Transcript Modeling Bus Communication Protocols Using Timed Colored

Verification of Railway Interlocking
Tables using Coloured Petri Nets*
Somsak Vanit-Anunchai
[email protected]
School of Telecommunication Engineering
Suranaree University of Technology
Nakhon Ratchasima 30000 Thailand
*Supported by National Research Council of Thailand
CPN'09, Aarhus, Denmark, October 19-21, 2009
Introduction to railway signalling
24
41T
24T
1T
1
3T
3
103T
9T
103
23
16
16T
42T
Railway Signalling System divides rail track into sections.
Only one train is allowed in one section at atime.
A section or route comprises wayside equipment
1) Track Circuits used to indicate the presence of trains
2) Signals to allow the train enter into the route.
3) points (switches ) to diverge the train to another track.
Each wayside equipment has an Identification number.
CPN'09, Aarhus, Denmark, October 19-21, 2009
15
A typical (small) station
24
41T
24T
1T
1
3T
3
103T
9T
103
23
16
16T
42T
3(2) locked
Route Route
Released
 Normal
15
Require TC
Interlocking Tables or Control Tables are the tabular representation
specifying how the train move together with the states and actions of
related equipment.
CPN'09, Aarhus, Denmark, October 19-21, 2009
Approach Lock
= Cannot cancel
Signalman can cancel
1T
1
3T
3
103T
9T
103
24
41T
24T
23
16
16T
42T
CPN'09, Aarhus, Denmark, October 19-21, 2009
15
Motivation (Problems)
• Problems with manual inspection of railway
Interlocking table  labour intensive, erorr prone
• State Railway of Thailand’s projects involves
300-350 stations
• Existing track layout changed (added)
 existing signalling changed.
• Other software tools usually are designed for a
specific railway company but SRT’s Operating
rule is unique and sometimes changed.
• Need simple formal methods for signal engineers
CPN'09, Aarhus, Denmark, October 19-21, 2009
Selected related work (quick look)
Logistic
CPN'09, Aarhus, Denmark, October 19-21, 2009
Selected related work
CPN'09, Aarhus, Denmark, October 19-21, 2009
Selected related work
CPN'09, Aarhus, Denmark, October 19-21, 2009
Our CPN model of the Control Table of
the small station comprises two parts
1. Signalling Layout
2. Interlocking
The CPN model comprises
72 Places ,
12 Fusion places ,
21 Substitution Transitions,
33 Transitions and 12 ML functions.
CPN'09, Aarhus, Denmark, October 19-21, 2009
CPN model of the Control Table
1. Signalling Layout
- The CPN model mimics the signalling plan
- Provides geographic information how each
wayside equipment connect to each other
- Provides ability to simulate the trains moving
- Comprises lower CPN subpages which
represent the trains’ movement when passing
signals, passing point and moving between 2
consecutive track circuits
 modelling wayside equipments
CPN'09, Aarhus, Denmark, October 19-21, 2009
CPN model:
The southern part of the station
CPN'09, Aarhus, Denmark, October 19-21, 2009
Modelling Approach
• The CPN model in the signalling layout part
depends on the track layout.
 It is inevitable.
But the CPN diagram can be quickly, manually
built when we have CPN patterns (library).
 The work on CPN patterns for this project is in
progress .
CPN'09, Aarhus, Denmark, October 19-21, 2009
CPN model of the Control Table
2. Interlocking part comprises 3 CPN subpages
2.1 UserCommand
 sets and locks the points along the route
2.2 Routesetting
 sets the required route
2.3 RouteReleased
 using the passage of the train restores the
route to Normal state and unlocks the points
CPN'09, Aarhus, Denmark, October 19-21, 2009
Modelling Approach
• The CPN model in the Interlocking part depends
on the contents in the control table.
• Because of 300 stations (to go), we attempt to
make the generic net structure.
• The contents of the control table are coded in ML
functions used in arc inscriptions.
 Thus 300 stations can use the same net
structure of the Interlocking part.
CPN'09, Aarhus, Denmark, October 19-21, 2009
CPN Model: Route Setting
require_point_normal(route)
++ require_point_reverse(route)
CPN'09, Aarhus, Denmark, October 19-21, 2009
Excel  XML
XSLT script
It took me 2- man-months to complete
the first model (including analysis).
 ML functions are
automatically created from
But the double track station
XML control table using
It took me only 8-manXSLT.
hours to build the
model (not including analysis).
CPN'09, Aarhus, Denmark, October 19-21, 2009
CPN Model: Route Setting
This part is a great help
regardless of assumptions.
require_point_normal(route)
++ require_point_reverse(route)
CPN'09, Aarhus, Denmark, October 19-21, 2009
Assumptions and their affects on the
correctness of the model
• To start building the model we have 10 assumptions.
Q: The important question is how these assumptions
affect the model.
A: I consider that there are some differences between
the real system and the model. However the model
in this paper can detect a large part of errors which
we always encounter.
A larger part = something is missing or added (extra)
in the Control Table.
CPN'09, Aarhus, Denmark, October 19-21, 2009
Analysis
• The desired property is no collision.
No two train in two consecutive track circuits.
Using ML query functions.
• To convince the model correctness
 After route(s) setting and train(s) movement ,
The terminal markings shall be as we expect.
 To debug the model using an incremental
approach . Starting from one route setting - one
train
CPN'09, Aarhus, Denmark, October 19-21, 2009
Terminal markings
Using query ML and state space search
No train collision is detected
in case A,B and C
CPN'09, Aarhus, Denmark, October 19-21, 2009
Conclusion
• A control table for the small and typical single line
railway station is modelled and analysed.
• This CPN model can be adapted and re-used for
SRT’s double track projects (300-350 stations) .
• We propose to convert Control tables to ML
functions using XSLT.
• Thus the CPN models of other interlocking can be
rapidly built.
• These models will help to detect errors in control
tables in the early phase of system development.
CPN'09, Aarhus, Denmark, October 19-21, 2009
Future work
• Relaxes modelling assumptions
• Revises the CPN subpages and arranges a
library of CPN patterns
• Create CPN models directly from Track
layout drawing.
CPN'09, Aarhus, Denmark, October 19-21, 2009
Thank You!
Questions and comments?
CPN'09, Aarhus, Denmark, October 19-21, 2009
CPN'09, Aarhus, Denmark, October 19-21, 2009
Initial markings
- noTrain at other places
- setting commands for all 8 routes
- Both blocks in Coming states
- A Block request command for going
toward Bangkok
CPN'09, Aarhus, Denmark, October 19-21, 2009
Analysis results
State space sizes
More trains  less number of possible train movements
Less trains  more number of possible train movements
Not true in general (e.g. double track and large stations)
CPN'09, Aarhus, Denmark, October 19-21, 2009