closing the validation gap or verifying railway
play

Closing the Validation Gap or Verifying Railway Interlockings in - PowerPoint PPT Presentation

Apr 11, 2024 •200 likes •599 views

Closing the Validation Gap or Verifying Railway Interlockings in Agda Anton Setzer Swansea University, Swansea UK Shonan Meeting Logical Analysis of Descriptions and their Representations Shonan Village Center, Japan 26 January 2015 Anton

  1. Closing the Validation Gap or Verifying Railway Interlockings in Agda Anton Setzer Swansea University, Swansea UK Shonan Meeting Logical Analysis of Descriptions and their Representations Shonan Village Center, Japan 26 January 2015 Anton Setzer Closing the Validation Gap 1/ 38

  2. Examples of Validation Problems Closing the Validation Gap Case Study: Formalisation of Railway Interlocking System Proof of Safety Anton Setzer Closing the Validation Gap 2/ 38

  3. Proviso ◮ Background in mathematical logic, proof theory and type theory. ◮ Be prepared of misuse or naive use of terminology from software engineering. Anton Setzer Closing the Validation Gap 3/ 38

  4. Examples of Validation Problems Examples of Validation Problems Closing the Validation Gap Case Study: Formalisation of Railway Interlocking System Proof of Safety Anton Setzer Closing the Validation Gap 4/ 38

  5. Examples of Validation Problems Exam Question ◮ Assume you have two planes: ◮ The code for the first one has been fully verified using automated and interactive theorem proving , but the plane has not been tested. ◮ The code for the second one has not been verified this way, but the plane has been thoroughly tested . ◮ Which one do you choose to use? Anton Setzer Closing the Validation Gap 5/ 38

  6. Examples of Validation Problems Validation Gap ◮ Verification can be done in a machine checked way. ◮ Verification is only relative to a given specification. ◮ How do you know that the specification guarantees that the program fulfils the requirements? ◮ Validation checks that a program fulfils the requirements or a specification guarantees that the requirements are fulfilled. ◮ Cannot be done formally. Anton Setzer Closing the Validation Gap 6/ 38

  7. Examples of Validation Problems Example Incomplete Specification ◮ We have written a program for controlling a railway interlocking system using SPARK Ada. ◮ Specification based on Hoare logic (pre and post conditions). ◮ Verification was carried out in a machine checked way. ◮ When running the program it was incorrect. ◮ Trains disappeared . ◮ Forgotten to add to the specification that trains should not get lost. ◮ This happened in real world as well (disappearance of trains from a US control system of railways). Anton Setzer Closing the Validation Gap 7/ 38

  8. Examples of Validation Problems Complexity of Specification ◮ Tobias Nipkow has verified the security of a hotel key system. ◮ Specification was substantially longer than the program . ◮ Maybe it is easier to see that the program is secure than that the specification guarantees security? Anton Setzer Closing the Validation Gap 8/ 38

  9. Closing the Validation Gap Examples of Validation Problems Closing the Validation Gap Case Study: Formalisation of Railway Interlocking System Proof of Safety Anton Setzer Closing the Validation Gap 9/ 38

  10. Closing the Validation Gap Closing the Validation Gap ◮ Verification can be done provably correct or using systematic thorough testing. ◮ We can guarantee (up to a certain degree). ◮ Validation can only be done using semi-formal, systematic methods. ◮ We cannot guarantee it. ◮ We cannot avoid a gap between specification and requirements. ◮ However we can make the gap as small as possible . Anton Setzer Closing the Validation Gap 10/ 38

  11. Closing the Validation Gap Requirements - Specification - System Real World Requirements Validation Model Validation Specification Verification System Anton Setzer Closing the Validation Gap 11/ 38

