CPN'09, Aarhus, Denmark, October 19-21, 2009 Verification of Railway Interlocking Tables using Coloured Petri Nets * Somsak Vanit-Anunchai

Slides:

Advertisements

Similar presentations

Introduction to TransXChange

Advertisements

Configuration management

Configuration management

For Personal Use Only This presentation contains copyrighted material. PLEASE DO NOT COPY OR DUPLICATE. NOT FOR COMMERCIAL USE. For Personal Use Only This.

SCORT/TRB Rail Capacity Workshop - Jacksonville Florida1 1  A Primer on Capacity Principles  New Technologies  Public Sector Needs 22 September

Formal Development and Verification of Distibuted Railway Control System – Haxthausen&Peleska To allow for private companies to be key players in the railway.

Electronic and Computer Engineering Colin Grogan Final Year Project: Design and Build an Air Mouse for people with lower mobility.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.

Software Quality Assurance Inspection by Ross Simmerman Software developers follow a method of software quality assurance and try to eliminate bugs prior.

Ing. Tomáš Vicherek, Ing. Vlastimil Polach, Ph.D. Research and development Automatic Route Setting According to Train Paths in Anticipated Time Schedule.

Location of Signals. Considerations for Location of Signals Braking Distance Overlaps Isolation Simultaneous Reception.

Train Control Language Teaching Computers Interlocking By: J. Endresen, E. Carlson, T. Moen1, K. J. Alme, Haugen, G. K. Olsen & A. Svendsen Synthesizing.

Chapter 18 Working Drawings.

1 Verification, validation and testing Chapter 12, Storey.

Performance Analysis and Monitoring Facilities in CPN Tools Tutorial CPN’05 October 25, 2005 Lisa Wells.

CPN Models of Transport Systems Michal Zarnay Slovakia.

SYSTEMS DEVELOPMENT Phases, Tools, and Techniques

/faculteit technologie management DEMO CPN-tools Ronny Mans Eindhoven University of Technology, Faculty of Technology Management, Department of Information.

Toward Formal Modelling and Analysis of SCTP Connection Managment Somsak Vanit-Anunchai School of Telecommunication Engineering Institute of Engineering.

Palletizing the Easy Way

CE 515 Railroad Engineering

Chapter 9 – Software Evolution and Maintenance

[ §6 : 1 ] 6. Basic Methods II Overview 6.1 Models 6.2 Taxonomy 6.3 Finite State Model 6.4 State Transition Model 6.5 Dataflow Model 6.6 User Manual.

The printed circuit board (PCB) design

1 Satisfiability Testing in the Railway Industry Simon Chadwick Head of Research Westinghouse Rail Systems Limited, Chippenham, UK SAT2009 Twelfth International.

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Multi-Layered Navigation Meshes Wouter G. van Toll, Atlas F. Cook IV, Roland Geraerts ICT.OPEN 2011.

SCRAM Software Configuration, Release And Management Background SCRAM has been developed to enable large, geographically dispersed and autonomous groups.

LESSON 8 Booklet Sections: 12 & 13 Systems Analysis.

Managing the development and purchase of information systems (Part 1)

程建群博士(Dr. Jason Cheng) 年03月

COE4OI5 Engineering Design. Copyright S. Shirani 2 Course Outline Design process, design of digital hardware Programmable logic technology Altera’s UP2.

MSE Presentation 3 By Padmaja Havaldar- Graduate Student

TVAC Electronic Call Sheet System Team HeatWave Summer 2007.

by P. Sriploy, M. Uthansakul and R. Wongsan

Engineering Matrix Megatec 2011.

Line Coding, Modem, RS232 interfacing sequences.

1 On to Object Design Chapter 14 Applying UML and Patterns.

Extreme/Agile Programming Prabhaker Mateti. ACK These slides are collected from many authors along with a few of mine. Many thanks to all these authors.

CONTENTS:  Introduction  What is neural network?  Models of neural networks  Applications  Phases in the neural network  Perceptron  Model of fire.

Dynamic Presentation of Key Concepts Module 5 – Part 1 Fundamentals of Operational Amplifiers Filename: DPKC_Mod05_Part01.ppt.

From Quality Control to Quality Assurance…and Beyond Alan Page Microsoft.

1 Extend is a simulation tool to create models quickly, with all the blocks you need and without even having to type an equation. You can use a series.

