Towards the verification of a generic interlocking logic: Dafny meets parameterized model checking

TL;DR

This paper presents a method combining Dafny and model checking to verify a generic interlocking logic applicable to various station configurations, aiming to automate safety proof verification.

Contribution

It introduces an approach that integrates Dafny with parameterized model checking for verifying safety properties of a generic interlocking logic.

Findings

Successful encoding of interlocking logic in Dafny

Automated proof of safety properties using invariants

Potential for extending verification in an IDE environment

Abstract

Interlocking logics are at the core of critical systems controlling the traffic within stations. In this paper, we consider a generic interlocking logic, which can be instantiated to control a wide class of stations. We tackle the problem of parameterized verification, i.e. prove that the logic satisfies the required properties for all the relevant stations. We present a simplified case study, where the interlocking logic is directly encoded in Dafny. Then, we show how to automate the proof of an important safety requirement, by integrating simple, template-based invariants and more complex invariants obtained from a model checker for parameterized systems. Based on these positive preliminary results, we outline how we intend to integrate the approach by extending the IDE for the design of the interlocking logic.