CN114701547A - Urban rail transit interlocking system detection method, system, equipment and medium - Google Patents
Urban rail transit interlocking system detection method, system, equipment and medium Download PDFInfo
- Publication number
- CN114701547A CN114701547A CN202210238053.1A CN202210238053A CN114701547A CN 114701547 A CN114701547 A CN 114701547A CN 202210238053 A CN202210238053 A CN 202210238053A CN 114701547 A CN114701547 A CN 114701547A
- Authority
- CN
- China
- Prior art keywords
- functional module
- module
- type
- rail transit
- variable
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 41
- 238000000034 method Methods 0.000 claims abstract description 62
- 230000006870 function Effects 0.000 claims abstract description 54
- 230000002123 temporal effect Effects 0.000 claims description 42
- 230000008569 process Effects 0.000 claims description 26
- 238000006243 chemical reaction Methods 0.000 claims description 22
- 238000004590 computer program Methods 0.000 claims description 12
- 238000012360 testing method Methods 0.000 claims description 10
- 230000007704 transition Effects 0.000 claims description 10
- 238000004880 explosion Methods 0.000 abstract description 15
- 238000012795 verification Methods 0.000 description 11
- 238000013461 design Methods 0.000 description 7
- 230000001360 synchronised effect Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000004088 simulation Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 101000879675 Streptomyces lavendulae Subtilisin inhibitor-like protein 4 Proteins 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
Images
Landscapes
- Train Traffic Observation, Control, And Security (AREA)
Abstract
The application discloses a method, a system, equipment and a medium for detecting an urban rail transit interlocking system, which are used for determining each functional module of a target urban rail transit interlocking system and using the functional modules as first-class functional modules; defining the state space variable of each first type functional module by using a Boolean type variable; determining each functional module of an external system interface module connected with the target urban rail transit interlocking system, and taking the functional module as a second type of functional module; determining the corresponding relation among the first type of functional module, the state space variable and the second type of functional module based on the functional correlation; and detecting the target urban rail transit interlocking system based on the corresponding relation. The number of state space variables is reduced; and if the target urban rail transit interlocking system is detected based on the corresponding relation, only the corresponding state space variables of the first type of function module and the second type of function module related to the functions can be adjusted, so that the state space explosion can be avoided, and the detection efficiency is improved.
Description
Technical Field
The application relates to the technical field of urban rail transit, in particular to a method, a system, equipment and a medium for detecting an urban rail transit interlocking system.
Background
The interlocking system is an urban rail transit SIL4 grade safety core control system, and a traditional verification method for system availability and safety adopts a simulation and test scheme. Specifically, before the urban rail transit interlocking system is actually deployed in a field application, a simulation test environment is set up in a laboratory, simulation software is used for simulating the input of a real external environment, and interlocking core logic software adopts actual application software. Design and test and verification personnel and the like search for errors by simulating input and observing corresponding interlocking core logic software output results. The adoption of the scheme for testing not only wastes time and labor, but also covers all possible logic interaction and checks all vulnerability risks through simulation and testing technology, which is a nearly impossible matter.
Since the formalization method is based on strict mathematical reasoning, the defects of the simulation and test scheme can be avoided to a great extent by the formalization method. The Model Checking technology (Model Checking) is one of formal methods, and can automatically verify the correctness of a concurrent system of a finite-state machine; it has great advantages over traditional simulation, test and logic reasoning. The biggest obstacle to model detection techniques is the problem of explosion of the state space of the verification object.
In conclusion, how to reduce the state space explosion in the detection process of the urban rail transit interlocking system is a problem to be solved urgently by those skilled in the art.
Disclosure of Invention
The application aims to provide a detection method of an urban rail transit interlocking system, which can solve the technical problem of reducing state space explosion in the detection process of the urban rail transit interlocking system to a certain extent. The application also provides a detection system of the urban rail transit interlocking system, electronic equipment and a computer readable storage medium.
In order to achieve the above purpose, the present application provides the following technical solutions:
a detection method for an urban rail transit interlocking system comprises the following steps:
determining each functional module of a target urban rail transit interlocking system, and taking the functional module as a first-class functional module;
defining the state space variable of each first-class functional module by using a Boolean-type variable;
determining each functional module of an external system interface module connected with the target urban rail transit interlocking system, and using the functional module as a second type of functional module;
determining a corresponding relation among the first type of function module, the state space variable and the second type of function module based on the function correlation;
and detecting the target urban rail transit interlocking system based on the corresponding relation.
Preferably, the defining the state space variable of each first type functional module by a boolean variable includes:
and defining the external module interface variable, the internal module interface variable and the module internal logic variable of each first-class functional module by the Boolean-type variable.
