Developing of a safetycritical standard for the Swiss

Developing of a safety-critical standard for the Swiss railways (SBB) with x. UML and UTP Markus Schacher, Know. Body Hohlstrasse 534, 8048 Zürich, Switzerland www. knowgravity. com

The Project Sw. ISS Stellwerk Interface Standard SBB

What is an Interlocking (IL)? Entry Signal Flank Protection s 1 t 2 t 1 t 6 s 2 t 3 t 4 p 1 t 7 p 2 p 3 t 8 p 5 t 9 p 4 t 12 t 10 s 3 t 11 s 4 Route Approach t 5 Developing a safety-critical standard for the Swiss railways (SBB) with x. UML and UTP t 13 Overlap 5

Project Background Situation in 2010 • There are multiple suppliers for interlockings (in Switzerland mainly Siemens and Thales) as well as different types and generations • There are no standards for the communication between interlockings • Today, interlockings are coupled via expensive individual solutions • There are many projects to couple interlockings in the pipeline • Suppliers agreed to cooperate on a standardization • DB and ÖBB face similar problems SBB's call for tender 2010 • Development of an interface standard between interlockings • Preliminary study and concept for standardizing interfaces between interlockings and peripherials • Coordination with DB Developing a safety-critical standard for the Swiss railways (SBB) with x. UML and UTP 6

Project Vision and Deliverables Vision: Due to a common interface standard, the Swiss Railways SBB may freely choose between suppliers in every interlocking and/or peripherial project. Primary Deliverables: • Sw. ISS Vocabulary • Specification Sw. ISS Communication Layer • Specification Sw. ISS Application Layer IL-IL • Executable version of the functional specification • Test specification with test reports • Preliminary study and technical concept for peripherial interface standard for peripherials o n e– r a ftw o s No e d co Secondary Deliverables: Project context, methodical approach, requirements catalogues, operational processes Developing a safety-critical standard for the Swiss railways (SBB) with x. UML and UTP 7

Methodical Approach "Total Modeling" – Everything is a Model

Principle 1: The Model is the Project One model as central repository of all project information Project Context Concepts Approach & Guidelines Operat. Processes Test Specifications Project Planning Model Funct. Specifications Vocabulary Requirements Risik Analysis All documents are automatically generated – no manual authoring! Developing a safety-critical standard for the Swiss railways (SBB) with x. UML and UTP 9

Prinziple 2: Parallel Modelling One model – decentral and parallel elaboration by 3 companies Model Intermediate Results Developing a safety-critical standard for the Swiss railways (SBB) with x. UML and UTP Deliverables 10

Prinziple 3: Testable Specifications Executable and testable specification of interface standard Funct. Specification Test Reports Test Specification CASSANDRA/x. UML for Reviews and Regression Tests Developing a safety-critical standard for the Swiss railways (SBB) with x. UML and UTP 11

x. UML: Raising the level of abstraction Abstraction: Any technique to generalize by ignoring or hiding details in order to identify commonalities among different pieces and to get a grip on the complexity of a designed system such as a software system. 3 rd Generation 2 nd Generation 1 st Generation. begin. org 2048 a_start. equ 3000 2048 ld length, % 2064 be done 2068 addcc %r 1, -4, %r 1 2072 addcc %r 1, %r 2, %r 4 2076 ld %r 4, %r 5 2080 ba loop 2084 addcc %r 3, %r 5, %r 3 2088 done: jmpl %r 15+4, %r 0 2092 length: 20 2096 address: a_start. org a_start 3000 a: class Animation. Frame extends JFrame { private Label m. Status. Label; private Number. Format m. Format; public Animation. Frame(Text. Bouncer ac) { super(); set. Layout(new Border. Layout()); add(ac, Border. Layout. CENTER); add(m. Status. Label = new Label(), Border. Layout. SOUTH); // Create a number formatter. m. Format = Number. Format. get. Instance(); m. Format. set. Maximum. Fraction. Digits(1); // Listen for the frame rate changes. ac. set. Rate. Listener(this); // Kick off the animation. Thread t = new Thread(ac); t. start(); } public void rate. Changed(double frame. Rate) { m. Status. Label. set. Text(m. Format. format(frame. Rate)+" fps"); } } Developing a safety-critical standard for the Swiss railways (SBB) with x. UML and UTP 12

Examples from the Project Application of x. UML and UTP in a safety-critical environment

Test Map (not yet part of UTP) Developing a safety-critical standard for the Swiss railways (SBB) with x. UML and UTP 15

Test Case (1) Developing a safety-critical standard for the Swiss railways (SBB) with x. UML and UTP 16

Traceability (1) UTP Test Case Sys. ML Requirement defined by Sys. ML Developing a safety-critical standard for the Swiss railways (SBB) with x. UML and UTP 20

Traceabilty (2) Developing a safety-critical standard for the Swiss railways (SBB) with x. UML and UTP 21

Summary Testing in the Requirements Engineering Phase

Summary and Key Figures Summary • Sw. ISS is a standard for interlocking interfaces • An executable functional specification based on x. UML has been developed • UTP has been applied in a pragmatic way to model test cases to verify the functional specification • Regression tests have been carried-out using CASSANDRA/x. UML Key Figures • Issues found while developing the funct. specification: • Size of the functional specification IL-IL: • Size of the test specification IL-IL: • Number of test cases in test specification IL-IL: • Ø runtime of a test case in regression test: Developing a safety-critical standard for the Swiss railways (SBB) with x. UML and UTP ~400 ~100 pages ~150 pages ~110 ~30 sec. 23