Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Satisfiability Testing in the Railway Industry Simon Chadwick Head of Research Westinghouse Rail Systems Limited, Chippenham, UK SAT2009 Twelfth International.

Published byAnis Andrews Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Satisfiability Testing in the Railway Industry Simon Chadwick Head of Research Westinghouse Rail Systems Limited, Chippenham, UK SAT2009 Twelfth International."— Presentation transcript:

1 1 Satisfiability Testing in the Railway Industry Simon Chadwick Head of Research Westinghouse Rail Systems Limited, Chippenham, UK SAT2009 Twelfth International Conference on Theory and Applications of Satisfiability Testing

2 2 Contents Introduction Railways and Safety The Story of Signalling Where Signalling meets SAT Some final thoughts

3 3 Introduction WRSL Westinghouse Rail Systems Limited Part of Invensys Rail Group Part of Invensys plc

4 4 Introduction

5 5

6 6 Railways and Safety First railway? Stockton & Darlington Railway Opened 27 th September 1825

7 7 Railways and Safety First railway accident? William Huskisson (1770-1830) Killed during the opening of the Liverpool and Manchester Railway, 15 th September 1830.

8 8 Railways and Safety Incremental rule building Accident Investigation Changes Improvement Apply for 150 years:

9 9 Railways and Safety Causes of Accidents Many causes: –Civil engineering failure –Failure of train –Failure of operators –Failure of signalling system

10 10 Railways and Safety Railway Signalling assumes… Rails intact Civil engineering intact Trains intact

11 11 Contents Introduction Railways and Safety The Story of Signalling Where Signalling meets SAT Some final thoughts

12 12 To maintain the safety of trains by: 1.Maintaining a safe distance between following trains on the same track 2.Safeguarding the movement of train at junctions and crossings 3.Regulating the passage of trains according to service density and speed required 4.Ensuring safety of trains in the event of equipment failure The Story of Signalling What is signalling for?

13 13 STOP PROCEED The Story of Signalling Early Signalling

14 14 Regulation of train by time Controlled by Policemen No standard time Electrical Telegraph Block Instrument Absolute Block Working The Story of Signalling Time Interval Working

15 15 The Story of Signalling Semaphore Signals

16 16 Block Section Station Limits Signal Box Distant Signal Home SignalStarter Signal Direction of travel Station Block Section The Story of Signalling Basic Signalling

17 17 Block Section Station Limits Signal Box Distant Signal Home Signal Starter Signal Direction of travel Station Block Section Outer Home Signal Overlap The Story of Signalling Outer Home Signal

18 18 The Story of Signalling Four Aspect Signalling

19 19 The Story of Signalling Four Aspect Signalling

20 20 The Story of Signalling Four Aspect Signalling

21 21 The Story of Signalling Four Aspect Signalling

22 22 The Story of Signalling Four Aspect Signalling

23 23 The Story of Signalling Four Aspect Signalling

24 24 The Story of Signalling Four Aspect Signalling

25 25 The Story of Signalling Four Aspect Signalling

26 26 The Story of Signalling Four Aspect Signalling

27 27 The Story of Signalling Four Aspect Signalling

28 28 The Story of Signalling Four Aspect Signalling

29 29 The Story of Signalling Four Aspect Signalling

30 30 The Story of Signalling Four Aspect Signalling

31 31 The Story of Signalling Four Aspect Signalling

32 32 The Story of Signalling Four Aspect Signalling

33 33 The Story of Signalling Four Aspect Signalling

34 34 The Story of Signalling Four Aspect Signalling

35 35 The Story of Signalling Four Aspect Signalling

36 36 The Story of Signalling Interlocking and Control Centre Interlocking Control System Train detection inputs Point control outputs Point detection inputs Signal lamp outputs Lamp proving inputs

37 37 The interlocking is the safety device for the signalling equipment. It will not allow an unsafe condition to occur It ensures that all train movements are protected The design of the interlocking is the responsibility of principle design Engineers who must incorporate very strict rules. The design is independently checked and tested. The Story of Signalling Interlocking Principles

