Driver performance modelling and its practical application to railway safety

This paper reports on the development and main features of a model of driver information processing. The work was conducted on behalf of Network Rail to meet a requirement to understand and manage the driver's interaction with the infrastructure through lineside reminder appliances. The model utilises cognitive theory and modelling techniques to describe driver performance in relation to infrastructure features and operational conditions. The model is capable of predicting the performance time, workload and error consequences of different operational conditions. The utility of the model is demonstrated through reports of its application to the following studies:

Research on the effect of line speed on driver interaction with signals and signs.

Calculation of minimum reading times for signals.

Development of a human factors signals passed at danger (SPAD) hazard checklist, and a method to resolve conflicts between signal sighting solutions.

Research on the demands imposed on drivers by European train control system (ETCS) driving in a UK context.

The paper also reports on a validation of the model's utility as a tool for assessing cab and infrastructure drivability.     

一个日志完整性检测方法

通常入侵者在成功控制系统后会试图更改日志文件以消除入侵痕迹,隐藏入侵行为。为 了防止入侵者隐藏其入侵行为,提出了一个日志完整性检测方法,对日志的完整性进行检测,使得入 侵者不能不被发现地更改系统被其控制以前在日志文件中写入的记录,进而提供保护。并在日志完 整性受到破坏时,给出一个可信任日志记录集合以供其他程序使用。     

A full-scale roller-rig for railway vehicles: multibody modelling and Hardware In the Loop architecture

In this paper an innovative Hardware In the Loop (HIL) architecture to test braking onboard subsystems on full-scale roller-rigs is described. The new approach allows reproducing on the roller-rig a generic wheel–rail adhesion pattern (especially degraded adhesion conditions) without sliding and, consequently, wear between the roller and wheel surfaces. The presented strategy is also adopted by the innovative full-scale roller-rig of the Railway Research and Approval Center of Firenze-Osmannoro (Italy); the new roller-rig has been built by Trenitalia S.p.A. and is owned by SIMPRO S.p.A. At this initial phase of the research activity, to effectively validate the proposed approach, a complete multibody model of the HIL system has been developed. The numerical model is based on the real characteristics of the components provided by Trenitalia and makes use of an innovative wheel–roller contact model. The results coming from the simulation model have been compared to the experimental data provided by Trenitalia and relative to on-track tests performed in Velim, Czech Republic, with a UIC-Z1 coach equipped with a fully-working WSP system. The preliminary validation performed with the HIL model highlights the good performance of the HIL strategy in reproducing on the roller-rig the complex interaction between degraded adhesion conditions and railway vehicle dynamics during the braking manoeuvre.     

Modular abstractions for verifying real-time distributed systems

In this work we present a verification methodology for real-time distributed systems, based on their modular decomposition into processes. Given a distributed system, each of its components is reduced by abstracting away from details that are irrelevant for the required specification. The abstract components are then composed to form an abstract system to which a model checking procedure is applied. The abstraction relation and the specification language guarantee that if the abstract system satisfies a specification, then the original system satisfies it as well.The specification languageRTL is a branching-time version of the real-time temporal logicTPTL presented in Alur and Henzinger [1]. Its model checking is linear in the size of the system and exponential in the size of the formula. Two notions of abstraction for real-time systems are introduced, each preserving a sublanguage ofRTL.     

Compiling and verifying SC-SystemJ programs for safety-critical reactive systems

Most of today's embedded systems are very complex. These systems, controlled by computer programs, continuously interact with their physical environments through network of sensory input and output devices. Consequently, the operations of such embedded systems are highly reactive and concurrent. Since embedded systems are deployed in many safety-critical applications, where failures can lead to catastrophic events, an approach that combines mathematical logic and formal verification is employed in order to ensure correct behavior of the control algorithm. This paper presents What You Prove Is What You Execute (WYPIWYE) compilation strategy for a Globally Asynchronous Locally Synchronous (GALS) programming language called Safey-Critical SystemJ. SC-SystemJ is a safety-critical subset of the SystemJ language. A formal big-step transition semantics of SC-SystemJ is developed for compiling SC-SystemJ programs into propositional Linear Temporal Logic formulas. These LTL formulas are then converted into a network of Mealy automata using a novel and efficient compilation algorithm. The resultant Mealy automata have a straightforward syntactic translation into Promela code. The resultant Promela models can be used for verifying correctness properties via the SPIN model-checker. Finally there is a single translation procedure to compile both: Promela and C/Java code for execution, which satisfies the De-Bruijn index, i.e. this final translation step is simple enough that is can be manually verified.     

