CN107808020A - Based on the computer interlocking software exploitation of formalized model exploitation with realizing system - Google Patents
Based on the computer interlocking software exploitation of formalized model exploitation with realizing system Download PDFInfo
- Publication number
- CN107808020A CN107808020A CN201610813892.6A CN201610813892A CN107808020A CN 107808020 A CN107808020 A CN 107808020A CN 201610813892 A CN201610813892 A CN 201610813892A CN 107808020 A CN107808020 A CN 107808020A
- Authority
- CN
- China
- Prior art keywords
- interlocking software
- interlocking
- software
- model
- exploitation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F30/00—Computer-aided design [CAD]
- G06F30/20—Design optimisation, verification or simulation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Evolutionary Computation (AREA)
- Geometry (AREA)
- Quality & Reliability (AREA)
- Stored Programmes (AREA)
Abstract
The present invention relates to a kind of computer interlocking software exploitation based on formalized model exploitation and system is realized, including:Interlocking software logic module, for realizing the interlock logic processing function of system, the Modeling and Design of interlock logic function is carried out using SCADE instruments;Interlocking software application interface module, there is provided logical operation and external interface information transfer channel, to realize the parsing and packing of external interface various types of communication message data, while complete the information exchange with interlocking software logic module;Test module, for the carry out emulation testing designed model logic and safety verification.Compared with prior art, the advantages that model of the invention can verify that and can automatically generate the C language code suitable for embedded OS, and the code of generation meets a series of security features.
Description
Technical field
The present invention relates to a kind of exploitation of computer interlocking software with realizing system, more particularly, to one kind based on formalization mould
The computer interlocking software exploitation of type exploitation is with realizing system.
Background technology
High-speed railway, the fast development of urban track traffic, offered convenience for the trip of people, this benefits from railway letter
The safety assurance of number system.Core control system of the interlock system as signal system, it is that computer based is embedded in real time
System, the interlocked control of station equipment is realized, ensure traffic safety.Computer interlock system software is a kind of typical safe phase
Software is closed, there is extremely complex interlocked control logical sum to fail for the demand for security of core, the realization of its demand for security is
Very difficult task.During the designing and developing of interlock system, the safety and reliability for ensureing system is crucial, it is necessary to
There is a kind of method to the performance and function of system effectively analyze and verify that it is safe and reliable to carry out proof system.Shape
Formulaization modeling not only facilitates the quality for improving computer interlocking software, and is advantageous in the future carry out the prototype software of design
Strict test.
In addition, the technical requirements that the development process of SIL4 softwares and software development use are extremely harsh, seldom method can expire
Sufficient SIL4 software standards requirement, final realization are also required to the cost of costliness as cost.Traditional software based on coding is opened
Forwarding method, development amount is big, and difficulty is high, extends software development time.Meanwhile the software for encoding realization is difficult to realize software
In the emulation testing of common application layer, the checking of Software for Design result is influenceed.
In order to ensure the correct realization of system requirements, propose that formalization method carries out Modeling with Security to interlocking software, have
The program function description of the Formal Languages writing of Precise Semantics, it is ensured that system realizes the requirement uniformity with demand.Computer
The Formal development of interlocking software, it is based primarily upon the developing instrument of modelling --- SCADE (safety-critical
Application development environment) it is a high-security applications development environment, cover embedded open
The whole flow process of hair, be one by software model design centered on rather than traditional software development work centered on program code
Tool.SCADE is generally suitable for the embedded applied software development of every field, particularly in securities such as Aeronautics and Astronautics, national defence
It is required that high field.Equally, in track transportation industry, SCADE has been successfully applied to setting for the systems such as ATP/ATO, ZC, TSRS
Meter exploitation.
Interlock system is the safety-related important system in railway signal system, according to wanting for EN50126/128/129
Ask, the security of interlock system need to reach SIL4 safe class, and the security of computer interlock system is except hard by itself
Outside the security protection of part equipment, its software developed must according to the requirement of soft project, using rational technical method and
Instrument, it is subject to complete test process, to ensure the safety grades requirement of interlocking software.
