuring the operational safety of the automatic train protection (ATP) system for the future advanced train control system. However, the traditional formal verification method can only deal with the system of small scale since these verification algorithms exhaustively search all executable paths of formal models. Especially for the formal models with uncertain parameters, the problem of memory overflow will occur due to the state space explosion, which makes verification algorithms fail to converge. To solve this problem, an intelligent quantitative safety monitoring approach is proposed by integrating the probabilistic model checking method (PMCM) with neural network in this paper. To begin with, the instantiated continuous-time Markov Chains model is verified by PMCM offline. Then, the neural network is constructed and optimized based on the offline verification results. The quantitative safety boundaries (QSBs) for all quantitative safety levels are also computed by the designed algorithm. Furthermore, hierarchical iterative evaluation method is applied to efficiently evaluate the reliability performance of the ATP online. Finally, the quantitative safety level of ATP or its subsystem will be determined by both reliability performance and the previous QSBs or the neural network online.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Huixing Fang,Jianqi Shi,Huibiao Zhu,Jian Guo,Kim Guldstrand Larsen,Alexandre David

DOI: https://doi.org/10.1007/s10009-014-0318-1

2014-05-27

International Journal on Software Tools for Technology Transfer

Abstract:For hybrid systems, hybrid automata-based tools are capable of verification, while Matlab Simulink/Stateflow is proficient in simulation. We propose a co-verification procedure, in which the verification tool SpaceEx/PHAVer and simulation tool Matlab are integrated to analyze and verify hybrid systems. For the application of this procedure, a platform screen door system (PSDS, a subsystem of the subway control system), is modeled with hybrid automata and Simulink/Stateflow charts, respectively. The models of PSDS are simulated by Matlab and verified by SpaceEx/PHAVer. The simulation and verification results indicate that the sandwiched situation can be avoided under time interval conditions. We improve the model with four trains and four stations on a subway line and analyze the urgent control scenario for the safety distance requirement. In this paper, the Simulink/Stateflow model is a refinement of the SpaceEx/PHAVer model, which is closer to a final implementation. Moreover, the two models are complementary for some features (e.g.,visualization of simulation, correctness proving by verification), stressing different aspects of the overall system and permitting complementary analysis techniques, i.e., verification versus simulation. We conclude that this integration procedure is competent in verifying subway control systems.

computer science, software engineering

Jinyong Wang,Zhiqiu Huang,Xiaowei Huang,Tiexin Wang,Guohua Shen,Jian Xie

DOI: https://doi.org/10.1002/cpe.6550

2021-08-08

Concurrency and Computation: Practice and Experience

Abstract:Collaborative and autonomous driving vehicles combine hardware and software complex processes, also are heavily dependent on and influenced by the world of physical and cyber interactions. They have enabled many new features and advanced functionalities, such as stochastic and hybrid natures, mobile spatial topologies, and time-critical dependability. However, the existing modeling and verification techniques have not established faith in proving correctness and safety. Spatial and time collision avoidance remains crucial obstacles on the path to becoming ubiquitous and dependable. In order to ensure safety, we first design an accident prediction architecture in system design-time and run-time stages. We apply it on collaborative and autonomous overtaking systems involving spatial- and time-critical accident predictions. Then, we develop a novel and dedicated spatio-clock stochastic specification language (SCSSL) to describe safety invariants and guards in domain-specific autonomous driving systems. Next, we create the spatio-clock stochastic and hybrid automata models based on SCSSL in order to model inherently stochastic and hybrid behaviors. To illustrate the effectiveness of spatio-clock consistency stochastic specification and verification, we adopt statistical model checking natively to provide reliable predictions for the incoming collision instants and positions. Finally, we present an illustrative overtaking case study to verify spatio-clock stochastic and hybrid related properties and ensure correct modeling, and demonstrate the significance of our proposed approach.

