Runtime Verification of Communications-based Train Control with Parametric Hybrid Automata

The communications-based train control (CBTC) is a typical safety-critical system that protects and directs train operations in urban rail transit. It is suggested to provide on-going safety protections for the automatic train protection, which is a kernel function of the CBTC. Runtime verification is a technique for monitoring system executions against safety requirements. A particular challenge in implementing of a runtime verification system for the CBTC is the appropriate monitor specification. This paper presents a novel dynamic monitoring generation method to the problem. The train control procedures of the CBTC is formalized by parametric hybrid automata (PHA), which introduces notations of parametric expressions for flow, transition conditions and invariants. With an observation, the PHA is instantiated to a standard hybrid automaton. The monitor specification is then generated automatically by calculating the reachable set of the automaton with respect to some selected safety-related properties. The presented method is evaluated in a hard-ware in the loop CBTC platform, which is developed with realistic engineering data of Beijing Yizhuang metro line. The experiment results show that the approach is feasible, and various dangerous of the CBTC system are prevented from developing into accidents of train collisions.