Industrial-Strength Verification of Solid State Interlocking Programs

TL;DR

This paper presents SafeCap, an industry-strength tool for formal verification of railway interlocking programs, enabling automated safety assurance and diagnostics to improve safety and reduce manual checking efforts.

Contribution

The paper introduces SafeCap, a novel tool that automates formal verification of interlocking data directly from industry-designed inputs, overcoming deployment barriers.

Findings

Successfully verified 26 real-world interlockings

Provides automated diagnostics for safety properties

Supports early error detection in railway safety systems

Abstract

The increasing complexity of modern interlocking poses a major challenge to ensuring railway safety. This calls for application of formal methods forassurance and verification of their safety. We have developed an industry-strength toolset, called SafeCap, for formal verification of interlockings. Our aim was to overcome the main barriers in deploying formal methods in industry. The approach proposed verifies interlocking data developed by signalling engineers in the ways they are designed by industry. It ensures fully-automated verification of safety properties using the state of the art techniques (automated theorem provers and solvers), and provides diagnostics in terms of the notations used by engineers. In the last two years SafeCap has been successfully used to verify 26 real-world mainline interlockings, developed by different suppliers and design offices. SafeCap is currently used in an advisory capacity, supplementing manual checking and testing processes by providing an additional level of verification and enabling earlier identification of errors. We are now developing a safety case to support its use as an alternative to some of these activities.