Pattern-based abstraction for verifying secrecy in protocols

We present a method based on abstract interpretation for verifying secrecy properties of cryptographic protocols. Our method allows one to verify secrecy properties in a general model allowing an unbounded number of sessions, an unbounded number of principals, and an unbounded size of messages. As abstract domain we use sets of so-called super terms. Super terms are obtained by allowing an interpreted constructor, which we denote by Sup , where the meaning of a term Sup (t) is the set of terms that contain t as subterm. For these terms, we solve a generalized form of the unification problem and introduce a widening operator. We implemented a prototype and were able to verify well-known protocols such as, for instance, Needham–Schroeder–Lowe (0.03 s), Yahalom (12.67 s), Otway–Rees (0.01 s), and Kao–Chow (0.78 s).     

A practical methodology for verifying pipelined microarchitectures

Complete formal verification has thus far never been achieved for a state-of-the-art, high-performance commercial microprocessor. However, this article presents a completion functions methodology, based on theorem proving, that has been applied successfully to a large variety of example pipelined architectures.     

Designing and verifying embedded microprocessors

Motorola's ColdFire products are a line of microprocessors targeting embedded-system applications such as computer peripherals (disk drives, laser printers, scanners).They originated from the same design group that produced the 680X0 general purpose microprocessors, whose target market was desktop computing applications. The ColdFire microprocessors, however, target the highly competitive embedded market, whose time-to-market and cost requirements are much more stringent. The ColdFire design team received a set of challenges quite different from those associated with the 680X0 line. They had to minimize test costs since the target selling price was an order of magnitude less than that of a desktop microprocessor. With no room for design errors, they had to put processes in place that detect errors early in the design flow and provide feedback for continuous improvement. A new methodology reduced new product cycle time to less than a year for the ColdFire products and provided improved techniques for integrating cores in new applications. In addition, it increased quality measurement capability and reduced test cost     

Tool support for verifying UML activity diagrams

We describe a tool that supports verification of workflow models specified in UML activity diagrams. The tool translates an activity diagram into an input format for a model checker according to a mathematical semantics. With the model checker, arbitrary propositional requirements can be checked against the input model. If a requirement fails to hold, an error trace is returned by the model checker, which our tool presents by highlighting a corresponding path in the activity diagram. We summarize our formal semantics, discuss the techniques used to reduce an infinite state space to a finite one, and motivate the need for strong fairness constraints to obtain realistic results. We define requirement-preserving rules for state space reduction. Finally, we illustrate the whole approach with a few example verifications.     

A Maple package for verifying ultradiscrete soliton solutions

We present a computer algebra program for verifying soliton solutions of ultradiscrete equations in which both dependent and independent variables take discrete values. The package is applicable to equations and solutions that include the max function. The program is implemented using Maple software.

Program summary

Program title: UltdeCatalogue identifier: AEDB_v1_0Program summary URL:http://cpc.cs.qub.ac.uk/summaries/AEDB_v1_0.htmlProgram obtainable from: CPC Program Library, Queen's University, Belfast, N. IrelandLicensing provisions: Standard CPC licence, http://cpc.cs.qub.ac.uk/licence/licence.htmlNo. of lines in distributed program, including test data, etc.: 3171No. of bytes in distributed program, including test data, etc.: 13 633Distribution format: tar.gzProgramming language: Maple 10Computer: PC/AT compatible machineOperating system: Windows 2000, Windows XPRAM: Depends on the problem; minimum about 1 GBWord size: 32 bitsClassification: 5Nature of problem: The existence of multi-soliton solutions strongly suggest the integrability of nonlinear evolution equations. However enormous calculation is required to verify multi-soliton solutions of ultradiscrete equations. The use of computer algebra can be helpful in such calculations.Solution method: Simplification by using the properties of max-plus algebra.Restrictions: The program can only handle single ultradiscrete equations.Running time: Depends on the complexity of the equation and solution. For the examples included in the distribution the run times are as follows. (Core 2 Duo 3 GHz, Windows XP)

•

Example 1: 2725 sec.

•

Example 2: 33 sec.

•

Example 3: 1 sec.