38 38 The Story of Signalling Mechanical Interlocking

39 39 The Story of Signalling Relay Interlocking

40 40 The Story of Signalling Solid State Interlocking (SSI)

41 41 Put WESTLOCK photo here The Story of Signalling Solid State Interlocking WESTLOCK

42 42 The Story of Signalling Lever Frame Control System

43 43 Cowlairs The Story of Signalling Control Panel

44 44 The Story of Signalling Large Control Panel

45 45 The Story of Signalling Electronic Control Centres

46 46 Contents Introduction Railways and Safety The Story of Signalling Where Signalling meets SAT Some final thoughts

47 47 Where Signalling Meets SAT Signalling meets SAT at the interlocking The interlocking can be seen as a logic engine

48 48 Interlocking Control System Train detection inputs Point control outputs Point detection inputs Signal lamp outputs Lamp proving inputs Where Signalling Meets SAT At the Interlocking

49 49 Where Signalling Meets SAT If N = number inputs Then 2 N combinations of inputs are possible BUT… can have internal stored states So, order of combinations of inputs matters BUT… can have timers So, duration of combinations of inputs matter

50 50 Where Signalling Meets SAT I can express the behaviour of an interlocking as a set of Boolean equations One of the interlocking products used by WRSL uses Ladder Logic I can express safety rules about my interlocking as generic rules I can use SAT theory to demonstrate that my interlocking logic meets the safety rules

51 51 Where Signalling Meets SAT WESTRACE Ladder Logic

52 52 Where Signalling Meets SAT At the Interlocking P123TATBTCTDTE TGTH S1S2 S3 Example rules - general 1.Points should not be moved if the track is occupied 2.Signals can only show proceed aspect if the track is clear for route set Example rules - specific 1.Points P123 should not be moved if track TC is occupied 2.If route is set S1 to S3, signal can only show proceed if tracks TC, TG are clear, plus TH if overlap

53 53 Where Signalling Meets SAT Specific Interlocking Logic Signalling Designer Generic Safety Rules Specific Safety Requirements Instancing Specific Railway Layout Satisfiable? This is the hard bit! Are the safety properties complete?

54 54 Where Signalling Meets SAT WRSL and IRG research P123TATBTCTDTE TGTH S1S2 S3 WRSL is working with Swansea University to enhance our understanding of satisifiability testing, and understand how it can be applied to railway interlocking systems. WRSL is also working with Prover Technology to evaluate use of their proof technology with Invensys Rail WESTRACE interlockings.

55 55 Contents Introduction Railways and Safety The Story of Signalling Where Signalling meets SAT Some final thoughts

56 56 Final thoughts High Speed Trains European Rail Traffic Management System (ERTMS)

57 57 Final thoughts High speed trains If you are driving one of these… you need cab signalling!

58 58 Final thoughts ERTMS ERTMS = European Rail Traffic Management System Interoperability across Europe Signalling and Automatic Train Protection on the train Interlocking is still required – but…

59 59 Final thoughts Size and Complexity Over time: Signalling systems have got more complex Scope of individual system components has got larger We have reached the limits of traditional approaches Question: Has size/complexity of modern safety systems exceeded ability of human understanding? If the answer is “Yes” then we need practical applications of technologies such as SAT!

60 60 Thankyou! Thankyou

Download ppt "1 Satisfiability Testing in the Railway Industry Simon Chadwick Head of Research Westinghouse Rail Systems Limited, Chippenham, UK SAT2009 Twelfth International."

Similar presentations

Create a Detailed CTC Machine Model with JMRI/PanelPro

Create a Detailed CTC Machine Model with JMRI/PanelPro
For Personal Use Only This presentation contains copyrighted material. PLEASE DO NOT COPY OR DUPLICATE. NOT FOR COMMERCIAL USE. For Personal Use Only This.

For Personal Use Only This presentation contains copyrighted material. PLEASE DO NOT COPY OR DUPLICATE. NOT FOR COMMERCIAL USE. For Personal Use Only This.
1 The 2-to-4 decoder is a block which decodes the 2-bit binary inputs and produces four output All but one outputs are zero One output corresponding to.

