Presentation is loading. Please wait.

Presentation is loading. Please wait.

Formal verification of safety communication protocol for ETCS Chen Lijie 08.06.2011  Introduction  Safety communication protocol in ETCS  CPN model.

Similar presentations


Presentation on theme: "Formal verification of safety communication protocol for ETCS Chen Lijie 08.06.2011  Introduction  Safety communication protocol in ETCS  CPN model."— Presentation transcript:

1 Formal verification of safety communication protocol for ETCS Chen Lijie  Introduction  Safety communication protocol in ETCS  CPN model of safety communication protocol  Formal verification of protocol  Conclusions

2 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 2 Introduction User requirement System design Verification Necessity of verification give certainty about satisfaction of a required property “ Jae-Dong Lee. Verification and conformance test generation of communication protocol for railway signalling systems. Computer Standards & Interfaces” Conformance test Necessity of verification

3 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 3 A communication system could be represented by Petri-net Petri-net could be applied for verification of safety-critical system ASK-CTL in CPN Tools is common method for model checking Introduction Necessity to apply Petri-net for verification

4 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 4 Safety communication protocol for ETCS Importance of safety for a communication system The train ahead stops If the following train does not receive the command that it should stop, it will go on running and collide with the train ahead

5 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 5 Safety communication protocol for ETCS It is needed to add safety-related transmission function upon the non-trusted channel EURORADIO(commun ication system in ETCS) could include 3 layers Application layer Safety layer Channel Establish safety connection Transmit any message Process data Safety communication protocol is executed in safety layer, functioned as a safety-related transmission system Structure of communication system in ETCS ETCS SUBSET 037

6 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 6 CPN model of safety communication protocol General model of communication system ETCS Specification subset 037

7 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 7 CPN model of safety communication protocol CPN model of safety logic in the protocol ETCS Specification subset 037

8 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 8 Formal verification of protocol Verification of domain-independent property – Boundedness, Liveness Verify property independent of domain knowledge, including basic property Petri-net model should satisfy. Verification of domain-related property - Safety Verify property related to domain knowledge, including property safety communication protocol should satisfy. Formal verification of protocol

9 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 9 Verification of boundedness Basic definitions in Petri-net

10 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 10 Verification of boundedness Theorem for verification of boundedness

11 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 11 Y 1 = [1, 1, 1, 1, 0] T Verification of boundedness Low level petri net model of the protocol

12 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 12 Y 2 = [0, 0, 0, 0, 1] T Y n = [1, 1, 1, 1, 1] T > 0The protocol model has boundedness Verification of boundedness Low level petri net model of the protocol

13 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 13 Verification of liveness Code to query dead markings Query the dead markings in state space

14 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 14 Verification of liveness Code to query invalid dead markings Define possible valid terminal markings Query invalid terminal markings in dead markings

15 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 15 Verification of safety Code to query unsafe state Unsafe state: safety connection state is still disconnected when it should transmit data. Query unsafe state in the entire state space

16 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 16 Something bad never happens: the case that safety connection fails to establish never happens. Safety requirement Verification of safety ASK-CTL to query unsafe state Judge if anti- proposition of function unsafe is true, namely if there does not exist state defined in unsafe

17 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 17 Conclusions Petri-net is a suitable method to verify safety communication protocol. A state representation of the safety communication protocol is developed in the form of CPN. This allows Poseidon and Design/CPN tool to be used for the verification. By using a state space analysis it is proved that dead markings in the protocol model are reasonable. Design/CPN transforms the aim of verification into formal description and verifies the model. As a result, it is found that the safety communication protocol could never fail to establish safety connection.

18 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 18 References [1]Euroradio FIS : class 1 requirements[EB/OL], [2]Jae-Dong Lee, Jae-Il Jung, Jae-Ho Lee, Jong-Gyu Hwang, Jin-Ho Hwang, Sung-Un Kim. Verification and conformance test generation of communication protocol for railway signalling systems. Computer Standards & Interfaces 29 (2007) 143–151 [3]Jae-Ho Lee, Jong-Gyu Hwang, Gwi-Tae Park. Performance evaluation and verification of communication protocol for railway signaling systems. Computer Standards & Interfaces 27 (2005) 207–219 [4]CENELEC, Railway Applications - Safety related communication in open transmission systems, EN , [5]Jensen K. Coloured Petri nets. Basic concepts, analysis methods and practical use. Analysis methods, vol. 2. Monographs in theoretical computer science. Berlin: Springer; 1997 [2nd corrected printing. ISBN: ]. [6]E. Nemeth, T.Bartha, Cs.Fazekas, K.M.Hangos. Verification of a primary-to- secondary leaking safety procedure in a nuclear power plant using coloured Petri nets. Reliability Engineering and System Safety 2009; 94:

19 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 19 [7]Panagiotis Katsaros. A roadmap to electronic payment transaction guarantees and a Colored Petri Net model checking approach. Information and Software Technology 2009; 51: [8]Heiner M. Verification and optimization of control programs by Petri nets without state explosion. In: Proceedings of the second international workshop on manufacturing and Petri nets, held at the XVIII international conference on applications and theory of Petri nets (ICATPN’97), p. 69–84. [9]A. Cheng, S. Christensen, K.H. Mortensen, Model checking Colored Petri Nets exploiting strongly connected components, in: Proceedings of the International Workshop on Discrete Event Systems, Edinburgh, Scotland, UK, 1996, pp. 169–177

20 | M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 20 Welcome to Beijing


Download ppt "Formal verification of safety communication protocol for ETCS Chen Lijie 08.06.2011  Introduction  Safety communication protocol in ETCS  CPN model."

Similar presentations


Ads by Google