Preferably, the determining the corresponding relationship among the first class of function modules, the state space variables, and the second class of function modules based on the function correlation includes:
describing system function requirements of each first-class function module based on security requirements and LTL linear temporal logic to obtain target linear temporal logic;
determining the incidence relation between each target linear temporal logic and the first type of functional module and the second type of functional module;
and determining the corresponding relation based on the incidence relation and the state space variable.
Preferably, the determining the association relationship between each target linear temporal logic and the first type of functional module and the second type of functional module includes:
and determining the incidence relation between each target linear temporal logic and the first type of functional module and the second type of functional module by adopting a truth table form.
Preferably, the detecting the target urban rail transit interlocking system based on the correspondence includes:
determining the variable relation and the variable limit of the second type of functional module;
dividing the first type of functional modules into various state sets according to the life cycle;
determining a transition condition between the state sets;
and detecting the target urban rail transit interlocking system based on the variable relation, the variable limit, the conversion condition and the corresponding relation.
Preferably, the determining a transition condition between the state sets includes:
determining the conversion conditions among the state sets, and formally describing the conversion conditions pointlessly based on a truth table and a first-order logic language.
Preferably, the detecting the target urban rail transit interlocking system based on the variable relationship, the variable limit, the conversion condition and the corresponding relationship includes:
defining whether the first type of functional module and the second type of functional module are effective or not based on the Boolean type variables to obtain a first definition result;
defining the effectiveness of each target linear temporal logic based on the Boolean variables to obtain a second definition result;
describing the variable relation, the variable limit, the conversion condition and the corresponding relation based on a process in the Promla to obtain a Promla file;
determining a correlation between the first defined result and the second defined result based on a test requirement;
determining the operation mode of the target urban rail transit interlocking system based on the correlation and the Promla file;
and executing the operation mode based on a Promla message channel, detecting the Promla files one by one based on a Spin tool, and positioning the abnormity of the target urban rail transit interlocking system according to a counter path.
An urban rail transit interlock system detection system, comprising:
the first determination module is used for determining each functional module of the target urban rail transit interlocking system and is used as a first-class functional module;
the first defining module is used for defining the state space variable of each first-type functional module by a Boolean-type variable;
the second determination module is used for determining each functional module of an external system interface module connected with the target urban rail transit interlocking system and is used as a second type of functional module;
a third determining module, configured to determine, based on the function correlation, a corresponding relationship among the first class of function modules, the state space variable, and the second class of function modules;
and the first detection module is used for detecting the target urban rail transit interlocking system based on the corresponding relation.
An electronic device, comprising:
a memory for storing a computer program;
and the processor is used for realizing the steps of the urban rail transit interlocking system detection method when the computer program is executed.
A computer-readable storage medium, in which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method for detecting an interlock system in urban rail transit as set forth in any of the preceding claims.
According to the detection method for the urban rail transit interlocking system, all functional modules of the target urban rail transit interlocking system are determined and serve as first-class functional modules; defining the state space variable of each first type functional module by using a Boolean type variable; determining each functional module of an external system interface module connected with a target urban rail transit interlocking system, and using the functional modules as second-class functional modules; determining the corresponding relation among the first type of functional module, the state space variable and the second type of functional module based on the functional correlation; and detecting the target urban rail transit interlocking system based on the corresponding relation. In the application, the state space variables of each first-class functional module are defined by Boolean variables, so that the number of the state space variables is reduced; and because the corresponding relation is determined based on the functional correlation, if the target urban rail transit interlocking system is detected based on the corresponding relation, only the corresponding state space variables of the first type of function module and the second type of function module which are related in function can be adjusted, and all the state space variables do not need to be adjusted, so that the explosion of the state space can be avoided, and the detection efficiency of the urban rail transit interlocking system is improved. The urban rail transit interlocking system detection system, the electronic device and the computer-readable storage medium solve the corresponding technical problems.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a first flowchart of a detection method for an urban rail transit interlock system according to an embodiment of the present disclosure;
fig. 2 is a second flowchart of a detection method for an interlock system of an urban rail transit system according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an urban rail transit interlock system detection system according to an embodiment of the present application;
fig. 4 is a schematic diagram of a hardware component structure of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a first flowchart of a detection method for an interlock system of an urban rail transit system according to an embodiment of the present disclosure.
The detection method for the urban rail transit interlocking system provided by the embodiment of the application can comprise the following steps:
step S101: and determining each functional module of the target urban rail transit interlocking system, and taking the functional module as a first-class functional module.
In practical application, in the detection process of the urban rail transit interlocking system, each function module inside the target urban rail transit interlocking system may be determined first and used as a first-class function module, for example, in the case of dividing the function modules by using a structural method, the first-class function module may include train route, guidance route, protection section, segmented route, signal machine control, turnout control, section control, and the like, and the specific module type is not limited herein.
