A domain-oriented, model-based approach for construction and verification of railway control systems

This paper describes a complete model-based development and verification approach for railway control systems. For each control system to be generated, the user makes a description of the application-specific parameters in a domain-specific language. This description is automatically transformed into an executable control system model expressed in SystemC. This model is then compiled into object code. Verification is performed using four main methods applied to different levels: (0) The domain-specific description is validated wrt. internal consistency by static analysis. (1) The crucial safety properties are verified for the SystemC model by means of bounded model checking. (2) The object code is verified to be I/O behavioural equivalent to the SystemC model from which it was compiled. (3) The correctness of the hardware /software integration is checked by automated testing.