Formal Verification of an Industrial Safety-Critical Traffic Tunnel Control System

Wytse Oortwijn; Marieke Huisman

doi:10.1007/978-3-030-34968-4_23

Formal Verification of an Industrial Safety-Critical Traffic Tunnel Control System

Wytse Oortwijn, Marieke Huisman

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

9 Citations (Scopus)

18 Downloads (Pure)

Abstract

Over the last decades, significant progress has been made on formal techniques for software verification. However, despite this progress, these techniques are not yet structurally applied in industry. To reduce the well-known industry–academia gap, industrial case studies are much-needed, to demonstrate that formal methods are now mature enough to help increase the reliability of industrial software. Moreover, case studies also help researchers to get better insight into industrial needs. This paper contributes such a case study, concerning the formal verification of an industrial, safety-critical traffic tunnel control system that is currently employed in Dutch traffic. We made a formal, process-algebraic model of the informal design of the tunnel system, and analysed it using mCRL2. Additionally, we deductively verified that the implementation adheres to its intended behaviour, by proving that the code refines our mCRL2 model, using VerCors. By doing so, we detected undesired behaviour: an internal deadlock due to an intricate, unlucky combination of timing and events. Even though the developers were already aware of this, and deliberately provided us with an older version of their code, we demonstrate that formal methods can indeed help to detect undesired behaviours within reasonable time, that would otherwise be hard to find.

Original language	English
Title of host publication	Integrated Formal Methods
Subtitle of host publication	15th International Conference, IFM 2019, Bergen, Norway, December 2–6, 2019, Proceedings
Editors	Wolfgang Ahrendt, Silvia Lizeth Tapia Tarifa
Publisher	Springer
Pages	418-436
Number of pages	19
ISBN (Electronic)	978-3-030-34968-4
ISBN (Print)	978-3-030-34967-7
DOIs	https://doi.org/10.1007/978-3-030-34968-4_23
Publication status	Published - 2019
Event	15th International Conference on Integrated Formal Methods, IFM 2019 - Western Norway University of Applied Sciences, Bergen, Norway Duration: 2 Dec 2019 → 6 Dec 2019 Conference number: 15

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	11918
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	15th International Conference on Integrated Formal Methods, IFM 2019
Abbreviated title	IFM
Country/Territory	Norway
City	Bergen
Period	2/12/19 → 6/12/19

Access to Document

10.1007/978-3-030-34968-4_23

Cite this

Oortwijn, W., & Huisman, M. (2019). Formal Verification of an Industrial Safety-Critical Traffic Tunnel Control System. In W. Ahrendt, & S. L. Tapia Tarifa (Eds.), Integrated Formal Methods: 15th International Conference, IFM 2019, Bergen, Norway, December 2–6, 2019, Proceedings (pp. 418-436). (Lecture Notes in Computer Science; Vol. 11918). Springer. https://doi.org/10.1007/978-3-030-34968-4_23

@inproceedings{df6410edc81b487e86858aec57adc11e,

title = "Formal Verification of an Industrial Safety-Critical Traffic Tunnel Control System",

abstract = "Over the last decades, significant progress has been made on formal techniques for software verification. However, despite this progress, these techniques are not yet structurally applied in industry. To reduce the well-known industry–academia gap, industrial case studies are much-needed, to demonstrate that formal methods are now mature enough to help increase the reliability of industrial software. Moreover, case studies also help researchers to get better insight into industrial needs. This paper contributes such a case study, concerning the formal verification of an industrial, safety-critical traffic tunnel control system that is currently employed in Dutch traffic. We made a formal, process-algebraic model of the informal design of the tunnel system, and analysed it using mCRL2. Additionally, we deductively verified that the implementation adheres to its intended behaviour, by proving that the code refines our mCRL2 model, using VerCors. By doing so, we detected undesired behaviour: an internal deadlock due to an intricate, unlucky combination of timing and events. Even though the developers were already aware of this, and deliberately provided us with an older version of their code, we demonstrate that formal methods can indeed help to detect undesired behaviours within reasonable time, that would otherwise be hard to find.",

author = "Wytse Oortwijn and Marieke Huisman",

year = "2019",

doi = "10.1007/978-3-030-34968-4_23",

language = "English",

isbn = "978-3-030-34967-7",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "418--436",

editor = "Wolfgang Ahrendt and {Tapia Tarifa}, {Silvia Lizeth}",

booktitle = "Integrated Formal Methods",

address = "Germany",

note = "15th International Conference on Integrated Formal Methods, IFM 2019, IFM ; Conference date: 02-12-2019 Through 06-12-2019",