Step S102: the state space variables of the respective first type functional modules are defined in boolean variables.
In practical application, after each functional module of the target urban rail transit interlocking system is determined and serves as a first-class functional module, the state space variable of each first-class functional module can be defined by the Boolean-type variable, so that the number of state spaces can be reduced, and the use of a subsequent model detection technology can be facilitated.
It should be noted that a boolean variable is a variable having two logic states, and includes two values: true and false, if a boolean variable is used in the expression, then the integer value will be assigned either a 1 or a 0 depending on the true or false of the variable value. In addition, in the application, the granularity of the Boolean type variable represents the fineness of the design of the interlocking system, namely the boundary between the software structure design and the detailed design and the boundary between the formal model detection part and the undetectable part, so that the flexibility of the design of the interlocking system and the application of the model detection method is increased by the mode of adjusting the granularity.
Step S103: and determining each functional module of the external system interface module connected with the target urban rail transit interlocking system, and using the functional module as a second type of functional module.
In practical application, in the process of detecting the urban rail transit interlocking system, because the external system interface module can affect the state of the target urban rail transit interlocking system, each functional module of the external system interface module connected with the target urban rail transit interlocking system needs to be determined and used as the second type functional module, so that the second type functional module can be used for detecting the target urban rail transit interlocking system. It should be noted that the types of the second type of functional module may include a ZC system, an interlocking upper computer system, a full electronic execution unit, a train-mounted system, an adjacent station interlocking system, and the like, and the present application is not specifically limited herein.
Step S104: and determining the corresponding relation among the first type of functional modules, the state space variables and the second type of functional modules based on the functional correlation.
Step S105: and detecting the target urban rail transit interlocking system based on the corresponding relation.
In practical application, after the first-class function module, the state space variable and the second-class function module are determined, functional correlation exists among the first-class function module, the state space variable and the second-class function module, and the first-class function module, the state space variable and the second-class function module which are related in function can affect each other.
The method for detecting the urban rail transit interlocking system determines each functional module of a target urban rail transit interlocking system and uses the functional modules as first-class functional modules; defining the state space variable of each first type functional module by using a Boolean type variable; determining each functional module of an external system interface module connected with the target urban rail transit interlocking system, and taking the functional module as a second type of functional module; determining the corresponding relation among the first type of functional module, the state space variable and the second type of functional module based on the functional correlation; and detecting the target urban rail transit interlocking system based on the corresponding relation. In the application, the state space variables of each first-class functional module are defined by Boolean variables, so that the number of the state space variables is reduced; and because the corresponding relation is determined based on the functional correlation, if the target urban rail transit interlocking system is detected based on the corresponding relation, only the corresponding state space variables of the first type of function module and the second type of function module which are related in function can be adjusted, and all the state space variables do not need to be adjusted, so that the explosion of the state space can be avoided, and the detection efficiency of the urban rail transit interlocking system is improved.
Referring to fig. 2, fig. 2 is a second flowchart of a detection method for an interlock system of an urban rail transit system according to an embodiment of the present application.
The detection method for the urban rail transit interlocking system provided by the embodiment of the application can comprise the following steps:
step S201: and determining each functional module of the target urban rail transit interlocking system, and taking the functional module as a first-class functional module.
Step S202: and defining external module interface variables, internal module interface variables and module internal logic variables of each first-class functional module by using Boolean variables.
In practical application, in the process of defining the state space variables of each first-type functional module by using the boolean variables, in order to define each state space variable as completely as possible so as to detect the target urban rail transit interlock system accurately in the following process, the external module interface variables, the internal module interface variables and the internal module logic variables of each first-type functional module can be defined by using the boolean variables. It should be noted that the three types of interfaces are divided into three types, because the three types of interfaces are subjected to difference processing in the model verification stage, so as to reduce the number of state spaces and prevent the explosion of the state spaces.
In a specific application scenario, the state space variables defined by boolean variables may be as follows:
TABLE 1 Turnout control Module variable definition
Table 2 interlocking upper computer command interface variable definitions
TABLE 3 all electronic external interface variable definitions
TABLE 4 ZC interface external variable definition
Step S203: and determining each functional module of the external system interface module connected with the target urban rail transit interlocking system, and using the functional module as a second type of functional module.
Step S204: and describing the system function requirements of each first-class function module based on the security requirements and the LTL linear temporal logic to obtain the target linear temporal logic.
Step S205: and determining the incidence relation between the linear temporal logic of each target and the first type of functional module and the second type of functional module.
