Deductive Verification of Railway Operations

摘要

We use deductive verification to show safety properties for the railway operations of Deutsche Bahn. We formalize and verify safety properties for a precise, comprehensive model of operational procedures as specified in the rule books, independently of the shape and size of the actual network layout and the number or schedule of trains. We decompose a global safety property into local properties as well as compositionality and well-formedness assumptions. Then we map local state-based safety properties into history-based properties that can be proven with a high degree of automation using deductive verification. We illustrate our methodology with the proof that for any well-formed infrastructure operating according to the regulations of Deutsche Bahn the following safety property holds: whenever a train leaves a station, the next section is free and no other train on the same line runs in the opposite direction.