     

Using an induction prover for verifying arithmetic circuits

We show that existing theorem proving technology can be used effectively for mechanically verifying a family of arithmetic circuits. A theorem prover implementing: (i) a decision procedure for quantifier-free Presburger arithmetic with uninterpreted function symbols; (ii) conditional rewriting; and (iii) heuristics for carefully selecting induction schemes from terminating recursive function definitions; and (iv) well integrated with backtracking, can automatically verify number-theoretic properties of parameterized and generic adders, multipliers and division circuits. This is illustrated using our theorem prover Rewrite Rule Laboratory (RRL). To our knowledge, this is the first such demonstration of the capabilities of a theorem prover mechanizing induction. The above features of RRL are briefly discussed using illustrations from the verification of adder, multiplier and division circuits. Extensions to the prover likely to make it even more effective for hardware verification are discussed. Furthermore, it is believed that these results are scalable, and the proposed approach is likely to be effective for other arithmetic circuits as well.     

A unified framework for describing and verifying hardware synchronous sequential systems

This paper presents a unified framework for expressing and solving the different functional verification problems of the circuit designers. This approach is based on the synchronous data flow language Lustre that was originally designed for programming real-time systems. Lustre can be used to describe digital circuits at different abstraction levels and their environments, as well as to express the properties about the behavior of these circuits. Then, the verification tool Lesar associated with the language Lustre automatically handles the different verifications.     

A framework for specifying and verifying the behaviour of open systems

Coding no longer represents the main issue in developing software applications. It is the design and verification of complex software systems that require to be addressed at the architectural level, following methodologies which permit us to clearly identify and design the components of a system, to understand precisely their interactions, and to formally verify the properties of the systems. Moreover, this process is made even more complicated by the advent of the “network-centric” model of computation, where open systems dynamically interact with each other in a highly volatile environment. Many of the techniques traditionally used for closed systems are inadequate in this context.We illustrate how the problem of modeling and verifying behavioural properties of open system is addressed by different research fields and how their results may contribute to a common solution. Building on this, we propose a methodology for modeling and verifying behavioural aspects of open systems. We introduce the IP-calculus, derived from the π-calculas process algebra so as to describe behavioural features of open systems. We define a notion of partial correctness, acceptability, in order to deal with the intrinsic indeterminacy of open systems, and we provide an algorithmic procedure for its effective verification.     

扭矩检定系统的研制

综合利用了单片机技术、串行通信技术、条形码技术、数据库技术以及LabWindows/CVI开发工具,为扭矩工具生产企业以及扭矩法定计量单位提供了一种易于使用和实现的扭矩检定系统.对系统原理以及主要组成部分作了介绍.实验结果表明:此系统准确度高、重复性好.     

A theorem prover for verifying iterative programs over integers

An implementation of a rule-based theorem prover for verifying iterative programs over integers is presented. The authors emphasize the overall proof construction strategy of the prover which has been able to construct the correctness proofs of all iterative programs taken from the literature. Two performance measures for the prover are proposed, and its proof construction for an array-sorting program is evaluated using these measures     

Specifying and verifying requirements of real-time systems

An approach to specification of requirements and verification of design for real-time systems is presented. A system is defined by a conventional mathematical model for a dynamic system where application specific states denote functions of real time. Specifications are formulas in duration calculus, a real-time interval logic, where predicates define durations of states. Requirements define safety and functionality constraints on the system or a component. A top-level design is given by a control law: a predicate that defines an automation controlling the transition between phases of operation. Each phase maintains certain relations among the system states; this is analogous to the control functions known from conventional control theory. The top-level design is decomposed into an architecture for a distributed system with specifications for sensor, actuator, and program components. Programs control the distributed computation through synchronous events. Sensors and actuators relate events with system states. Verification is a deduction showing that a design implies requirements     

Modelling and verifying the AODV routing protocol

This paper presents a formal specification of the Ad hoc On-demand Distance Vector (AODV) routing protocol using AWN (Algebra for Wireless Networks), a recent process algebra which has been tailored for the modelling of mobile ad hoc networks and wireless mesh network protocols. Our formalisation models the exact details of the core functionality of AODV, such as route discovery, route maintenance and error handling. We demonstrate how AWN can be used to reason about critical protocol properties by providing detailed proofs of loop freedom and route correctness.     

A survey on temporal logics for specifying and verifying real-time systems

Over the last two decades, there has been an extensive study of logical formalisms on specifying and verifying real-time systems. Temporal logics have been an important research subject within this direction. Although numerous logics have been introduced for formal specification of real-time and complex systems, an up to date survey of these logics does not exist in the literature. In this paper we analyse various temporal formalisms introduced for specification, including propositional/first-order linear temporal logics, branching temporal logics, interval temporal logics, real-time temporal logics and probabilistic temporal logics. We give decidability, axiomatizability, expressiveness, model checking results for each logic analysed. We also provide a comparison of features of the temporal logics discussed.