Affiliation:
1. Indian Institute of Technology Kharagpur, India
2. Indian Railways, India
Abstract
The EN50128 guidelines recommend the use of formal methods for proving the correctness of railway signaling and interlocking systems. The potential benefit of formal safety assurance is of unquestionable importance, but the path towards implementing the recommendations is far from clear. The EN50128 document does not specify how formal assurance of railway interlocking may be achieved in practice. Moreover, the task of setting up an electronic interlocking (EI) equipment involves multiple parties, including the EI equipment vendor, the certification agency which certifies the resident EI software to be correct, and the end user (namely the railway service provider) who must configure the EI equipment. Considering the distributed nature of the development process, a feasible approach towards formal certification of the end product (post configuration) is not obvious. This chapter outlines the basics of formal verification technology and presents, from the perspective of the railways, a pragmatic roadmap for the use of formal methods in safety assurance of its signaling systems.
Reference27 articles.
1. Australian Transport Safety Bureau Report RO-2009-009. (2009). Australian Safety Bureau.
2. The Vienna Development Method: The Meta-Language
3. Cimatti, A., Corvino, R., Lazzaro, A., Narasamdya, I., …, Tchaltsev, A. (2012). Formal Verification and Validation of ERTMS Industrial Railway Train Spacing System. Computer Aided Verification, LNCS (Vol. 7358, pp. 378–393). Springer.