Modeling and Verification of Zone Controller: The SCADE Experience in China´s Railway Systems

Communications Based Train Control (CBTC) is the newest railway system to solve traffic congestion in China´s cities. Compared with the traditional signaling systems, CBTC systems are more complicated for which the modern moving block systems have been designed so that the exact position of a train can be known more accurately. Using traditional software development processes to design and expand such large systems are costly, and become unsustainable. Safety-critical application development environment (SCADE) is the systemic solution for developing critical systems. It fulfills the requirement of design, simulation, verification and automatic code generation of safety critical systems as CBTC. However, modeling and verifying CBTC is still a challenging problem. According to our experience in modeling and verifying the Zone Controller (ZC) of CBTC, the SCADE based development process does not reduce the complexity of large systems, which leads to verification failure. Therefore, improving the SCADE based development process is an urgent task. In this work, the slicing criteria that the SCADE process must conduct in order to simplify the complexity of SCADE models are stated. For each type of observer in SCADE, examples of available slicing criteria are given and their effects on reducing state space are analyzed. Finally, as a practical example, ZC is modeled and verified by SCADE using the slicing criteria.