## Safety Criteria for Hoorn-Kersenboogerd Railway Station (1995)

Venue: | Utrecht University |

Citations: | 3 - 1 self |

### BibTeX

@INPROCEEDINGS{Fokkink95safetycriteria,

author = {Wan Fokkink},

title = {Safety Criteria for Hoorn-Kersenboogerd Railway Station},

booktitle = {Utrecht University},

year = {1995}

}

### OpenURL

### Abstract

We formulate several classes of safety criteria for railway yards in terms of observable behaviour. These criteria are meant to protect trains from collisions and from derailments. We identify a number of safety criteria, and present instances of these classes for the case of the railway yard at station Hoorn--Kersenboogerd. These criteria have all been checked by means of the Stalmarck theorem prover, using a methodology from Groote, Koorn and Van Vlijmen. 1 Introduction At a growing number of Dutch railway stations, including Hoorn--Kersenboogerd, computer equipment based on a Vital Processor Interlocking 1 (VPI) is used in order to ensure safe movement of trains. Apart from a number of hardware checks, a VPI essentially executes a program that consists of a large number of assignments of the form v = OE with v a variable and OE a Boolean formula, which expresses dependencies between objects such as points, signals and level crossings, taking into account detailed information such...

### Citations

671 | A survey of program slicing techniques
- Tip
- 1995
(Show Context)
Citation Context ... on a computer with `reasonable' capacity. Hence, as a first step, subformulas of \Phi 0s\Delta \Delta \Delta \Phi n that do not contribute to the value of R are removed by means of a slice algorithm =-=[9]-=-, producing a, usually considerably smaller, formula \Psi. Finally, satisfiability of :(\Psi ) R) is checked by means of some theorem prover. All the requirements that are presented in this paper, for... |

45 | The safety guaranteeing system at station Hoorn-Kersenboogerd
- Groote, Koorn, et al.
- 1994
(Show Context)
Citation Context ...some idle time, in order to fill up the second, the VPI executes the next control cycle. A specification of VPI, together with the verification of several desirable properties of VPI, is presented in =-=[4]-=- The production of a set of assignments for a specific railway yard is an involved human business, and even for a small railway station, the resulting set of assignments 1 r VPI and Vital Processor In... |

30 |
Modelling and verifying systems and software in propositional logic
- StÃ¥lmarck, SÃ¤flund
- 1990
(Show Context)
Citation Context ... by the Stalmarck theorem prover. The Stalmarck theorem prover has been applied before to verify interlocking equations in a computer controlled interlocking system used by the Swedish state railways =-=[8]-=-. A more general framework for the requirements analysis of safety critical systems has been proposed in [2]. Acknowledgements. Gea Kolk, Peter Musters and Robert Straatman from `Holland Railconsult' ... |

14 | Hiding propositional constants in BDDs
- Groote
- 1996
(Show Context)
Citation Context ...ee [6, 7]. In order to apply the Stalmarck theorem prover, we have used the Prolog interface NP Module [1]. We have also tried to check the safety requirements in an improved BDD based theorem prover =-=[3]-=-, but requirements which involve time, such as `if a signal shows red for one second', turned out to be too hard to handle for this tool. Surprisingly, the small set of assignments for station Hoorn--... |

7 |
Normalization theorems for full first order classical natural deduction
- Stalmarck
- 1991
(Show Context)
Citation Context ... large Boolean formulas, by the application of smart algorithms for computations in classical logic. For information on innovative constructions that have been implemented in this theorem prover, see =-=[6, 7]-=-. In order to apply the Stalmarck theorem prover, we have used the Prolog interface NP Module [1]. We have also tried to check the safety requirements in an improved BDD based theorem prover [3], but ... |

6 |
A Train Set as a Case Study for the Requirements Analysis of Safety-Critical Systems
- Lemos, Saeed, et al.
- 1992
(Show Context)
Citation Context ...g equations in a computer controlled interlocking system used by the Swedish state railways [8]. A more general framework for the requirements analysis of safety critical systems has been proposed in =-=[2]-=-. Acknowledgements. Gea Kolk, Peter Musters and Robert Straatman from `Holland Railconsult' provided valuable information on the technical subtleties of the assignments for Hoorn--Kersenboogerd. Jan F... |

4 | A modal logic for CRL - Groote, Vlijmen - 1994 |

4 |
A note on the computational complexity of the pure classical implication calculus
- Stalmarck
- 1989
(Show Context)
Citation Context ... large Boolean formulas, by the application of smart algorithms for computations in classical logic. For information on innovative constructions that have been implemented in this theorem prover, see =-=[6, 7]-=-. In order to apply the Stalmarck theorem prover, we have used the Prolog interface NP Module [1]. We have also tried to check the safety requirements in an improved BDD based theorem prover [3], but ... |

2 |
Normalization theorems for full rst order classical natural deduction
- Stalmarck
- 1991
(Show Context)
Citation Context ...arge Boolean formulas, by the application of smart algorithms for computations in classical logic. For information on innovative constructions 2that have been implemented in this theorem prover, see =-=[6, 7]-=-. In order to apply the Stalmarck theorem prover, we have used the Prolog interface NP Module [1]. We have also tried to check the safety requirements in an improved BDD based theorem prover [3], but ... |