SCADE provides embedded software developing tool and method, is development platform and verification platform based on model, covers
The whole life cycle activity from system to software is covered, embedded source code can be automatically generated from accurate requirement profile, it is real
The automation of existing development process.
The content of the invention
It is an object of the present invention to overcome the above-mentioned drawbacks of the prior art and provide one kind based on formalization mould
The computer interlocking software exploitation of type exploitation is with realizing system.
The purpose of the present invention can be achieved through the following technical solutions:
A kind of computer interlocking software based on formalized model exploitation is developed and realizes system, including:
Interlocking software logic module, for realizing the interlock logic processing function of system, interlocked using SCADE instruments
The Modeling and Design of logic function;
Interlocking software application interface module, there is provided logical operation and external interface information transfer channel, to realize outside
The parsing and packing of interface various types of communication message data, while complete the information exchange with interlocking software logic module;
Test module, for the carry out emulation testing designed model logic and safety verification.
The Modeling and Design of described interlocking software logic module includes:To interlocking yard in semaphore, track switch, section,
Access way control, route release, points protection control are abstracted, and establish the model for meeting signalling arrangement functional characteristic.Form one
Kind unambiguously, formalized description.
After being modeled successfully to common apparatus, according to setting application data instantiation software model, generation meets application requirement
C language code.Effectively reduce and avoid the error in artificial programming process.
Information from external interface is sent to interlocking software logic module by described interlocking software application interface module
Interlocking computing is carried out, meanwhile, the group bag that the interlocking operation result information of interlocking software logic module is carried out to data is handled, and is being entered
Row data message safety check field, the safety code processing in source, destination address, it is finally completed unified reception, the sending tube of message
Reason.
Described interlocking software application interface module is completed to carry out periodically the data of interlocking software logic module generation
Management, and interlocking software logic module data are stored, using the output data in this cycle as interlocking software logic module
Next cycle input data processing, in real time by latest data feed back to interlocking software logic module carry out logical operation.
In the modeling process of interlocking software, described test module is tested by static analysis, dynamic and finds to set in time
Syntax error and model in meter the defects of are realized in function, complete the emulation testing to model logic design and safety is tested
Card.Model establish after, tested by MTC, the Formal Verification of implementation model, effectively to model carry out coverage rate test and
Analysis, ensure security of the safety means in implementation process is designed.
Compared with prior art, the present invention has advantages below:
1) SCADE modeling methods are used, the C language code suitable for embedded OS can be automatically generated, are generated
Code meet a series of security features, the interface for having good readability and standard, and SCADE modeling languages accord with itself
Close requirements of the EN50128 to software development.
2) SCADE SUITE are mainly used in the design of control logic, be based on Formal Languages and rigorous data theory,
High security software is designed for developers, and abundant support is provided.Under SCADE SUITE environment, the emulation of support model level
Test, check correctness and uniformity of the software requirement in implementation process.
3) for SCADE instruments self by third-party assessment certification, KCG code generators meet third party to safety phase
Close software security and assess requirement.
4) the software function model of Formal development, help can be provided for later stage software verification.Both can find in advance
Mistake, while the cost for needing to pay when changing found mistake is also minimum.SCADE Suite are maximizing guarantee
On the basis of source code quality, compiler checking bag (CVK is also provided:Compiler Verification Kit), for verifying
Can third party's compiler selected by user correctly compile the code of SCADE Suite generations, and checking work is expanded to
Object code level.
5) during interlocking software model development, using the method for finite state machine and DFD, by interlock system
The function logic of function is abstracted, and is defined and is met signalling arrangement function and specific structure variable, according to systemic-function,
The dynamic transfer of strict implement data and change.
6) development model based on SCADE is the system model for belonging to common application layer, is not limited by specific yard application
System, the recycling of model is high, has very strong transplantability.
7) the formalized model development approach based on SCADE instead of traditional development scheme based on code, reduce
Developer's workload.Model development is graphical operation interface, and all functional modes are the logic connective figures of abstract
Shape, the readability of model is strong, and state variable type can be defined flexibly as needed in modeling process, input, output variable, normal
Application symbol between amount is notable, convenient to check, effectively avoids the variable mistake application in design process.