1 The 2-to-4 decoder is a block which decodes the 2-bit binary inputs and produces four output All but one outputs are zero One output corresponding to.
SCORT/TRB Rail Capacity Workshop - Jacksonville Florida1 1  A Primer on Capacity Principles  New Technologies  Public Sector Needs 22 September 20101.

SCORT/TRB Rail Capacity Workshop - Jacksonville Florida1 1  A Primer on Capacity Principles  New Technologies  Public Sector Needs 22 September
Chapter 1: Introduction 1 ©2000, John Wiley & Sons, Inc. Nise/Control Systems Engineering, 3/e Chapter 1 Introduction.

Chapter 1: Introduction 1 ©2000, John Wiley & Sons, Inc. Nise/Control Systems Engineering, 3/e Chapter 1 Introduction.
Signals Refresher Training. S.O.C. Signals In this clinic, we will be reviewing the basic signal aspects we use on the S.O.C. We will be seeing various.

Signals Refresher Training. S.O.C. Signals In this clinic, we will be reviewing the basic signal aspects we use on the S.O.C. We will be seeing various.
Signal Basics. Signals: –Allow for safe operation of trains – protecting your train, other trains, and the equipment –Lets the railroad operate more efficiently.

Signal Basics. Signals: –Allow for safe operation of trains – protecting your train, other trains, and the equipment –Lets the railroad operate more efficiently.
Lift Safety EZ Up 10’ Lift. Training Objectives  Identify lift hazards  Understand OSHA equipment requirements  Know how to inspect equipment  Take.

Lift Safety EZ Up 10’ Lift. Training Objectives  Identify lift hazards  Understand OSHA equipment requirements  Know how to inspect equipment  Take.
Rexroth IndraDrive Integrated Safety Technology

Rexroth IndraDrive Integrated Safety Technology
CE 515 Railroad Engineering Line-haul Operations Source: Armstrong Ch 13 “Transportation exists to conquer space and time -”

CE 515 Railroad Engineering Line-haul Operations Source: Armstrong Ch 13 “Transportation exists to conquer space and time -”
Materials developed by K. Watkins, J. LaMondia and C. Brakewood Rail Capacity Unit 3: Measuring & Maximizing Capacity.

Materials developed by K. Watkins, J. LaMondia and C. Brakewood Rail Capacity Unit 3: Measuring & Maximizing Capacity.
Federal Motor Vehicle Safety Standards. Applicability Each standard of this part applies to all motor vehicles or items of motor vehicle equipment manufactured.

Federal Motor Vehicle Safety Standards. Applicability Each standard of this part applies to all motor vehicles or items of motor vehicle equipment manufactured.
October 2008 International Rail Safety Conference 2008 Denver, Colorado, USA.

October 2008 International Rail Safety Conference 2008 Denver, Colorado, USA.
Objective: To provide practical guide lines accepted in the Industry, Engineering information and thumb rules for engineers, designers and operating people.

Objective: To provide practical guide lines accepted in the Industry, Engineering information and thumb rules for engineers, designers and operating people.
Location of Signals. Considerations for Location of Signals Braking Distance Overlaps Isolation Simultaneous Reception.

Location of Signals. Considerations for Location of Signals Braking Distance Overlaps Isolation Simultaneous Reception.
Signal Control Circuit

Signal Control Circuit
Introduction to ControlLogix Function Block

Introduction to ControlLogix Function Block
CE 515 Railroad Engineering

CE 515 Railroad Engineering
CPN'09, Aarhus, Denmark, October 19-21, 2009 Verification of Railway Interlocking Tables using Coloured Petri Nets * Somsak Vanit-Anunchai

CPN'09, Aarhus, Denmark, October 19-21, 2009 Verification of Railway Interlocking Tables using Coloured Petri Nets * Somsak Vanit-Anunchai
Delivers top speed of 90 mph in North Wales for first time Partnership funding £500k Welsh Assembly, circa £1m Railtrack Major investment in track, signalling,

Delivers top speed of 90 mph in North Wales for first time Partnership funding £500k Welsh Assembly, circa £1m Railtrack Major investment in track, signalling,

Similar presentations

Ads by Google