In practical application, in the process of determining the corresponding relation among the first-class function modules, the state space variables and the second-class function modules based on the function correlation, for convenience of subsequent detection, the system function requirements of each first-class function module can be described based on the safety requirements and the LTL linear temporal logic to obtain the target linear temporal logic; determining the incidence relation between each target linear temporal logic and the first-class functional module and the second-class functional module; and determining the corresponding relation based on the incidence relation and the state space variable.
It should be noted that there is an availability requirement in the target urban rail transit interlock system, and at this time, the availability requirement may also be reflected by a security requirement, that is, the availability is verified through a counter-example type of the security requirement. In addition, the result of the target linear temporal logic of each module can be determined according to actual needs, for example, the target linear temporal logic of the switch control module system can be as shown in table 5, etc., where S represents the safety requirement and a represents the availability requirement. .
TABLE 5 target Linear temporal logic for Turnout control Module System
It should be noted that, in the process of determining the association relationship between each target linear temporal logic and the first type of functional module and the second type of functional module, in order to describe the association relationship, the association relationship between each target linear temporal logic and the first type of functional module and the second type of functional module may be determined in a form of a truth table. Still taking the switch control module system as an example, the truth table of the association relationship can be shown in table 6, wherein √ represents a trace association module; o represents an irrelevant module.
TABLE 6 Turnout temporal logic tracing table
Step S206: and determining the corresponding relation based on the incidence relation and the state space variable.
Step S207: and determining the variable relation and the variable limit of the second type functional module.
Step S208: and dividing the first type of functional module into various state sets according to the life cycle.
Step S209: transition conditions between state sets are determined.
Step S210: and detecting the target urban rail transit interlocking system based on the variable relation, the variable limit, the conversion condition and the corresponding relation.
In practical application, the targets are matched based on the corresponding relationIn the process of detecting the urban rail transit interlocking system, in order to further avoid state space explosion, the variable relation and the variable limit of the second type of functional module can be determined; dividing the first type of functional module into various state sets according to the life cycle; determining a transition condition between state sets; and detecting the target urban rail transit interlocking system based on the variable relation, the variable limit, the conversion condition and the corresponding relation. It should be noted that if the variable of the second type of function module is limited, the limitation may affect the number of times the variable of the second type of function module is played, and further affect the number of times the state space variable is adjusted, and finally, the state space explosion may be further avoided, for example, if the input command variable of the upper computer is interlocked to n, the input command of the upper computer is limited to only 1 command valid in each operation period, and the number of the command space of the upper computer is exponential 2nChanging the voltage to n +1, and changing the voltage from an exponential stage to a linear stage; in addition, if the first-class functional modules are divided into various state sets according to the life cycle and the conversion conditions among the state sets are determined, the target urban rail transit interlocking system can be detected subsequently by taking the state sets as units, the quantity of state space variables in a single detection process is reduced, the explosion of the state space variables is further avoided, and the principle of reducing the quantity of the state space is as follows: assuming that the logic variables changed by the module are 10n in total number and are divided into 10 state sets according to the life cycle, and assuming that the logic variables changed by each state set are not crossed and are n, the number of state spaces can be reduced by 210nBecomes 2nIf interface verification between modules is involved, the reduction of the number of state spaces is better, and can be approximated by 210n*210nDown to 10 x 2nThereby partially implementing the state space number conversion from exponential to polynomial.
In a specific application scenario, in the process of determining the conversion conditions among the state sets, the conversion conditions among the state sets can be determined, and the conversion conditions are described in an unambiguous manner based on a truth table and a first-order logic language, so that the conversion conditions are described accurately and vividly.
In a specific application scenario, in the process of detecting a target urban rail transit interlocking system based on variable relationships, variable limits, conversion conditions and corresponding relationships, an abstract model formally described by requirements and design documents in a model construction stage can be converted into a verification model described by modeling language Promla, and a model detection tool Spin can be used for detecting correctness, specifically, the whole target urban rail transit interlocking system model is not detected, but the correctness of each target linear temporal logic is detected by dynamically loading a functional module and an external interface module which are associated with the target linear temporal logic, in addition, as a main factor causing the state space explosion of the urban rail transit interlocking system is the uncertainty of the change of an external interface variable, the verification of each target linear temporal logic, for the external interface variable which is not determined to change, only the intersection part of the external interface module and the internal function module which are logically associated with the target linear time state is taken, so that the irrelevant state is filtered and the explosion of the state space is avoided; it may comprise the steps of:
step S2101: and defining whether the first type of functional module and the second type of functional module are effective or not based on the Boolean variables to obtain a first definition result.
It should be noted that the type of the first definition result can be shown in table 7.
