theories, techniques and tools for engineering ......theories, techniques and tools for engineering...
TRANSCRIPT
![Page 1: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/1.jpg)
Theories, Techniques and Tools for
Engineering Heterogeneous Railway Networks
Paulius Stankaitis and Alexei Iliasov
Centre for Software Reliability, Newcastle University, UK
RSSRail Conference ’17
November 16th, Pistoia
![Page 2: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/2.jpg)
Railway Signalling
Formal Methods for Railway
Developing Distributed Interlocking Model
Formal Verification of Hybrid (Event-B) Models
Conclusions and Future Work
1
![Page 3: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/3.jpg)
Railway Signalling
![Page 4: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/4.jpg)
Railway Signalling
• Low rolling resistance makes railway efficient for heavy load
transportation.
• A train cannot be stopped at a short notice (spatial/temporal
separation).
• Railway signalling (interlocking) ensures a safe railway operation.
• Route-based fixed block signalling.
• Route-based moving block signalling.
2
![Page 5: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/5.jpg)
Railway Signalling
Figure 1: Route-based fixed block signalling. National Signalling Systems,
European Train Control System (ETCS) Level 0 - 2.
3
![Page 6: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/6.jpg)
Railway Signalling
Figure 2: Route-based moving block signalling. Communication Based Train
Control (CBTC) System, ETCS Level 3.
4
![Page 7: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/7.jpg)
Railway Signalling - New Challenges
• Replacing national signalling systems.
• Integrating mainline services with urban networks.
• Crossrail Network (ETCS, CBTC and TPWS).
• Thameslink Network (ETCS and TPWS).
• RBC/RBC Handover.
• Trains transition at a line speed.
5
![Page 8: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/8.jpg)
Railway Signalling - New Challenges
Figure 3: Level Transition. RBC-RBC Handover, ETCS/CBTC Handover.
6
![Page 9: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/9.jpg)
Formal Methods for Railway
![Page 10: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/10.jpg)
Formal Methods for Railway Domain
• Railway data verification.
• topology verification;
• control table verification;
• Distributed nature of railway (larger railway networks).
• Multiple interlocking communication;
• Cyber-physical nature of railway. ‘
• Communication, computation and control aspects;
• Discrete and continuous system behaviour;
7
![Page 11: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/11.jpg)
Formal Methods for Railway Domain
• Railway data verification.
• topology verification;
• control table verification;
• Distributed nature of railway (larger railway networks).
• Multiple interlocking communication.
• Cyber-physical nature of railway. ‘
• Communication, computation and control aspects;
• Discrete and continuous system behaviour;
PhD Objective.
To develop a practical formal verification framework for reasoning about
safety of (distributed-hybrid) heterogeneous railway networks.
8
![Page 12: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/12.jpg)
Developing Distributed
Interlocking Model
![Page 13: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/13.jpg)
Generic Safe Railway Model
• A generic safe railway model.
• Automatic mathematical model extraction from the source data.
• Matching dataset against the assumptions of a formal model.
• Counter-example on a schema layout.
9
![Page 14: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/14.jpg)
Extending Generic Safe Railway Model - Requirements
System Requirement 1. Cross boundary route locking and releasing
system must ensure that a cross boundary route has been reserved only
to a single train at a time.
10
![Page 15: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/15.jpg)
Extending Generic Safe Railway Model - Requirements
System Requirement 2. Cross boundary route locking system must
ensure that a locked cross boundary route has points properly positioned
and signals sets.
11
![Page 16: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/16.jpg)
Extending Generic Safe Railway Model - Requirements
System Requirement 3. Cross boundary route locking system must
ensure that train will cross to the next interlocking zone only if
connection with the following interlocking has been established.
12
![Page 17: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/17.jpg)
Extending Generic Safe Railway Model
• Event-B modelling to develop the theory of safe railway.
• Theory describes route locking and releasing mechanism.
• Abscence of collisions;
• Derailment;
• Protection of flanks;
• The proof of Event-B model is a one time effort.
• The model is automatically instatiated for a particular schema.
• The control table and topology of a concrete railway is safe if
instantiated model is an instant of a generic.
13
![Page 18: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/18.jpg)
Extending Generic Safe Railway Model - Refinement Plan
Event-B model refinement plan.
1. Abstract model of processes capturing resources.
• Global controller and a shared-resource problem.
• Distributing controllers.
• Introducing graph into the model.
2. Introducing railway related information.
• Routes, lines, points, signals.
• Route locking mechanism.
3. Including a hybrid part for level transition.
14
![Page 19: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/19.jpg)
Extending Generic Safe Railway Model - Abstract Model
R1
R2
R3
P1
P2
P3
Interlocking
15
![Page 20: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/20.jpg)
Extending Generic Safe Railway Model - Abstract Model
R1
R2
R3
P1
P2
P3
Interlocking
16
![Page 21: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/21.jpg)
Extending Generic Safe Railway Model - Abstract Model
R1
R2
R3
P1
P2
P3
Interlocking
17
![Page 22: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/22.jpg)
Extending Generic Safe Railway Model - Abstract Model
R21
R22
R23
P1
P2
P3
Interlocking1
R11
R12
R13
P4
Interlocking2
18
![Page 23: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/23.jpg)
Formal Verification of Hybrid
(Event-B) Models
![Page 24: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/24.jpg)
Automated Theorem Proving and Cloud Technology
• In recent years a lot automated theorem provers were developed.
• SMT based provers (e.g. Z3, CVC3)
• Umbrella proves (e.g. Why3)
• Automated theorem proving is computationally intensive exercise.
• Cloud technology offers:
• cheap computational power,
• flexibility,
• process parallelism.
• Reasoning about continuous behaviour is difficult (interactive).
19
![Page 25: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/25.jpg)
Automated Theorem Proving and Cloud Technology
20
![Page 26: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/26.jpg)
Conclusions and Future Work
![Page 27: Theories, Techniques and Tools for Engineering ......Theories, Techniques and Tools for Engineering Heterogeneous Railway Networks Paulius Stankaitis and Alexei Iliasov Centre for](https://reader033.vdocuments.site/reader033/viewer/2022042708/5f3a38268f37fe2b13336fd0/html5/thumbnails/27.jpg)
Conclusions and Future Work
Practical outcomes.
• Safety invariants for cross boundary transition.
• Improved verification automation of hybrid models.
Future work.
• Hybrid framework.
21