8) static, dynamic, complete MC/DC test functions are provided, the correctness of effective testing model, reduce software unit
Test job.
Brief description of the drawings
Fig. 1 is track switch performance data flow graph;
Fig. 2 is model static analysis-mistake of causation prompt message figure;
Fig. 3 is the MC/DC coverage rate test exemplary plots of Boolean expression.
Embodiment
The present invention is described in detail with specific embodiment below in conjunction with the accompanying drawings.The present embodiment is with technical solution of the present invention
Premised on implemented, give detailed embodiment and specific operating process, but protection scope of the present invention is not limited to
Following embodiments.
In the interlock system whole life construction cycle, demand and distribution are decomposed using TOP-DOWN design method step by step.
The hsrdware requirements of decomposition are realized by independent secure hardware platform.It is right according to EN50128 exploitation requirement for software requirement
Interlocking software carries out complete architecture design.Logically portion-form, the design method of data division precision, is used
SCADE instruments realize the modeling of interlocking software logic function, whole Formal Modeling process covers software to interlocking software modeling
The whole flow process of exploitation, it disclosure satisfy that needs of the interlocking to security-relevant software.
SCADE editing machines provide two sets of mechanism to be patterned modeling:DFD and finite state machine.Data flow
Mechanism is adapted to the modeling of continuity system, and finite state machine is then suitable for the modeling of discrete sexual system.It is pair using SCADE modelings
Refinement, decomposition and the supplement of software requirement.Before modeling, each control object in interlocking software need to be controlled according to 6502 relays
Method carries out discrete state and is abstracted, and realizes target according to final, completes the continuous control of all control objects.
(1) function modeling
The final purpose of interlock system is using route as control object, using all signalling arrangements relevant with route as entering
The control element on road.Can be idle, requisition, locking 3 by route state abstraction according to 6502 pairs of access way control process descriptions
State, and the state diagram established between them.The abstraction process of interlock access control is as shown in table 1.
Table 1
(2) finite state machine models
Finite state machine is used for the state logic switching control for describing control object, describes the dynamic behaviour of equipment.In profit
When being modeled with finite state machine, first have to carry out logical abstraction, the actual logic relation transition transfer figure provided is clear
Show clearly, and sequences detector is carried out to system architecture.Then according to equipment in current state all input information, defeated
Go out and interrelated logic relation carries out sequences detector.During such as access way control, it is modeled according to the state described by table 1, such as Fig. 1 institutes
Show.Wherein, when route is in locking states, it is necessary to be accounted for for the state of semaphore.When all elements are expired in route
During the condition that sufficient signal at clear and open holding check, route signal at clear.When train is pressed into route, signal is manually closed or it
When his arbitrary signal keeps the condition of open inspection to be unsatisfactory for, signal switchs to closed mode immediately.When signal at clear and open guarantor
When holding the condition of inspection and meeting again, signal can be transferred to signal at clear state again.Meanwhile take into account in route locking state
The releasing process on road, by interlock condition inspection in releasing process, strictly carrying out data flow control, enabling route function just
Really it is existing.
(3) dataflow design
DFD describes system using the thought towards processing procedure, is described as first to the model of system from input
To the information flow and data transformation procedure of output, then the operator of Graphics Application builds model.This mode is suitable for connecting
The modeling of continuous control system, using user-defined input/output variable as interface, node is basic functional unit, herein
Node is similar to the function in C language, and its interface includes input, output, local variable etc..Being realized in intra-node needs to establish
Model object function, inside realize can use figure or text two ways.Pass through operator (such as logic between contact
Operator, comparison operator, selection operator etc.) the complicated hierarchical structure of composition, the node bigger by encapsulating nested composition,
So as to realize software model is built in patterned method.
In interlocking software modeling process, according to systemic-function, distinct device model is divided into.Such as can be by each of route
Element stands alone as independent part and is modeled.In order that model is simple, readability, according to the functional structure of distinct device, can divide
Go out different functional modules.Each function is designed separately as node.According to route element in interlock logic
Not same-action and the influence to interlock, carry out the mutual calling between model.