Table 7 function module valid variable definitions
| Variables of | Description of the invention |
| vf0 | Whether the upper computer command interface is effective |
| vf1 | Whether full electronic system interface is valid |
| vf2 | Whether a ZC interface is valid |
| vf3 | Whether the switch control module is effective |
| vf4 | Whether the zone control module is active |
| vf5 | Whether the train route control module is effective or not |
| vf6 | Whether the protection zone control module is valid |
| vf7 | Whether the guide route control module is effective |
Step S2102: and defining the effectiveness of each target linear temporal logic based on the Boolean type variables to obtain a second definition result.
Note that the type of the second definition result may be as shown in table 8 or the like.
TABLE 8 selection of temporal logic significance variable definitions
| Variables of | Description of the invention |
| vl0 | Whether to verify temporal logic Lp0 |
| vl11 | Whether to verify temporal logic Lp11 |
Step S2103: and obtaining a Promla file based on the process description variable relation, the variable limit, the conversion condition and the corresponding relation in the Promla.
It should be noted that, in the process of describing the variable relationship, the variable restriction, the conversion condition and the corresponding relationship based on the process in the Promla, since the condition and the process of the state conversion of each module have been described in the formal language in the foregoing, the conversion into the Promla can be facilitated, and the timing sequence of each functional module design has certainty, so that the use of uncertain syntax "is avoided as much as possible: : "describe each functional module logic to reduce the number of detection model state spaces; in addition, because the external interface input of the urban rail transit interlocking system has uncertain selectivity, the system needs to adopt the following steps: : "grammar describes this uncertainty and uncertainty selectivity is predicated on the validity of the module to which the variable is associated, e.g. the switch control variable p of the upper computer command interface module12To p19The premise of uncertain change is that the upper computer command module vf0Effective and turnout control module vf3Effective, i.e. only when vf0And vf3When effective, the upper computer command interface module p12To p19The method has uncertain variability, and the external interfaces of other upper computers are not changed, so that the explosion of the state space is avoided.
Step S2104: a correlation between the first defined result and the second defined result is determined based on the test requirements.
It should be noted that the correlation between the first definition result and the second definition result may be described in the form of a truth table, and the type thereof may be as shown in table 9.
TABLE 9 truth table of logic association function blocks in different time states
Step S2105: and determining the operation mode of the target urban rail transit interlocking system based on the correlation and the Promla file.
It should be noted that, since the urban rail transit interlock control system adopts a fixed periodic mode of sequential logic operation of each module, the cycle interior is executed according to the sequence of external interface data processing and internal function logic operation, and there are sequential execution, asynchronous execution, and the like, it is necessary to determine the operation mode of the target urban rail transit interlock system based on the correlation and the Promla file.
Step S2106: and executing an operation mode based on a Promla message channel, detecting Promla files one by one based on a Spin tool, and positioning the abnormity of the target urban rail transit interlocking system according to a counter path.
It should be noted that, during the process of detecting the Promla files one by one based on the Spin tool and locating the abnormality of the target urban rail transit interlock system according to the counter example path, the Spin tool can be used for detecting each target linear temporal logic one by one, and locating the abnormality according to the counter example path, and before detection, the validity of the target linear temporal logic needs to be set as TRUE, and the validity of other temporal logics needs to be set as FALSE, so that different functional modules are dynamically loaded according to different target linear temporal logics and different external interfaces are limited, so that irrelevant state spaces are filtered, and the number explosion of the state spaces is avoided; after determining the operation mode of the target urban rail transit interlock system based on the correlation and the Promla file, the operation mode may be executed based on the Promla message channel, for example, the sequential execution in the Promla message channel may be as follows:
m0→m1→m2→m3→m4→m5→m6→m7;
asynchronous execution in the Promla message channel may be as follows:
m0→m1→m2→m3→m4→(m5,m′5)→m6→m7wherein m is5And m'5Respectively, represent two route processes executed asynchronously, and m is explained as shown in table 10.
Table 10 interlock system selection function module definition
In order to facilitate understanding of the effect of the method for detecting the urban rail transit interlocking system provided by the application, the method is now described through mathematical operation.