Towards a High-Level Petri Net Type DefinitionWorkshop on Interchange Formats for Petri Nets 1/18 June 26, 2004 Towards a High-Level Petri Net Type Definition.

Software Engineering Principles. SE Principles Principles are statements describing desirable properties of the product and process.

Centralised Traffic Control Working On Dhamra line of ECoR

Create a Detailed CTC Machine Model with JMRI/PanelPro Other Clinics in this series: Introduction to Layout Control with JMRI/PanelPro Repeated 4:00 PM,

1 A High-Speed and Wide Detectable Frequency Range Phase Detector for DLLs Babazadeh, H.; Esmaili, A.; Hadidi, K.; NORCHIP, 2009 Digital Object Identifier:

SIMULINK-Tutorial 1 Class ECES-304 Presented by : Shubham Bhat.

Metadata By N.Gopinath AP/CSE Metadata and it’s role in the lifecycle. The collection, maintenance, and deployment of metadata Metadata and tool integration.

On Effective Object Manipulation in Virtual Environments making scene design easier.

Topic 4 - Database Design Unit 1 – Database Analysis and Design Advanced Higher Information Systems St Kentigern’s Academy.

Whole Test Suite Generation. Abstract Not all bugs lead to program crashes, and not always is there a formal specification to check the correctness of.

TEAM FOUNDATION VERSION CONTROL AN OVERVIEW AND WALKTHROUGH By: Michael Mallar.

A new fail-safe principle for railway signaling

Physical Layer of a Repository. March 6, 2009 Agenda – What is a Repository? –What is meant by Physical Layer? –Data Source, Connection Pool, Tables and.

UNIT IV TRACK CONSTRUCTION. POINTS AND CROSSINGS Point and Crossings are peculiar arrangement used in permanent way to guide the vehicle for directional.

1 Binary Signals Logic gate circuits are designed to input and output only two types of signals: “high” (1) and “low” (0), as represented by a variable.

ETP 1138C Week #3 Advanced print reading basics (Print creation) This week we will cover the following items and topics in class: Discuss how electronic.

CONTENTS:  INTRODUCTION & HISTORY  EXISTING SYSTEM & DIS-ADVANTAGES  PROPOSED SYSTEM  RESULT ANALYSIS  ADVANTAGES  APPLICATIONS  CONCLUSION.

Guide for the application of CSM design targets (CSM DT)

Poushali Pal AMIEEE, M. Tech in Information Technologies

Computer Programming.

Designed-in Logic to Ensure Safety of Integration and Field Engineering of Large Scale CBTC Systems Author: Fenggang Shi.

Introduction of Week 13 Return assignment 11-1 and 3-1-5

Chapter 8 Software Evolution.

Spreadsheets, Modelling & Databases

*Supported by National Research Council of Thailand

Foundations and Definitions

PASSI (Process for Agent Societies Specification and Implementation)

Presentation transcript:

CPN'09, Aarhus, Denmark, October 19-21, 2009 Verification of Railway Interlocking Tables using Coloured Petri Nets * Somsak Vanit-Anunchai School of Telecommunication Engineering Suranaree University of Technology Nakhon Ratchasima Thailand * Supported by National Research Council of Thailand

Introduction to railway signalling CPN'09, Aarhus, Denmark, October 19-21, T 42T 103T 103 9T 3T 1T T 16T Railway Signalling System divides rail track into sections. Only one train is allowed in one section at atime. A section or route comprises wayside equipment 1) Track Circuits used to indicate the presence of trains 2) Signals to allow the train enter into the route. 3) points (switches ) to diverge the train to another track. Each wayside equipment has an Identification number. 3

A typical (small) station CPN'09, Aarhus, Denmark, October 19-21, T 42T 103T 103 9T 3T 1T T 16T Require TC 3 1 Route 3(2) locked Route Released  Normal Interlocking Tables or Control Tables are the tabular representation specifying how the train move together with the states and actions of related equipment.

