## Safety Criteria for Hoorn-Kersenboogerd Railway Station (1995)

### Abstract

We formulate several classes of safety criteria for railway yards in terms of observable behaviour. These criteria are meant to protect trains from collisions and from derailments. We identify a number of safety criteria, and present instances of these classes for the case of the railway yard at station Hoorn--Kersenboogerd. These criteria have all been checked by means of the Stalmarck theorem prover, using a methodology from Groote, Koorn and Van Vlijmen. 1 Introduction At a growing number of Dutch railway stations, including Hoorn--Kersenboogerd, computer equipment based on a Vital Processor Interlocking 1 (VPI) is used in order to ensure safe movement of trains. Apart from a number of hardware checks, a VPI essentially executes a program that consists of a large number of assignments of the form v = OE with v a variable and OE a Boolean formula, which expresses dependencies between objects such as points, signals and level crossings, taking into account detailed information such...