  12. Closing the Validation Gap Suggestion to have two Specifications Requirements ✿✿✿✿✿✿✿✿✿✿✿✿✿✿ specification which is as close as possible to the ◮ ✿✿✿✿✿✿✿✿✿✿✿✿✿✿✿ requirements. ◮ Corresponds as close as possible to a model of the real world situation. ◮ Example: In railway interlocking systems model of railways. Program ✿✿✿✿✿✿✿✿✿✿✿✿✿✿ specification which is used to verify the program. ◮ ✿✿✿✿✿✿✿✿✿ ◮ Should make it easy to verify that a program fulfils the specification. ◮ Example: In railway interlocking systems signalling principles E.g.: If signal A is green, signal B is red. Anton Setzer Closing the Validation Gap 12/ 38

  13. Closing the Validation Gap Interactive vs Automated Theorem Proving ◮ That the program fulfils the program specification is typically provable by automated theorem proving . ◮ In case of railway interlocking systems show that a railway interlocking system fulfils signalling principles. ◮ That the program specification implies the requirements specification is typically provable by interactive theorem proving . Anton Setzer Closing the Validation Gap 13/ 38

  14. Closing the Validation Gap Requirements and Program Specification Requirements Validation Requirements Specification Interactive Theorem Proving Program Specification Automated Theorem Proving or Testing System Anton Setzer Closing the Validation Gap 14/ 38

  15. Case Study: Formalisation of Railway Interlocking System Examples of Validation Problems Closing the Validation Gap Case Study: Formalisation of Railway Interlocking System Proof of Safety Anton Setzer Closing the Validation Gap 15/ 38

  16. Case Study: Formalisation of Railway Interlocking System Track Segments ◮ The basic unit into which one divides a rail yard is that of a track segment . ✿✿✿✿✿ ✿✿✿✿✿✿✿✿✿✿ ◮ A track segment is stretch of a track without any further smaller parts, which are significant for an analysis of a interlocking system. ◮ there are no sets of points in between (but a set of points might form one segment) ◮ there are no crossings in between, ◮ they are not divided by signals into parts. Anton Setzer Closing the Validation Gap 16/ 38

  17. Case Study: Formalisation of Railway Interlocking System Example ◮ In the following example we have track segments s1 - s6. ◮ The two branches of the set of points p1 form segment s2. ◮ The two branches of the set of points p2 form segment s4. sig9 sig10 s6 p1 p2 s2 s4 sig7 s5 sig8 s1 sig6 sig5 s3 sig1 sig2 sig3 sig4 Anton Setzer Closing the Validation Gap 17/ 38

  18. Case Study: Formalisation of Railway Interlocking System Signals ◮ Signals control the access from one train segment to the next one. ◮ They are drawn in the direction of use, e.g. Signal sig2 is visible from s1 and controls access to s2. ◮ In the example sig2, sig7, sig9, control access to the set of points p1, and sig3, sig6, sig10 control access to p2. ◮ sig1, sig5 control access to s1, s5 respectively, and sig8, sig4 control access to the neighbouring rail yards. sig9 sig10 s6 p1 p2 s2 s4 sig7 s5 sig8 s1 sig6 sig5 s3 sig1 sig2 sig3 sig4 Anton Setzer Closing the Validation Gap 18/ 38

  19. Case Study: Formalisation of Railway Interlocking System Train Routes ◮ The control system for such a rail yard has several ✿✿✿✿✿ train ✿✿✿✿✿✿✿ routes . ◮ A ✿✿✿✿ train route is a sequence of track segments, the train can follow ✿✿✿✿✿✿ without ever having to stop in between (except in emergency cases). ◮ The beginning of a train route and its end should be delimited by signals. ◮ The first one prevents entering the train route, the second one, delimits access from this train route to the following train routes. ◮ The segment before the guarding signal belongs to the route. Anton Setzer Closing the Validation Gap 19/ 38