Xi Wang,Huaikou Miao,Weikai Miao

DOI: https://doi.org/10.1007/978-3-319-57708-1_4

2017-01-01

Abstract:Train control system is a kernel component of railway transportation which acts as the controller of the involved equipment. With the popularization of train-based transportation, how to guarantee the safety of train control system becomes an important problem to be solved. This paper proposes a safety analysis method for train control system. It provides a scenario language for practitioners to describe their requirements on the train control system in terms of physical scenarios of the train operations. With the specification written in the scenario language, its implied hazards will be automatically identified by verifying its satisfaction of the given safety properties. In contrast to the traditional textual representation of the analysis result, animation technique is adopted to demonstrate the unsafe requirement in an intuitive way. A software tool has been developed to support the approach. It identifies the hazards of a given scenario specification and animates the physical scenarios that lead to the hazards. We also carried out a case study on the tool and the result shows the efficacy of the proposed approach.

Ding Xiaobing,Hu Hua,Liu Zhigang,Mu Qingquan

DOI: https://doi.org/10.1007/s40864-023-00210-4

2024-02-27

Urban Rail Transit

Abstract:The cascading propagation and evolution of metro operation failures can significantly impact the safety of metro operation. To overcome this challenge, this study pre-processes a massive amount of metro operation log data through noise reduction. Moreover, a professional terminology dictionary is constructed along with a custom stop-word dictionary to segment the preprocessed data. Subsequently, the AFP-tree algorithm is employed to mine the segmented log data and identify key hazards. A weighted urban rail transit network is established, considering the effective path time cost, and the shortest travel OD path. To simulate the dynamic evolution of the failure chain propagation, a model based on disaster propagation theory is constructed. Taking the Shanghai Metro line as a case, multiple simulation scenarios are established with 25 key hazards as triggering points, and the number of cascade failure stations affected under different scenarios is outputted. The results indicate that the fault stations caused by the large passenger flow are the largest. Meanwhile, the number of stations affected by the door clamp is the smallest. The scale of fault stations reaches a maximum value in 16–20 min. Through case analysis, a positive correlation is found when the self-recovery factor is between 14 and 18, and the number of fault stations shows a significant increasing trend. The research results can provide decision-making support and theoretical guidance for rail transit operation safety management enterprises.

Ding Xiaobing,Shi Gan,Liu Zhigang,Hu Hua

DOI: https://doi.org/10.1007/s40864-023-00192-3

2023-05-16

Urban Rail Transit

Abstract:With the promotion of the major strategy of national transportation power, the super-large-scale metro operation network has become an inevitable trend, and operation safety has become increasingly prominent. Metro operation dispatch logs and accident reports were taken as the research object, the hazard sources were efficiently and accurately identified, the risk chains of hazard sources were mined, and the risk evolution mechanism was revealed. Firstly, the transportation lexicon was constructed to improve the accuracy of word segmentation, the text features were extracted based on the term frequency-inverse document frequency (TF-IDF) algorithm, and the key eigenvalues were mined to identify the key hazard sources. Secondly, pattern matching was used to extract explicit causality, and the Self-Attention BiLSTM extracted implicit causality and integrated event trigger word position identification to enhance the effectiveness of implicit causality extraction. Finally, an example was given to verify the efficiency and accuracy of the model, the experiments showed that the F value of extraction effect was increased by nearly 10%, the extraction accuracy was 87.53%, the identification of operational hazard sources was more accurate, and the visualization of risk evolution law was realized.

Jing Liu,Li Qian,Yan Zhang,Jiazhen Han,Junfeng Sun

DOI: https://doi.org/10.1109/access.2020.2967634

IF: 3.9

2020-01-01

IEEE Access

Abstract:Communication-Based Train Control System (CBTC) system is an automated system for train control based on bidirectional train-ground communication. Safety-risk estimation is a vital approach that strives to guide the CBTC system to guarantee the safe operation of vehicles. We propose a deep learning method to predict safety-risk states that combined with formal methods. First, the impact factors are selected, and the movement authorization (MA) failure rate is calculated by statistical model checking. Then, we use a deep neural network to model the relationship between the safe-risk states and the train operation status. Experimental results show that our method can achieve an accuracy of 97.4% on safety-risk prediction, and exceeds the baseline methods.