(4) Data Structure Design
During modelling, as needed, can with defconstant, input, output variable, types of variables have structure,
The numerous types of data such as numeric type, enumeration type, Boolean type.There is various states category for semaphore, track switch, section, route etc.
Property variable, could be arranged to structure, each structure member variable, implication that can be according to variable and effect, definition is different
Type, the structure variable-definition of track switch as follows.For the positional representation of track switch, numeric type constant can be defined as;
For route order, including cancel, take over for use, locking, unblock, without control command, clearing signal etc., can be set as enumeration type,
For outside input order, the switch closed up of such as host computer, track switch are singly grasped, and BOOL types are can be set as, according to the true of input
Vacation judges to perform corresponding logical operation right.
(5) static analysis of model and dynamic are tested
According to structural method to interlock abstract modeling, each functional module can be refined as different function sections
Point, carry out static analysis to each functional node, the syntax error of Inspection and analysis SCADE language, the integrality of model, data flow
Initialization etc..
The main contents of static analysis include following several respects:
1. all variables used in node must assign initial value;
2. all output must have unique assignment in node;
3. the argument number of node must be consistent with parameter with type;
4. the type for carrying out the input/output variable of logical operation (including with or, non-etc.) is necessary for bool type variables;
5. the mistake of causation between being capable of detecting when variable,
After modelling is completed, carry out check and check to be the result that may occur in which static analysis, staticaanalysis results are as follows
Shown in Fig. 2:
The dynamic test of model can perform according to the model node of design, the function that can also be described according to design documentation
Perform.For simple function test in interlocking demand such as track switch monolock, block, section block, test, root can be performed with single step
According to model function, scene set file, by each modulus of periodicity type input value assignment, observing the variable in test process
State change.It for complex models such as access way control, route releases, can be performed by multistep, check final output result
Whether expected requirement is met.Model dynamic simulation resolution chart, shown in line it is dynamic testing process between all operators
It is middle to pass through computing or amended value.
(6) the MC/DC tests of model
Coverage rate displaying is to show all operators chosen, be grouped with the form in storehouse, to each operator, is covered
Rate test case is logically grouped.Its all coverage rate use-case of covering one operator=cover, including its own computing
Coverage rate use-case (such as expression formula, state machine), the integrated coverage rate use-case of each of which instantiation operation symbol.Operator is covered
Lid use-case records the covering use-case of its all example, depending on selected coverage rate criterion;And the integrated covering of operator is used
Example is recorded as calling the part use-case of the operator of each of which example to depend on selected integrated coverage rate criterion.As shown in Figure 3
BOOL expression formulas, its MC/DC tests, should at least perform the test case described by table 2, wherein table 2 (a) be branch (A,
S test case), table 2 (b) are the test case of branch (b, S), and table 2 (c) is the test case of branch (C, S).
Table 2 (a)
| Case | A | B | C | S |
| 1 | True | False | True | True |
| 2 | False | False | True | False |
Table 2 (b)
| Case | A | B | C | S |
| 3 | False | True | True | True |
Table 2 (c)
| Case | A | B | C | S |
| 4 | False | True | False | False |
A kind of new software development approach using model design and verification as core is established using SCADE softwares, is realized
The automation of process and process are omitted.It can not only support the exploitation of fail-safe software, meet flow as defined in EN50128, and
Development efficiency and quality can be improved very well.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, various equivalent modifications can be readily occurred in or replaced
Change, these modifications or substitutions should be all included within the scope of the present invention.Therefore, protection scope of the present invention should be with right
It is required that protection domain be defined.
Claims (6)
1. a kind of computer interlocking software based on formalized model exploitation is developed and realizes system, it is characterised in that including:
Interlocking software logic module, for realizing the interlock logic processing function of system, interlock logic is carried out using SCADE instruments
The Modeling and Design of function;
Interlocking software application interface module, there is provided logical operation and external interface information transfer channel, to realize external interface
The parsing and packing of various types of communication message data, while complete the information exchange with interlocking software logic module;
Test module, for the carry out emulation testing designed model logic and safety verification.
2. a kind of computer interlocking software exploitation based on formalized model exploitation according to claim 1 is with realizing
System, it is characterised in that the Modeling and Design of described interlocking software logic module includes:To interlocking yard in semaphore, track switch,
Section, access way control, route release, points protection control are abstracted, and establish the model for meeting signalling arrangement functional characteristic.
