• No results found

Some Technical Aspects of an Interlocking Specification language

N/A
N/A
Info
Download
Protected

Academic year: 2022

Share "Some Technical Aspects of an Interlocking Specification language"

Copied!
11
0
0

Loading.... (view fulltext now)

Download now ( 11 Page )

Full text

(1)

Some technical aspects of

an Interlocking Specification Language

Lars-Henrik Eriksson Industrilogik L4i AB

(2)

Industrilogik L4i AB

• Swedish consultancy company in advanced logic, mathematics and computer science.

• Main business area: Formal methods

• Staff of 11. 7 Ph.D.

• Founded in 1997, but most of the staff worked industrially with formal methods before that.

(3)

ISL – why yet another language?

The ISL projects aims at developing a specification language tailored for railway signalling.

• We believe that domain-specific specification languages can

substantially simplify the application of formal methods. (Both from the point of view of the user and of the tool implementor.)

ISL work is still in a preliminary stage – the language is not yet defined.

The ISL is not necessarily intended to be a completely new specification language.

Existing languages (subsets, dialects, libraries) could well be used if they suit the technical requirements.

(4)

Aspects of ISL and ISL use

• Specification levels

• Concept library

• Expressiveness

• Temporalities

• Tool support

• Positive requirements

(5)

Specification levels

ISL is primarily intended for design-independent requirements specification of signalling systems.

ISL is not intended as a design specification language.

Design specification languages (e.g. Dutch EURIS/LARIS, Adtranz Signal’s IRSL) can be tailored for a specific design.

ISL must interface with design specifications.

(6)

Concept library

A formal specification can be divided (roughly) into two parts:

1) The conceptual model

• defines the concepts needed to express the requirements:

geometrical properties and relations, abstract entities like train routes, etc.

• turns out to be large and difficult to write – even for intuitively obvious concepts

• Example: a signal is ”ahead of” another signal. Positions of points etc. must be taken into account.

2) The actual requirements

• are generally simple.

ISL should provide a concept library for railway signalling.

(7)

Parametrisation of concepts

Different railway administrations use slightly different concepts.

• Example: the exact definition of a train route can differ between two administrations.

The ISL concept library needs to be parametrised and adaptable.

(The ERRI A201 project has developed a catalogue of the differences in signalling principles.)

(8)

Expressiveness

Generally, great expressiveness has been a desired property of a specification language.

+ Specifications become more concise and easier to express.

– A very expressive language is harder to master.

– There is a conflict between expressibility and suitability for

processing by automatic tools (e.g. automatic theorem proving).

– Not much expressiveness needed to specifying requirements + Conceptual modelling does benefit.

ISL should provide just the required amount of expressiveness.

Possibly different sublanguages could be used for conceptual modelling and requirements specification.

(9)

Temporalities

It is essential to be able to express requirements including temporal relationships.

However, temporalities can easily make the language much more complex – particularly from an implementation point of view.

Just what kind of temporalities are really needed?

(10)

Tool support

The use of (more or less) automated tools in a formal development process is essential.

ISL should be carefully designed to take allow tools to take maximal advantage of the state-of-the art in algorithms for theorem proving, type checking etc.

The existence of a standardised concept library means that concept definitions could be coded into the tools to improve performance.

Example of tools that should be available:

– Simulation tools – Verification tools

– Tools to present and edit specifications in an application-oriented manner.

(11)

Positive requirements – a challenge

Formal specification work typically address safety properties, e.g.

that nothing bad happens.

• Example: a signal is not cleared unless it is safe to do so.

Positive requirements – that something good does happen is in practise more difficult to express.

• less clear-cut than safety requirements.

Verifying a safety requirement can be done by showing that each

single computation step of the design/implementation does not cause a bad thing to happen.

Verifying a positive requirement can be more difficult as many steps may be required until the good thing eventually happen.

What are the implications for ISL?

References

Download now ( PDF - 11 Page - 9.71 KB )

Related documents

Conveyor belts — Specification for

This International Standard specifies requirements for rubber and/or plastics covered conveyor belting of textile construction for general surface use on flat or troughed idlers.

An Interlocking Specification Language

Formal methods – the use of exact mathematical methods to describe and analyse systems – have reached a level of maturity where they can be used in practice to

Natural Language Specification and Violation Reporting of Business Rules over ER-modeled Databases

This paper presents our work on adapting and extending natural language interface (NLI) to database technology to support the specification and violation reporting of business

A Domain-Specific Language for Protocol Stack

Ahmed, Muhammad Rehan (2011) Compliance Control of Robot Manipulator for Safe Physical Human Robot Interaction..

EUROPEAN PATENT SPECIFICATION

A method of nanofibres production from a polymer solution (2) using electrostatic spinning in an electric field created by a potential difference between a ro- tating charged

TECHNICAL ISO/IEC TS SPECIFICATION 18661-5

When inside a compound statement, the pragma action for a designated exception takes effect from the occurrence of the pragma until another FENV_EXCEPT pragma designating the same

The Privacy Option Language: Specification & Implementation

The simPOL sublanguages materialise in the types Management , a contract management semantics, Time , a time model used in the contract management, PersonalData , a very simple

VISIBLE LIGHT PRODUCTS SPECIFICATION

But be aware of the high temperature will not only make the epoxy soften but also cause the lead moving and the gold wire broken and even open. So before returning to the