Suppose Sp (m)i) Represents miThe number of state spaces of the module, Sp represents the number of model detection state spaces. If the traffic interlock system is detected in the existing manner, the maximum number of state spaces of any temporal logic is verified to be the cartesian product of the number of state spaces of each module process, that is:
Sp=Sp(m0)×Sp(m1)×Sp(m2)×Sp(m3)×Sp(m4)×Sp(m5)×Sp(m6)×Sp(m7);
without loss of generality, the following linear temporal logic Lp for the switch0And Lp11The analyses were carried out separately:
first, detecting only modules associated with temporal logic, and then combing the state space of unrelated modules to 1, e.g., linear temporal logic Lp for switches0Verification is performed, and the state space is reduced to:
to the linear temporal logic Lp of the switch11Verification is performed, and the state space is reduced to:
therefore, by loading the associated module, the filtering irrelevant module can reduce the number of state spaces;
secondly, the maximum state space number Sp (m) of each external interface can be obtained without considering the logic relation between the external interface variables0)=231(see Table 2 for the sum of all variables 31), Sp (m)1)=231(see Table 3 for the sum of all variables 31), Sp (m)2)=230(see Table 4 for a total of all variables of 30) when Sp is 231×231×230×Sp(m3)×Sp(m4)×Sp(m5)×Sp(m6)×Sp(m7);
To switch linear temporal logic Lp0Verification is performed, and the external interface variable is extracted
(see turnout control module associated interface variables of tables 2, 3, and 4); to switch linear temporal logic Lp11Carry out the verification, then
(see Table 2, Table 3, and Table 4 for switch control module-related interface variables), and because the number of internal state spaces is related to the specific state transition logic within the functional module, althoughAn unambiguous number cannot be used, but since the internal state transitions are all caused by external input variable transitions, it can be estimated that the magnitude of the internal external state space reduction is approximately the magnitude of the external state space, Sp' (m)3) And Sp' (m)4) Relative to Sp (m)3) And Sp (m)4) The state space is also exponentially decreasing. Therefore, the method and the device can reduce the state space explosion in the detection process of the urban rail transit interlocking system.
Referring to fig. 3, fig. 3 is a schematic structural diagram of an urban rail transit interlock system detection system according to an embodiment of the present application.
The urban rail transit interlocking system detection system that this application embodiment provided can include:
the first determining module 101 is used for determining each functional module of the target urban rail transit interlocking system and is used as a first-class functional module;
a first defining module 102, configured to define a state space variable of each first-class functional module by using a boolean variable;
the second determining module 103 is used for determining each functional module of the external system interface module connected with the target urban rail transit interlocking system and taking the functional module as a second type of functional module;
a third determining module 104, configured to determine, based on the function correlation, a corresponding relationship between the first type of function module, the state space variable, and the second type of function module;
and the first detection module 105 is used for detecting the target urban rail transit interlocking system based on the corresponding relation.
The description of each module in the urban rail transit interlocking system detection system provided by the embodiment of the application can refer to the above embodiment, and is not described herein again.
Based on the hardware implementation of the program module, and in order to implement the method according to the embodiment of the present invention, an embodiment of the present invention further provides an electronic device, and fig. 4 is a schematic diagram of a hardware composition structure of the electronic device according to the embodiment of the present invention, and as shown in fig. 4, the electronic device includes:
a communication interface 1 capable of information interaction with other devices such as network devices and the like;
and the processor 2 is connected with the communication interface 1 to realize information interaction with other equipment, and is used for executing the urban rail transit interlocking system detection method applied by one or more technical schemes when running a computer program. And the computer program is stored on the memory 3.
In practice, of course, the various components in the electronic device are coupled together by the bus system 4. It will be appreciated that the bus system 4 is used to enable connection communication between these components. The bus system 4 comprises, in addition to a data bus, a power bus, a control bus and a status signal bus. For clarity of illustration, however, the various buses are labeled as bus system 4 in fig. 4.
The memory 3 in the embodiment of the present invention is used to store various types of data to support the operation of the electronic device. Examples of such data include: any computer program for operating on an electronic device.
It will be appreciated that the memory 3 can be either volatile memory or nonvolatile memory, and can include both volatile and nonvolatile memory. Among them, the nonvolatile Memory may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a magnetic random access Memory (FRAM), a Flash Memory (Flash Memory), a magnetic surface Memory, an optical disk, or a Compact Disc Read-Only Memory (CD-ROM); the magnetic surface storage may be disk storage or tape storage. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Synchronous Static Random Access Memory (SSRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM), Enhanced Synchronous Dynamic Random Access Memory (ESDRAM), Enhanced Synchronous Dynamic Random Access Memory (Enhanced DRAM), Synchronous Dynamic Random Access Memory (SLDRAM), Direct Memory (DRmb Access), and Random Access Memory (DRAM). The memory 2 described in the embodiments of the present invention is intended to comprise, without being limited to, these and any other suitable types of memory.
The method disclosed by the above embodiment of the present invention can be applied to the processor 2, or implemented by the processor 2. The processor 2 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 2. The processor 2 described above may be a general purpose processor, a DSP, or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor 2 may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed by the embodiment of the invention can be directly implemented by a hardware decoding processor, or can be implemented by combining hardware and software modules in the decoding processor. The software modules may be located in a storage medium located in the memory 3, and the processor 2 reads the program in the memory 3 and in combination with its hardware performs the steps of the aforementioned method.