3. a kind of computer interlocking software exploitation based on formalized model exploitation according to claim 2 is with realizing
System, it is characterised in that after being modeled successfully to common apparatus, according to setting application data instantiation software model, generation meets should
With desired C language code.
4. a kind of computer interlocking software exploitation based on formalized model exploitation according to claim 1 is with realizing
System, it is characterised in that the information from external interface is sent to interlocking software and patrolled by described interlocking software application interface module
Collect module and carry out interlocking computing, meanwhile, the interlocking operation result information of interlocking software logic module is carried out at the group bag of data
Reason, carrying out the safety code processing of data message safety check field, source, destination address, be finally completed message it is unified receive,
Send management.
5. a kind of computer interlocking software exploitation based on formalized model exploitation according to claim 1 is with realizing
System, it is characterised in that described interlocking software application interface module is completed to carry out the data of interlocking software logic module generation
Periodical management, and interlocking software logic module data are stored, the output data in this cycle is patrolled as interlocking software
The input data processing in next cycle of module is collected, latest data is fed back into interlocking software logic module in real time carries out logic fortune
Calculate.
6. a kind of computer interlocking software exploitation based on formalized model exploitation according to claim 1 is with realizing
System, it is characterised in that in the modeling process of interlocking software, described test module is tested timely by static analysis, dynamic
It was found that design in syntax error and model function realize the defects of, complete to model logic design emulation testing and peace
Full checking.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610813892.6A CN107808020A (en) | 2016-09-09 | 2016-09-09 | Based on the computer interlocking software exploitation of formalized model exploitation with realizing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610813892.6A CN107808020A (en) | 2016-09-09 | 2016-09-09 | Based on the computer interlocking software exploitation of formalized model exploitation with realizing system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107808020A true CN107808020A (en) | 2018-03-16 |
Family
ID=61569683
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610813892.6A Pending CN107808020A (en) | 2016-09-09 | 2016-09-09 | Based on the computer interlocking software exploitation of formalized model exploitation with realizing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107808020A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109800155A (en) * | 2018-12-20 | 2019-05-24 | 交控科技股份有限公司 | A kind of QTE interlock application method for testing software and device based on Probe |
| CN111538568A (en) * | 2020-04-28 | 2020-08-14 | 合肥工大高科信息科技股份有限公司 | Data processing method based on railway computer interlocking system and interlocking system |
| CN112596721A (en) * | 2020-12-14 | 2021-04-02 | 中国航发控制系统研究所 | Management method for safety subset of safety key software modeling language |
| CN115366944A (en) * | 2022-09-20 | 2022-11-22 | 中南大学 | Rail transit vehicle and access control method and system thereof |
| CN117473871A (en) * | 2023-11-08 | 2024-01-30 | 上海安托信息技术有限公司 | Formalized system modeling method based on CATIA (computer aided three-dimensional architecture) Magic |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102520949A (en) * | 2011-12-13 | 2012-06-27 | 南京恩瑞特实业有限公司 | Formalized computer interlocking realization method |
| CN103425774A (en) * | 2013-08-13 | 2013-12-04 | 北京航空航天大学 | Tacit knowledge acquisition method based on HWME (Hall for Workshop of Metasynthetic Engineering) |
| CN104217059A (en) * | 2013-05-31 | 2014-12-17 | 三星电机株式会社 | System and method for automatically generating virtual factory model |
-
2016
- 2016-09-09 CN CN201610813892.6A patent/CN107808020A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102520949A (en) * | 2011-12-13 | 2012-06-27 | 南京恩瑞特实业有限公司 | Formalized computer interlocking realization method |
| CN104217059A (en) * | 2013-05-31 | 2014-12-17 | 三星电机株式会社 | System and method for automatically generating virtual factory model |