Lei Bu,Xin Chen,Linzhang Wang,Xuandong Li

IF: 4.755

2011-01-01

Clinical Orthopaedics and Related Research

Abstract:Communication Based Train Control (CBTC) system is the state-of-the-art train control system. In a CBTC system, to guarantee the safety of train operation, trains communicate with each other intensively and adjust their control modes autonomously by computing critical control parameters, e.g. velocity range, according to the information they get. As the correctness of the control parameters generated are critical to the safety of the system, a method to verify these parameters is a strong desire in the area of train control system. In this paper, we present our ideas of how to model and verify the control parameter calculations in a CBTC system efficiently. - As the behavior of the system is highly nondeterministic, it is difficult to build and verify the complete behavior space model of the system online in advance. Thus, we propose to model the system according to the ongoing behavior model induced by the control parameters. - As the parameters are generated online and updated very quickly, the verification result will be meaningless if it is given beyond the time bound, since by that time the model will be changed already. Thus, we propose a method to verify the existence of certain dangerous scenarios in the model online quickly. To demonstrate the feasibility of these proposed approaches, we present the composed linear hybrid automata with readable shared variables as a modeling language to model the control parameters calculation and give a path-oriented reachability analysis technique for the scenario-based verification of this model. We demonstrate the model built for the CBTC system, and show the performance of our technique in fast online verification. Last but not least, as CBTC system is a typical CPS system, we also give a short discussion of the potential directions for CPS verification in this paper.

Lijun Zhang,Zhikun She,Stefan Ratschan,Holger Hermanns,Ernst Moritz Hahn

DOI: https://doi.org/10.3166/ejc.18.572-587

IF: 2.649

2010-01-01

European Journal of Control

Abstract:The interplay of random phenomena and continuous real-time control deserves increased attention for instance in wireless sensing and control applications Safety verification for such systems thus needs to consider probabilistic variations of systems with hybrid dynamics In safety verification of classical hybrid systems we are interested in whether a certain set of unsafe system states can be reached from a set of initial states In the probabilistic setting, we may ask instead whether the probability of reaching unsafe states is below some given threshold In this paper, we consider probabilistic hybrid systems and develop a general abstraction technique for verifying probabilistic safety problems This gives rise to the first mechanisable technique that can, in practice, formally verify safety properties of non-trivial continuous-time stochastic hybrid systems—without resorting to point-wise discretisation Moreover, being based on arbitrary abstractions computed by tools for the analysis of non-probabilistic hybrid systems, improvements in effectivity of such tools directly carry over to improvements in effectivity of the technique we describe We demonstrate the applicability of our approach on a number of case studies, tackled using a prototypical implementation.

Smitha Gautham,Georgios Bakirtzis,Alexander Will,Athira V. Jayakumar,Carl R. Elks

DOI: https://doi.org/10.48550/arXiv.2204.08999

2022-04-19

Software Engineering

Abstract:Runtime verification or runtime monitoring equips safety-critical cyber-physical systems to augment design assurance measures and ensure operational safety and security. Cyber-physical systems have interaction failures, attack surfaces, and attack vectors resulting in unanticipated hazards and loss scenarios. These interaction failures pose challenges to runtime verification regarding monitoring specifications and monitoring placements for in-time detection of hazards. We develop a well-formed workflow model that connects system theoretic process analysis, commonly referred to as STPA, hazard causation information to lower-level runtime monitoring to detect hazards at the operational phase. Specifically, our model follows the DepDevOps paradigm to provide evidence and insights to runtime monitoring on what to monitor, where to monitor, and the monitoring context. We demonstrate and evaluate the value of multilevel monitors by injecting hazards on an autonomous emergency braking system model.