  20. Case Study: Formalisation of Railway Interlocking System Train Routes ◮ So we have a train route (s1,s2,s6) ◮ with segments s1,s2, s6 ◮ guarded by signal sig2 ◮ Routes r1, r2 are connected if after having traversed route r1 one can proceed to route r2 ◮ route (s1,s2,s6) and route (s6,s4,s5) are connected. sig9 sig10 s6 p1 p2 s2 s4 sig7 s5 sig8 s1 sig6 s3 sig5 sig1 sig2 sig3 sig4 Anton Setzer Closing the Validation Gap 20/ 38

  21. Case Study: Formalisation of Railway Interlocking System Formalisation in Agda ◮ We follow Karim Kanso and Anton Setzer: A light-weight integration of automated and interactive theorem proving . Mathematical Structures in Computer Science, FirstView, 2014, pp. 1 - 25. Anton Setzer Closing the Validation Gap 21/ 38

  22. Case Study: Formalisation of Railway Interlocking System Formalisation ◮ We have sets and relations Segment : Set : Train Set Route : Set : Route → Route → Set Connected SegInRoute : Segment → Route → Set Anton Setzer Closing the Validation Gap 22/ 38

  23. Case Study: Formalisation of Railway Interlocking System Model ◮ Time is given as Time = N : Set ◮ Depending on t : Time we assume : Train → Route trainRoute t signalAspect t : Route → { proceed , danger } Anton Setzer Closing the Validation Gap 23/ 38

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Workshop on process validation Closing remarks Kowid Ho Process validation biotech drug

Workshop on process validation Closing remarks Kowid Ho Process validation biotech drug

Workshop on process validation Closing remarks Kowid Ho Process validation biotech drug substance General concepts Objective : To establish scientific evidence that a process is capable of consistently delivering a quality drug

299 views • 19 slides
Closing the Loop: The Data-First Approach in Digital Railway Michele Budetta Senior Vice

Closing the Loop: The Data-First Approach in Digital Railway Michele Budetta Senior Vice

Closing the Loop: The Data-First Approach in Digital Railway Michele Budetta Senior Vice President Service and Maintenance Hitachi Rail Italy Suhail Jiwani Senior Director, Product Management Lumada IOT Platform Hitachi Rail offers an

438 views • 19 slides
Advances in Railway Control Systems Architectures and Related Challenges for Verification and

Advances in Railway Control Systems Architectures and Related Challenges for Verification and

BCTCS 2020 AlgUK Session on Railway Verifikation 2020-04-06 Advances in Railway Control Systems Architectures and Related Challenges for Verification and Validation Jan Peleska University of Bremen and Verified Systems International GmbH

540 views • 33 slides
for railway tracks maintenance Railway track maintanance Railway track maintenance - one of the

for railway tracks maintenance Railway track maintanance Railway track maintenance - one of the

Digital innovation for railway tracks maintenance Railway track maintanance Railway track maintenance - one of the most important types of track work carried out continuously throughout the year in order to prevent railway track

346 views • 13 slides
The Verification and Validation activity for a railway control system Davide Alagna, Alessandro

The Verification and Validation activity for a railway control system Davide Alagna, Alessandro

Ansaldo Segnalamento Ferroviario The Verification and Validation activity for a railway control system Davide Alagna, Alessandro Romei [alagna.davide@asf.ansaldo.it, romei.alessandro@asf.ansaldo.it] RAMS Department Geneva, 19 th September 2008

811 views • 32 slides
A Formal Framework for UML Modeling with Timed Constraints: Application to Railway Control

A Formal Framework for UML Modeling with Timed Constraints: Application to Railway Control

FRENCH NATIONAL INSTITUTE FOR TRANSPORT SAFETY AND RESEARCH A Formal Framework for UML Modeling with Timed Constraints: Application to Railway Control Systems Rafael Marcano Samuel Colin Georges Mariano Specification and Validation of UML

254 views • 24 slides
measurement of railway alignment and its impact on railway tamping Focus on track renewals and

measurement of railway alignment and its impact on railway tamping Focus on track renewals and