Approach Lock = Cannot cancel CPN'09, Aarhus, Denmark, October 19-21, T 42T 103T 103 9T 3T 1T T 16T Signalman can cancel

CPN'09, Aarhus, Denmark, October 19-21, 2009 Motivation (Problems) Problems with manual inspection of railway Interlocking table  labour intensive, erorr prone State Railway of Thailand’s projects involves stations Existing track layout changed (added)  existing signalling changed. Other software tools usually are designed for a specific railway company but SRT’s Operating rule is unique and sometimes changed. Need simple formal methods for signal engineers

Selected related work (quick look) CPN'09, Aarhus, Denmark, October 19-21, 2009 Logistic

CPN'09, Aarhus, Denmark, October 19-21, 2009 Selected related work

CPN'09, Aarhus, Denmark, October 19-21, 2009 Selected related work

Our CPN model of the Control Table of the small station comprises two parts 1.Signalling Layout 2.Interlockin g The CPN model comprises 72 Places, 12 Fusion places, 21 Substitution Transitions, 33 Transitions and 12 ML functions. CPN'09, Aarhus, Denmark, October 19-21, 2009

CPN model of the Control Table 1.Signalling Layout - The CPN model mimics the signalling plan - Provides geographic information how each wayside equipment connect to each other - Provides ability to simulate the trains moving - Comprises lower CPN subpages which represent the trains’ movement when passing signals, passing point and moving between 2 consecutive track circuits  modelling wayside equipments CPN'09, Aarhus, Denmark, October 19-21, 2009

CPN model: The southern part of the station

Modelling Approach The CPN model in the signalling layout part depends on the track layout.  It is inevitable.  But the CPN diagram can be quickly, manually built when we have CPN patterns (library).  The work on CPN patterns for this project is in progress. CPN'09, Aarhus, Denmark, October 19-21, 2009

CPN model of the Control Table 2. Interlocking part comprises 3 CPN subpages 2.1 UserCommand  sets and locks the points along the route 2.2 Routesetting  sets the required route 2.3 RouteReleased  using the passage of the train restores the route to Normal state and unlocks the points CPN'09, Aarhus, Denmark, October 19-21, 2009

Modelling Approach The CPN model in the Interlocking part depends on the contents in the control table. Because of 300 stations (to go), we attempt to make the generic net structure. The contents of the control table are coded in ML functions used in arc inscriptions.  Thus 300 stations can use the same net structure of the Interlocking part. CPN'09, Aarhus, Denmark, October 19-21, 2009

CPN Model: Route Setting require_point_normal(route) ++ require_point_reverse(route)

CPN'09, Aarhus, Denmark, October 19-21, 2009 Excel  XML XSLT script It took me 2- man-months to complete the first model (including analysis). But the double track station  It took me only 8-man hours to build the model (not including analysis).  ML functions are automatically created from XML control table using XSLT.

CPN'09, Aarhus, Denmark, October 19-21, 2009 CPN Model: Route Setting require_point_normal(route) ++ require_point_reverse(route) This part is a great help regardless of assumptions.

CPN'09, Aarhus, Denmark, October 19-21, 2009 Assumptions and their affects on the correctness of the model To start building the model we have 10 assumptions. Q: The important question is how these assumptions affect the model. A: I consider that there are some differences between the real system and the model. However the model in this paper can detect a large part of errors which we always encounter. A larger part = something is missing or added (extra) in the Control Table.

Analysis The desired property is no collision.  No two train in two consecutive track circuits.  Using ML query functions. To convince the model correctness  After route(s) setting and train(s) movement, The terminal markings shall be as we expect.  To debug the model using an incremental approach. Starting from one route setting - one train CPN'09, Aarhus, Denmark, October 19-21, 2009

Terminal markings CPN'09, Aarhus, Denmark, October 19-21, 2009 Using query ML and state space search No train collision is detected in case A,B and C

CPN'09, Aarhus, Denmark, October 19-21, 2009 Conclusion A control table for the small and typical single line railway station is modelled and analysed. This CPN model can be adapted and re-used for SRT’s double track projects ( stations). We propose to convert Control tables to ML functions using XSLT. Thus the CPN models of other interlocking can be rapidly built. These models will help to detect errors in control tables in the early phase of system development.

Future work Relaxes modelling assumptions Revises the CPN subpages and arranges a library of CPN patterns Create CPN models directly from Track layout drawing. CPN'09, Aarhus, Denmark, October 19-21, 2009

Thank You! Questions and comments?

CPN'09, Aarhus, Denmark, October 19-21, 2009

Initial markings CPN'09, Aarhus, Denmark, October 19-21, noTrain at other places - setting commands for all 8 routes - Both blocks in Coming states - A Block request command for going toward Bangkok

Analysis results CPN'09, Aarhus, Denmark, October 19-21, 2009 More trains  less number of possible train movements Less trains  more number of possible train movements Not true in general (e.g. double track and large stations) State space sizes