TY - GEN
T1 - Analysis of Relay Interlocking Systems via SMT-based Model Checking of Switched Multi-Domain Kirchhoff Networks
AU - Cavada, R.
AU - Cimatti, Alessandro
AU - Mover, Sergio
AU - Sessa, Mirko
AU - Cadavero, Giuseppe
AU - Scaglione, Giuseppe
N1 - Publisher Copyright:
© 2018 FMCAD Inc.
PY - 2018/7/2
Y1 - 2018/7/2
N2 - Relay Interlocking Systems (RIS) are analog electromechanical networks traditionally applied in the safety-critical domain of railway signaling. RIS consist of networks of interconnected components such as power supplies, contacts, resistances, and electrically-controlled contacts (i.e. the relays). Due to cost and flexibility needs, RIS are progressively being replaced by equivalent computer-based systems. Unfortunately, RIS are often legacy systems, hard to understand at an abstract level, hence the valuable information they encoded in them is not available.In this paper, we propose a methodology and a tool chain to analyze and understand legacy RIS. A RIS is reduced to a Switched Multi-Domain Kirchhoff Network (SMDKN), which is in turn compiled into hybrid automata. SMT-based model checking supports various forms of formal analyses for SMDKN. The approach is based on the modeling of the RIS analog signals (i.e. currents and voltages) over continuous time, and their mapping in terms of railways control actions. Starting from the diagram representation, we overcome a key limitation of previous approaches based on purely Boolean models, i.e. the presence of spurious behaviors. The evaluation of the tool chain on a set of industrial-size railway RIS demonstrates practical scalability.
AB - Relay Interlocking Systems (RIS) are analog electromechanical networks traditionally applied in the safety-critical domain of railway signaling. RIS consist of networks of interconnected components such as power supplies, contacts, resistances, and electrically-controlled contacts (i.e. the relays). Due to cost and flexibility needs, RIS are progressively being replaced by equivalent computer-based systems. Unfortunately, RIS are often legacy systems, hard to understand at an abstract level, hence the valuable information they encoded in them is not available.In this paper, we propose a methodology and a tool chain to analyze and understand legacy RIS. A RIS is reduced to a Switched Multi-Domain Kirchhoff Network (SMDKN), which is in turn compiled into hybrid automata. SMT-based model checking supports various forms of formal analyses for SMDKN. The approach is based on the modeling of the RIS analog signals (i.e. currents and voltages) over continuous time, and their mapping in terms of railways control actions. Starting from the diagram representation, we overcome a key limitation of previous approaches based on purely Boolean models, i.e. the presence of spurious behaviors. The evaluation of the tool chain on a set of industrial-size railway RIS demonstrates practical scalability.
UR - https://www.scopus.com/pages/publications/85061662358
U2 - 10.23919/FMCAD.2018.8603007
DO - 10.23919/FMCAD.2018.8603007
M3 - Conference contribution
AN - SCOPUS:85061662358
T3 - Proceedings of the 18th Conference on Formal Methods in Computer-Aided Design, FMCAD 2018
SP - 179
EP - 187
BT - Proceedings of the 18th Conference on Formal Methods in Computer-Aided Design, FMCAD 2018
A2 - Bjorner, Nikolaj
A2 - Gurfinkel, Arie
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 18th Conference on Formal Methods in Computer-Aided Design, FMCAD 2018
Y2 - 30 October 2018 through 2 November 2018
ER -