}

Oortwijn, W & Huisman, M 2019, Formal Verification of an Industrial Safety-Critical Traffic Tunnel Control System. in W Ahrendt & SL Tapia Tarifa (eds), Integrated Formal Methods: 15th International Conference, IFM 2019, Bergen, Norway, December 2–6, 2019, Proceedings. Lecture Notes in Computer Science, vol. 11918, Springer, pp. 418-436, 15th International Conference on Integrated Formal Methods, IFM 2019, Bergen, Norway, 2/12/19. https://doi.org/10.1007/978-3-030-34968-4_23

Formal Verification of an Industrial Safety-Critical Traffic Tunnel Control System. / Oortwijn, Wytse; Huisman, Marieke.
Integrated Formal Methods: 15th International Conference, IFM 2019, Bergen, Norway, December 2–6, 2019, Proceedings. ed. / Wolfgang Ahrendt; Silvia Lizeth Tapia Tarifa. Springer, 2019. p. 418-436 (Lecture Notes in Computer Science; Vol. 11918).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Formal Verification of an Industrial Safety-Critical Traffic Tunnel Control System

AU - Oortwijn, Wytse

AU - Huisman, Marieke

N1 - Conference code: 15

PY - 2019

Y1 - 2019

N2 - Over the last decades, significant progress has been made on formal techniques for software verification. However, despite this progress, these techniques are not yet structurally applied in industry. To reduce the well-known industry–academia gap, industrial case studies are much-needed, to demonstrate that formal methods are now mature enough to help increase the reliability of industrial software. Moreover, case studies also help researchers to get better insight into industrial needs. This paper contributes such a case study, concerning the formal verification of an industrial, safety-critical traffic tunnel control system that is currently employed in Dutch traffic. We made a formal, process-algebraic model of the informal design of the tunnel system, and analysed it using mCRL2. Additionally, we deductively verified that the implementation adheres to its intended behaviour, by proving that the code refines our mCRL2 model, using VerCors. By doing so, we detected undesired behaviour: an internal deadlock due to an intricate, unlucky combination of timing and events. Even though the developers were already aware of this, and deliberately provided us with an older version of their code, we demonstrate that formal methods can indeed help to detect undesired behaviours within reasonable time, that would otherwise be hard to find.

AB - Over the last decades, significant progress has been made on formal techniques for software verification. However, despite this progress, these techniques are not yet structurally applied in industry. To reduce the well-known industry–academia gap, industrial case studies are much-needed, to demonstrate that formal methods are now mature enough to help increase the reliability of industrial software. Moreover, case studies also help researchers to get better insight into industrial needs. This paper contributes such a case study, concerning the formal verification of an industrial, safety-critical traffic tunnel control system that is currently employed in Dutch traffic. We made a formal, process-algebraic model of the informal design of the tunnel system, and analysed it using mCRL2. Additionally, we deductively verified that the implementation adheres to its intended behaviour, by proving that the code refines our mCRL2 model, using VerCors. By doing so, we detected undesired behaviour: an internal deadlock due to an intricate, unlucky combination of timing and events. Even though the developers were already aware of this, and deliberately provided us with an older version of their code, we demonstrate that formal methods can indeed help to detect undesired behaviours within reasonable time, that would otherwise be hard to find.

UR - http://www.scopus.com/inward/record.url?scp=85076960759&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-34968-4_23

DO - 10.1007/978-3-030-34968-4_23

M3 - Conference contribution

SN - 978-3-030-34967-7

T3 - Lecture Notes in Computer Science

SP - 418

EP - 436

BT - Integrated Formal Methods

A2 - Ahrendt, Wolfgang

A2 - Tapia Tarifa, Silvia Lizeth

PB - Springer

T2 - 15th International Conference on Integrated Formal Methods, IFM 2019

Y2 - 2 December 2019 through 6 December 2019

ER -

Oortwijn W, Huisman M. Formal Verification of an Industrial Safety-Critical Traffic Tunnel Control System. In Ahrendt W, Tapia Tarifa SL, editors, Integrated Formal Methods: 15th International Conference, IFM 2019, Bergen, Norway, December 2–6, 2019, Proceedings. Springer. 2019. p. 418-436. (Lecture Notes in Computer Science). Epub 2019 Nov 22. doi: 10.1007/978-3-030-34968-4_23

Formal Verification of an Industrial Safety-Critical Traffic Tunnel Control System

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this