Trimble GEDO Vorsys for pre- measurement of railway alignment and its impact on railway tamping Focus on track renewals and maintenance using worked examples From trolley to tamper Railway alignment measurement Why measure track

498 views • 34 slides
Railway Traction and Power System Energy Optimisation Ning Zhao Birmingham Centre for Railway

Railway Traction and Power System Energy Optimisation Ning Zhao Birmingham Centre for Railway

Railway Traction and Power System Energy Optimisation Ning Zhao Birmingham Centre for Railway Research and Education Background Energy consumption is becoming a critical concern for modern railway operation; There is an opportunity to

585 views • 31 slides
SHARE OUR PASSION FOR RAILWAY SOLUTIONS A passion for railway solutions CONSULTING

SHARE OUR PASSION FOR RAILWAY SOLUTIONS A passion for railway solutions CONSULTING

SHARE OUR PASSION FOR RAILWAY SOLUTIONS A passion for railway solutions CONSULTING ENGINEERING SYSTEMS PROJECTS At Molinari Rail we want to use our broad technology knowledge to design and to deliver cost-efficient solutions, which

506 views • 15 slides
Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 10 November, 2017 1/34 Outline Motivation and related work Our approach

681 views • 34 slides
RAILWAY SOLUTIONS RAILWAY SOLUTIONS Development for Sustainable Change in Ethiopia Consulting

RAILWAY SOLUTIONS RAILWAY SOLUTIONS Development for Sustainable Change in Ethiopia Consulting

A PASSION FOR A PASSION FOR RAILWAY SOLUTIONS RAILWAY SOLUTIONS Development for Sustainable Change in Ethiopia Consulting Engineering Analysis Systems 1 Introduction Molinari Rail We are an independent railway consulting

254 views • 11 slides
Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 09 March, 2017 Overview 1. Why we need a verified filesystem 2. Our approach

514 views • 29 slides
RAILWAY TRANSPORT, AT RAILWAY BORDER CROSSINGS, AND ON TECHNICAL STANDARDS AND OPERATIONAL

RAILWAY TRANSPORT, AT RAILWAY BORDER CROSSINGS, AND ON TECHNICAL STANDARDS AND OPERATIONAL

FACILITATION MEASURES FOR INTERNATIONAL RAILWAY TRANSPORT, AT RAILWAY BORDER CROSSINGS, AND ON TECHNICAL STANDARDS AND OPERATIONAL PRACTICES ALONG INTERNATIONAL CORRIDOR IN MONGOLIA December 2017, Astana, Kazakhstan Regional meeting on

553 views • 20 slides
Form Validation 1 CS380 What is form validation? 2 validation: ensuring that form's values

Form Validation 1 CS380 What is form validation? 2 validation: ensuring that form's values

Form Validation 1 CS380 What is form validation? 2 validation: ensuring that form's values are correct some types of validation: preventing blank values (email address) ensuring the type of values integer, real number,

284 views • 24 slides
Data Mining II Model Validation Heiko Paulheim Why Model Validation? We have seen so far

Data Mining II Model Validation Heiko Paulheim Why Model Validation? We have seen so far

Data Mining II Model Validation Heiko Paulheim Why Model Validation? We have seen so far Various metrics (e.g., accuracy, F-measure, RMSE, ) Evaluation protocol setups Split Validation Cross Validation Special

1.04k views • 55 slides
Railway Crossing Information System Railway Crossing Information System ITS Canada Presentation

Railway Crossing Information System Railway Crossing Information System ITS Canada Presentation

Railway Crossing Information System Railway Crossing Information System ITS Canada Presentation May 29, 2013 Agenda Project Scope Problem Statements - Rail Operation & Traffic Impact Concept of Operations Detection Technology Testing

373 views • 33 slides
Requirements Validation Requirements Management p. 1 R. Kuehl/ J. Scott Hawker R I T Software

Requirements Validation Requirements Management p. 1 R. Kuehl/ J. Scott Hawker R I T Software

Requirements Validation Requirements Management p. 1 R. Kuehl/ J. Scott Hawker R I T Software Engineering Two Views of Quality Assessment Validation Do requirements correctly capture stakeholder goals, needs, and constraints?

