Formalizing a subset of ERTMS/ETCS specifications for verification purposes

ERTMS is the standard railway control-command and signaling system which aims to ensure railway interoperability throughout Europe while enhancing safety and competitiveness. ERTMS is composed of two main subsystems which include GSM-R, a radio system for enabling communication between the train and the traffic management center and ETCS, an automatic train protection system (ATP) to replace the existing national ATP systems. The ERTMS specifications are defined by means of standard documents which set out the requirements ensuring interoperability. These documents evolve regularly to give rise to successive versions. The ERTMS/ETCS standard defines different levels and operation modes according to various trackside and onboard setups and some operational conditions. Given the complexity and the high criticality of railway operation, verification and validation (V&V) are crucial tasks in railway application development. In this paper, after setting the background and the motivations, a mechanizable formalization of a subset of ERTMS/ETCS specifications relative to ETCS modes and transitions is developed. The present work aims to offer a readily available model for formal V&V. Using formal techniques to check SRS is highly recommended to tackle the complexity of the defined requirements and prevent specification errors. Model-checking technique, which is targeted here, offers exhaustive analysis of the system behavior based on its model and is highly automated, since it is supported by software tools. Based on the last available version of SRS specifications, a progressive process is undertaken to get a formal model which makes explicit the various modes characterized by their respective active functions, as well as the numerous combinations of conditions for switching between modes. The various steps guiding the translation of the SRS literal specifications into a formal model are explained. As will be shown through different examples, the obtained model is a convenient basis to check safety, interoperability and liveness properties.

Language

  • English

Media Info

Subject/Index Terms

Filing Info

  • Accession Number: 01528357
  • Record Type: Publication
  • Files: TRIS
  • Created Date: May 12 2014 1:36PM