When the processor 2 executes the program, the corresponding processes in the methods according to the embodiments of the present invention are realized, and for brevity, are not described herein again.
In an exemplary embodiment, the present invention further provides a storage medium, i.e. a computer storage medium, in particular a computer readable storage medium, for example comprising a memory 3 storing a computer program, which is executable by a processor 2 to perform the steps of the aforementioned method. The computer readable storage medium may be Memory such as FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface Memory, optical disk, or CD-ROM.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus, terminal and method may be implemented in other manners. The above-described device embodiments are only illustrative, for example, the division of the unit is only one logical function division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all the functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.
Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or a part contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for enabling an electronic device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A detection method for an urban rail transit interlocking system is characterized by comprising the following steps:
determining each functional module of a target urban rail transit interlocking system, and taking the functional module as a first-class functional module;
defining the state space variable of each first-class functional module by using a Boolean-type variable;
determining each functional module of an external system interface module connected with the target urban rail transit interlocking system and using the functional module as a second type of functional module;
determining a corresponding relation among the first type of functional module, the state space variable and the second type of functional module based on the functional correlation;
and detecting the target urban rail transit interlocking system based on the corresponding relation.
2. The method according to claim 1, wherein the defining the state space variables of each of the first type functional modules by boolean variables comprises:
and defining the external module interface variable, the internal module interface variable and the module internal logic variable of each first-class functional module by the Boolean-type variable.
3. The method of claim 2, wherein determining the correspondence among the first class of functional modules, the state space variables, and the second class of functional modules based on functional dependencies comprises:
describing system function requirements of each first-class function module based on security requirements and LTL linear temporal logic to obtain target linear temporal logic;
determining the incidence relation between each target linear temporal logic and the first type of functional module and the second type of functional module;
and determining the corresponding relation based on the incidence relation and the state space variable.
4. The method of claim 3, wherein the determining the association relationship between each of the target linear temporal logics and the first type of functional module and the second type of functional module comprises:
and determining the incidence relation between each target linear temporal logic and the first type of functional module and the second type of functional module by adopting a truth table form.
5. The method according to claim 4, wherein the detecting the target urban rail transit interlock system based on the correspondence comprises:
determining the variable relation and the variable limit of the second type of functional module;
dividing the first type of functional modules into various state sets according to the life cycle;
determining a transition condition between the state sets;
and detecting the target urban rail transit interlocking system based on the variable relation, the variable limit, the conversion condition and the corresponding relation.
6. The method of claim 5, wherein determining the transition condition between the state sets comprises:
determining the conversion conditions among the state sets, and formally describing the conversion conditions pointlessly based on a truth table and a first-order logic language.
7. The method according to claim 6, wherein the detecting the target urban rail transit interlock system based on the variable relationship, the variable limit, the transition condition, and the correspondence comprises:
defining whether the first type of functional module and the second type of functional module are effective or not based on the Boolean variables to obtain a first definition result;
defining the effectiveness of each target linear temporal logic based on the Boolean variables to obtain a second definition result;
describing the variable relation, the variable limit, the conversion condition and the corresponding relation based on a process in the Promla to obtain a Promla file;
determining a correlation between the first defined result and the second defined result based on test requirements;
determining the operation mode of the target urban rail transit interlocking system based on the correlation and the Promla file;
and executing the operation mode based on a Promla message channel, detecting the Promla files one by one based on a Spin tool, and positioning the abnormity of the target urban rail transit interlocking system according to a counter path.
