Skip to Main content Skip to Navigation
Journal articles

A formal refinement-based analysis of the hybrid ERTMS/ETCS level 3 standard

Abstract : This paper presents a formal model of the case study proposed for the ABZ2018 conference, which concerns the Hybrid ERTMS/ETCS Level 3 Standard. This standard allows trains to communicate with a train supervisor to report their integrity and positions, thanks to an onboard train integrity monitoring system. The supervisor assigns trains a movement authority to control traffic and to avoid collisions. The standard also provides for trains that cannot communicate with the supervisor; these trains are detected by sensors on tracks and obey traffic signals set by the supervisor along the trackside. Using communication allows for a finer grain control of the tracks. Our model is derived using stepwise refinement with the Event-B method. We take into account the main features of the case study (VSS management, timers, ERTMS and non-ERTMS trains). Our model is decomposed into four refinements. All proof obligations have been discharged using the Rodin provers, except those related to the computation of the VSS state machine, which was found to be ambiguous (nondeterministic). Our model has been validated using ProB. The main safety property, which is that ERTMS trains do not collide, is proved. Our model focuses on the discrete control logic aspects of the case study.
Document type :
Journal articles
Complete list of metadata
Contributor : Amel Mammar Connect in order to contact the contributor
Submitted on : Thursday, October 22, 2020 - 11:20:57 PM
Last modification on : Saturday, October 16, 2021 - 3:32:03 PM



Amel Mammar, Marc Frappier, Steve Jeffrey Tueno Fotso, Régine Laleau. A formal refinement-based analysis of the hybrid ERTMS/ETCS level 3 standard. International Journal on Software Tools for Technology Transfer, Springer Verlag, 2020, 22 (3), pp.333-347. ⟨10.1007/s10009-019-00543-1⟩. ⟨hal-02975774⟩



Record views