| CN103425774A (en) * | 2013-08-13 | 2013-12-04 | 北京航空航天大学 | Tacit knowledge acquisition method based on HWME (Hall for Workshop of Metasynthetic Engineering) |
Non-Patent Citations (2)
| Title |
|---|
| 王燕芩 等: "车站列控中心与CTC通信接口的分析", 《铁道运营技术》 * |
| 陈淑珍: "基于SCADE的CBTC联锁建模与验证", 《中国优秀硕士学位论文全文数据库 工程科技Ⅱ辑》 * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109800155A (en) * | 2018-12-20 | 2019-05-24 | 交控科技股份有限公司 | A kind of QTE interlock application method for testing software and device based on Probe |
| CN109800155B (en) * | 2018-12-20 | 2022-02-15 | 交控科技股份有限公司 | Method and device for testing QTE interlocking application software based on Probe |
| CN111538568A (en) * | 2020-04-28 | 2020-08-14 | 合肥工大高科信息科技股份有限公司 | Data processing method based on railway computer interlocking system and interlocking system |
| CN111538568B (en) * | 2020-04-28 | 2023-05-30 | 合肥工大高科信息科技股份有限公司 | Data processing method based on railway computer interlocking system and interlocking system |
| CN112596721A (en) * | 2020-12-14 | 2021-04-02 | 中国航发控制系统研究所 | Management method for safety subset of safety key software modeling language |
| CN112596721B (en) * | 2020-12-14 | 2023-10-03 | 中国航发控制系统研究所 | Management method for safety key software modeling language safety subset |
| CN115366944A (en) * | 2022-09-20 | 2022-11-22 | 中南大学 | Rail transit vehicle and access control method and system thereof |
| CN115366944B (en) * | 2022-09-20 | 2024-04-16 | 中南大学 | Rail transit vehicle and route control method and system thereof |
| CN117473871A (en) * | 2023-11-08 | 2024-01-30 | 上海安托信息技术有限公司 | Formalized system modeling method based on CATIA (computer aided three-dimensional architecture) Magic |
| CN117473871B (en) * | 2023-11-08 | 2024-05-03 | 上海安托信息技术有限公司 | Formalized system modeling method based on CATIA MAGIC |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107808020A (en) | Based on the computer interlocking software exploitation of formalized model exploitation with realizing system | |
| US20170236234A1 (en) | Risk management method and system for a land transporation system | |
| zu Hörste et al. | Modelling and simulation of train control systems using Petri nets | |
| CN110134599A (en) | A kind of system architecture misdeed verification method and device | |
| Cuer et al. | A formal framework for the safe design of the autonomous driving supervision | |
| Ibrahim et al. | State of the Art in Software Tool Qualification with DO-330: A Survey. | |
| Shkarupylo et al. | On applicability of model checking technique in power systems and electric power industry | |
| Borälv | Case study: Formal verification of a computerized railway interlocking | |
| Bernaerts et al. | Validating industrial requirements with a contract-based approach | |
| Pataricza et al. | UML-based design and formal analysis of a safety-critical railway control software module | |
| zu Hörste et al. | Modelling functionality of train control systems using petri nets | |
| Lukács et al. | Formal modeling and verification of the functionality of electronic urban railway control systems through a case study | |
| Mian et al. | Model transformation for analyzing dependability of AADL model by using HiP-HOPS | |
| Gleirscher et al. | Complete test of synthesised safety supervisors for robots and autonomous systems | |
| Metayer et al. | Modelling do-178c assurance needs: A design assurance level-sensitive dsl | |
| Reiter et al. | Fault injection ecosystem for assisted safety validation of automotive systems | |
| Ponsard et al. | Early verification and validation of mission critical systems | |
| Chen et al. | Ontology based behavior verification for complex systems | |
| Keming et al. | Formal modeling and data validation of general railway interlocking system | |
| Fantechi | The role of formal methods in software development for railway applications | |
| Kacimi et al. | Creating a reference technology platform: Performing model-based safety analysis in a heterogeneous development environment | |
| Bahig et al. | Formal verification framework for automotive UML designs | |
| Lukács et al. | Construction of formal models and verifying property specifications through an example of railway interlocking systems | |
| Priggouris et al. | The system design life cycle | |
| Hartonas-Garmhausen | Probabilistic Symbolic Model Checking with Engineering Models and Applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1248863 Country of ref document: HK |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180316 |