8. The utility model provides an urban rail transit interlock system detecting system which characterized in that includes:
the first determination module is used for determining each functional module of the target urban rail transit interlocking system and is used as a first-class functional module;
the first defining module is used for defining the state space variable of each first-type functional module by a Boolean-type variable;
the second determination module is used for determining each functional module of an external system interface module connected with the target urban rail transit interlocking system and is used as a second type of functional module;
a third determining module, configured to determine, based on the function correlation, a corresponding relationship among the first class of function modules, the state space variable, and the second class of function modules;
and the first detection module is used for detecting the target urban rail transit interlocking system based on the corresponding relation.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the method for detecting an interlock system for urban rail transit according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method for detecting an interlock system for urban rail transit according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210238053.1A CN114701547A (en) | 2022-03-10 | 2022-03-10 | Urban rail transit interlocking system detection method, system, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210238053.1A CN114701547A (en) | 2022-03-10 | 2022-03-10 | Urban rail transit interlocking system detection method, system, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114701547A true CN114701547A (en) | 2022-07-05 |
Family
ID=82168261
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210238053.1A Pending CN114701547A (en) | 2022-03-10 | 2022-03-10 | Urban rail transit interlocking system detection method, system, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114701547A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115257877A (en) * | 2022-07-27 | 2022-11-01 | 卡斯柯信号有限公司 | Station train control system and interface method of automatic train monitoring system and interlocking lower computer thereof |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1996024101A1 (en) * | 1995-02-03 | 1996-08-08 | A T & T Corp. | An automata-theoretic verification of systems |
| CN101013452A (en) * | 2007-02-05 | 2007-08-08 | 江苏大学 | Symbolized model detection method |
| CN105426176A (en) * | 2015-11-03 | 2016-03-23 | 南京航空航天大学 | Model detection method based on information hiding for graph transformation system |
| CN107992946A (en) * | 2018-01-23 | 2018-05-04 | 山西中创伟业科技有限公司 | Symbolism hypothesis-guarantee inference method based on mode of learning |
| CN110164151A (en) * | 2019-06-21 | 2019-08-23 | 西安电子科技大学 | Traffic lamp control method based on distributed deep-cycle Q network |
-
2022
- 2022-03-10 CN CN202210238053.1A patent/CN114701547A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1996024101A1 (en) * | 1995-02-03 | 1996-08-08 | A T & T Corp. | An automata-theoretic verification of systems |
| CN101013452A (en) * | 2007-02-05 | 2007-08-08 | 江苏大学 | Symbolized model detection method |
| CN105426176A (en) * | 2015-11-03 | 2016-03-23 | 南京航空航天大学 | Model detection method based on information hiding for graph transformation system |
| CN107992946A (en) * | 2018-01-23 | 2018-05-04 | 山西中创伟业科技有限公司 | Symbolism hypothesis-guarantee inference method based on mode of learning |
| CN110164151A (en) * | 2019-06-21 | 2019-08-23 | 西安电子科技大学 | Traffic lamp control method based on distributed deep-cycle Q network |
Non-Patent Citations (2)
| Title |
|---|
| 于丽贞;徐中伟;陈祖希;张舒青;: "基于梯形逻辑的联锁系统形式化验证方法", 计算机应用, no. 12 * |
| 燕飞;唐涛;: "计算机联锁控制逻辑的模型检验方法", 铁道通信信号, no. 05 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115257877A (en) * | 2022-07-27 | 2022-11-01 | 卡斯柯信号有限公司 | Station train control system and interface method of automatic train monitoring system and interlocking lower computer thereof |
| CN115257877B (en) * | 2022-07-27 | 2023-12-01 | 卡斯柯信号有限公司 | Station train control system and interface method of automatic train monitoring system and interlocking lower computer thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Bernardeschi et al. | A formal verification environment for railway signaling system design | |
| Saidi | Model checking guided abstraction and analysis | |
| JP3858000B2 (en) | Verification method of combinational circuit using filtering type approach | |
| US8141054B2 (en) | Dynamic detection of atomic-set-serializability violations | |
| Kobayashi | Model-checking higher-order functions | |
| CN102722610A (en) | Method and device for automatically generating coverage rate codes by flow chart | |
| CN114701547A (en) | Urban rail transit interlocking system detection method, system, equipment and medium | |
| CN102508766A (en) | Static analysis method of errors during operation of aerospace embedded C language software | |
| Madalinski et al. | Predictability verification with parallel LTL-X model checking based on Petri net unfoldings | |
| CN113127331B (en) | Test method and device based on fault injection and computer equipment | |
| Abid et al. | A Real-Time Specification Patterns Language | |
| Madalinski et al. | Diagnosability verification with parallel LTL-X model checking based on Petri net unfoldings | |
| CN101894072A (en) | Method for detecting abnormal termination during model detection | |
| CN113820649B (en) | Method and device for testing service life reliability of firmware of electric energy meter | |
| Rintanen | Models of action concurrency in temporal planning | |
| Bérard et al. | When are timed automata weakly timed bisimilar to time Petri nets? | |
| Fehnker et al. | Counterexample guided path reduction for static program analysis | |
| Khasidashvili et al. | Simultaneous SAT-based model checking of safety properties | |
| Saifan et al. | Using formal methods for test case generation according to transition-based coverage criteria | |
| Chow et al. | State space reduction in abstract interpretation of parallel programs | |
| Goldson et al. | Concurrent program design in the extended theory of Owicki and Gries | |
| Tóth | Abstraction refinement-based verification of timed automata | |
| Sproston | Model checking for probabilistic timed systems | |
| Rychkov et al. | Statecharts as a Dynamic Method for Risk Assessment | |
| US8966422B1 (en) | Median line based critical timing path optimization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |