Verification of railway interlocking systems
This work addresses safety-critical verification for railway systems, but it is incremental as it applies existing model-checking methods to a specific domain.
The paper tackles the error-prone and costly manual verification of railway interlocking systems by developing an automated tool to translate application data into an executable NuSMV model, enabling verification of safety properties on a real-size station model.
In the railway domain, an interlocking is a computerised system that controls the railway signalling objects in order to allow a safe operation of the train traffic. Each interlocking makes use of particular data, called application data, that reflects the track layout of the station under control. The verification and validation of the application data are performed manually and is thus error-prone and costly. In this paper, we explain how we built an executable model in NuSMV of a railway interlocking based on the application data. We also detail the tool that we have developed in order to translate the application data into our model automatically. Finally we show how we could verify a realistic set of safety properties on a real-size station model by customizing the existing model-checking algorithm with PyNuSMV a Python library based on NuSMV.