Testing Railway Interlockings with

N. Ioustinova, J. van de Pol, N. Goga

Centrum voor Wiskunde en Informatica

Amsterdam, The Netherlands

TT-Medal Review

Berlin, Germany

September 28, 2005

This work is done in cooperation with ProRail

TT-Medal Review, September 2005

GoalProvide a framework for testing railway interlockings

with TTCN-3

INTERLOCKING LAYER(guarantees safety of railway control system)

INFRASTRUCTURE(railway tracks, signals, level crossings, points etc.)

LOGISTIC LAYER(human-experts interface) Railway Control

System

Apply the framework for testing interlocking software for Hoorn-

Kersenboogerd station

TT-Medal Review, September 2005

1 3 5 7 9 11

8 10

2 4 6

Development of Test Cases

test suite for interlockingof Hoorn-Kersenboogerd

standards

on railway safety

TT-Medal Review, September 2005

Development of Test System

Test Management (TM)

TTCN-3 executable (TE)

TCI

TRI

Platform Adapter System Adapter

Time Manager

IdlenessHandler

IdlenessHandler

IdlenessHandler

IdlenessHandlerTCMTC

TTCN-3 Test System forrailway

Special feature: time control simulated time

interlockingsSUT

Interlocking Simulator

Interlocking Program

Simulated time solution is based on Dijkstra’s distributed termination detection algorithm

TT-Medal Review, September 2005

66C 66B 66A 74B

60

68

Expectedtrace

Observedtrace

66C 66B 66A 74B

60

68

FAIL

Initial situation: train on 66C

Setting the initial situation costs 21 cycles.

Failure is detected in 1 cycle.

Test Execution: Normal Train Departure

Final situation: train at 66B and 68 remains yellow

TT-Medal Review, September 2005

Market Relevance In the European railway sector, the current target is to increase the

proportion of railway transportation by 100-150% within a short period (www.railway-technology.com)

European integration (www.euro-interlocking.org) requires new standards for specification (UML) and testing (TTCN-3)

TTCN-3 enables to bring together

Vendors

Standardization

Certification

Operators in EU

TT-Medal Review, September 2005

TTCN-3 for the Railway DomainAdvantages Standardization: a standard language to specify test suites for

railway applications Reusability: one test suite can be used to test software from

different vendors Independency from implementation details of simulators for

railway software Automation of test execution for railway domain

Benefits High-quality test suites → reliable railway control systems Reduction of costs for testing on the long run

TT-Medal Review, September 2005

We translated a subset of CENELEC safety requirements into TTCN-3 test cases.

TTCN-3 is suitable to specify test cases for railway control systems According to ProRail, TTCN-3 is a significant step towards

automation and standardization of testing process in the railway domain

TTCN-3 test system is extended by time simulation option We have covered whole test-process starting from developing test

cases, proceeding with implementing the test system and finally executing tests and interpreting results

Using this approach we found violations of general safety requirements

Conclusions