Using a Formal B Model at Runtime in a Demonstration of the ETCS Hybrid Level 3 Concept with Real Trains


In this article, we present a concrete realisation of the ETCS Hybrid Level 3 concept, whose practical viability was evaluated in a field demonstration in 2017. Hybrid Level 3, an evolution of the ETCS Level 2 principles, introduces Virtual Sub-Sections (VSS) as sub-divisions of classical track sections with Train Detection Devices (TTD). Our approach introduces an add-on for the Thales Radio Block Centre (RBC), called Virtual Block Function (VBF), which computes the occupation states of the VSSs according to the HL3 concept using the train position reports, train integrity information, and the TTD occupation states. From the perspective of the RBC, the VBF behaves as an IXL that transmits all signal aspects for virtual signals introduced for each VSS to the RBC. We report on the development of the VBF, implemented as a formal B model executed at runtime using ProB and successfully used in a field demonstration to control real trains.

In Proceedings 6th International ABZ Conference ASM, Alloy, B, TLA, VDM, Z (ABZ 2018), Springer LNCS
Sebastian Krings
Sebastian Krings
Software Engineer

My interests include software analysis, formal methods and offensive security.