Journal article
Stepwise development and model checking of a distributed interlocking system using RAISE
This paper considers the challenge of designing and verifying control protocols for geographically distributed railway interlocking systems. It describes how this challenge can be tackled by stepwise development and model checking of state transition system models in a new extension of the RAISE Specification Language.
Railway interlocking systems are reconfigurable systems which can be configured by supplying data describing the network to be controlled and other details. Therefore, such systems are natural candidates for being modelled by generic state transition systems, which abstract away from the concrete configuration at the time of modelling, and can later be instantiated with concrete data.
For a real-world case study, a generic state transition system is developed in steps, starting with an abstract model of the essential system behaviour and incrementally adding details and restrictions. The stepwise development method allows different variants of the control protocol to be explored.
The generic models are instantiated with concrete configuration data, after which desired properties, in particular safety properties, of the system models are verified using model checking.
| Language: | English |
|---|---|
| Publisher: | Springer London |
| Year: | 2021 |
| Pages: | 87-125 |
| Journal subtitle: | Applicable Formal Methods |
| ISSN: | 1433299x and 09345043 |
| Types: | Journal article |
| DOI: | 10.1007/s00165-020-00507-2 |
| ORCIDs: | Geisler, S. and Haxthausen, A. E. |
