Hierarchical Modelling of Complex Control Systems: Dependability Analysis of a Railway Interlocking

A. Bondavalli, M. Nelli, L. Simoncini, G.  Mongardi



This paper reports an experience made in building a model and analysing the dependability of an actual railway station interlocking control system. Despite our analysis has been restricted to the Safety Nucleus subsystem, mastering complexity and size required a considerable effort. We identified a modelling strategy, based on a modular, hierarchical decomposition allowing to use different methods and tools for modelling at the various level of the hierarchy. This multi-layered modelling methodology led to an accurate representation of the system behaviour and allowed us (i) to keep under control the size of the mod-els within the different levels to be easily managed by the automatic tools, (ii) to make changes in the model in a very easy and cheap way. The paper con-tains also examples of the extensive analyses performed regarding the sensitivity of the dependability measures to variations of critical parameters and
towards the validation of the assumptions made.
Keywords: computer based interlocking systems, analytical modelling and evaluation, hierarchical modelling methodology, unsafety, reliability, availability, sensitivity analysis

REFERENCES

1 Balliet, J. B. and Hoelscher, J. R. Microprocessor based Inter-locking
Control ? Concept to Application. Proc. APTA Rail
Transit Conf. Miami, Fl (1986) p. 13

2 Holt, E. K. The Application of Microprocessors to Interlocking
Logic. Proc. APTA Rail Transit Conf. Miami, Fl. (1986) p. 13

3 Kantz, H. and Koza, C. The ELEKTRA railway signalling-system:
field experience with an actively replicated system with
diversity. Proc. 25th Int. Symp. on Fault Tolerant Computing
(FTCS-25), (1995) pp. 453-458

4 Mongardi, G. Dependable Computing for Railway Control
Systems. Proc. DCCA-3 Mondello, Italy (1993) pp. 255-277

5 Okumura, I. Electronic Interlocking to be tried in Japan. Rail-way
Gazette International Vol 12 No (1980) pp. 1043-1046

6 Wirthumer, G. VOTRICS ? Fault Tolerant realised in soft-ware.
Proc. SAFECOMP Vienna, Austria 1989) pp. 135-140

7 CENELEC Railway Applications: Software for Railway Con-trol
and Protection Systems ? prEN50128 (1997)

8 CENELEC Railway Applications: Safety related electronic sys-tems
for signalling ? ENV 50129 (1997)

9 CENELEC Railway Applications ? The Specification and
Demonstration of Reliability, Availability, Maintainability and
Safety (RAMS) ? prEN 50126 (1998)

10 Arlat, J., Kanoun, K. and Laprie, J. C. Dependability Mod-elling
and Evaluation of Software Fault-Tolerant Systems.
IEEE Transaction on Computer Vol 39 No 4 (1990) pp. 504?
513

11 Bondavalli, A., Chiaradonna, S., Di Giandomenico, F. and
Strigini, L. A Contribution to the Evaluation of the reliability
of Iterative-Execution Software. STVR ? Software Testing, Ver-ification
and Reliability, Vol 9 No 3 (1999) pp. 145?166

12 Dugan, J. B. and Lyu, M. R. Dependability Modeling for
Fault-Tolerant Software and Systems. In Software Fault Toler-ance,
M. Lyu (Ed), Wiley (1995) pp. 109?138

13 Laprie, J. C. and Kanoun, K. X-ware Reliability and Avail-ability
modelling. IEEE Trans. on Software Engineering Vol

14 Tai, A. T., Avizienis, A. and Meyer, J. F. Evaluation of fault
tolerant software: a performability modeling approach. In:
Dependable Computing for Critical Applications 3, C. E. Land-wher,
B. Randell and L. Simoncini (Eds.), Springer-Verlag
(1992) pp. 113?135

15 Kanoun, K., Borrel, M., Morteveille, T. and Peytavin, A.
Modelling the Dependability of CAUTRA, a Subset of the
French Air Traffic Control System. Proc. 26th IEEE Int. Sym-posium
on Fault Tolerant Computing Sendai, Japan 1996) pp.
106?115

16 Sanders, W. and Meyer, J. Reduced Base Model Construction
Methods for Stochastic Activity Networks. IEEE Trans. on
Selected Areas in Communications Vol 9 No 1 (1991) pp.
25?36

17 Sanders, W. H., Obal, W. D., Qureshi, M. A. and Widja-narko,
F. K. The UltraSAN Modeling Environment. Perfor-mance
Evaluation Journal, special issue on Performance
Modeling Tools Vol 24 No 1, October-November (1995) pp.
89?115

18 LAAS-CNRS SURF-2 User guide (1994)
19 Geist, R. and Trivedi, K. Reliability Estimation of Fault-Tol-erant
Systems: Tools and Tecniques' IEEE Computer Vol No
(1990) pp. 52-61

20 Mongardi, G. A.C.C Specifiche Tecniche e Funzionali (1995)

21 Avizienis, A. and Kelly, J. P. J. Fault Tolerance by Design
Diversity: Concepts and Experiments. IEEE Computer (1984)

22 Trivedi, K. S. Probability and Statistics with Reliability, Queu-ing,
and Computer Science Applications Prentice-Hall, Engle-wood
Cliffs, North Carolina (1982)

23 Nelli, M. Modellamento e valutazione di attributi della depend-ability
di un sistema critico per l’interlocking ferroviario. Mas-ter
Thesis, University of Pisa (1995)2 Holt, E. K. The Application of Microprocessors to Interlocking
Logic. Proc. APTA Rail Transit Conf. Miami, Fl. (1986) p. 13

You can download a PDF version of the paper.