602 views • 27 slides
JavaScript Asst. Prof. Dr. Kanda Saikaew (krunapon@kku.ac.th) Dept. of Computer Engineering

JavaScript Asst. Prof. Dr. Kanda Saikaew (krunapon@kku.ac.th) Dept. of Computer Engineering

JavaScript Asst. Prof. Dr. Kanda Saikaew (krunapon@kku.ac.th) Dept. of Computer Engineering Khon Kaen University 1 Why Learn JavaScript? JavaScript is used in millions of Web pages to Validate forms Detect browsers Create

1k views • 59 slides
AIRS Validation Overview & TDS Support of Validation Eric Fetzer AIRS Science Team Meeting

AIRS Validation Overview & TDS Support of Validation Eric Fetzer AIRS Science Team Meeting

AIRS Validation Overview & TDS Support of Validation Eric Fetzer AIRS Science Team Meeting November 2001 Pasadena E. Fetzer 1 Validation & TDS Support November 2001 Todays Talk TLSCF Support of AIRS Validation TLSCF

619 views • 18 slides
Making Eclipse with HTML and JavaScript fun again! Max Rydahl Andersen Consulting Engineer, Red

Making Eclipse with HTML and JavaScript fun again! Max Rydahl Andersen Consulting Engineer, Red

Making Eclipse with HTML and JavaScript fun again! Max Rydahl Andersen Consulting Engineer, Red Hat 2015-03-11 EclipseCon, San Francisco Full disclosure Worked on Eclipse tooling 10+ years Leading JBoss Tools project and JBoss

409 views • 22 slides
The Mobile Web Initiative Stphane Boyera http://www.w3.org/2005/10/india/MWI_d1/ International

The Mobile Web Initiative Stphane Boyera http://www.w3.org/2005/10/india/MWI_d1/ International

The W3C Mobile Web Initiative The Mobile Web Initiative Stphane Boyera http://www.w3.org/2005/10/india/MWI_d1/ International Conference & Workshop on Web Technologies New Delhi, India, November 10 2005

286 views • 24 slides
Libraries and Tools Transformers, AllenNLP LING575 Analyzing Neural Language Models Shane

Libraries and Tools Transformers, AllenNLP LING575 Analyzing Neural Language Models Shane

Libraries and Tools Transformers, AllenNLP LING575 Analyzing Neural Language Models Shane Steinert-Threlkeld February 6 2020 1 Outline Very helpful tools Transformers AllenNLP Walk-through of a classifier and a tagger

1.13k views • 32 slides
2 Years of Real World FP at REA @KenScambler Scala Developer at Me 14 years 5 years 5 years

2 Years of Real World FP at REA @KenScambler Scala Developer at Me 14 years 5 years 5 years

2 Years of Real World FP at REA @KenScambler Scala Developer at Me 14 years 5 years 5 years when possible when bored when forced - 3 teams @ - 17 codebases - 43K LOC Jul 13 Jan 14 Jul 14 Jan 15 Why Functional Programming?

1.95k views • 160 slides
Data Model Predictions ( x ) Kim Hammar (Logical Clocks) Hopsworks Feature Store February

Data Model Predictions ( x ) Kim Hammar (Logical Clocks) Hopsworks Feature Store February

Feature Store: the missing data layer in ML pipelines? 1 Spotify ML Guild Fika Kim Hammar kim@logicalclocks.com February 26, 2019 1 Kim Hammar and Jim Dowling. Feature Store: the missing data layer in ML pipelines?

531 views • 42 slides

More recommend