For the next big advancement in the development of faster and more efficient transportation, the railway industry has to go through a digital transformation. For this, safety is critical. The solution? New, more efficient verification methods.
Perhaps the most apparent safety verification method is testing, and indeed, it is still the backbone of many safety cases. Testing is typically used throughout the software development cycle – from desktop simulation during the design and implementation work to testing on the actual hardware before the system is shipped – and finally through on-site commissioning tests.
However, it is also well known that testing has its limitations; even cleverly designed and automated testing strategies can only ever test a small fraction of all conceivable scenarios.
Manual reviews: better than not, but not bulletproof
Traditionally, to overcome the limitations of testing, rail control safety assurance processes have relied on the skills of highly experienced engineers to do manual reviews of designs and implementations. Such a review is a great complement to testing, helping to raise confidence in the safety of a system, but it might not take you all the way and reviews have their own sets of drawbacks.
The manual nature of the review process makes it time-consuming and difficult to repeat when there are changes to the system. Qualified reviewers are also often a scarce resource that can form a major bottleneck at a late, critical time in the project schedule. Additionally, as with testing, it is difficult to know when you are done. How can we be sure that the reviewer, even the most experienced and well-reputed, has not missed some tiny detail that may be crucial to the safety of the system?
While testing and manual reviews both serve a purpose, we still need another tool to guarantee safety and reduce the costs and risks associated with safety assurance.
So what do we suggest?
In many cases Formal Verification – aiming to mathematically prove that a system satisfies a set of requirements – can be the answer. The method is gaining traction in the rail control domain and is today highly recommended, or even required, by many rail infrastructure managers and standards. Historically it may have been seen by some as an academic practice that complicates, rather than simplifies, the safety verification work, but with the development of formal verification tools and techniques over the last few decades, this is simply no longer the case.
Prover has put together a paper that gives an overview of the safety verification practices commonly used in rail control projects around the globe.