By Topic

Model Checking Data-Dependent Real-Time Properties of the European Train Control System

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Johannes Faber ; University of Oldenburg, Germany ; Roland Meyer

The behavior of embedded hardware and software systems is determined by at least three dimensions: control flow, data aspects, and real-time requirements. To specify the different dimensions of a system with the best-suited techniques, the formal language CSP-OZ-DC (Hoenicke and Maier, 2005) integrates communicating sequential processes (CSP) (Hoare, 1985), Object-Z (OZ) (Smith, 2000), and duration calculus (DC) (Zhou and Hansen, 2004) into a declarative formalism equipped with a unified and compositional semantics. In this paper, we provide evidence that CSP-OZ-DC is a convenient language for modeling systems of industrial relevance. To this end, we examine the emergency message handling in the European train control system (ETCS) as a case study with uninterpreted constants and infinite data domains. We automatically verify that our model ensures real-time safety properties, which crucially depend on the system's data handling. Related work on ETCS case studies focuses on stochastic examinations of the communication reliability (Hermanns et al., 2005; Zimmermann and Hommel, 2005). The components' data aspects are neglected, though

Published in:

2006 Formal Methods in Computer Aided Design

Date of Conference:

Nov. 2006