Abstract
This paper describes an experience in formal specification and fault tolerant behavior validation of a railway critical system. The work, performed in the context of a real industrial project, had the following main targets: (a) to validate specific safety properties in the presence of byzantine system components or of some hardware temporary faults; (b) to design a formal model of a critical railway system at a right level of abstraction so that could be possible to verify certain safety properties and at the same time to use the model to simulate the system. For the model specification we used the Promela language, while the verification was performed using the Spin model checker. Safety properties were specified by means of both assertions and temporal logic formulae. To make the problem of validation tractable in the Spin environment, we used ad hoca bstraction techniques.
This work was supported in part by the CNR project “Strumenti Automatici per la Verifica Formale nel Progetto di Sistemi Software”
Chapter PDF
Similar content being viewed by others
Keywords
References
C. Bernardeschi, A. Fantechi, S. Gnesi, S. Larosa, G. Mongardi, and D. Romano. A Formal Verification Environment for Railway Signaling System Design. Formal Methods in System Design, 2(12):139–161, 1998. 536
A. Borälv. A Fully Automated Approach for Proving Safety Properties in Interlocking Software Using Automatic Theorem-Proving. In Proceedings of the 2nd International ERCIM Workshop on Formal Methods Industrial Critical Systems, 1997. 536
A. Cimatti, F. Giunchiglia, G. Mongardi, D. Romano, F. Torielli, and P. Traverso. Formal Verification of a Railway Interlocking System using Model Checking. Formal Aspect of Computing, 10(4):361–380, 1998. 536
E. M. Clarke, E. A. Emerson, and A. P. Sistla. Automatic Verification of Finite-State Concurrent Systems Using Temporal Logic Specification. ACM Transaction on Programming Languages and Systems, 8:244–263, 1986. 536
E. W. Dijkstra. Guarded Commands, Non-Determinacy and a Calculus for The Derivation of Programs. ACM SIGPLAN Notices, 10(6):2–14, June 1975. 538
Cindy Eisner. Using Symbolic Model Checking to Verify the Railway Stations of Hoorn-Keersenboogerd and Heerhugowaard. In Proceedings of CHARME’ 99, 1999. 536
E.M. Clarke and E.A. Emerson. Design and Synthesis of Synchronization Skeletons using Branching Time Temporal Logic. In D. Kozen, editor, Proceedings of the Workshop on Logics of Programs, volume 131 of Lecture Notes in Computer Science, pages 52–71, Yorktown Heights, New York, 1981. Springer-Verlag. 536
W. J. Fokkink. Safey Criteria for Hoorn-Keersenboogerd Railway Station. Technical Report Preprint Series 135, Utrecht, 1995. 536
J. F. Groote, S. F.M. van Vlijemn, and J. W. C. Koorn. The Safety Guaranteeing System at Station Hoorn-Kersenboogerd in Propositional Logic. In Proceedings of 10th Annual Conference on Computer Assurance (COMPASS’95), pages 57–68, 1995. 536
C. A. R. Hoare. Communicating Sequential Processes. Prantice-Hall International, 1991. 538
G. J. Holzmann. Design and Validation of Computer Protocols. Prentice Hall, 1991. 536, 538
G. J. Holzmann. The Model Checker SPIN. IEEE Transaction on Software Engineering, 5(23):279–295, 1997. 536, 538
IEC 61508 IEC. Functional safety of electrical/electronic/programmable electronic safety-related systems. 536
L. Lamport, R. Shostak, and M. Pease. The Byzantine Generals Problem. ACM Transaction on Programming Languages and Systems, 4(3):382–401, 1982. 536, 542
P. G. Larsen, J. Fitzgerald, and T. Brookers. Applying Formal Specification in Industry. IEEE Software, 13(7):48–56, 1996. 536
P. Liggersmeyer, M. Rothfelder, M. Rettelbach, and T. Ackermann. Qualitätssincherung Software-basierter Technischer Systeme-Problembereiche und Lösungsänsatze. Informatik Spektrum, 21:249–258, 1998. in German. 535
G. Mongardi. Dependable Computing for Railway Control System, chapter 3. Springer-Verlag, 1993. 536
M. J. Morely. Safety-Level Communication in Railway Interlockings. Science of Communication, 29:147–170, 1997. 536
A. Pnueli. The temporal logic of programs. In Proceedings of the 18th IEEE Symposium on the Foundations of Computer Science (FOCS-77), pages 46–57, Providence, Rhode Island, 1977. IEEE, IEEE Computer Society Press. 538
pr EN 50128 CENELEC. Railways Applications: Software for Railway Control and Protection Systems. 536
J. P. Queille and J. Sifakis. Specification and Verification of Concurrent Systems in CESAR. In Proceedings of 5th International Symposium on Programming, Lecture Notes in Computer Science, Vol. 137, pages 337–371. SV, Berlin/New York, 1982.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gnesi, S., Latella, D., Lenzini, G., Abbaneo, C., Amendola, A., Marmo, P. (2000). A Formal Specification and Validation of a Critical System in Presence of Byzantine Errors. In: Graf, S., Schwartzbach, M. (eds) Tools and Algorithms for the Construction and Analysis of Systems. TACAS 2000. Lecture Notes in Computer Science, vol 1785. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46419-0_36
Download citation
DOI: https://doi.org/10.1007/3-540-46419-0_36
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67282-1
Online ISBN: 978-3-540-46419-8
eBook Packages: Springer Book Archive